Horizon Europe Cluster 3: From Reactive Policing to Anticipatory Security

1. The Asymmetric Threat Reality: Why Traditional Security Models Are Failing European Citizens

The threat landscape confronting European citizens has fundamentally transformed since Horizon Europe’s inception in 2021. Traditional security models—built on retrospective investigation, static risk assessments, and siloed intelligence sharing—are increasingly inadequate. Consider the data: according to Europol’s 2025 Serious and Organised Crime Threat Assessment (SOCTA), 76% of criminal networks now use encrypted communication platforms that evade conventional interception. Cyber-enabled fraud has surpassed traditional property crime as the most reported offense in 19 EU Member States. Terrorist recruitment has shifted to ephemeral social media content that disappears before moderation systems react.

Yet the most concerning trend is not technological—it is demographic and psychological. The 2026 EU Radicalisation Awareness Network (RAN) report documents a 34% increase in lone-actor extremist plots since 2023, with perpetrators increasingly drawn from populations with no prior criminal history or known extremist associations. These individuals are invisible to traditional threat scoring algorithms because they lack the digital footprints that legacy systems are trained to detect.

Horizon Europe Cluster 3 – Civil Security for Society directly addresses this failure mode. Its 2026–2027 work programme allocates €385 million to research and innovation actions. But unlike previous security research frameworks, Cluster 3 mandates a civil-centric, fundamental-rights-compliant approach. You cannot propose mass surveillance or predictive policing based on protected characteristics.

This creates a paradox that is also an opportunity: how do you detect threats earlier without violating the very rights you are trying to protect? The answer lies in behavioural indicator research, decentralised threat intelligence architectures, and community-anchored intervention protocols.

2. Understanding Cluster 3’s Unique Funding Architecture

Security research is politically sensitive, and the European Commission has layered multiple oversight mechanisms to ensure fundamental rights compliance.

Feature 1: Destination-Based Funding with Mandatory Ethics-by-Design Every proposal must include an Ethics-by-Design and Fundamental Rights Compliance Work Package, led by a dedicated ethics advisor who is independent of the technical work packages. The 2025 evaluation found that submissions scoring below 3/5 on the ethics criterion were automatically ineligible for funding, regardless of technical excellence.

Feature 2: The “Security Continuum” Requirement Cluster 3 rejects the artificial separation between crime prevention, terrorism detection, and radicalisation countermeasures. Criminal networks and terrorist cells increasingly share tactics (encryption, cryptocurrency laundering, social media recruitment). Your proposal must address crime and terrorism simultaneously, or explicitly justify why focusing on only one does not create spillover vulnerabilities.

Feature 3: The Two-Stage Submission Process (2026 Only) Cluster 3 introduces a mandatory two-stage submission for RIA and IA topics. Stage 1 (15 pages) serves as a filter. Stage 2 (70 pages) requires total comprehensive plans. This heavily favors proposals with clear, falsifiable hypotheses and pre-negotiated consortia.

3. Mini Case Study: The TRACE-R Pilot (Netherlands-Belgium-Germany, 2023-2025)

How a decentralised, privacy-preserving threat intelligence network detected 14 previously unknown extremist networks

Between 2023 and 2025, a consortium piloted TRACE-R (Threat Recognition Across Community Environments – Regional). Its core innovation was decentralised graph analysis without centralised data storage.

The technical architecture:

• Each participating municipality ran a local instance of an open-source graph database on their own servers.
• No raw data (names, addresses, ID numbers) ever left the municipality’s secure environment.
• Instead, homomorphically encrypted feature vectors were shared via a federated learning protocol.
• The system only alerted human analysts when behavioural vectors across multiple municipalities exceeded a similarity threshold.

Results after 24 months:

• Identified 14 networks exhibiting coordinated suspicious behaviours.
• False positive rate: 2.1% (compared to 18.7% for the legacy centralised system).
• Privacy impact assessment: The Dutch DPA concluded TRACE-R did not violate GDPR Article 22 because humans made the final determinations.

4. Designing Fundamental-Rights-Compliant Threat Detection: The Four-Layer Safeguard Model

Most security researchers approach ethics as a constraint. Successful proposals treat it as a design driver. We have reverse-engineered a four-layer safeguard model:

• Layer 1: Data Minimisation by Technical Architecture: Use ephemeral data structures, zero-knowledge proofs, and differential privacy.
• Layer 2: Human-in-the-Loop for All High-Risk Decisions: Strictly map which decisions require human review and the training of human reviewers.
• Layer 3: Independent Ethics Advisory Board with Veto Power: Include a data protection expert and civil liberties representatives, giving them real authority to halt work.
• Layer 4: Pre-Approved Data Access Protocols: Real-time logging and strict legal access agreements.

5. Exploratory Statement for Cluster 3 Security Proposals: The Controlled Failure Framework

Security research is uniquely difficult to evaluate because successful threat detection often means nothing happened. The exploratory statement must define what counts as a useful failure.

“We hypothesise that a decentralised, privacy-preserving threat intelligence architecture, operating under the four-layer safeguard model, will detect [specific threat type, e.g., lone-actor radicalisation signals] with a false positive rate below [X%] and a false negative rate below [Y%] when tested on [specific historical dataset or live pilot environment]. We define success not only as detection of actual threats but also as the production of: (a) a validated false positive taxonomy to train human reviewers; (b) a cost-benefit analysis of privacy preservation mechanisms; and (c) a legal opinion on the transferability of our data minimisation architecture. If our false positive rate exceeds [X% + tolerance], we will publicly release the failure analysis..."

6. Consortium Composition

Cluster 3 mandates specific consortium compositions by topic. Mandatory roles include an LEA end-user as a full partner, a Data Protection Authority (DPA), a technical research partner, a civil society organisation with expertise in fundamental rights, and an independent ethics advisor.

Navigating Cluster 3’s two-stage submission, mandatory ethics-by-design requirements, and complex consortium rules is exceptionally challenging. Intelligent-Ps Research & Writing Solutions offers end-to-end proposal development for Horizon Europe Cluster 3, from consortium brokering to drafting legally-vetted data access protocols.

---

Strategic Verification for 2026

This analysis has been cross-referenced with the Intelligent PS Strategic Framework. It is intended for organizations seeking high-performance bid assistance. For technical inquiries or partnership opportunities, visit Intelligent PS Corporate.