THE DEADLINE FOR APPLICATIONS HAS PASSED
How can we develop competitive cyber companies by utilizing Denmark’s strong research ecosystem?
DIREC and the National Defence Technology Centre (NFC) welcome project proposals for innovative cyber projects with a high impact potential.
DIREC, the National Defence Centre (NFC) and Security Tech Space (STS) have launched an ambitious initiative – supported by the Danish Industry Foundation – to strengthen the competitiveness of Danish SMEs in the cybersecurity sector. The initiative aims to bridge the gap between SMEs and Denmark’s leading research and innovation environments, contributing to the development of unique high-tech cybersecurity solutions with global potential.
To achieve the goals of the initiative, we call for interesting project proposals within three specific cybersecurity themes where Denmark has promising companies and/or strong research and innovation environments.
Highly advanced solutions will differentiate the strengths of small and medium sized enterprises (SME) in a competitive market while contributing to greater European technological independence.
The goals of the project are to:
How do we create secure software systems that make it difficult to hack and attack digital solutions?
This area will focus on tools and techniques for verifying the security of software during the development process, so that security becomes a fundamental property of digital solutions. Especially for solutions that are intended as dual-use solutions with both commercial and defense applications, it is important to be able to guarantee security properties of the developed solutions.
The theme will also look at new security solutions that potentially will make software robust against attacks from quantum computers. Finally, the theme will examine challenges in organizational implementation of security in companies and support simulation, testing and training in, for example, sandbox environments for universities and companies.
Critical infrastructure represents a particularly vulnerable type of system, as an attack against this type of infrastructure has the potential to cause significant damage.
This theme will look at technologies to monitor Denmark’s critical infrastructure to protect it against hybrid attacks. This can include monitoring of the physical environment around critical infrastructure installations or monitoring of the digital critical infrastructure, for example through the use of AI.
The theme also includes monitoring of threats and attacks to create “situational awareness,” including collection and presentation of ‘cyber threat intelligence’. Projects may address monitoring connections to contingency plans before, during, and after an attack.
AI requires constant exchange of data, for example through prompts or video feeds. It is often difficult for companies to control where data flows and who has access. This poses a security risk for many companies regarding espionage and leakage of personally sensitive information.
This theme will look at how technologies can be developed to secure data when using AI systems.
At the same time, the theme will explore how AI creates new vulnerabilities, for example, cybercriminals increasingly use AI for sophisticated attacks such as deepfakes and adaptive malware. Securing AI systems and responsibly implementing AI in cybersecurity is therefore crucial to maximize the potential in dual-use solutions and create robust protection of the common digital infrastructure.
The focus of the projects should be threefold:
a) Strengthen the competitiveness of small and medium-sized enterprises in Denmark through close collaboration with a university or a Danish knowledge institution (GTS institutes, RTO).
b) Create novel research that introduces innovative approaches to working with cybersecurity or addresses relevant challenges with high impact potential.
c) Has the potential to improve cybersecurity in Denmark and Europe.
We call for proposals within two types of projects:
All universities and GTS institutes can apply for funding. A project needs at least one small or medium-sized enterprise as a partner. Additional partners are welcome, especially potential customers with significant cybersecurity needs.
Applications must be submitted via info@nfc.dk.
Please mark the email “Application Submission – Next Generation Cybersecurity Call 2025”.
Download the following templates for the application:
Budget template v.3.0 has been updated to reflect the overhead of RTOs.
We expect a final proposal to have a length of 4-7 pages excluding references (2400 characters pr page).
Catalyst projects are joint projects between at least one research partner and an SME.
The research partner can get up to 2 million DKK in funding and the project can run up to two years.
The aim is to demonstrate how research from universities and knowledge partners can be actively utilized by an SME to create and develop innovative user-focused cybersecurity products.
The project targets partnerships that have a clearly identified problem, a link to a specific research need, and a plan for a long-term collaboration.
Requirements
Applications must be submitted no later than May 30, 2025.
Budget: Up to 2 million DKK.
Explore projects are joint projects between at least one research partner and an SME.
The research partner can get up to 400.000 DKK in funding.
The aim is to showcase for research from universities and knowledge partners can be actively used by a SME to create and develop novel cybersecurity products.
Where catalyst projects are large, more extensive projects, explore projects are targeted companies and researchers interested in exploring a new relation or a new product idea.
Requirements
Applications must be submitted no later than May 30, 2025.
Budget: Up to 400.000 DKK.
The board of DIREC and the steering committee will amongst the best projects use a portfolio perspective to ensure broad involvement of companies, addressing different challenges and a broad involvement of research environments.
The evaluation panel will play a central role in assessing and recommending the research and innovation projects that receive support. Additionally, the panel will function as a strategic advisory board and will be involved continuously to ensure the relevance, market proximity, and strategic direction of the Next Generation Cybersecurity project.
Dr. David Basin is a Professor for Information Security at ETH Zurich and an affiliated faculty at INSAIT, in Sofia Bulgaria. He is the founding director of the ZISC, the Zurich Information Security Center, which he led from 2003-2011. He has been Editor-in-Chief of ACM Transactions on Privacy and Security (2015-2020) and is Editor-in-Chief of Springer-Verlag's book series in Information Security and Cryptography. He serves on various management and scientific advisory boards and has founded three security companies. He is a fellow of the ACM and IEEE.
John leads the strategic development and growth of the business. With over 25 years of experience at TDC, he has previously held several senior positions, including Senior Vice President for "Customer First" and Vice President for Business & Partner Sales. John has developed a deep understanding of the Danish business telecommunications market and is a prominent figure in digital infrastructure and customer experiences. He also serves on the boards of DI Digital and IT-Branchen, and has previously been chairman of Cloudeon and TDC MobilCenter, among others.
Sarah is the former Chief Information Security Officer at Tivoli and one of the country's most inspiring profiles in information security, risk management and employee behavior. She is also a member of the Danish Cyber Security Council. With over 20 years of experience from DSB, Novozymes and Oticon, she brings a unique combination of deep technical insight and behavioral design to the table - always with a focus on solutions that make a real difference. Sarah is the author of the book Secure by Choice, which provides a practical and innovative approach to creating a strong safety culture. She was nominated for CISO of the Year in 2023.
Alex Mathar is currently serving as Head of Operations Center East, Cyber Division, at the Danish Defence Acquisition and Logistics Organization (DALO). With more than 20 years of experience spanning operational, diplomatic, and strategic roles—including deployments to Kosovo, Iraq, and Afghanistan—Alex now primarily focuses on cyber strategy, innovation, and enhancing collaboration between defence, technology, and industry.
Prof. Dr. Haya Schulmann is a professor in the Department of Computer Science at Goethe University Frankfurt am Main and holds a LOEWE top professorship. She is a member of the Board of Directors of the National Research Center for Applied Cybersecurity ATHENE, where she represents Goethe University. At ATHENE, she coordinates the research area Analytics Based Cybersecurity (ABC).
Michael is Co-Founder and Executive Director of the U.S National AI and Cybersecurity Information Sharing and Analysis Organization (NAIC ISAO) and President of Cyber Eagle. Michael leads efforts in fostering international cooperation and developing strategies to leverage AI for cybersecurity enhancements. Michael has startup and scale up experience from Silicon Valley, where he has led public exits valued at $1.6 billion and $260 million. He also played a critical role during the PlayStation 4 launch at Sony. He was a U.S. delegate and co-editor to the ISO and has help shaped 40 leading information security standards globally, including significant work on ISO 27034.
Shaun has worked across diverse cyber security domains including IT, systems administration, penetration testing, security management, risk and industrial systems cyber security. Prior to moving to Norway, he was a police detective officer at Scotland Yard for over 26 years working in units including counter-terrorism, international organised crime, the UK National Hi-Tech Crime Unit and intelligence. He specialised in cyber investigations and digital forensics and was the lead cyber forensic investigator in the 2006 plot to blow up 7 transatlantic airliners. He headed cyber operations for the 2012 London Olympics and led the maritime and CBRN response teams.
Emil has over 15 years of development and managerial experience in IT, with a strong focus on security and cloud infrastructure. Emil empowers the development of a secure digital future by leading Cryptomathic’s technical teams across four diverse product lines: Payment, Mobile Application Security, Digital Identities and Signatures, and Key Management. Emil is tirelessly articulating the need for cryptographic agility in the transition to quantum resilient cryptography, also known as Post Quantum Cryptography (PQC)
With experience from CrowdStrike, Danske Commodities, and currently serving as Lead Specialist at Systematic, Simon understands what it takes for organizations and governments to stay ahead of adversaries. He has a strong track record in building teams and IT infrastructure that align with business goals and give security teams a home-court advantage. His experience spans roles as a subject matter expert in securing infrastructure, providing observability, and supporting product development for IT and security teams—up to board-level reporting on cyber risk and mitigation strategies. Currently, he focuses on leveraging LLM technology and agentic AIs to enhance workflows within cybersecurity disciplines such as detection engineering, data science, infrastructure hardening, and developer support tooling.
The final proposal is expected to be 4–7 pages in length, excluding references.
DIREC can provide existing templates for collaboration agreements, such as those used in PhD partnerships. Intellectual property (IP) rights will need to be negotiated directly between the participating project partners, allowing for flexible and case-specific arrangements.
No. The call requires participation from at least one SME (small or medium-sized enterprise), but it does not need to be a cybersecurity company. In fact, it is especially encouraged to include potential customers with significant cybersecurity needs.
Companies from sectors such as energy, health, finance, or manufacturing are welcome if they face cybersecurity issues.
The SME’s role can be:
A cybersecurity developer, working closely with researchers.
A customer or end user with relevant cybersecurity challenges, providing real-world problems and test environments.
Yes, but only if the project aligns with the goals and requirements of the call.
Specifically, the project must:
If your existing project meets these conditions, and particularly if it can show that further research or development will take place during the funding period, it is eligible for funding.
Each sub-project (Catalyst and Explore projects) is required to submit a status report at least twice annually to the project’s management group, which comprises representatives from DIREC, NFC, and potentially other relevant stakeholders.
These reports must provide a comprehensive overview of project progress, emerging challenges, and next steps in the project timeline.
Yes, but only indirectly and within the scope of the project goals. The funding is awarded to the research partner (university or GTS institute), not directly to your company.
Your company, as the SME partner, benefits by:
However, the funding cannot be used to cover your company’s general operating costs, salaries, or commercial activities unrelated to the project. The value to your company comes from the strategic collaboration and innovation, not direct from financial support.
A foreign company may obtain a Danish CVR number and be considered a Danish SME if the following conditions are met:
Establishing a CVR number will not be considered acceptable for project participation if:
A researcher may establish a start-up to seek funding if the following criteria are met:
A start-up would not be acceptable if:
An SME may seek support to scale up its existing activities if:
Funding is not appropriate if:
If you have further questions, feel free to contact us.
Director
DIREC
thomas.r.hansen@direc.dk
+45 29 40 33 97
