Authority launches tender for SIEM, SOAR and web security tools
Tender seeks perpetual-licence SIEM, SOAR and secure web gateway systems under a cyber programme, reflecting tighter NIS 2 duties on public-sector bodies.
Tender seeks perpetual-licence SIEM, SOAR and secure web gateway systems under a cyber programme, reflecting tighter NIS 2 duties on public-sector bodies.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
An environmental inspectorate is seeking an advanced cybersecurity stack built around SIEM, SOAR and secure web gateway technologies, funded by a Cybersecure Government grant and reflecting the tightening cybersecurity duties introduced by the NIS 2 Directive.
On 7th April 2026, Główny Inspektorat Ochrony Środowiska published a contract notice for the Cybersecurity Systems Procurement. The authority plans to acquire cybersecurity systems built around SIEM and SOAR software and Web Secure Gateway devices. All elements are to be supplied with perpetual licences and support, signalling a long-term shift in how the inspectorate manages cyber risk. The project is financed through a grant under the Cybersecure Government initiative.
By bundling monitoring, orchestration and secure web access in a single procurement, the inspectorate is looking to tighten control over how threats are detected and handled. SIEM and SOAR platforms allow security events to be collected and acted on in a more structured way, while web gateways help enforce policy at the network edge. Perpetual licensing backed by support suggests the authority intends to embed these capabilities as core infrastructure rather than short-term add-ons.
The emphasis on perpetual licences contrasts with the service-heavy models emerging elsewhere in the public sector, where many buyers are contracting for outsourced security operations alongside technology. Here, Główny Inspektorat Ochrony Środowiska is opting to own the core platforms outright, with vendors expected to provide ongoing support but not a fully managed Security Operations Center.
This places more weight on the inspectorate’s own teams to run and tune SIEM and SOAR tools once they are installed. It also raises familiar procurement questions around integration with existing infrastructure, data retention and incident-handling processes, which are not detailed in the notice but will be central to delivery.
The use of a Cybersecure Government grant underlines how cyber upgrades are increasingly tied to dedicated public funding lines. Similar patterns appear in other recent cybersecurity tenders, where authorities link technology investments to named programmes and resilience plans.
Several hospitals, for example, are drawing on recovery funding. Specjalistyczny Szpital im. dra Alfreda Sokołowskiego is procuring equipment and software to improve its cybersecurity and integrate systems as part of a National Recovery and Resilience Plan, focusing on digital transformation and compliance with environmental regulations in its Cybersecurity Equipment and Software Supply notice from February 2026. Samodzielny Publiczny Zakład Opieki Zdrowotnej Szpital im. dr J.Dietla w Krynicy-Zdroju is similarly funding software and cybersecurity services through the National Reconstruction and Resilience Plan, as set out in its March 2026 Software and Cybersecurity Services for Hospital tender.
Local government is following a similar route. Gmina Miasto Oleśnica is implementing continuous monitoring and backup under its November 2025 Cyber Secure Local Government Project, focused on a continuous monitoring system and backup server for the Municipal Social Assistance Center. City authorities in Sosnowiec are buying managed network devices, an uninterruptible power supply and backup systems to enhance cybersecurity and information protection at City Hall, as described in the March 2026 Cybersecurity Equipment for City Hall procurement.
This acceleration in investments comes as public-sector bodies face increased cybersecurity obligations under the NIS 2 Directive. While individual notices rarely spell out regulatory drivers, the mix of monitoring, incident response and resilience measures being tendered reflects a broader push to raise baseline security and improve visibility of threats.
The inspectorate’s focus on SIEM, SOAR and secure web gateways mirrors a wider shift towards integrated monitoring and response platforms. In October 2025, Wielospecjalistyczny Szpital Samodzielny Publiczny Zakład Opieki Zdrowotnej published a six-part Cybersecurity IT Equipment and Training tender, covering delivery, commissioning, implementation of IT equipment and licences, and training to strengthen its cyber defences. Later that month, Psychiatrická nemocnice Marianny Oranžské launched a four-part Cybersecurity Contract Parts procurement, combining infrastructure supply, endpoint protection, log management and cyber event detection.
Specialised agencies are also moving in this direction. Centralny Zarząd Służby Więziennej is seeking a framework agreement for an IT solution providing SIEM and SOAR functionalities, with technical support and training, in its December 2025 IT Solution Framework Agreement. In January 2026, Państwowa Inspekcja Pracy Główny Inspektorat Pracy issued a SOC Service Procurement notice for comprehensive information security services, including the launch and maintenance of a Security Operations Center, automation of security processes, attack detection using honeypot technology and secure user access management.
Cultural institutions are not far behind. Národní knihovna České republiky is procuring IT equipment and components to enhance cybersecurity at the national library in its March 2026 Cybersecurity Enhancement for National Library tender. The project is divided into four parts covering data storage, network switches, a software tool for automating cybersecurity processes and a product for collecting and correlating security events.
Healthcare remains one of the most active sectors. Wojewódzki Szpital Specjalistyczny w Legnicy is buying and implementing an integrated XDR system, alongside maintenance, SOC function outsourcing and IT staff training, in line with legal regulations in its January 2026 Integrated Cybersecurity System Procurement. Regionalny Szpital Specjalistyczny im. dr Władysława Biegańskiego is procuring a comprehensive cybersecurity service with 24/7 monitoring of IT infrastructure, using EDR/XDR and SIEM alongside vulnerability scanning and related services, under its April 2026 Comprehensive Cybersecurity Service Implementation notice.
Further down the stack, Samodzielny Publiczny Zakład Opieki Zdrowotnej w Łapach is tendering for a four-module Comprehensive Cybersecurity System that combines workstation protection, central logging and reporting, email protection and a firewall, co-financed by EU funds. Projects such as these highlight how endpoint, network, logging and recovery capabilities are being built up together, often with external monitoring layered on top.
Across these notices, certain patterns are clear. Buyers are increasingly looking for:
Główny Inspektorat Ochrony Środowiska’s decision to procure SIEM, SOAR and web gateway technologies with perpetual licences places it firmly within this trend, while keeping operational control in-house rather than outsourcing a full SOC. For vendors, the tender underlines the importance of offering integrated platforms that can sit at the heart of a broader security architecture, backed by strong support and the ability to align with regulatory requirements.
With initiatives such as Cybersecure Government, Cyber Secure Local Government and various recovery and resilience plans underpinning these projects, the pipeline for similar procurements is likely to remain strong. The environmental inspectorate’s new systems will be one to watch as public bodies adapt their cyber operating models to meet NIS 2 obligations, balancing ownership of core tools with the growing appeal of managed monitoring and response services.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.