Front Page: NCSC-FI
Front Page: NCSC-FI

Apply for support for the development of information security

Support for the development of information security, i.e. the information security voucher, can only be granted to businesses in sectors critical to the functioning of society registered in Finland for measures to improve information security in Finland. You can apply for the support as of 1 December 2022. The support may only be granted for costs that have been generated after the application was submitted and by 31 December 2024 at the latest.

Do as follows


Learn more about eligibility criteria

Support can be granted, if the following prerequisites are met:

  • The company is registered in Finland.
  • The business is critical in terms of the functioning of society and operates in a sector critical to the functioning of society (food supply, energy supply, financial sector, waste management, chemical industries, logistics, media industry, forest industry, plastics and rubber industry, construction industry, healthcare and social welfare services (incl. pharmaceutical service), military security of supply, technology industry, information society or water management).
  • The measure aimed at developing the company’s information security is directed at the company’s operations in Finland.
  • The company has been operational in the financial period that ended in 2021.
  • The company has not applied for or been granted support for the development of information security previously.
  • The company has the prerequisites for profitable business.
  • The company has no tax debt or the company has a payment plan for the outstanding taxes approved by the Tax Administration.

Other prerequisites

  • A company may be granted either one voucher of up to EUR 15,000 or one voucher of up to EUR 100,000, not both or several vouchers of up to EUR 15,000 or up to EUR 100,000.
  • Support of up to EUR 15,000 can only be granted to companies with fewer than 250 employees and an annual turnover of up to EUR 50 million or a balance sheet total of up to EUR 43 million. The company must also be independent.
  • Support of up to EUR 15,000 can be obtained for the inspection and assessment of information systems, procurement aimed at improving information security, training of personnel or skills development or any other corresponding measure that develops the information security of enterprise.
  • Support of up to EUR 100,000 can be obtained for an attack prevention test, a test of the readiness level of the main electronic services or a direct measure that improves information security as a result.
  • Support for developing information security is a so-called de minimis form of support, and according to the EU regulation, a company may be granted up to EUR 200,000 of de minimis support during the current and two previous tax years. Any support granted to Finnish companies within the same group or under the same authority are added together.
  • The state budget has appropriations for the payment of the support.
  • The prerequisites for granting support specified in the Government decree on supporting the development of information security (860/2022) and Act on Discretionary Government Transfers (688/2001) are met.

Apply for support with Traficom

Before filling in the application form, you will be asked a series of preliminary questions. After answering them, you will be asked to verify your identity, after which you may fill in the application. The application system requires the use of strong electronic identification means (online bankin details, mobile certificate, or personal or organisation certificate).

When applying for support on behalf of a company, you must be included in the Trade Register as a person authorised to represent the company or you must have a mandate ('Applying for information security development support') to apply for the support on behalf of the company.

After you have submitted your application, Traficom shall reserve funds from the funds allocated to support for the development of information security according to your application. Traficom may always ask for further information to verify matters related to the support application.

Apply for support for the development of information security


Processing, granting and payment of the support

Support applications are processed in the order of arrival. Traficom will contact the contact person specified on the application, if the information provided on the application needs to be clarified or supplemented.

After processing the application, Traficom will issue an administrative decision on whether the application has been approved or rejected. The decision will be provided to the company that applied for the support.

Companies may allocate funds from the information security development support directly after submitting the application, but companies must cover any costs themselves, if their application is rejected or the costs of their measures exceed the support sum granted by the decision.


Making purchases related to measures aimed at the development of information security

When making purchases related to measures aimed at the development of information security, the company receiving the support must comply with the Act on Public Procurement and Concession Contracts (1397/2016). The Act is applied to companies receiving support for the development of information security, if the support applied and granted for exceeds 50% of the value of the procurement and the procurement involves goods, services, public works contracts or concession contracts. As a rule, support for the development of information security is only granted for procurement that involves goods, services or concession contracts. The Act imposes the obligation to subject any procurement whose total value equals or exceeds EUR 60,000, exclusive of VAT, to competitive bidding.


What happens after the measures aimed at the development of information security?

Support recipients must provide the Finnish Transport and Communications Agency with a report on how the support was used and how the measures affected the company’s information security no later than six months after the costs covered by the support arose. More detailed instructions on submitting the report will be published on this website.