The European Commission has announced a €1.2 billion initiative to strengthen cyber resilience in industrial control systems and critical infrastructure within the European Union. The funding targets manufacturing, energy, and transportation sectors, with a focus on securing industrial Internet of Things (IoT) connectivity and advancing operational technology (OT) cybersecurity. Application schedules and grant frameworks were released, urging suppliers, integrators, and equipment vendors to develop compliance and data governance strategies to qualify for funding.
Background
This initiative comes amid an increase in cyber threats against industrial operations across Europe. Previous EU measures include over €1.3 billion committed through the Digital Europe Programme for digital skills, artificial intelligence (AI), and cybersecurity for 2025-2027. The Commission has also allocated €145.5 million to enhance cybersecurity in healthcare and public administration. These investments correspond with regulatory developments such as the NIS-2 Directive, which raises standards for critical infrastructure operators.
Details
The €1.2 billion package will provide grant funding focused on secure industrial IoT deployment and improved OT cybersecurity in manufacturing plants, energy networks, and transport and logistics systems. Funding will be distributed through competitive calls for proposals, with initial rounds slated to open by mid-2026, according to the Commission's plan. Supply chain stakeholders-including original equipment manufacturers (OEMs), industrial integrators, and cybersecurity vendors-are advised to align product development, cybersecurity protocols, and data governance policies with NIS-2 and prospective Cyber Resilience Act requirements to meet funding eligibility. Applicants will be assessed on the robustness of their risk management, vulnerability reporting, and commitment to best practices such as OT network segmentation and asset inventory management.
Outlook
The EU expects to open the first series of funding calls by mid-2026, with additional rounds through 2027. Industrial operators and vendors are advised to update cybersecurity strategies to synchronize with compliance deadlines and capitalize on procurement opportunities supported by the initiative.
