A new contract for SOC tool maintenance in environmental institutions shows how public bodies are gearing up for stricter cybersecurity regulation.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
Lithuania's Ministry of Environment is procuring security operations centre (SOC) systems maintenance services to strengthen cyber defences across its subordinate institutions. By focusing on configuration, maintenance and security analytics for tools recommended by the National Cyber Security Center, the contract shows how environmental authorities are gearing up for stricter European cybersecurity rules, including the NIS 2 Directive.
On 24th November 2025, the Lietuvos Respublikos aplinkos ministerija published a contract notice for SOC systems maintenance services. The ministry is seeking a service provider to configure and maintain its SOC tools and to deliver security analytics for multiple institutions under its authority.
The notice is concise but clear on the core tasks. The contractor will be responsible for:
Crucially, the work will focus on implementing systems recommended by the National Cyber Security Center. That requirement points to a coordinated national approach, where key public bodies adopt a common set of tools and standards rather than each institution pursuing its own solution. For suppliers, it means any proposed services must align closely with this national reference architecture.
By centralising configuration, maintenance and analytics for several environmental institutions, the ministry is also signalling that SOC capabilities are no longer a niche IT function. Instead, they are becoming shared infrastructure that underpins regulatory work, environmental monitoring and service delivery.
The Lithuanian move sits within a wider wave of SOC-related procurements across Europe as public bodies adapt to tighter cyber requirements.
In June 2025, French social housing provider Deux-Sèvres Habitat launched a contract for IT System Management and SOC Services. That consultation combines a staff support hotline, equipment renewal and infrastructure maintenance with SOC services for early detection of information system compromises. The message is that security operations are being integrated into day-to-day IT management rather than treated as an afterthought.
The same month, Munich's urban renewal company MGS Münchner Gesellschaft für Stadterneuerung mbH issued a notice for a Managed Security Operations Center. That project involves establishing and operating a fully functional SOC with continuous monitoring, incident response services and integration into the existing IT landscape. It goes beyond tools to demand a complete operational model.
Local government and utilities are also heavily represented. In June 2025, the City of Lieto in Finland sought SIEM and SOC Services with 24/7 monitoring and log management for both the municipality and its water utility, Lieto Vesi. Shortly afterwards, in June 2025, Finnish ICT provider LapIT Oy went to market for SIEM and SOC services as part of a comprehensive package for its municipal and welfare area clients, with options for delivery from either the supplier's cloud or LapIT's own data centre.
Environmental and regulatory agencies show a similar trajectory. In August 2025, Austria's Umweltbundesamt GmbH published a call for Cyber Security and SOC Services to support operation of its SOC and to configure and tune an existing SIEM system. That notice, like the Lithuanian one, focuses on strengthening and optimising established capabilities rather than building them from scratch.
Other sectors are using SOC services to protect particularly sensitive operations. In October 2025, the Oncology Centre in Lublin in Poland launched a tender for data security improvement for medical systems, including establishment of a SOC service alongside upgraded protection for workstations and servers. And in November 2025, the Kantonspolizei Bern in Switzerland sought Security Operations Center support to enhance endpoint detection and response, incident response, vulnerability management and SIEM, with new solutions integrated by external partners.
Financial and energy infrastructure are also moving towards outsourced SOC models. In July 2025, Croatia's financial services supervisory agency turned to the market for an external Security Operations Center service, specifying managed proactive monitoring available 24/7 throughout the year. Then in October 2025, Greece's electricity transmission system operator issued a tender for Cybersecurity Operations Center Services, including SOC-as-a-Service for both IT and operational technology environments, AI-driven extended detection and response, threat intelligence, incident response support and specialised training.
Across these examples, a common pattern emerges: public bodies are not only installing SOC tools, they are contracting for the people, processes and continuous monitoring needed to use them effectively.
This flurry of SOC-related procurement is closely linked to the European Union's NIS 2 Directive and related national measures. The updated rules raise expectations on public bodies and critical service operators to manage cyber risk, detect incidents quickly and coordinate responses.
Two themes stand out from the recent notices. First, national and regional authorities are setting up central structures to support many institutions at once. In June 2025, the Vlaamse Landmaatschappij signalled its intention to establish a framework for monitoring system and SOC services, including 24/7 monitoring and incident response collaboration with its IT team. In November 2025, the Service public de Wallonie announced plans for cybersecurity incident response services built around a structure for prevention, detection, management and coordination of incidents affecting its IT services, with SOC functions and coordination with other operators.
The Lithuanian Ministry of Environment's requirement to use systems recommended by the National Cyber Security Center fits this pattern of central guidance. Rather than each agency selecting its own tools, national experts define a preferred stack, and line ministries procure services to implement and operate those tools in their own domains.
Second, many procurements explicitly combine technology with skills development. Several health and municipal projects, such as the Polish tenders for SOC services at the Oncology Centre in Lublin and at the provincial hospital in Toruń, include training for staff alongside deployment and maintenance. Elsewhere, the University of Gdańsk's contract for a Security Operations Center service aims to improve overall resilience against cyberattacks, not only by deploying tools but by embedding new capabilities within the institution.
As environmental bodies take on more digital roles, from data collection to permitting and oversight, they are subject to the same expectations. The Ministry of Environment's SOC maintenance contract suggests that environmental governance is now seen as part of the wider critical digital fabric that must be protected to a common standard.
The Lithuanian notice does not detail every technical requirement, but its emphasis on SOC tool configuration, maintenance and analytics, aligned with the National Cyber Security Center, marks an important step. It indicates that environmental institutions are moving from ad hoc defences towards a more systematic, centrally guided security posture.
Over the coming months, further tenders will show how this approach develops, both in Lithuania and across Europe. Observers will be watching whether more ministries and agencies adopt shared SOC platforms, whether 24/7 monitoring becomes the norm, and how national cyber authorities continue to shape the tools and services that public bodies bring in to meet evolving regulatory demands.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.