OSCRAT cybersecurity

OSCRAT: EU project to strengthen SME cybersecurity and support compliance with the Cyber Resilience Act

Follow us on LinkedIn:

Share this post on:

The lack of dedicated cybersecurity resources can lead to serious financial and reputational damage for European SMEs. That’s why OSCRAT (Open-Source Cyber Resilience Act Tools) was created—an initiative funded by the European Union’s Digital Europe program, aimed at:

  • Enhancing the EU’s competitiveness in the global economy;
  • Bridging the digital divide among Member States;
  • Boosting the Union’s ability to act in critical areas of digital technology.

The program also provides strategic grants for the following key sectors:

  • cybersecurity;
  • supercomputing;
  • artificial intelligence (AI);
  • advanced digital skills.

Table of contents

  1. What is OSCRAT
  2. 5 goals
    1. 1. Strengthen the cyber resilience of SMEs
    2. 2. Support CRA compliance
    3. 3. Promote cross-border collaboration
    4. 4. Contribute to environmental sustainability
    5. 5. Align with EU policies
  3. What will the OSCRAT tool do?
    1. 1. Generate control checklists
    2. 2. Manage SBOM manifests
    3. 3. Provide SMEs with a strategic approach
    4. 4. Handle incidents
    5. 5. Centralize documentation
  4. Who is part of the consortium?
    1. PMF Research (Italy)
    2. Oves Enterprise (Romania)
    3. ENERSEC (Romania)
    4. EDIH Trakia (Bulgaria)
    5. EMAG (Poland)
    6. Unicis (Estonia)
  5. OSCRAT and the work packages
    1. 1. Project management (WP1), PMF Research
    2. 2. Requirements analysis (WP2), EMAG
    3. 3. Software design and development (WP3), Oves Enterprise
    4. 4. Stakeholder engagement (WP4), EDIH Trakia
    5. 5. Dissemination and impact (WP5), PMF Research
  6. Looking for partners for similar projects? Get in touch

What is OSCRAT

The OSCRAT project aims to strengthen the cybersecurity of European SMEs. How? By focusing on key EU policies such as the Digital Single Market strategy, the Radio Equipment Directive (RED), the AI Act, NIS2 and the European Green Deal.

The project seeks to create a free, open-source tool to help businesses assess their cybersecurity systems and ensure compliance with the Cyber Resilience Act (CRA), which is designed to uphold quality standards in cybersecurity across Europe.

5 goals

OSCRAT has 5 core goals:

1. Strengthen the cyber resilience of SMEs

OSCRAT provides open-source resources and tools to help European SMEs effectively manage cybersecurity threats.

2. Support CRA compliance

OSCRAT helps SMEs comply with the CRA by automating procedures for generating the required documentation.

3. Promote cross-border collaboration

OSCRAT fosters cooperation and knowledge sharing between SMEs, cybersecurity experts and EU institutions, assessing engagement through participation in project workshops and events.

4. Contribute to environmental sustainability

OSCRAT aims to support the EU’s environmental sustainability goals by aligning with the European Green Deal guidelines.

5. Align with EU policies

All OSCRAT activities are designed to remain consistent with European cybersecurity policy frameworks.

What will the OSCRAT tool do?

The tool will enhance SME cybersecurity resilience across Europe. Specifically, it will enable businesses to:

1. Generate control checklists

The tool will identify key categories of digital products and generate tailored control checklists.

2. Manage SBOM manifests

OSCRAT will analyze Software Bill of Materials (SBOM) manifests and project description files, producing detailed reports compliant with SPDX and CycloneDX standards.

3. Provide SMEs with a strategic approach

The OSCRAT tool will give SMEs a strategic framework for managing vulnerabilities, aligned with ISO/IEC standards.

4. Handle incidents

If incidents are deemed serious, OSCRAT will notify key European cybersecurity entities such as ENISA and CSIRTs.

5. Centralize documentation

OSCRAT will establish a centralized archive to facilitate access to key cybersecurity documentation.

OSCRAT consortium

Who is part of the consortium?

The project is managed by a consortium of experts from various European countries:

PMF Research (Italy)

A research and development centre based in Catania, active in the field of information and communication technologies (ICT) since 2003. Its main areas of research include:

  • augmented reality (AR);
  • virtual reality (VR);
  • artificial intelligence (AI);
  • internet of things (IoT);
  • blockchain;
  • big data.

The company collaborates with other research institutions and the Italian public administration (PA), participating in numerous national and European projects.

Oves Enterprise (Romania)

Based in Cluj-Napoca, Romania, Oves Enterprise is a global software engineering company with expertise in cybersecurity, fintech and outsourcing services. With over nine years of experience, it has trained and recruited top talent in these sectors.

ENERSEC (Romania)

ENERSEC is a Romanian SME specializing in technical consulting and cybersecurity governance, active since 2013. Since 2016, it has collaborated with the Romanian national cybersecurity incident response center (CERT-RO/DNSC).

EDIH Trakia (Bulgaria)

The EDIH Trakia consortium brings together universities, SMEs, public administrations and industry associations to help bridge the digital gap in Bulgaria. It is a partner of the Enterprise Europe Network (EEN) and the European Cybersecurity Corridor.

EMAG (Poland)

EMAG, with over 7,000 employees and 22 research institutes across 12 cities in Poland, is part of the Łukasiewicz research network. It specializes in applied computer science, information technologies, and cybersecurity, with a strong focus on Industry 4.0.

Unicis (Estonia)

Unicis is a start-up focused on simplifying and managing privacy and risk by replacing manual procedures with streamlined compliance processes.

OSCRAT and the work packages

The OSCRAT project is structured into 5 main phases (work packages), each led by a consortium partner:

1. Project management (WP1), PMF Research

The research and development center PMF Research (a JO Group company) will ensure that the project objectives are achieved within the allocated budget and timeline. It will be responsible for all activities related to overall project management and coordination, including project meetings, financial management and communication tools.

2. Requirements analysis (WP2), EMAG

EMAG will collect and analyze the needs of stakeholders and European SMEs in order to define the scope, functionalities and CRA compliance of the tool.

3. Software design and development (WP3), Oves Enterprise

Based on the outcomes of WP2, Oves Enterprise will develop user-friendly software that aligns with CRA standards and the specific needs of SMEs.

4. Stakeholder engagement (WP4), EDIH Trakia

EDIH Trakia will organize workshops, webinars and an international event to improve the tool through feedback and real-life use cases.

5. Dissemination and impact (WP5), PMF Research

PMF Research will design a digital marketing and communication strategy to ensure the project’s visibility, raise awareness about CRA topics, and promote the adoption of the tool beyond the duration of OSCRAT.

This roadmap ensures a participatory development process, focused on the needs of European SMEs and aligned with the EU’s cybersecurity policy goals.

JO Group contacts

Looking for partners for similar projects? Get in touch

Cybersecurity is no longer optional and OSCRAT is a unique initiative aimed at strengthening the cyber resilience of European SMEs.

If you want to learn more about OSCRAT or are looking for partners for similar projects, feel free to contact us:

  • Phone: +390957225331
  • Email: click or tap the image to fill out the contact form
  • WhatsApp: wa.me/390950935481

If you are interested in the issues dealt with by the JO Group, fill out the form and get in touch with us

Recent news

© JO Group 1998-2025 – All rights reserved – Designed by Moka Adv
Trustpilot