European Commission logo
français français
CORDIS - Résultats de la recherche de l’UE

Programme Category


Article available in the following languages:


Enhancing cybersecurity of connected medical devices


The proposals are expected to help strengthening cybersecurity maintaining the performance of medical devices while preserving or enhancing safety, security and data confidentiality, integrity and availability. The applicants should tackle the cybersecurity issue of connected medical devices and in vitro diagnostic medical devices, in particular those that are connected to the internet, allow remote access to data and exchange private or proprietary data. They should also consider the implications of Regulation (EU) 2017/745[[OJ L 117, 5.5.2017 p. 1]] on medical devices and Regulation (EU) 2017/746[[OJ L 117, 5.5.2017 p. 176]] on in vitro diagnostic medical devices regarding qualification and classification of software. In their proposals, applicants should consider to maximise synergies with relevant initiatives, activities and programmes.

Proposals are expected to address some or all of the following:

  • Systematic review of current standards/guidelines/best practices applied to cybersecurity of connected medical devices, with the final objective to identify and specify gaps and requirements based on evidence.
  • Propose risk benefit analysis schemes for cybersecurity of connected medical devices, taking into account several novel technological developments (e.g. 5G networks, big data, artificial intelligence, cloud computing, augmented reality, blockchain) and interconnection architectures.
  • Explore, develop and validate novel methodologies and toolboxes for ensuring cybersecurity of connected medical devices by design.
  • Identify representative case studies, evaluate the applicability of existing guidance MDCG 2019-16 (guidance on cybersecurity for medical devices[[]]) and make recommendations to (better) address specificities of the connected medical device, including software, of different risk classes.
  • Assessment of the applicability (and revision) of current guidance, the MDCG 2019-16 (guidance on cybersecurity for medical devices), to connected medical device, including software.

All projects funded under this topic are strongly encouraged to participate in networking and joint activities, as appropriate. These networking and joint activities could, for example, involve the participation in joint workshops, the exchange of knowledge, the development and adoption of best practices, or joint communication activities. This could also involve networking and joint activities with projects funded under other clusters and pillars of Horizon Europe, or other EU programmes, as appropriate. Therefore, proposals are expected to include a budget for the attendance to regular joint meetings and may consider to cover the costs of any other potential joint activities without the prerequisite to detail concrete joint activities at this stage. The details of these joint activities will be defined during the grant agreement preparation phase. In this regard, the Commission may take on the role of facilitator for networking and exchanges, including with relevant stakeholders, if appropriate.

In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.