Central government body launches tender for NDR platform
A central authority is procuring an EU-funded network detection and response platform, highlighting how tighter cybersecurity rules are reshaping digital defences.
A central authority is procuring an EU-funded network detection and response platform, highlighting how tighter cybersecurity rules are reshaping digital defences.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
In March 2026, Ministerstwo Finansów published a contract notice for NDR Solution Implementation, an EU-funded project to deploy a comprehensive Network Detection and Response platform across its environment. The wide scope – from physical and virtual components to software licences and support services – shows how central government is strengthening real-time visibility of network traffic as cybersecurity obligations tighten across the European Union. The move sits within a growing stream of similar tenders from municipal offices, regulators, universities and hospitals.
The contract, published on 25th March 2026, covers the delivery, installation, configuration and launch of a “comprehensive Network Detection and Response solution” in the ministry’s own environment. Rather than a simple licence purchase, the buyer is seeking an end-to-end deployment that brings hardware, virtual components and software together into an operational service.
The reference to both physical and virtual components indicates that traditional infrastructure and virtualised environments are in scope. Alongside these, the ministry wants software licences and support services, pointing to a full technology stack rather than isolated tools. By bundling configuration, launch and support, the ministry is signalling that it expects the successful supplier to help embed the platform operationally, not just deliver equipment.
NDR platforms focus on network activity, detecting unusual patterns and enabling faster incident investigation and response. The ministry’s decision to invest in such a system reflects a broader shift in public-sector security away from perimeter-only defences towards continuous monitoring and response, reinforced by the NIS 2 Directive and its increased cybersecurity obligations for many public-sector organisations.
The ministry’s project is explicitly “funded under a European Union grant for enhancing cybersecurity”. That framing matters: it places the contract within a wider European effort to use central funds to raise the baseline of cyber resilience across government.
Local government is following a similar path. In November 2025, Gmina Miejska Włodawa issued a notice for IT Equipment and Software Delivery, covering the delivery, installation and configuration of IT equipment and software to support the “Cyber-Secure Local Government” project, funded by the European Regional Development Fund. Here too, EU money is underwriting an upgrade of local infrastructure and controls.
Healthcare is also drawing on recovery funding. In January 2026, Uniwersyteckie Centrum Kliniczne Warszawskiego Uniwersytetu Medycznego launched a tender for EDR System License Renewal and Support, renewing and expanding an Endpoint Detection and Response system with manufacturer support as part of a digital transformation project for two clinical hospitals funded by the National Recovery and Resilience Plan.
Together, these notices show EU and national recovery funds being used not only for hardware refreshes but for more capable cybersecurity tools and services. They also sit against the backdrop of the NIS 2 Directive, which is bringing increased cybersecurity obligations for many public-sector organisations. Funding streams and directive-driven requirements are combining to make advanced monitoring – from NDR to EDR – a mainstream procurement topic rather than a niche concern.
The finance ministry’s NDR project follows a steady run of detection-and-response procurements cutting across municipal, regulatory, university and healthcare settings. These contracts suggest that deep visibility and incident response capabilities are becoming standard elements of public IT estates.
In November 2025, Państwowy Fundusz Rehabilitacji Osób Niepełnosprawnych went to market for IT Network Security Solutions, seeking software that combines NDR, Security Orchestration, Automation and Response (SOAR) and honeypot functionalities. The contract also includes extensions of existing subscriptions, implementation support, training workshops and technical assistance, showing how detection is being tied to automation and staff capability.
The following month, Miasto Stołeczne Warszawa issued a notice for Integrated Security System Implementation, combining an XDR system in a SaaS model, an on-premises NDR system for network traffic analysis and an on-premises sandbox. Also in December 2025, Główny Inspektorat Sanitarny published a tender for Software Licenses and Support Services, bundling Privileged Access Management, vulnerability scanning and NDR licences with technical support. Together, these contracts point to security architectures that span devices, networks and privileged access rather than treating them separately.
Healthcare bodies are making similar moves. In February 2026, Uniwersytecki Szpital Dziecięcy w Lublinie advertised a Network Infrastructure and Cybersecurity Upgrade that combines LAN network equipment, management software and maintenance with NDR and XDR-class systems and Privileged Access Management software. In March 2026, Samodzielny Publiczny Zakład Opieki Zdrowotnej – Szpital Uniwersytecki nr 2 im. dr Jana Biziela w Bydgoszczy sought suppliers for Delivery of NDR and NAC Systems, pairing NDR with Network Access Control and including training and ongoing technical support.
Managed detection is emerging alongside in-house tooling. In January 2026, Wojewódzki Szpital Specjalistyczny w Legnicy announced Integrated Cybersecurity System Procurement, centred on an integrated XDR system with system maintenance, outsourcing of Security Operations Centre functions and training for IT staff, all in line with applicable legal regulations. Here, the buyer is explicitly looking beyond tools towards outsourced monitoring and incident handling.
Other recent notices highlight the scale and breadth of detection deployments. In February 2026, Centrum Informatyki Statystycznej published an EDR System Implementation and Licensing tender to protect 9,500 devices with an EDR subscription, training and three years of manufacturer support. Beyond this, Masarykův onkologický ústav’s January 2026 contract for Network Detection Tool Services and Psychiatrická nemocnice Bohnice’s February 2026 tender for Security Tools Procurement show similar demand for NDR-style monitoring, SIEM, network traffic analysis and XDR/IDR capabilities, backed by maintenance, integration and staff training.
Across these procurements, detection-and-response technologies are rarely bought in isolation. They are bundled with identity controls, vulnerability scanning, document protection, training and, in some cases, outsourced SOC functions. The finance ministry’s NDR project sits squarely within this direction, extending it into the core of central government.
The ministry’s tender, backed by EU cybersecurity funding, confirms that NDR has moved into the mainstream of public-sector security investment. As NIS 2 takes effect, public bodies face increased cybersecurity obligations, and many are responding by strengthening detection and response capabilities across networks and endpoints.
Future notices will show whether authorities continue to procure NDR as a focused investment, as in the ministry’s case, or fold it into broader frameworks that span identity, logging and managed SOC services. For now, the pattern from this cluster of tenders is clear: continuous monitoring and incident response are becoming baseline expectations for digitally enabled public services, rather than optional enhancements.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.