Loading…
Strategic Analysis
The 'NWA Resilient Digital Ecosystems' call, managed by the Dutch Research Council (NWO), aims to foster research into socio-technical innovations and action perspectives to enhance the security and resilience of digital ecosystems, particularly in critical sectors. The call is structured in two phases. Phase 1 provides €7,500,000 for 4-5 sector-specific research projects, with each grant capped at €1,875,000 and a maximum duration of 72 months. Phase 2 allocates €1,202,072 for one overarching connection project, with a maximum duration of 48 months, focusing on cross-sectoral generalisation of results. The total available budget for the call is €8,702,072. Key deadlines include 15 September 2026 for Phase 1 proposals and 16 October 2029 for Phase 2 proposals. The call encourages multi-actor consortia comprising a main applicant from a Dutch research institution, at least one co-applicant, and at least one cooperation partner, with optional co-funders.
Adopt security by design and security by default approaches
Conduct multidisciplinary and interdisciplinary research across the knowledge chain
Research sociotechnical factors for digital ecosystem resilience
Develop and evaluate interventions and action perspectives for digital ecosystems
Phase 1: Focus on sector-specific digital ecosystems
Phase 2: Generalise and upscale results for cross-sector action perspectives
Upscale interventions and form secure digital ecosystems
Deploy fresh insights and interventions widely in society
Share generic recommendations and guidelines widely
Increase knowledge utilisation by researchers and users
Application of research results by project partners
Exploitation of research results through IP transfer or licensing
Realise scientific and societal breakthroughs
Develop new knowledge for societal issues
Create resilient digital systems capable of handling and recovering from disruptions
Effectively enhance the cyber resilience of digital ecosystems
NIS2 Directive
highThe NIS2 Directive (Directive (EU) 2022/2555) is the EU's comprehensive legislation on cybersecurity, aiming to enhance the overall level of cybersecurity across the Union. It expands the scope of the original NIS Directive to cover more sectors and entities, imposing stricter cybersecurity risk management requirements and reporting obligations for essential and important entities.
Its goal is to strengthen the resilience and incident response capabilities of public and private entities, thereby contributing to a more secure digital single market.
Evaluators expect proposals to demonstrate a clear understanding of the NIS2 Directive's objectives and requirements, particularly concerning cybersecurity risk management, incident reporting, and supply chain security. Proposals should articulate how their research or innovation contributes to enhancing the cybersecurity resilience of critical sectors and entities, aligning with the directive's principles of security-by-design and security-by-default. Furthermore, proposals should show how their outcomes could support Member States and covered entities in implementing or complying with NIS2 provisions, fostering a more secure digital ecosystem.
de minimis regulation (Regulation (EU) 2023/2831)
mediumRegulation (EU) 2023/2831, the latest de minimis regulation, sets out rules for small amounts of State aid that are deemed not to distort competition and thus do not require prior notification to the European Commission. It allows Member States to grant aid up to a certain threshold (currently €300,000) over a three-year period to a single undertaking without triggering full State aid scrutiny.
This regulation provides a simplified framework for public authorities to support businesses, particularly SMEs, ensuring that minor aid measures do not unduly affect the internal market.
Evaluators expect proposals, especially those involving public funding for private sector partners or 'undertakings', to demonstrate awareness and compliance with State aid rules, including the de minimis regulation. It is crucial to ensure that any financial support provided to consortium partners, particularly private companies or other entities engaged in economic activity, adheres to the specified thresholds and conditions. Proposals should clearly indicate how the funding structure respects these rules, preventing any illegal State aid issues that could jeopardise the project's funding.
Framework for State Aid for Research, Development and Innovation (OJEU 2022, C 414)
mediumThe Framework for State Aid for Research, Development and Innovation (RDI) provides detailed guidance on how Member States can grant State aid for RDI activities in a way that is compatible with the internal market. Published in OJEU 2022, C 414, it outlines the conditions under which RDI aid can be considered permissible, including eligible costs, aid intensities, and transparency requirements.
The framework aims to correct market failures by fostering RDI while ensuring that such aid does not unduly distort competition within the EU.
Proposals, particularly those from national research calls involving public funding for RDI activities by undertakings (e.g., private companies, research organisations engaged in economic activity), must demonstrate a clear understanding of and compliance with this framework. Evaluators will look for clarity on how any aid granted to consortium partners adheres to the framework's provisions regarding eligible costs, aid intensities (e.g., for fundamental research, industrial research, experimental development), and the overall objective of fostering RDI while respecting competition rules. This ensures the legality and sustainability of the project's funding structure.
Proposals must be submitted by a main applicant on behalf of a consortium, which must include at least a main applicant, a co-applicant, and a cooperation partner. Co-funders are optional.
The application process for the 'NWA Resilient Digital Ecosystems' call is structured in two phases, each with distinct steps for submission, evaluation, and selection. All applications must be submitted via the NWO web application ISAAC by the main applicant.
Grant recipients are subject to several obligations, including content monitoring by NWO and a supervisory committee, regular accountability and project completion reports. Mandatory programme activities include a kick-off workshop (within six months of project start), annual programme meetings, a midterm meeting, and a closing meeting. Awarded projects must also elaborate a data management section into a comprehensive data management plan, conclude a consortium agreement, and adhere to Open Access policies for scientific publications.
| Milestone | Date | Phase |
|---|---|---|
| Information meeting | 19 March 2026 | Phase 1 |
| Matchmaking event | 23 April 2026 | Phase 1 |
| Deadline for review of NL/foreign organisations | 18 August 2026, 14:00:00 CEST | Phase 1 |
| Deadline for full proposals | 15 September 2026, 14:00:00 CEST | Phase 1 |
| Interview selection, interviews and Assessment committee meeting | November 2026 - January 2027 | Phase 1 |
| Decision by the board | February-March 2027 | Phase 1 |
| Facilitating session 1 | April 2029 | Phase 2 |
| Facilitating session 2 | May 2029 | Phase 2 |
| Deadline for review of NL/foreign organisations | 18 September 2029, 14:00:00 CEST | Phase 2 |
| Deadline for full proposals | 16 October 2029, 14:00:00 CEST | Phase 2 |
| Assessment for consideration | October 2029 | Phase 2 |
| Interview selection, interviews and Assessment committee meeting | November-December 2029 | Phase 2 |
| Decision by the board | January 2030 | Phase 2 |
The assessment procedure for the 'NWA Resilient Digital Ecosystems' call is conducted in two phases, with an assessment committee appointed by the NWO Executive Board. NWO is a signatory to DORA, meaning research is evaluated on its own merits, and applicants should not mention Journal Impact Factor or h-index.
The procedure involves several steps:
The assessment committee has a broad composition, including scientific expertise, knowledge chain expertise, and societal stakeholders. NWO has opted to assess all applications without involving external referees.
Applications are substantially assessed based on the following weighted criteria:
To be eligible for funding, a proposal must receive an overall qualification of at least 'very good' and at least the qualification 'good' for each individual assessment criterion.
In case of an ex aequo situation (two or more proposals indistinguishable based on weighted score within 0.05 of the reference score), the tie-breaking mechanism is as follows:
The 'NWA Resilient Digital Ecosystems' call operates on a grant funding model provided by the Dutch Research Council (NWO). The total available budget for this call is €8,702,072.
Applicants can request funding for the following budget modules, with specific conditions and maximum amounts:
Co-funding is not compulsory but is permitted. It can be provided in cash (net amount paid to the applicant) and/or in kind (capitalised personnel and/or material contributions). Co-funding from co-funders cannot exceed 50% of the total project costs. NWO is the main funder. Certain costs, such as NWO grants, contributions from parties eligible for NWO funding (with exceptions for TO2 institutes), and overheads, are not eligible as co-funding.
NWO will provide information on interim reports and accountability during the project in the grant award letter. Final reports on content and finances are required upon project completion, after which the final funding amount will be determined.
The NWA programme strongly encourages collaboration between researchers from different disciplines, knowledge organisations, and societal (public and private) organisations, including citizens. This approach is central to addressing complex issues and enhancing knowledge utilisation and societal impact.
The call emphasises that consortia should work in a multidisciplinary and interdisciplinary way, connecting fundamental, applied, and practice-oriented research to meet the knowledge needs of social stakeholders.
Projects funded under this call are subject to several mandatory tasks and programme-level joint activities to ensure coherence, knowledge transfer, and impact generation.
The 'Declaration co-funding' annex states that if the project proposal is awarded, co-funders commit to fulfil all obligations regarding a prompt conclusion of the consortium agreement, unless otherwise stipulated in the Call for proposals. This indicates that a consortium agreement, which typically addresses Intellectual Property Rights (IPR) among other aspects, is a mandatory requirement for granted projects.
Section 7 of the proposal, 'Ethical aspects', requires applicants to check applicable boxes in a table regarding necessary approvals:
| Not applicable | Not yet applied for | Applied for | Received | |
|---|---|---|---|---|
| Approval from a recognised (medical) ethics review committee | ☐ | ☐ | ☐ | ☐ |
| Approval from an animal experiments committee | ☐ | ☐ | ☐ | ☐ |
| Permission for research with the population screening Act | ☐ | ☐ | ☐ | ☐ |
NWO must receive proof of any required ethical approval before your project can start.
The 'Declaration Knowledge Security' annex requires the main applicant to declare that the application has been drawn up in accordance with the knowledge security policy of their Organisation and that the officer responsible for knowledge security within the Organisation has been consulted for this purpose. This statement must be signed by the main applicant on the Dutch side and enclosed with the complete proposal, printed on the stationery of the research organisation.
Section 6 of the proposal, 'Data management', requires applicants to answer the following questions. The evaluation of this section will not influence the assessment of the application, but feedback may be provided to assist in developing a data management plan if funding is awarded.
ICT facilities for data storage are defined as resources such as data storage capacity, bandwidth for data transport, and computing power for data processing.
The 'NWA Resilient Digital Ecosystems' call places strong emphasis on collaborative and integrated research approaches, explicitly requiring multi-actor engagement and interdisciplinarity, with a clear expectation for the inclusion of SSH perspectives.
The following declarations and statements are integral to the application and project execution:
Section 4.3, 'Project governance and project management', requires applicants to describe how project progress will be monitored and feedback loops facilitated throughout the research execution. This includes specifying the timing, purpose, and type of activities for monitoring & evaluation and how these could lead to adjustments in the Impact Pathway. The involvement of an advisory committee in project governance is also mentioned.
NWO requires proof of any required ethical approval before your project can start, as stated in Section 7, 'Ethical aspects'.
The 'General de minimis statement' explains that the European Commission can recover unlawful aid for ten years after it has been granted. Consequently, the government agency that granted the aid may request documents to prove that the aid was spent on the activities for which it was granted, aligning with general administration and retention obligations for entrepreneurs.
Everything the call asks for, seen from the call's point of view. Each line shows what answers it, and which partner carries it.
This matrix lists everything the call asks for: outcomes, impacts, scope, the requirements buried in the call text, and policy alignment. Sign up free and GrantForge tracks each line against the concept you build.
| Requirement | Covered by | Carried | Status |
|---|---|---|---|
| Scope activities | |||
| SC01Adopt security by design and security by default approachesAdopt a security by design and security by default approach to support the broad resilience and future proofing of digital ecosystems. | · | · | Sign up to track |
| SC02Conduct multidisciplinary and interdisciplinary research across the knowledge chainWork in a multidisciplinary and interdisciplinary way, connecting fundamental, applied, and practice-oriented research across the knowledge chain, involving researchers from different disciplinary backgrounds, knowledge and societal (public and private) organisations, and where relevant, citizens. | · | · | Sign up to track |
| SC03Research sociotechnical factors for digital ecosystem resilienceResearch sociotechnical factors contributing to the resilience of digital ecosystems in critical sectors, including how these factors can be strengthened, which factors make digital ecosystems vulnerable to disruptions and cyberattacks, and which success factors can be applied to other digital ecosystems, taking into account economic, ethical, social, and cultural considerations. | · | · | Sign up to track |
| SC04Develop and evaluate interventions and action perspectives for digital ecosystemsDevelop and enhance digital ecosystems by exploring their vulnerabilities and strengths, researching how interventions or action perspectives work at the digital ecosystem level, and developing methodologies to apply, test, and evaluate these interventions and action perspectives. | · | · | Sign up to track |
| SC05Phase 1: Focus on sector-specific digital ecosystemsIn Phase 1, focus research on the development of interventions or action perspectives for one or more specific digital ecosystems. | · | · | Sign up to track |
| SC06Phase 2: Generalise and upscale results for cross-sector action perspectivesIn Phase 2 (umbrella project), generalise and upscale the results from Phase 1 projects to develop broader, cross-sector action perspectives for stakeholders within sectors and government, facilitating mutual learning and identifying common themes. | · | · | Sign up to track |
| Expected outcomes | |||
| EO01Upscale interventions and form secure digital ecosystemsUpscale interventions and form new digital ecosystems that are in principle secure and resilient, based on project results. | · | · | Sign up to track |
| EO02Deploy fresh insights and interventions widely in societyDeploy fresh insights and interventions leading to resilient digital ecosystems widely in society. | · | · | Sign up to track |
| EO03Share generic recommendations and guidelines widelyShare insights from generic recommendations and guidelines developed by the umbrella project, making them widely available. | · | · | Sign up to track |
| EO04Increase knowledge utilisation by researchers and usersIncrease knowledge utilisation through greater interaction and alignment between researchers and potential knowledge users. | · | · | Sign up to track |
| EO05Application of research results by project partnersEnsure research results can be applied by partners involved in the project. | · | · | Sign up to track |
| EO06Exploitation of research results through IP transfer or licensingFacilitate the exploitation of research results through the transfer of intellectual property rights or licensing to private parties involved in the project. | · | · | Sign up to track |
| Other requirements | |||
| No other requirements in this call. | |||
| Expected impacts | |||
| EI01Realise scientific and societal breakthroughsRealise scientific and societal breakthroughs in complex issues related to digital ecosystems. | · | · | Sign up to track |
| EI02Develop new knowledge for societal issuesDevelop new knowledge for societal issues related to digital ecosystems. | · | · | Sign up to track |
| EI03Create resilient digital systems capable of handling and recovering from disruptionsCreate resilient digital systems that constantly improve their ability to handle and recover from disruptions, beyond just preventing problems. | · | · | Sign up to track |
| EI04Effectively enhance the cyber resilience of digital ecosystemsEffectively enhance the cyber resilience of digital ecosystems through socio-technical innovations and action perspectives. | · | · | Sign up to track |
| Underlying policies | |||
| POL1nis2 directiveThe NIS2 Directive (Directive (EU) 2022/2555) is the EU's comprehensive legislation on cybersecurity, aiming to enhance the overall level of cybersecurity across the Union. It expands the scope of the original NIS Directive to cover more sectors and entities, imposing stricter cybersecurity risk management requirements and reporting obligations for essential and important entities. Its goal is to strengthen the resilience and incident response capabilities of public and private entities, thereby contributing to a more secure digital single market. | · | · | Sign up to track |
The binding rules of this call. Items marked auto are verified by GrantForge from the call and the template. The others are yours to confirm.
4 key insights you must internalise before writing. Each is grounded in the call text and tells you what evaluators will actually look for. Share these with your consortium before drafting.
While 'Quality of Research' and 'Quality of Consortium' share the highest weight at 30%, the consortium criterion holds the real power in a competitive field. In a tie-break situation, after checking for alignment with programme objectives, the proposal with the highest score for 'Quality of the consortium' wins. This means a perfectly integrated consortium with demonstrated co-design can outperform a proposal with a marginally better research plan when scores are clustered at the funding cut-off.
Source: Call for proposals, Section 4.3 Criteria & Section 4.2.9 Ex aequo (phase 1 only)
Securing a Phase 1 grant comes with a binding commitment to participate in the Phase 2 umbrella project in 2029. Your proposal must demonstrate that your research is not a standalone effort but is designed for future generalisation and cross-sector synthesis. A project that appears too insular or whose consortium partners seem unlikely to engage in the mandatory follow-on activities will be perceived as a strategic risk by evaluators.
Source: Call for proposals, Section 2.2 Two phases & Section 2.4.2 Phase 2 facilitating workshops
A cooperation partner is mandatory and cannot receive direct NWO salary funding. However, their deep involvement is critical for scoring well on the 'Quality of the consortium' criterion, which is weighted at 30%. Your proposal must prove this partner's active role in co-design and co-creation, not just as an end-user. Failure to demonstrate this integral, albeit unfunded, partnership will severely weaken your score on the most important evaluation criterion.
Source: Call for proposals, Section 3.1.2 Cooperation partners & Section 4.3.1 Quality of the consortium criterion
This call explicitly states that proposals will be assessed without involving external referees. Your entire evaluation depends on a single, broad assessment committee composed of scientists and societal stakeholders. Do not assume deep specialist knowledge; your proposal must be entirely self-explanatory, clearly articulating its urgency and innovation to a diverse audience. The interview is your only opportunity for rebuttal, making it a critical, high-stakes moment in the process.
Source: Call for proposals, Section 4.2 Procedure, Assessment committee
Talk to the Grant Coach to build your concept. The steps below fill in as it takes shape, and your coverage tracks the progress. You can refine everything once your project workspace is created.
Step 1 of 2 · Build your concept
The problems this call frames, and who they affect. Your concept and plan address them.
Expertise in digital resilience is often fragmented across technical, social, and organisational disciplines, and between academia and industry. This siloed approach hinders the development of integrated, socio-technical solutions that the call demands, a gap the Phase 2 umbrella project is designed to bridge.
Many digital ecosystems suffer from vulnerabilities not because of a lack of technology, but due to a mismatch with user behaviour, organisational culture, and governance structures. The call explicitly targets this gap by requiring research into sociotechnical factors like trust, cooperation, and compliance.
Digital ecosystems are often developed with functionality and speed as priorities, retrofitting security measures later. This creates inherent vulnerabilities. The call encourages a fundamental shift towards proactive security, making secure-by-design and secure-by-default core principles for developing future-proof ecosystems.
Solutions for cyber resilience are often context-specific and lack a robust evidence base for their effectiveness, making them difficult to upscale. The call's two-phase structure is designed to move from sector-specific case studies (Phase 1) to broadly applicable, cross-sector action perspectives (Phase 2).
Universities, universities of applied sciences (UAS), and research organisations that form the core of the consortium as main and co-applicants. They are responsible for conducting the fundamental, applied, and practice-oriented research required by the call.
Mandatory cooperation partners from sectors identified in the NIS2 Directive. These organisations provide real-world case studies, co-design research questions, and act as the primary sites for testing and validating interventions.
Companies developing and supplying digital technologies, software, and cybersecurity services. They can participate as co-applicants or cooperation partners, contributing technical expertise and pathways for implementing 'security-by-design' principles.
Governmental bodies and supervisory authorities, including the call's initiators (e.g., Ministries, NCSC). They are key users of the generic recommendations and guidelines developed in Phase 2 to inform national cybersecurity strategy and regulation.
Entities responsible for the operation of vital societal functions (e.g., energy, water, transport). They are the ultimate beneficiaries of the research, adopting the developed socio-technical innovations to enhance their operational resilience.
Bodies representing specific industries or sectors. They act as crucial dissemination channels, helping to upscale and generalise project results and foster the adoption of best practices across their member organisations.
The general public and employees who interact with digital ecosystems daily. They benefit from more secure and reliable digital services and are a key factor in the 'human' element of socio-technical research.
Step 2 of 2 · Build your concept
The long-term impacts your project should drive — this shapes the objectives next.
To contribute to a measurable reduction in the frequency and severity of disruptions in critical sectors by providing effective socio-technical innovations and action perspectives. This leads to greater societal stability, trust in digital services, and reduced economic losses from cyber incidents.
To build a sustainable, interdisciplinary research community and foster a culture of co-creation between academia, industry, and government. This creates a long-term national advantage in addressing complex cybersecurity challenges and realises scientific and societal breakthroughs.
To foster the widespread adoption of 'security-by-design' and 'security-by-default' approaches in the development of new digital ecosystems. This results in systems that are inherently more capable of handling and recovering from disruptions, reducing long-term maintenance and incident response costs.
To generate new knowledge and practical guidelines that inform policy making, regulation, and industry standards for digital resilience. This provides a solid, evidence-based foundation for future governance of complex societal issues related to digitalisation.
Fully managed by GrantForge
Click Create proposal above to start writing this form inside GrantForge. The structure below is what we generate for you.
The application form consists of 8 sections and 2 appendices:
Applicants must provide the following details:
Several annex documents serve as administrative forms requiring completion and signature:
The proposal form includes a summary table for the project budget in Section 1:
Within Section 5.1, 'Research plan and work packages', applicants are required to list and explain specific expenses for each work package. This includes personnel, services, and materials. For each cost item, a single row in a table should provide a description and the amount. These amounts must correspond with information provided in a separate budget form (not explicitly included in this corpus). A total for all work package expenses, including all in-kind contributions, must be provided and motivated (maximum 150 words).
The 'Declaration co-funding' annex specifies that co-funding can be provided in cash and/or in kind, with amounts to be stated exclusive of VAT. For in-kind contributions, a table must be completed with the following columns:
| Specification of in kind item or activity | Price or hourly rate | Number of hours (if applicable) | Total € |
|---|---|---|---|
| [Description] | [Price] | [Hours] | [Total] |
The valuation of in-kind contributions (personnel and materials) must follow the rules set out in the Call for proposals and the NWO Co-funding rules.
Institutional / marketing website of the parent programme.
https://www.nwo.nl/en/researchprogrammes/dutch-research-agenda-nwa/thematic-programming/resilient-digital-ecosystems
Where you submit your proposal (F6S, opencalls.fund, EPSS, MS Forms…).
https://www.nwo.nl/en/apply-funding-how-does-it-work
Official documents pack (applicant guide, templates, annexes).
https://www.nwo.nl/en/calls/nwa-resilient-digital-ecosystems