Mobile menu not yet fully implemented
The security appraisal procedure is mandatory for all project proposals under Horizon Europe and sets out the steps to determine if project proposals contain sensitive information and/or deliverables.
Published on | 3 years ago
Last updated on | 2 months ago
marie.timmermann@fwo.be
As Horizon Europe deals with new technologies and innovations, the European Commission aims to make sure that these are not misused for the wrong purposes (e.g. crime) or that sensitive information falls in the wrong hands.
To this purpose they have set-up security procedures for projects submitted under their R&I framework programme. In Horizon 2020 this was called the security scrutiny procedure but in Horizon Europe it has been expanded and renamed to ‘security appraisal procedure’.
In contrast to Horizon 2020 the procedure is now mandatory for all project proposals though it has to be said that for most proposals this work will be limited to answering the questions of the self-assessment questionnaire.
There are 3 steps of the procedure which in turn are also divided into phases.
All project proposals must fill in the security issues table as a self-assessment which contains some straight-forward questions. This is what most proposals will have to do. You can find this table in the standard application document.
For those calls that are submitted under security sensitive topics, a security section (application form part B security) must also be filled in. At the moment this is the case for the Space calls (cluster 4) and the civil security calls managed by DG Home (cluster 3). These files will immediately go to the security scrutiny phase and skip the first 2 phases of step 2.
Only proposals above the threshold will undergo a security review. The first phase of this step is the pre-screening carried out by the granting authority (in casu competent DG or agency). Afterwards all these files are sent to DG Home which will take care of the screening phase. If in the screening phase it seems that more analysis is needed, the file will be transferred to the security screening group.
The final phase is the security scrutiny in which a group of nationally appointed security experts will review the proposals and provide their assessment. Possible results of the security scrutiny are no security concern, classification (limit the access) of certain deliverables or information, appointing a project security officer, install a security advisory board, organize security trainings for the staff involved in the project etc. The most strict judgment can be the non-funding of the proposal but this is extremely rare.
Once the project is ongoing, the staff of the European Commission can also perform checks and maybe conduct an audit on the security requirements regarding the projects.
The timeline to get the full security clearance can be long; it might therfore not be concluded by the time the invitation letter is sent. However, at the moment of the grant signature this procedure must be finalized.
If you want more information regarding this topic you can watch this short video and/or the webinar of the European Commission on Youtube and you can also check their guide on how to handle security sensitive projects and the classification of information in Horizon Europe. A list of countries with whom EU has made a security agreement is available here.
In case you have some specific questions you can send them to HOME-SECURITY-APPRAISAL@EC.EUROPA.EU
We offer news and event updates, covering all domains and topics of Horizon Europe, Digital Europe & EDF (and occasionally, for ongoing projects, Horizon 2020).
Stay informed about what matters to you.
By signing up, you can opt in for e-mail notifications and get access to
a personalised dashboard that groups all news updates and event announcements in your domain(s).
Only for stakeholders located in Flanders
The ATHENA project addresses emerging risks for the water sector in operational technology created by digitalisation. The project responds to Digital Europe call DIGITAL-ECCC-2022-CYBER-03-UPTAKE-CYBERSOLUTIONS – Uptake op Innovative Cybersecurity Solutions. The project started in September 2023 and will run until November 2026. De Vlaamse Waterweg - The Flemish Waterway participates in the project to enhance the resilience of the organisation by co-developing targeted training modules for operational technology environments.