Framework tender seeks SOC, OT security and vulnerability management services, highlighting how authorities are scaling up to meet stricter cyber rules.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
Digital Burgenland GmbH is creating a new framework for Cyber Defense Center services that brings together Security Operations Center, OT security and vulnerability management. Published on 10th March 2026, the contract notice underlines how the contracting authority is moving towards continuous monitoring and incident response to meet tighter European cybersecurity obligations such as those set out in the NIS 2 Directive.
Digital Burgenland GmbH plans to establish a framework agreement for various Cyber Defense Center services. According to the notice for Cyber Defense Center Services, the framework will cover three main components: Security Operations Center (SOC), OT Security Solution and Vulnerability Management.
Taken together, these elements point to an integrated operational capability rather than a one-off technology purchase. A SOC focuses on detecting and responding to security incidents across networks and systems. OT security solutions are designed to protect operational technology environments, while vulnerability management provides a structured way to identify, prioritise and remediate weaknesses before they are exploited.
Framework agreements in public procurement are commonly used to let buyers place orders for services as and when needed, without re-running a full tender each time. By choosing this route, Digital Burgenland GmbH signals that it expects a sustained demand for specialist cyber services and wants the flexibility to draw on different capabilities over time as threats, technologies and regulatory expectations evolve.
The mix of SOC, OT security and vulnerability management also mirrors the capabilities highlighted in the NIS 2 Directive: continuous monitoring of critical systems, rapid detection and handling of incidents, and an organised approach to managing vulnerabilities. The framework is therefore likely to become a central tool for turning high-level compliance obligations into day-to-day security operations.
The Digital Burgenland GmbH tender sits within a broader shift towards framework agreements as the preferred way to organise cybersecurity work in the public sector and regulated industries.
In September 2025, BLUELIGHT COMMERCIAL LIMITED launched a multi-supplier Open Framework for cyber services. Its Cyber Security Services Framework is designed for police forces and other agencies and covers penetration testing, incident response, audits and training. That combination of testing, response and skills development is increasingly common.
In October 2025, EnBW Energie Baden-Württemberg AG issued a notice for a Cybersecurity Consulting Framework focused on cybersecurity operations, including the enhancement of security processes and integration of advanced technologies. Later that month, CIVIS went to market with a wide-ranging Cybersecurity Services Procurement that bundles on-prem protection, penetration testing, Cyber GRC software, EPP/EDR/XDR tools, identity management, awareness training, immutable backups and email archiving under a single contract.
November 2025 brought a similar emphasis on breadth. Intercommunale IPFBW sought suppliers for a central purchasing arrangement covering cybersecurity services, information security, personal data protection and artificial intelligence governance for public entities in Walloon Brabant. Alongside governance and training, it includes protection solutions and managed services, pointing to a demand for end-to-end support rather than isolated consultancy exercises.
Financial and regional institutions are moving in the same direction. In December 2025, the European Investment Bank launched a framework for IT Security Consultancy Services to support its Cybersecurity Division across IT Security Operations, Business Continuity, Information Protection and IT Security Testing. REGION NORMANDIE, meanwhile, advertised a multi-lot framework for information systems and data security, spanning analysis, auditing, consulting and awareness-raising.
Some buyers are explicitly splitting governance from technical work. In December 2025, Syndicat intercommunal des technologies de l'information pour les villes set up a three-lot framework for cybersecurity governance and services, with distinct lots for project management assistance, offensive security and governance audits. In February 2026, A.S.T.R.I.D. NV van publiek recht followed a similar model with a Cybersecurity Services Contract that separates security governance consultancy from security audits and training, awarding each lot to different suppliers.
Together, these examples show how frameworks are being used to organise three broad families of activity:
The Digital Burgenland GmbH framework fits within this pattern, but with a sharper operational focus on SOC, OT protection and vulnerability management.
Security Operations Centers were once most associated with large financial or technology firms. Recent contract notices show SOC-based models taking hold across municipalities, utilities, healthcare providers, social care organisations and central institutions.
In November 2025, the Junta de Gobierno del Ayuntamiento de Granada issued a contract for Cybersecurity Operations Center Services, seeking managed cybersecurity services to protect the council’s information and services through a 24x7 SOC focused on prevention, detection and response. In January 2026, The Rehab Group launched a tender for Cybersecurity Services built around a fully managed SOC and cyber defence capability, ensuring 24/7 monitoring and compliance with relevant regulations.
Central institutions are moving in the same direction. In December 2025, DRŽAVNI ZBOR REPUBLIKE SLOVENIJE advertised a contract for Cyber Protection Systems Services, covering both the establishment and operational functioning of cyber protection systems and the implementation of SOC services. In February 2026, the Ministry of Family, Labour and Social Policy sought managed cybersecurity services delivered through a SOC.
The model is spreading into health and social care. In December 2025, sihtasutus Tartu Ülikooli Kliinikum went to market for a framework covering Cybersecurity Center Services and information security management, while The Rehab Group’s contract ties SOC operations directly to regulatory compliance expectations.
Utilities and infrastructure operators are also embracing continuous monitoring. In February 2026, Berliner Wasserbetriebe published a notice for Security Operations Center Services, aiming to establish a hybrid SOC to enhance digital security through comprehensive IT system monitoring, incident response and open-source intelligence analysis. In March 2026, SPP - distribúcia, a.s. issued a contract for SOC Service for IT Security, focused on integrating SOC services into its environment, while BVZ Holding AG, via Beschaffungsstelle Matterhorn Gotthard Bahn, set out plans on 2nd March 2026 to build a Security Operation Center for its subsidiaries and infrastructure arm.
Shared-service models are gaining ground too. In January 2026, govdigital eG sought suppliers for Security Operations Center Services that include hybrid and managed SOC models, with options for threat hunting and consulting to enhance cyber resilience for public administration and companies. In January 2026, Investitionsbank des Landes Brandenburg advertised a Managed Security Operations Center, seeking a provider to run an MSOC using its existing XDR and SIEM platform, with optional services such as Threat Hunting and Purple Teaming.
Against this backdrop, Digital Burgenland GmbH’s Cyber Defense Center framework is notable for explicitly adding OT security and vulnerability management to the SOC mix, signalling that protection of operational environments and systematic treatment of vulnerabilities are now seen as core parts of day-to-day security operations.
The EU’s NIS 2 Directive raises the bar for many public bodies and operators of essential services, emphasising continuous monitoring and robust incident response capabilities. The Digital Burgenland GmbH framework is a clear attempt to assemble those capabilities under one contractual umbrella, rather than relying on scattered tools and ad hoc projects.
Other notices show how regulation and policy are also driving capacity building and governance work alongside technical operations. MINISTARSTVO PRAVOSUĐA, UPRAVE I DIGITALNE TRANSFORMACIJE is procuring upgrades to security systems on the CDU platform through a contract for Cybersecurity Systems Procurement, including upgrades for application delivery controllers, network traffic security monitoring, log management solutions and email protection against zero-day threats. The Dirección de la Fundación para la Internacionalización de las Administraciones Públicas is hiring technical assistance for a Technical Assistance for Cybersecurity Project in Kyiv, combining a local project manager, a local cybersecurity expert and a communications expert to support the implementation of the ‘Continued EU Support to Cybersecurity’ initiative.
What is still unclear from the Digital Burgenland GmbH notice is how far governance, training and awareness will be built into the Cyber Defense Center alongside its SOC, OT and vulnerability services. Other buyers, such as A.S.T.R.I.D. NV van publiek recht, REGION NORMANDIE and Syndicat intercommunal des technologies de l'information pour les villes, have chosen to pair operational contracts with dedicated lots for audits, governance and awareness-raising. Suppliers considering this framework will need to track how the final specification balances pure operations with these softer, but increasingly important, aspects of cyber resilience.
Looking ahead, two questions stand out. First, whether hybrid SOC models – mixing internal teams with external monitoring, as seen at Berliner Wasserbetriebe and in the cooperative model pursued by govdigital eG – become the norm. Second, how buyers structure long-term vulnerability management and OT security within these centres, ensuring that scanning, remediation and protection of operational environments are treated as ongoing disciplines rather than periodic clean-up exercises.
As the Cyber Defense Center framework for Digital Burgenland GmbH moves through procurement and into delivery, its scope and design will offer a useful indication of how public-sector buyers are turning the NIS 2 Directive’s emphasis on continuous monitoring and incident response into practical, contracted services. The detail of how SOC, OT security and vulnerability management are combined – and how far governance and training are folded in – will be worth watching for suppliers and peer organisations across Europe.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.