# PQC Integration — EU Submission Checklist **Proposal:** €2.8M HORIZON-CL3-2025-CS-ECCC-06 **Submission Deadline:** 2025-12-15, 17:00 CET **Coordinator:** VaultMesh Technologies B.V. **Version:** 1.0 (2025-11-06) --- ## Pre-Submission Checklist (Complete by Dec 11, 5pm CET) ### Part A — Administrative Information (EU Portal) **Section 1.1 — General Information:** - [ ] Proposal acronym: **PQC-Integration** (or similar, max 20 chars) - [ ] Proposal title: **Post-Quantum Cryptography Integration for EU Critical Infrastructure** (max 200 chars) - [ ] Call identifier: **HORIZON-CL3-2025-CS-ECCC-06** (verify on EU portal) - [ ] Topic: **Quantum-Safe Security for Critical Infrastructure** - [ ] Duration: **24 months** - [ ] Estimated eligible costs: **€2,800,000** - [ ] Requested EU contribution: **€2,000,000** (70% for RIA — Research and Innovation Action) **Section 1.2 — Coordinator Information:** - [ ] Legal name: VaultMesh Technologies B.V. - [ ] Country: Ireland - [ ] PIC Code: [9-digit code from EU Participant Register] - [ ] Coordinator contact: Karol Stefanski, guardian@vaultmesh.org - [ ] Phone: [International format] **Section 1.3 — Partner Information (4 partners):** - [ ] **Partner 1:** VaultMesh Technologies B.V. (IE) — PIC: [9 digits] - [ ] **Partner 2:** Masaryk University (Brno, CZ) — PIC: [9 digits] - [ ] **Partner 3:** Cyber Trust SME (GR) — PIC: [9 digits] - [ ] **Partner 4:** Public Digital Services Agency (FR) — PIC: [9 digits] --- ### Part B — Technical Proposal (Main Document) **Section 1 — Excellence (30 points):** - [ ] **1.1 Objectives (3 pages max):** - [ ] Overall objective clearly stated (quantum-safe transition for EU critical infra) - [ ] 5-7 specific objectives listed with measurable outcomes - [ ] Alignment with call topic explicitly shown - [ ] TRL 4→6 progression explained - [ ] Beyond state-of-the-art justified (what's novel?) - [ ] **1.2 Relation to Work Programme (2 pages max):** - [ ] Call topic ECCC-06 addressed point-by-point - [ ] Expected outcomes from call text mapped to deliverables - [ ] Contribution to EU policy (NIS2, DORA, Cybersecurity Act) explained - [ ] Cross-cutting priorities addressed (gender equality, open science, climate if relevant) - [ ] **1.3 Methodology (10 pages max):** - [ ] Technical architecture diagram included (PQC_Architecture_EU_Reviewer.mmd → PNG) - [ ] Work package descriptions (WP1-WP5) with objectives, tasks, deliverables - [ ] TRL validation methodology described (lab → pilot → operational) - [ ] Innovation beyond state-of-the-art justified with references - [ ] Risk management approach outlined (link to Annex B) - [ ] **1.4 Open Science Practices (1 page max):** - [ ] Open access publications (Gold/Green, which journals?) - [ ] Open-source software (Apache 2.0, GitHub repos listed) - [ ] FAIR data principles (data management plan in Annex) - [ ] Open standards contributions (ETSI, IETF, ISO) **Section 2 — Impact (30 points):** - [ ] **2.1 Pathways to Impact (4 pages max):** - [ ] KPI table included (18 KPIs from PQC_KPI_Dashboard.md) - [ ] Societal impact: audit cost reduction (30%), incident response (50% faster) - [ ] Economic impact: €100K+ cost savings per organization, open-source adoption - [ ] Scientific impact: 10+ publications, 5+ standards contributions - [ ] Policy impact: NIS2/DORA compliance, EU digital sovereignty - [ ] Communication & dissemination plan (workshops, conferences, media) - [ ] **2.2 Measures to Maximize Impact (3 pages max):** - [ ] Exploitation strategy: open-source (Apache 2.0), commercial support (optional) - [ ] Dissemination channels: GitHub, conferences (listed), pilot reports - [ ] Target audiences: EU member states, critical infrastructure operators, researchers - [ ] Sustainability plan: post-project community governance, continued development - [ ] **2.3 IPR Management (1 page max):** - [ ] Background IP: VaultMesh existing codebase (Apache 2.0) - [ ] Foreground IP: All project outputs under Apache 2.0 (open-source) - [ ] Access rights: Consortium agreement defines partner rights - [ ] Standards-essential patents: Commitment to FRAND licensing if applicable **Section 3 — Implementation (40 points):** - [ ] **3.1 Work Plan & Resources (15 pages max):** - [ ] Work package table (WP1-WP5 with lead, start/end months, person-months) - [ ] Gantt chart included (PQC_Work_Package_Gantt.mmd → PNG) - [ ] Deliverable list (13 deliverables with months, dissemination level) - [ ] Milestone table (5 major milestones with verification means) - [ ] Effort table (104 person-months distributed across partners) - [ ] **3.2 Management Structure (3 pages max):** - [ ] Organizational chart (coordinator, steering committee, WP leads) - [ ] Decision-making process (steering committee votes, escalation) - [ ] Reporting: monthly internal, quarterly to EU, M12/M24 reviews - [ ] Quality assurance: deliverable peer review, external TRL audit - [ ] Risk management: monthly risk register review (link to Annex B) - [ ] **3.3 Consortium as a Whole (3 pages max):** - [ ] Partner complementarity table (what each brings, why needed) - [ ] Track record: H2020/Horizon Europe projects, publications, industry experience - [ ] Gender balance: target 40% female participation (if achievable) - [ ] Geographic distribution: 4 countries (IE, CZ, GR, FR) → good EU spread - [ ] **3.4 Other Aspects (2 pages max):** - [ ] Ethics: no human subjects, but GDPR compliance for pilot data - [ ] Security: security-by-design approach, external audits planned - [ ] Gender & diversity: gender equality plan reference (if required) - [ ] Environment: no significant environmental impact expected **Section 4 — References (no page limit):** - [ ] 30-50 key references cited in methodology section - [ ] NIST PQC standardization documents (FIPS 203, 204, 205) - [ ] NIS2, DORA, Cybersecurity Act legal texts - [ ] State-of-the-art PQC research papers (last 5 years) --- ### Part B Annexes (Separate PDF Files) - [ ] **Annex A:** PROOF_CHAIN.md (Cryptographic Proof-of-Governance) — 5 pages - [ ] **Annex B:** PQC_Risk_Register.md — 8 pages - [ ] **Annex C:** Data Management Plan (DMP) — 3 pages - [ ] **Annex D:** Partner CVs (2-page EU format, 2-3 key personnel per partner) — 10-12 pages - [ ] **Annex E:** Letters of Commitment (from pilot sites if not full partners) — 2-3 pages - [ ] **Annex F:** Gender Equality Plan (if required by call) — 2 pages --- ### Administrative Documents (Per Partner) **Partner 1 — VaultMesh Technologies B.V. (IE):** - [ ] Legal Entity Form (signed by authorized representative) - [ ] Financial Capacity Statement (last 2-3 years audited accounts) - [ ] 2-page CVs for 3 key personnel (EU format) - [ ] PIC Code registration confirmed on EU portal **Partner 2 — Masaryk University (Brno, CZ):** - [ ] Legal Entity Form - [ ] Financial Capacity Statement - [ ] 2-page CVs for 3 key personnel - [ ] PIC Code confirmed **Partner 3 — Cyber Trust SME (GR):** - [ ] Legal Entity Form - [ ] Financial Capacity Statement - [ ] 2-page CVs for 3 key personnel - [ ] PIC Code confirmed **Partner 4 — Public Digital Services Agency (FR):** - [ ] Legal Entity Form - [ ] Financial Capacity Statement - [ ] 2-page CVs for 2 key personnel - [ ] PIC Code confirmed --- ### Consortium Agreement - [ ] Draft consortium agreement circulated (by Nov 25) - [ ] Legal review by all 4 partners (by Dec 5) - [ ] Signed by all partners (by Dec 8) - [ ] Uploaded to EU portal (consortium section) **Key clauses to verify:** - IP rights: foreground IP under Apache 2.0 - Budget allocation: 70.4% VaultMesh, 10% Brno, 12.5% Cyber Trust, 7.1% France - Dispute resolution: steering committee vote, arbitration if needed - Partner exit: replacement procedure, budget reallocation --- ### EU Portal Mandatory Fields **Proposal Summary (for Public Database):** - [ ] 2,000 character summary (plain English, no jargon) - [ ] Keywords: post-quantum cryptography, critical infrastructure, NIS2, DORA, quantum-safe **Ethical Issues:** - [ ] No human subjects → "Does not involve human subjects" checkbox - [ ] GDPR compliance → "Data protection measures in place" checkbox - [ ] No animal experiments → "Does not involve animals" checkbox **Gender & Cross-Cutting Issues:** - [ ] Gender equality plan referenced (or "Not applicable") - [ ] Climate change relevance: "No significant impact" - [ ] Open science: "Yes, all outputs open-source under Apache 2.0" **Budget Summary Table:** - [ ] Total eligible costs: €2,800,000 - [ ] Requested EU contribution: €2,000,000 (70%) - [ ] Breakdown per partner (4 rows, all fields filled) --- ### File Format & Size Requirements **Part B Main Document:** - [ ] File format: PDF/A (archival format) - [ ] File size: <10 MB - [ ] Font: Arial 11pt minimum, single-spaced - [ ] Margins: 2cm all sides - [ ] Page numbers: bottom center - [ ] Total pages: ≤50 pages (excluding annexes) **Part B Annexes:** - [ ] Each annex: separate PDF file - [ ] File size: each <5 MB - [ ] File naming: Annex_A_ProofChain.pdf, Annex_B_RiskRegister.pdf, etc. **Administrative Documents:** - [ ] Scanned signatures: high-resolution (300 DPI) - [ ] File format: PDF - [ ] Total size all docs: <20 MB --- ### Final Checks (Dec 11-14) **Dec 11 (5pm CET) — Proposal Freeze:** - [ ] All partners approve final version (email confirmations) - [ ] No further edits after this point (version control locked) - [ ] PROOF_CHAIN.md updated with new Merkle root (if any files changed) **Dec 12 — Portal Upload (Day 1):** - [ ] Create proposal on EU Funding & Tenders Portal - [ ] Fill Part A (administrative info) — 30 min - [ ] Upload Part B main document — 10 min - [ ] Upload Part B annexes (6 files) — 15 min - [ ] Upload administrative documents (per partner) — 30 min - [ ] Verify all mandatory fields filled — 30 min **Dec 13 — Validation & Corrections (Day 2):** - [ ] EU portal validation runs (checks file sizes, mandatory fields) - [ ] Fix any validation errors (red flags) - [ ] Re-upload corrected files if needed - [ ] Ask partners to review their sections in portal **Dec 14 — Final Review (Day 3):** - [ ] Coordinator reviews entire proposal in portal - [ ] Check budget table sums to 100% - [ ] Check all partner PICs are correct - [ ] Check all file uploads are readable - [ ] Run spell check on Part B (UK English) **Dec 15 (before 5pm CET) — SUBMIT:** - [ ] Click "Submit Proposal" button - [ ] Confirm submission (irreversible after this) - [ ] Download submission receipt (PDF) - [ ] Email receipt to all partners within 1 hour - [ ] Celebrate 🎉 --- ### Post-Submission (Dec 16+) **Immediate:** - [ ] Consortium debrief call (within 3 days) - [ ] Document lessons learned (for Digital Twins submission in Jan) - [ ] Archive proposal version (GitHub tag: pqc-submission-2025-12-15) - [ ] Update PROOF_CHAIN.md with submission timestamp **Within 1 Month:** - [ ] Prepare for potential clarification requests from EU (rare but possible) - [ ] Start preparing Digital Twins proposal (deadline: Jan 20) - [ ] Apply PQC lessons to Digital Twins process **Within 6 Months (EU Decision):** - [ ] EU funding decision typically announced 4-6 months post-submission - [ ] Expected: May-July 2026 - [ ] If successful: Grant agreement preparation (2-3 months) - [ ] Project kickoff: Likely Sep-Oct 2026 --- ## Sanity Checks (Run Before Submission) ### Budget Sanity Check ```bash # Verify from consortium-tracker.csv: VaultMesh: €1,970,000 (70.4%) Univ Brno: €280,000 (10.0%) Cyber Trust: €350,000 (12.5%) France Public: €200,000 (7.1%) TOTAL: €2,800,000 (100.0%) # Check: Total = €2.8M ✓ # Check: Sum of percentages = 100% ✓ # Check: No partner >30% (coordinator exception) ✓ ``` ### Person-Month Sanity Check ```bash # Total: 104 person-months over 24 months # Average: 4.3 FTE across 4 partners # Check: Realistic? Yes (VaultMesh: 2 FTE, others: ~1 FTE each) VaultMesh: 44 PM (1.8 FTE avg over 24 months) Univ Brno: 24 PM (1.0 FTE) Cyber Trust: 30 PM (1.25 FTE) France Public: 18 PM (0.75 FTE) ``` ### Deliverable Sanity Check ```bash # 13 deliverables over 24 months = 1 every ~2 months # Check: Reasonable cadence? Yes # Early deliverables (M3-M8): 3 (requirements, architecture, initial implementations) # Mid deliverables (M10-M18): 7 (core development, testbed, pilots prep) # Late deliverables (M20-M24): 3 (pilot reports, standards, final assessment) ``` --- ## Emergency Contacts **EU Portal Technical Support:** - Email: EC-FNT-SUPPORT@ec.europa.eu - Phone: +32 2 29 93333 (Belgium) - Hours: Mon-Fri 09:00-17:00 CET **Coordinator:** - Karol Stefanski: guardian@vaultmesh.org - [Signal/phone for urgent issues] **Partner Escalation (if unreachable):** - Univ Brno: [backup contact] - Cyber Trust: [backup contact] - France Public: [backup contact] --- ## Success Criteria **Submission is successful if:** - ✅ Submitted before Dec 15, 17:00 CET (hard deadline) - ✅ No EU portal validation errors (all mandatory fields filled) - ✅ All 4 partners confirmed their sections - ✅ Budget adds to exactly 100% - ✅ Consortium agreement signed by all partners - ✅ Part B ≤50 pages (excluding annexes) - ✅ PROOF_CHAIN.md included as Annex A (unique differentiator) **Post-submission success:** - 🎯 EU evaluation score ≥12/15 points (threshold for funding) - 🎯 Estimated probability: 60-70% (with cryptographic governance differentiator) - 🎯 If funded: €2M EU contribution over 24 months, project starts Sep 2026 --- **Document Control:** - Version: 1.0-SUBMISSION-CHECKLIST - Date: 2025-11-06 - Owner: VaultMesh Technologies B.V. (Coordinator) - Classification: Consortium Internal (Critical Reference Document) - Related: PQC_Work_Package_Gantt.mmd, PQC_Risk_Register.md, PQC_KPI_Dashboard.md