Participation in restricted calls under art. 12.5/12.6

For certain actions under the Digital Europe Programme referring to Cybersecurity, High-Performance Computing and AI, Data & Cloud, the participation of legal entities controlled from non-EU country can be restricted, according to art. 12(5) and 12(6) of the Digital Europe Regulation. This is also the case for legal entities established in the territory of an eligible country but controlled by a third country or by a third country legal entity. The specific requirements for the individual call topics can be found in the respective call documents. If a call is subject to such restrictions, all project participants are required to complete an Ownership Control Declaration which will be submitted as part of the application.

EEA EFTA countries (Ijsland, Liechtenstein and Norway) are fully associated to the Digital Europe Programme and benefit from a status equivalent to that of the Member States.

Cybersecurity

For duly justified security reasons, legal entities established in associated countries and legal entities that are established in the Union but controlled from third countries can be excluded to participate in actions on Cybersecurity (Art. 12(5) Digital Europe Regulation). Calls for proposals and calls for tenders are in these cases restricted to legal entities established or deemed to be established in Member States and controlled by Member States or by Member State nationals. There are very few exceptional call topics that would allow legal entities established in associated countries and legal entities that are established in the Union but controlled from a third country to participate provided they comply with specific conditions as laid out in annex 3 of the Cybersecurity work programme.

High-Performance Computing and AI, Data & Cloud

For duly justified security reasons, legal entities established in associated countries and legal entities that are established in the Union but are controlled from third countries may be eligible to participate in specific actions on High-Performance Computing and on Artificial Intelligence, Data & Cloud only if they comply with specific requirements (Art. 12(6) Digital Europe Regulation). Requirements include guarantees on the protection of the essential security interests of the Union and the Member States and the protection of classified documents information.

Restrictions for the protection of European digital infrastructures, communication and information systems

Under the work programme 2025-2027 a new restriction has been introduced to ensure the protection of European digital infrastructures, communication and information systems, and related supply chains.

This restriction relates to call topics identified as actions concerning strategic assets and interest of the EU or its Member States. In proposals answering to such topics, the participation of entities assessed as "high-risk suppliers" and the use of non-secure equipment and other goods, works and services has to be avoided. This measure was taken to prevent technology transfer and persistence of dependencies in materials, semiconductor components, computing resources, software tools, and virtualisation technologies. 

Entities assessed as “high-risk suppliers”, are currently set out in the second report on Member States’ progress in implementing the EU toolbox on 5G cybersecurity of 2023 and the related Communication on the implementation of the 5G cybersecurity toolbox of 2023.

More information on this restriction can be found in Appendix 4 of the 2025-2027 Main work programme.

Relevant documents

Guidance: Participation in Digital Europe programme restricted calls

Templates of the ownership control declaration and the Security issues table can be found under the Reference documents on the Funding & Tenders Portal.