Network operator launches tender for cybersecurity services
Tender seeks a provider to deliver SOC and incident response services, underlining how new cyber security rules are reshaping contracts in critical sectors.
Tender seeks a provider to deliver SOC and incident response services, underlining how new cyber security rules are reshaping contracts in critical sectors.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
On 18th February 2026, Gasgrid Finland Oy published a contract notice for information security and cybersecurity services that bundles Security Operations Centre (SOC) work with C-SIRT and CST support, to be run from within Finland and delivered in Finnish. The procurement shows how operators in critical sectors are reshaping contracts to meet tougher cybersecurity obligations, including those introduced by the NIS 2 Directive.
The notice seeks a service provider to deliver information security and cybersecurity services for Gasgrid Finland Oy. The scope is concise but ambitious, covering:
By specifying SOC, C-SIRT and CST support, the buyer is signalling a need for continuous security operations, structured incident response and specialist expertise under a single contract. Rather than procuring individual tools or short-term consultancy, the organisation is looking for an integrated security operations capability.
The requirement for operations to be based in Finland and for services to be delivered in Finnish will shape the supplier field. Potential bidders will need a local operational presence, staff who can work in Finnish and the ability to interface with national stakeholders in the local language. For international providers, that will mean either existing teams in the country or credible plans to build them.
The decision to seek a single service provider also stands out. Where many public bodies are spreading responsibility across several framework suppliers, Gasgrid Finland Oy appears to be pursuing a one-stop model in which one partner carries operational accountability for security monitoring and incident handling.
The move comes as the NIS 2 Directive raises cybersecurity obligations for operators in critical sectors and for many public bodies. Those obligations are pushing organisations to formalise security operations, document their controls and demonstrate that they can detect and respond to incidents.
Across Europe, recent tenders show a similar focus. In December 2025, Compania Nationala de Cai Ferate "CFR" - SA launched a cybersecurity audit services procurement explicitly to comply with a new framework for the cybersecurity of essential service networks and information systems in sectors including energy, transport and health. Here, the emphasis is on independent assurance that existing networks and systems meet regulatory expectations.
Municipal and regional authorities are also upgrading their cyber capabilities to match legal requirements. On 14th October 2025, Městská část Praha 14 advertised cybersecurity enhancement services for the supply, implementation and support of hardware and software to improve cybersecurity while ensuring compliance with relevant legal and regulatory standards. The same day, the Národní ústav duševního zdraví published a cybersecurity information systems tender, combining technical measures, security documentation and ongoing maintenance.
Security operations centres are becoming a central part of this compliance landscape. On 11th November 2025, the Lietuvos Respublikos aplinkos ministerija sought SOC systems maintenance services for institutions under the ministry, focusing on security analytics and incident management. Earlier, on 23rd September 2025, Valstybės įmonė Ignalinos atominė elektrinė went to market for information security officer consulting, covering cybersecurity policies, risk assessment, incident management, SOC evaluation, employee training and IT systems security for a nuclear power plant.
Against this backdrop, Gasgrid Finland Oy’s SOC- and C-SIRT-centred procurement shows how operators are choosing to buy in mature operational capabilities rather than building every component in-house, using contracts to demonstrate alignment with NIS 2 expectations.
The Gasgrid Finland Oy notice also fits a wider Nordic pattern of outsourcing security operations while keeping sensitive work close to home. In December 2025, Region Värmland advertised cybersecurity and information security services, seeking a team to manage IT and cybersecurity along with information security, and requiring Swedish citizenship for consultants because of security classification. That tender, like Gasgrid Finland Oy’s, combines a strong local requirement with a broad remit over day-to-day security.
Healthcare has been particularly active. On 22nd December 2025, sihtasutus Tartu Ülikooli Kliinikum launched a framework for cybersecurity center services and information security management, while Finnish social and healthcare ICT provider 2M-IT Oy used a prior information notice in September 2025 to explore market capabilities around cyber security solutions in vulnerability management, automation tools and centralised log management.
Transport and city administrations are moving in the same direction. On 19th November 2025, Väylävirasto opened a market dialogue on cybersecurity and data protection expert services to strengthen information management and cybersecurity initiatives, while Helsingin seudun liikenne -kuntayhtymä has sought information security management and supervision services under strict confidentiality conditions.
More recently, on 19th February 2026, Seinäjoen kaupunki went to market for a 24/7 security monitoring and response service for a 10,000-user IT environment, while FinnHEMS Oy is procuring basic IT services that bundle cybersecurity alongside workstation, network and support services.
Within this cluster, Gasgrid Finland Oy’s contract notice stands out for its narrow focus: cybersecurity is the central subject of the procurement, not a component of a wider ICT package. That will allow bidders to concentrate their proposals on security outcomes, staffing and processes rather than on general IT performance metrics.
Alongside operational tenders, public buyers are also investing in governance, audit and strategic capacity. On 13th November 2025, the Sihtasutus Eesti Rahvusvahelise Arengukoostöö Keskus issued a framework for information and cybersecurity-related ICT goods and services, spanning consulting, software development and infrastructure components. Norrköpings kommun followed in December 2025 with a framework for IT and information security consulting to support growing digitalisation, calling for flexible staffing across a range of assignments.
In February 2026, A.S.T.R.I.D. NV van publiek recht has gone to market with a multi-year cybersecurity services contract split into two lots: one for security governance consultancy and another for security audits and training, explicitly to be awarded to different suppliers. That structure underlines how some buyers are separating advisory and assurance roles, even as others, like Gasgrid Finland Oy, concentrate operational responsibility in a single partner.
Consulting-led projects such as the Ignalina nuclear power plant engagement, the Estonian and Swedish framework agreements and A.S.T.R.I.D.’s split-lot model all point to a market where governance, risk management, operations and assurance are being procured together but carefully delineated within contracts.
The Gasgrid Finland Oy procurement will be of interest both to domestic security providers and to international firms with a Finnish footprint. Its insistence on Finland-based operations and Finnish-language services, combined with the breadth of SOC, C-SIRT and CST support, sets a high bar for bidders’ local capacity.
For the wider market, this and the many similar notices published since late 2025 highlight a clear direction: cybersecurity is no longer an add-on to IT but a primary subject of procurement, shaped by the NIS 2 Directive and by national frameworks for essential services. Observers will be watching how future tenders balance localisation requirements, the use of frameworks versus single suppliers, and the division of responsibilities between governance, operations and independent audit.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.