Defence Online

Type of document:
Country: Luxembourg
OJEU Ref: (2025/S 175-00597248/EN)
Nature of contract:

00597248-2025 – Competition
Luxembourg – 72000000 – CFT-1748 – IT Security Operations and Testing, Business Continuity, Information Protection and Access Control Consultancy Services
1. Buyer
1.1. Buyer
Official name: European Investment Bank
Legal type of the buyer: EU institution, body or agency
Activity of the contracting authority: General public services
2. Procedure
2. Procedure
2.1. Procedure
Title: CFT-1748 – IT Security Operations and Testing, Business Continuity, Information Protection and Access Control Consultancy Services
Description: The purpose of this Call for Tenders is to award Framework Agreements to up to 5 successful Tenderers (per each lot) for the provision of information security Services to support the Cybersecurity Division of the European Investment Bank Group. The services in scope include:
Lot 1 – Provision of IT Security Operations consultancy services;
Lot 2 – Provision of Business Continuity consultancy services;
Lot 3 – Provision of Information Protection and Identity and Access Management consultancy services; and
Lot 4 – Provision of IT Security Testing services.
For more details please refer to the procurement documents.
Procedure identifier: 7305ab45-23b9-409e-8f56-b538c19232a6
Internal identifier: EIB/2024/OP/0002
Type of procedure: Open
The procedure is accelerated: false
2.1.1. Purpose
Main nature of the contract: services
Main classification (cpv): 72000000 IT services: consulting, software development, Internet and support.
2.1.2 Place of performance
Town:
Postcode:
NUTS:
Country:
2.1.3 Value
Estimated value excluding VAT: 56355128 EUR
2.1.4. General information
Additional information: Disclaimer: The European Investment Bank is not subject to the Regulation 2018/1046. EIB procurements are governed by EIB’s Corporate & Technical Assistance Procurement Guide. For this reason, the following deviations to Section 5.1.12 of this contract notice shall apply: (i) Unless otherwise provided in the `Terms of Reference` tenders must be submitted in either in English or in French, since both are working languages of EIB (point 4.1 of EIB’s General Administrative and Submission Clauses). (ii) Tenders are opened in a non-public opening session by an opening board, whose members are appointed by EIB under guarantee of impartiality and confidentiality (point 5.1 of EIB’s General Administrative and Submission Clauses). Tenderers may request a copy of the opening record by email to corporate-procurement@eib.org. Tenderers may in the first instance submit any concerns regarding the procurement to the Bank using the contact details under section 8.1 ORG-0001 of this contract notice. If tenderers or other interested parties, believe that the EIB committed an instance of maladministration, (e.g. it has failed to act in accordance with its established policies, standards and procedures or to respect the principles of good administration), they may lodge a complaint to the EIB Group Complaints Mechanism (see ) within 1 year from the date when the alleged action, decision or omission by the Bank could be reasonably known by the complainant. If unhappy with the outcome, tenderers can seek a review of the EIB Group’s reply to the complaint by the European Ombudsman (see ). Within 2 months of notification of the outcome of the procedure (award decision), tenderers may launch an action for its annulment and/or damages. Any request tenderers may make and any reply from the Bank or any complaint of maladministration, will have neither the purpose nor the effect of suspending the time-limit for launching an action for annulment nor open a new period for launching an action for annulment. The body responsible for hearing annulment procedures is indicated under section 8.1 ORG-0002 of this contract notice. Reasons for the framework agreement duration exceeding four years: These framework agreements cover a critical business activity for which the maximum possible stability is needed. For the aforementioned reasons, the EIB considers that a 6-year maximum duration of the framework agreement is necessary.In case of unavailability or disruptions in the functioning of the electronic means of communication provided in Section 5.1.11 in the last 5 calendar days before the time limit for receipt indicated in Section 5.1.12, the contracting authority reserves the right to extend this time limit and publish the extension at the Internet address provided in Section 5.1.11, without a preceding publication of a corrigendum to this notice. Economic operators interested in this procurement are invited to subscribe to the call for tenders at the address in Section 5.1.11 in order to get notified when new information or documents are published.

Legal basis: 32024R2509
2.1.5. Terms of procurement: Terms of submission:
Maximum number of lots for which one tenderer can submit tenders: 4
2.1.6. Grounds for exclusion:
: For the full list of exclusion grounds please consult the procurement documents.
5. Lot
5.1. Lot: LOT-0001
Title: Provision of IT Security Operations consultancy services
Description: The services in scope include:
• Security Engineering support, i.e. support regarding the incorporation and maintenance of security controls into the information system so that they become an integral part of the system’s operational capabilities;
• Security Monitoring support, i.e. assistance with regards to collecting and analysing indicators of potential security threats and triaging these threats with appropriate actions.
5.1.1. Purpose
Main nature of the contract: services
Main classification (cpv): 72000000 IT services: consulting, software development, Internet and support.
Additional classification (cpv): 72212732 Data security software development services. 72220000 Systems and technical consultancy services. 72225000 System quality assurance assessment and review services. 72253200 Systems support services. 72800000 Computer audit and testing services. 72820000 Computer testing services. 72254100 Systems testing services.
5.1.2. Place of performance
Postal address:
Town:
Postcode:
Country subdivision (NUTS):
Country:
5.1.3. Estimated duration
Duration: 72 MONTH
5.1.5. Value
Estimated value excluding VAT: 38758276 EUR
Maximum value of the framework agreement:
5.1.6. General information
Reserved participation: Participation is not reserved.
Procurement Project fully or partially financed with EU Funds.
The procurement is not covered by the Government Procurement Agreement (GPA).
false
5.1.10. Award criteria
Criterion:
Type: quality
Name:
Weight (percentage, exact): 80
Criterion:
Type: price
Name:
Weight (percentage, exact): 20
5.1.11. Procurement documents
Address of the procurement documents:
5.1.12. Terms of procurement
Terms of the procedure:
Terms of submission:
Electronic submission: Required
Address for submission:
Languages in which tenders or requests to participate may be submitted: BUL
Electronic catalogue: Not allowed
Deadline for receipt of tenders: 10/12/2025 15:00:59
Information about public opening:
Opening date: 11/12/2025 11:00:00
Terms of contract:
Electronic invoicing: Allowed
Electronic ordering will be used: true
Electronic payment will be used: true
5.1.15. Techniques
Framework agreement: Framework agreement, without reopening of competition
Information about the dynamic purchasing system: none
5.1.16. Further information, mediation and review
Review organisation: Court of Justice of the European Union
5.1. Lot: LOT-0002
Title: Provision of Business Continuity consultancy services
Description: The services in scope include:
– Business Continuity support, i.e. support in planning, building, running and managing EIB’s enterprise-wide Business Continuity Management Operational Framework;
– ICT Disaster Recovery support, i.e. assistance in designing and implementing EIB’s enterprise-wide ICT resilience and Disaster Recovery Management programmes.
5.1.1. Purpose
Main nature of the contract: services
Main classification (cpv): 72000000 IT services: consulting, software development, Internet and support.
Additional classification (cpv): 72212732 Data security software development services. 72220000 Systems and technical consultancy services. 72225000 System quality assurance assessment and review services. 72253200 Systems support services. 72820000 Computer testing services. 72800000 Computer audit and testing services. 72254100 Systems testing services.
5.1.2. Place of performance
Postal address:
Town:
Postcode:
Country subdivision (NUTS):
Country:
5.1.3. Estimated duration
Duration: 72 MONTH
5.1.5. Value
Estimated value excluding VAT: 7110682 EUR
Maximum value of the framework agreement:
5.1.6. General information
Reserved participation: Participation is not reserved.
Procurement Project fully or partially financed with EU Funds.
The procurement is not covered by the Government Procurement Agreement (GPA).
false
5.1.10. Award criteria
Criterion:
Type: quality
Name:
Weight (percentage, exact): 80
Criterion:
Type: price
Name:
Weight (percentage, exact): 20
5.1.11. Procurement documents
Address of the procurement documents:
5.1.12. Terms of procurement
Terms of the procedure:
Terms of submission:
Electronic submission: Required
Address for submission:
Languages in which tenders or requests to participate may be submitted: BUL
Electronic catalogue: Not allowed
Deadline for receipt of tenders: 10/12/2025 15:00:59
Information about public opening:
Opening date: 11/12/2025 11:00:00
Terms of contract:
Electronic invoicing: Allowed
Electronic ordering will be used: true
Electronic payment will be used: true
5.1.15. Techniques
Framework agreement: Framework agreement, without reopening of competition
Information about the dynamic purchasing system: none
5.1.16. Further information, mediation and review
Review organisation: Court of Justice of the European Union
5.1. Lot: LOT-0003
Title: Provision of Information Protection and Identity and Access Management consultancy services
Description: The services in scope include:
– Identity and Access Management support, i.e. assistance in the handling of end-users and technical teams’ requests related to access management, authentication management, recertification process, contribution to architectural design, optimization of operational processes, contribution to risk assessments;
– Information Protection Analyst support, i.e. assistance in conducting/defining feasibility studies, gap analysis, architectural design, governance and operational models in the different domains of the Information Protection such as information classification, data leakage prevention, information management, etc.
5.1.1. Purpose
Main nature of the contract: services
Main classification (cpv): 72000000 IT services: consulting, software development, Internet and support.
Additional classification (cpv): 72212732 Data security software development services. 72220000 Systems and technical consultancy services. 72225000 System quality assurance assessment and review services. 72253200 Systems support services. 72254100 Systems testing services. 72800000 Computer audit and testing services. 72820000 Computer testing services.
5.1.2. Place of performance
Postal address:
Town:
Postcode:
Country subdivision (NUTS):
Country:
5.1.3. Estimated duration
Duration: 72 MONTH
5.1.5. Value
Estimated value excluding VAT: 5859675 EUR
Maximum value of the framework agreement:
5.1.6. General information
Reserved participation: Participation is not reserved.
Procurement Project fully or partially financed with EU Funds.
The procurement is not covered by the Government Procurement Agreement (GPA).
false
5.1.10. Award criteria
Criterion:
Type: quality
Name:
Weight (percentage, exact): 80
Criterion:
Type: price
Name:
Weight (percentage, exact): 20
5.1.11. Procurement documents
Address of the procurement documents:
5.1.12. Terms of procurement
Terms of the procedure:
Terms of submission:
Electronic submission: Required
Address for submission:
Languages in which tenders or requests to participate may be submitted: BUL
Electronic catalogue: Not allowed
Deadline for receipt of tenders: 10/12/2025 15:00:59
Information about public opening:
Opening date: 11/12/2025 11:00:00
Terms of contract:
Electronic invoicing: Allowed
Electronic ordering will be used: true
Electronic payment will be used: true
5.1.15. Techniques
Framework agreement: Framework agreement, without reopening of competition
Information about the dynamic purchasing system: none
5.1.16. Further information, mediation and review
Review organisation: Court of Justice of the European Union
5.1. Lot: LOT-0004
Title: Provision of IT Security Testing Services
Description: The services in scope include:
– IT Security Penetration Testing Services covering, but not limited to, EIB’s applications penetration testing, web and mobile applications, network penetration testing, social engineering including physical intrusion;
– Red and Purple Teaming support, i.e. assistance in designing and running structured and comprehensive scenario-based cyber incident testing on live systems using recognized frameworks (e.g., MITRE ATT@CK, CBEST…);
– IT Security Audit and Compliance support, i.e. assistance in testing the effectiveness of security controls and risk mitigations plans based on EIB’s Internal Control Framework (ICF).
5.1.1. Purpose
Main nature of the contract: services
Main classification (cpv): 72000000 IT services: consulting, software development, Internet and support.
Additional classification (cpv): 72212732 Data security software development services. 72220000 Systems and technical consultancy services. 72225000 System quality assurance assessment and review services. 72253200 Systems support services. 72254100 Systems testing services. 72800000 Computer audit and testing services. 72820000 Computer testing services.
5.1.2. Place of performance
Postal address:
Town:
Postcode:
Country subdivision (NUTS):
Country:
5.1.3. Estimated duration
Duration: 72 MONTH
5.1.5. Value
Estimated value excluding VAT: 4626495 EUR
Maximum value of the framework agreement:
5.1.6. General information
Reserved participation: Participation is not reserved.
Procurement Project fully or partially financed with EU Funds.
The procurement is not covered by the Government Procurement Agreement (GPA).
false
5.1.10. Award criteria
Criterion:
Type: quality
Name:
Weight (percentage, exact): 80
Criterion:
Type: price
Name:
Weight (percentage, exact): 20
5.1.11. Procurement documents
Address of the procurement documents:
5.1.12. Terms of procurement
Terms of the procedure:
Terms of submission:
Electronic submission: Required
Address for submission:
Languages in which tenders or requests to participate may be submitted: BUL
Electronic catalogue: Not allowed
Deadline for receipt of tenders: 10/12/2025 15:00:59
Information about public opening:
Opening date: 11/12/2025 11:00:00
Terms of contract:
Electronic invoicing: Allowed
Electronic ordering will be used: true
Electronic payment will be used: true
5.1.15. Techniques
Framework agreement: Framework agreement, with reopening of competition
Information about the dynamic purchasing system: none
5.1.16. Further information, mediation and review
Review organisation: Court of Justice of the European Union
8. Organisations
8.1. ORG-0001
Official Name: European Investment Bank
Postal address: 98-100 boulevard Konrad Adenauer
Town: Luxembourg
Postcode: L-2950
Country: Luxembourg
Email: corporate-procurement@eib.org
Tel: +352 43 79 1
8.1. ORG-0002
Official Name: Court of Justice of the European Union
Postal address: Rue du Fort Niedergrünewald
Town: Luxembourg
Postcode: L-2925
Country: Luxembourg
Email: GC.Registry@curia.europa.eu
Tel: +352 4303-1
8.1. ORG-0003
Official Name: European Commission
Postal address: Mondrian (CDMA), Rue du Champ de Mars 21
Town: Brussels
Postcode: B-1050
Country: Belgium
Email: corporate-procurement@eib.org
Tel: +32 2 299 11 11
11. Notice information
11.1. Notice information
Notice identifier/version: 670fd571-8ce9-429d-9edf-985844a7ca29 – 01
Notice type: Contract or concession notice – standard regime
Notice dispatch date: 10/09/2025 22:01:13
Languages in which this notice is officially available: ENG
11.2. Publication information
Notice publication number: 00597248-2025
OJ S issue number: 175/2025
Publication date: //