The lack of dedicated cybersecurity resources can lead to serious financial and reputational damage for European SMEs. That’s why OSCRAT (Open-Source Cyber Resilience Act Tools) was created—an initiative funded by the European Union’s Digital Europe program, aimed at:
- Enhancing the EU’s competitiveness in the global economy;
- Bridging the digital divide among Member States;
- Boosting the Union’s ability to act in critical areas of digital technology.
The program also provides strategic grants for the following key sectors:
- cybersecurity;
- supercomputing;
- artificial intelligence (AI);
- advanced digital skills.
Table of contents
What is OSCRAT
The OSCRAT project aims to strengthen the cybersecurity of European SMEs. How? By focusing on key EU policies such as the Digital Single Market strategy, the Radio Equipment Directive (RED), the AI Act, NIS2 and the European Green Deal.
The project seeks to create a free, open-source tool to help businesses assess their cybersecurity systems and ensure compliance with the Cyber Resilience Act (CRA), which is designed to uphold quality standards in cybersecurity across Europe.
5 goals
OSCRAT has 5 core goals:
1. Strengthen the cyber resilience of SMEs
OSCRAT provides open-source resources and tools to help European SMEs effectively manage cybersecurity threats.
2. Support CRA compliance
OSCRAT helps SMEs comply with the CRA by automating procedures for generating the required documentation.
3. Promote cross-border collaboration
OSCRAT fosters cooperation and knowledge sharing between SMEs, cybersecurity experts and EU institutions, assessing engagement through participation in project workshops and events.
4. Contribute to environmental sustainability
OSCRAT aims to support the EU’s environmental sustainability goals by aligning with the European Green Deal guidelines.
5. Align with EU policies
All OSCRAT activities are designed to remain consistent with European cybersecurity policy frameworks.
What will the OSCRAT tool do?
The tool will enhance SME cybersecurity resilience across Europe. Specifically, it will enable businesses to:
1. Generate control checklists
The tool will identify key categories of digital products and generate tailored control checklists.
2. Manage SBOM manifests
OSCRAT will analyze Software Bill of Materials (SBOM) manifests and project description files, producing detailed reports compliant with SPDX and CycloneDX standards.
3. Provide SMEs with a strategic approach
The OSCRAT tool will give SMEs a strategic framework for managing vulnerabilities, aligned with ISO/IEC standards.
4. Handle incidents
If incidents are deemed serious, OSCRAT will notify key European cybersecurity entities such as ENISA and CSIRTs.
5. Centralize documentation
OSCRAT will establish a centralized archive to facilitate access to key cybersecurity documentation.

Who is part of the consortium?
The project is managed by a consortium of experts from various European countries:
PMF Research (Italy)
A research and development centre based in Catania, active in the field of information and communication technologies (ICT) since 2003. Its main areas of research include:
- augmented reality (AR);
- virtual reality (VR);
- artificial intelligence (AI);
- internet of things (IoT);
- blockchain;
- big data.
The company collaborates with other research institutions and the Italian public administration (PA), participating in numerous national and European projects.
Oves Enterprise (Romania)
Based in Cluj-Napoca, Romania, Oves Enterprise is a global software engineering company with expertise in cybersecurity, fintech and outsourcing services. With over nine years of experience, it has trained and recruited top talent in these sectors.
ENERSEC (Romania)
ENERSEC is a Romanian SME specializing in technical consulting and cybersecurity governance, active since 2013. Since 2016, it has collaborated with the Romanian national cybersecurity incident response center (CERT-RO/DNSC).
EDIH Trakia (Bulgaria)
The EDIH Trakia consortium brings together universities, SMEs, public administrations and industry associations to help bridge the digital gap in Bulgaria. It is a partner of the Enterprise Europe Network (EEN) and the European Cybersecurity Corridor.
EMAG (Poland)
EMAG, with over 7,000 employees and 22 research institutes across 12 cities in Poland, is part of the Łukasiewicz research network. It specializes in applied computer science, information technologies, and cybersecurity, with a strong focus on Industry 4.0.
Unicis (Estonia)
Unicis is a start-up focused on simplifying and managing privacy and risk by replacing manual procedures with streamlined compliance processes.
OSCRAT and the work packages
The OSCRAT project is structured into 5 main phases (work packages), each led by a consortium partner:
1. Project management (WP1), PMF Research
The research and development center PMF Research (a JO Group company) will ensure that the project objectives are achieved within the allocated budget and timeline. It will be responsible for all activities related to overall project management and coordination, including project meetings, financial management and communication tools.
2. Requirements analysis (WP2), EMAG
EMAG will collect and analyze the needs of stakeholders and European SMEs in order to define the scope, functionalities and CRA compliance of the tool.
3. Software design and development (WP3), Oves Enterprise
Based on the outcomes of WP2, Oves Enterprise will develop user-friendly software that aligns with CRA standards and the specific needs of SMEs.
4. Stakeholder engagement (WP4), EDIH Trakia
EDIH Trakia will organize workshops, webinars and an international event to improve the tool through feedback and real-life use cases.
5. Dissemination and impact (WP5), PMF Research
PMF Research will design a digital marketing and communication strategy to ensure the project’s visibility, raise awareness about CRA topics, and promote the adoption of the tool beyond the duration of OSCRAT.
This roadmap ensures a participatory development process, focused on the needs of European SMEs and aligned with the EU’s cybersecurity policy goals.
Looking for partners for similar projects? Get in touch
Cybersecurity is no longer optional and OSCRAT is a unique initiative aimed at strengthening the cyber resilience of European SMEs.
If you want to learn more about OSCRAT or are looking for partners for similar projects, feel free to contact us:
- Phone: +390957225331
- Email: click or tap the image to fill out the contact form
- WhatsApp: wa.me/390950935481