The deliverable offers an exhaustive examination of the use cases, technical prerequisites, as well as ethical, privacy, and GDPR considerations that will govern the activities of Large-Scale Pilots (LSPs) in the ATLANTIS project. Within this report, we acquaint the Critical Infrastructure (CI) operators involved in the ATLANTIS initiative, and expound upon taxonomies of threats encompassing cyber, physical, and human (CPH) risks pertinent to critical infrastructure systems. Additionally, we elucidate sample scenarios illustrating the potential impacts of CPH hazards on CI systems, delineating their conceivable ramifications.
In-depth enumerations of threats affecting the participating organizations are furnished by the experts within each entity, evaluating both the likelihood and the potential impact of each risk. A comprehensive risk assessment is presented, accompanied by a depiction of the interdependencies within each sector, predicated on the threats identified. Lastly, we offer a concise summary of the legal and ethical concerns intertwined with the project’s pursuits.
The deliverable D1.2 provides a comprehensive overview of the ATLANTIS framework architecture which aims to enable coordinated risk assessment and mitigation of cyber-physical threats across Critical Infrastructures (CIs). The architecture identifies the system-level components including devices, assets, systems, networking characteristics, 5G/satellite communications, CCI-SAAM platform, inter-Blockchain/DLT, and edge cloud offloading.
The deliverable also provides sequence diagrams describing how the software components will interact under different scenarios. Key countermeasures like earth observation, resilience, human sensing, disinformation tools, situational awareness, systemic risk analysis, risk reduction, threat intelligence, and others are explained.
The document highlights how ATLANTIS will be applied in three large-scale pilots spanning energy, transport, telecoms, health, logistics, finance, and border control sectors across many EU countries. Detailed use cases demonstrate the effectiveness of ATLANTIS in ensuring CI resilience.
Overall, the deliverable provides a well-defined meta-architecture that enables the structured development of an integrated framework to assess and mitigate systemic risks across interconnected European CIs. The architectural specification serves as a foundation for implementing coordinated security capabilities across diverse CI domains.
This document, D1.3 – ATLANTIS Meta-Architecture & Countermeasures Definition, serves as the final deliverable of Work Package 1 (WP1) of ATLANTIS. Among the others, it addresses the development and definition of the ATLANTIS meta-architecture, focusing on the security, risk, and resilience management of Critical Infrastructures (CIs) in Europe against systemic and large-scale threats.
The document starts with an overview of the emergency response plans developed in alignment with the risk modelling activities and countermeasure strategies of the project. The available methodologies for such a task are presented, followed by the analysis of a methodology to derive effective countermeasures definition. The relevant activities are also accompanied by the instantiation of the chosen methodologies, in the form of attack trees coupled with emergency response plans that could be directly used to alleviate the effects of security risks posed to the project CIs.
The definition of the meta-architecture follows, casting particular focus on incorporating stakeholder perspectives, concerns, and viewpoints, largely following the guidelines of ISO/IEC/IEEE 42010:2022. By adopting a multitude of architectural views (including network, user, logical, operational, functional, process, and physical ones), the document presents the ATLANTIS architectural components, their relationships, and their operational implications. This approach ensures that the architecture meets the needs of various stakeholders, including government agencies, public authorities, CI operators, security experts, and technology providers. In tandem with aligning to existing architectures for interoperability reasons, the document also presents an analysis of existing reference architectures from already closed INFRA research projects, such as InfraStress, DEFENDER and 7SHIELD, illustrating how the ATLANTIS aligns with these architectures.
A detailed mapping of user requirements to system technical requirements is, next given, ensuring that the architecture aligns with the specific needs and expectations of stakeholders. To ensure that these requirements are going to be effectively met, this report also frames the ATLANTIS benchmarking framework, which plays a crucial role in evaluating the ATLANTIS platform’s effectiveness in real-world settings.
Overall, this deliverable presents, at high level, the results of core research, stakeholder collaboration, and technical development efforts within the ATLANTIS project. It provides a blueprint for future security architectures, potentially serving as a reference point for CI operators, policymakers, and technology providers. The integration of threat intelligence, interoperability with existing systems, and support for emergency response plans marks a significant advancement in the field of Critical Infrastructure Protection.
The objective of this deliverable is to present a detailed and comprehensive report on the solutions implemented for managing Systemic Risks and Incident Awareness. It outlines the goals and achievements of T3.1, T3.2, T3.3 and T3.6 under WP3 – Protective Technologies, aimed at reducing systemic risks through innovation.
The primary objective is to detect and identify hazards and threats related to ATLANTIS Critical Infrastructures, evaluate the associated risks and identify potential systemic risks. This process also involves gathering and analysing relevant data to build a robust and comprehensive situational awareness, enabling more effective risk management and proactive threat mitigation strategies.
The deliverable is structured into five main sections:
The previous iteration of this report was released at M14 as D3.1 and the next and final iteration will be released at M30 as D3.3 – beta version.
This document, D3.3 – Systemic Risks and Incident Awareness (beta version), serves as the final deliverable of Work Package 3 (WP3) – Protective Technologies within the ATLANTIS project. It consolidates the outcomes of T3.1, T3.2, T3.3, and T3.6, focusing on innovative solutions aimed at detecting, assessing, and mitigating systemic risks while enhancing situational awareness for Critical Infrastructures (CIs). The document begins by outlining the methodologies and technologies developed for hazard detection, threat identification, and risk evaluation within the ATLANTIS ecosystem. The approach integrates comprehensive data collection, advanced analytics, and proactive risk mitigation strategies, ensuring a robust situational awareness framework. This document marks the third and final iteration of the systemic risk management solution, building upon D3.1 (due at M14) and D3.2 (due at M22). The final assessments highlight significant advancements in threat detection efficiency and risk evaluation precision. With the integration of enhanced monitoring mechanisms, this deliverable establishes a comprehensive framework for safeguarding CIs against evolving threats. The core technical developments are structured into the following key sections:
Overall, D3.3 serves as a reference for future systemic risk management and situational awareness solutions, strengthening the resilience and security of CIs. The findings underscore major improvements in threat identification, risk assessment, and strategic response, providing valuable guidance for CI operators and security technology providers.
This executive summary outlines the key components and findings of the first version of the incident mitigation by innovation solution within the WP3 of the ATLANTIS project. The document provides a comprehensive overview of incident mitigation in the context of cyber-physical systems and critical infrastructure, emphasizing the relationship between risk and resilience management.
The deliverable comprises of six main sections:
The next iteration of this report will be released at M26 (as D3.5 – alpha version) and at M31 (as D3.6 – beta version).
This executive summary of the D3.5 deliverable outlines the key components and findings of the Task 3.5 – Risk Reduction & Incident Mitigation/Recovery Decision Support System within Work Package 3 (WP3) of the ATLANTIS project. The document provides a complete overview of the Risk Reduction and Incident Mitigation and Decision Support System framework for enhancing the resilience and security of critical infrastructures (CIs) against large-scale, transnational, and systemic risks.
The deliverable comprises five main chapters:
This document describes the basic version of the Cross-domain, Cross-CI, Cross-border knowledge Sharing, risk Assessment, threat Analysis and countermeasures Mitigation (CCI-SAAM) Coordinated Framework, which combines the features from the initial releases of the related components created under Work Packages (WP) WP4 and Tasks T4.1, T4.2, and T4.3.
The CCI-SAAM Coordinated Framework’s basic version offers (i) the background analysis, (ii) describes the architecture and the functionality of the proposed framework, (iii) provides an overview of the implementation details, including the requirements, the design, and the deployment aspects, and, ultimately, the evaluation plan of the components it consists of. In fact, the following topics are clarified by this report:
Deliverable D4.2 – CCI-SAAM Coordinated Framework (alpha version), is anticipated to contain the second iteration of the framework at M26.
This document describes the Alpha version of the Cross-domain, Cross-CI, Cross-border knowledge Sharing, risk Assessment, threat Analysis and countermeasures Mitigation (CCI-SAAM) Coordinated Framework, which combines the features from the latest releases of the related components created under WP4 and T4.1, T4.2, and T4.3. It can be considered the accompanying report of the Alpha Release of CCI-SAAM Framework, along which they form Deliverable 4.2.
The CCI-SAAM Coordinated Framework’s Alpha version (i) describes the architecture of the proposed framework both as a whole and of specific parts of it, (ii) provides information on the implementation details of each framework’s component, including functionality description, technologies used, interfaces exposed and deployment aspects, and ultimately, (iii) reports on the validation of the components it consists of.
In summary, the following topics are clarified by this report:
Deliverable D4.3 – CCI-SAAM Coordinated Framework (beta version), is anticipated to contain the final iteration of the framework at M32.
This document describes the ATLANTIS Integrated Framework (version 1) and constitutes the deliverable D4.4, which is the first of the three versions of the ATLANTIS Integrated framework, as foreseen in the DoA. This document offers an overview of the deployment options of ATLANTIS, describing how these options promote platform reproducibility and uphold its resilience and performance capacity. Finally, it reports on the verification and validation reports of the framework’s components while it provides descriptions of the design and functionality aspects of the ATLANTIS Integrated Framework components. It also discusses how the initial versions of the various components get integrated into a coherent framework offering coordinated services.
The goal of the presented and implemented ATLANTIS Development, Security and Operations (DevSecOps) lifecycle design is to automate and integrate security throughout the entire ATLANTIS software development process. Furthermore, the concepts of Continuous Integration and Continuous Delivery (CI/CD) are integrated into the ATLANTIS development process in order to generate consistent and dependable software results. To be more precise, GitLab CI/CD is used to implement the ATLANTIS CI/CD workflow, with the necessary security enhancements added to guarantee security presence throughout the entire DevOps cycle. Utilizing cutting-edge container and container orchestration technologies, the ATLANTIS CI/CD workflow is actually implemented through a private GitLab CI/CD instance hosted on the deployment platform that is being presented.
In addition, the approach for the verification and validation of the integrated platform and its components is presented in this document.
This document also discusses the integrated ATLANTIS framework, weighing the project vision against the overall ATLANTIS functionality, presenting functionality interaction diagrams as well as a functional architectural view diagram. In fact, the primary focus of this initial integrated prototype is on design specifications, which include aspects of inter-component communication and deployment aspects.
Building upon the foundational efforts documented in the previous report (D4.4, due at M17), D4.5 – ATLANTIS Integrated Framework (alpha version) offers an intermediate release of the ATLANTIS framework, demonstrating practical advancements in cooperative prevention, anticipation, and mitigation of systemic risks across multiple critical infrastructures. Its principal goals include refining the architecture, embedding security by design, and validating core functionalities through laboratory testing. Achieving these objectives has involved close collaboration among numerous project partners and development teams, facilitating synchronised component development, streamlined testing workflows, and the exchange of best practices for secure integration.
A key achievement of this alpha version is the successful deployment of a DevSecOps pipeline, which embeds security considerations at every stage of the software development lifecycle. This pipeline supports continuous integration, testing, and deployment of containerised components, ensuring that new features and updates can be rapidly and safely introduced. Additionally, the Integrated Framework now incorporates a robust toolset for user access management, message brokering, and distributed ledger functionalities, reinforcing its scalability, reliability, and resilience. Through targeted lab tests, it has been validated that essential modules, ranging from advanced analysis engines to visualisation dashboards, operate effectively both on their own and when integrated into a cohesive system.
The objectives have been met by systematically aligning technical developments with the requirements of diverse critical infrastructure sectors. Joint efforts in design updates, compatibility checks, and security assessments have enabled the project teams to address interoperability, data interchange, and deployment challenges in a timely manner. As a result, the alpha version demonstrates tangible progress in creating a framework capable of managing complex cyber-physical environments while preserving performance and scalability targets.
Although D4.5 briefly references earlier and forthcoming deliverables, its primary focus is on detailing the progress made to date. This includes refined architecture, enhanced security controls, and strengthened integration processes, developments that collectively support greater involvement of end users and enable further large-scale validation activities in the project’s final stages.
The deliverable provides the initial Data Management Plan (DMP) for the ATLANTIS project. The DMP is part of Work Package 5 – “Cross-CI Large Scale Pilots validation and penetration testing” and it is a living and changing document in which information will be made available on a finer level of granularity through updates as the implementation of the project progresses and when significant changes occur. DMP gives an overview of the ATLANTIS Data Management life cycle for data to be gathered, processed, and/or generated as part of making its research data findable, accessible, interoperable, and re-usable (FAIR), in accordance with the FAIR Data Management guidelines. FAIR data management ensures that the improvements and results generated based on these data can be duplicated and used by future EU-funded initiatives and the community at large.
Social media platforms are the second important tool for promoting ATLANTIS and for building a strong network of academics, professionals, and other stakeholders. The ATLANTIS LinkedIn account https://www.linkedin.com/company/atlantis-horizon-europe-project was set up as a first step to establish contact with the key players in the field. Additionally, to enhance our digital presence and engagement, we have launched an ATLANTIS YouTube channel (https://www.youtube.com/@Atlantis-eu), dedicated to sharing our video content.
In addition, as part of these activities, the individual exploitation plans of each have been collected and analysed in order to understand how to exploit the project results both individually and in collaboration with other partners. Moreover, this deliverable collects a market study analysis concerning the main ATLANTIS markets along with the current solutions offered in the market, main ATLANTIS outcomes and proposed solutions along with the ATLANTIS Business Model Canvas, potential ATLANTIS target customers.
The mission of ATLANTIS is to improve the resilience and protection capabilities of interconnected European Critical Infrastructures (ECI). These infrastructures face evolving systemic risks due to existing and emerging large-scale, combined, cyber-physical threats and hazards. The goal is to guarantee the continuity of operations while minimizing cascading effects in the infrastructure itself, the environment, other Critical Infrastructures (Cis), and the involved population.
This report represents the second version of the “Market study and exploitation plans” which is the result of the work conducted under Task 6.3 – Exploitation strategy and Sustainability plans. It represents a key result of WP6 – Impact Creation and Outreach for assuring the future exploitation of the main reached results in the project. In this context, the partners have identified and described their Key Exploitable Results (KERs), underlining the main features and the value of each result to be considered as valid and feasible for the future commercial exploitation.
The focus of this deliverable is to provide an updated overview of the current status of the market where the potential project outcomes could be launched. The key aim of the ATLANTIS Exploitation Framework is to define a concrete exploitation strategy to pave the grounds for the future exploitation of project main results, both at individual partners’ and at Consortium level. The ATLANTIS exploitation strategy has been detailed: it aims at enabling an active use of the exploitable results created by the project to generate positive impacts. More specifically, in this deliverable, a structured and in-depth analysis of the KERs has been presented to structure exploitation planning and ensure a sustainable exploitation. In particular, the more mature results have been further analysed and this work has been conducted with the support of the Horizon Result Booster service. The chosen service is related to “Portfolio Dissemination & Exploitation Strategy”, module C. The aim of Exploitation Service (Module C) is to support single projects in exploiting their research results and enhance beneficiaries’ capacity to improve their exploitation strategy. The Booster experience has been a learning process for the ATLANTIS. The Consortium partners have learnt new skills and competencies that have replicated the analysis on the other KERs. To strengthen the exploitation potential, ATLANTIS expects the development of joint exploitation strategies by groups of partners that can mutually benefit from a cooperative scheme. For this reason, some joint exploitation schemas have been provided and analysed.
To ensure that the obtained insights, know-how, and innovations generate direct, tangible, and long-lasting impacts, the project defines several complementary activities including collaboration, communication, dissemination, training, standardisation, and policy making.
The SUSTAINABILITY phase (M31 – M36, April 2025 – September 2025) concentrates on maintaining project outcomes and impacts beyond completion. ATLANTIS works on disseminating results, promoting their adoption and replication, and advocating for changes in standards, policies, and practices.
The second ATLANTIS report on impact generation provides an insight into the activities that the consortium has undertaken in the first 18 months towards promoting project activities and initial results, transferring the knowledge generated so far, and shaping the future standards and policies at both local and European level. Based on the results of these activities, and the overall progress of the project, we also present a refined strategy for future impact generation.
Specifically, for each of the above-mentioned activities, we elaborate on the following:
The next iteration of this report will be released at the end of the project, at Q3/2025 as D6.7.
D7.1 – Project Handbook outlines the internal procedures of the ATLANTIS project in terms of project execution, administrative management, management structures, communication and collaboration. It contains all the guidelines, processes, procedures, tools to be adopted by all partners to refer during the lifetime of the project. In addition, it describes the risk management processes and internal Quality Assurance (QA) procedures to be applied within the ATLANTIS project. Along with the QA procedures, an initial list of quality management assignments to the partners regarding the quality control of ATLANTIS deliverables is also presented. Likewise, as part of the risk management methodology, the document presents the risk registry of the project. The latter will be periodically updated and reviewed by the coordinating team and the work package leaders.
This deliverable fulfils one of the ethics requirements (No.1) laid out by the European Commission within WP8 of ATLANTIS:
Also, in the Ethics Summary Report two considerations were made, regarding the processing of personal data in ATLANTIS:
Based on the above, the document provides, firstly, the methodology used for the preparation of this deliverable and for collecting the requested information. Also, the applicable legal framework is being detailed and the main concepts are being explained, to facilitate the reading and understanding of the subsequent sections.
Furthermore, the Consortium explains, applying ‘data minimization principle’, how personal data processed are relevant and limited to the purposes of the research, the anonymization/pseudonymization techniques that will be implemented, the transfer of personal data within ATLANTIS project and the re-use of personal data by the ATLANTIS project.
This deliverable fulfils the second and last of the ethics requirements (No.2) laid out by the European Commission within WP8 of ATLANTIS:
Also, in the Ethics Summary Report two considerations were made, regarding the involvement of AI-based system/techniques in ATLANTIS:
Based on the above, the report provides, firstly, the methodology used for the preparation of this deliverable and for collecting the requested information. Also, the main outcomes from Task 1.3 – Ethical, Data Confidentiality & GDPR compliance requirements, relevant for development, deployment and/or use of artificial intelligence (AI)-based systems or techniques in ATLANTIS project are being presented. The deliverable also defines specific requirements which needs to be assessed and adopted by the Consortium in order to comply with the above-mentioned Ethics Requirement.
Furthermore, a checklist is being proposed to the technical partners involved in T1.4, T3.1, T3.2, T3.3, T3.4, T3.5, T4.1 and T4.2, based on the requirements and ethical principles described in “Ethics By Design and Ethics of Use Approaches for Artificial Intelligence” Guidelines released by the EC.
This project has received funding from the European Union’s Horizon Europe framework programme under grant agreement No.101073909
The contents of this website represent the views of the authors only and remain their sole responsibility. The European Research Executive Agency (REA) and the European Commission are not responsible for any use of the included information.
Copyright © 2022 The ATLANTIS Consortium. All Rights Reserved.