DELIVERABLES

deliverables

D1.1 – Cross-CI Risk Assessment and GDPR compliance

The deliverable offers an exhaustive examination of the use cases, technical prerequisites, as well as ethical, privacy, and GDPR considerations that will govern the activities of Large-Scale Pilots (LSPs) in the ATLANTIS project. Within this report, we acquaint the Critical Infrastructure (CI) operators involved in the ATLANTIS initiative, and expound upon taxonomies of threats encompassing cyber, physical, and human (CPH) risks pertinent to critical infrastructure systems. Additionally, we elucidate sample scenarios illustrating the potential impacts of CPH hazards on CI systems, delineating their conceivable ramifications.

In-depth enumerations of threats affecting the participating organizations are furnished by the experts within each entity, evaluating both the likelihood and the potential impact of each risk. A comprehensive risk assessment is presented, accompanied by a depiction of the interdependencies within each sector, predicated on the threats identified. Lastly, we offer a concise summary of the legal and ethical concerns intertwined with the project’s pursuits.

D1.2 – ATLANTIS meta-architecture & countermeasures definition

The deliverable D1.2 provides a comprehensive overview of the ATLANTIS framework architecture which aims to enable coordinated risk assessment and mitigation of cyber-physical threats across Critical Infrastructures (CIs). The architecture identifies the system-level components including devices, assets, systems, networking characteristics, 5G/satellite communications, CCI-SAAM platform, inter-Blockchain/DLT, and edge cloud offloading.

The deliverable also provides sequence diagrams describing how the software components will interact under different scenarios. Key countermeasures like earth observation, resilience, human sensing, disinformation tools, situational awareness, systemic risk analysis, risk reduction, threat intelligence, and others are explained.

The document highlights how ATLANTIS will be applied in three large-scale pilots spanning energy, transport, telecoms, health, logistics, finance, and border control sectors across many EU countries. Detailed use cases demonstrate the effectiveness of ATLANTIS in ensuring CI resilience.

Overall, the deliverable provides a well-defined meta-architecture that enables the structured development of an integrated framework to assess and mitigate systemic risks across interconnected European CIs. The architectural specification serves as a foundation for implementing coordinated security capabilities across diverse CI domains.

D1.3 – ATLANTIS meta-architecture & countermeasures definition v2

This document, D1.3 – ATLANTIS Meta-Architecture & Countermeasures Definition, serves as the final deliverable of Work Package 1 (WP1) of ATLANTIS. Among the others, it addresses the development and definition of the ATLANTIS meta-architecture, focusing on the security, risk, and resilience management of Critical Infrastructures (CIs) in Europe against systemic and large-scale threats.

The document starts with an overview of the emergency response plans developed in alignment with the risk modelling activities and countermeasure strategies of the project. The available methodologies for such a task are presented, followed by the analysis of a methodology to derive effective countermeasures definition. The relevant activities are also accompanied by the instantiation of the chosen methodologies, in the form of attack trees coupled with emergency response plans that could be directly used to alleviate the effects of security risks posed to the project CIs.

The definition of the meta-architecture follows, casting particular focus on incorporating stakeholder perspectives, concerns, and viewpoints, largely following the guidelines of ISO/IEC/IEEE 42010:2022. By adopting a multitude of architectural views (including network, user, logical, operational, functional, process, and physical ones), the document presents the ATLANTIS architectural components, their relationships, and their operational implications. This approach ensures that the architecture meets the needs of various stakeholders, including government agencies, public authorities, CI operators, security experts, and technology providers. In tandem with aligning to existing architectures for interoperability reasons, the document also presents an analysis of existing reference architectures from already closed INFRA research projects, such as InfraStress, DEFENDER and 7SHIELD, illustrating how the ATLANTIS aligns with these architectures.

A detailed mapping of user requirements to system technical requirements is, next given, ensuring that the architecture aligns with the specific needs and expectations of stakeholders. To ensure that these requirements are going to be effectively met, this report also frames the ATLANTIS benchmarking framework, which plays a crucial role in evaluating the ATLANTIS platform’s effectiveness in real-world settings.

Overall, this deliverable presents, at high level, the results of core research, stakeholder collaboration, and technical development efforts within the ATLANTIS project. It provides a blueprint for future security architectures, potentially serving as a reference point for CI operators, policymakers, and technology providers. The integration of threat intelligence, interoperability with existing systems, and support for emergency response plans marks a significant advancement in the field of Critical Infrastructure Protection.

D2.1 – Cyber Preventive measures

The scope of this document is to provide a comprehensive overview and framework for the implementation of a geospatial monitoring system for critical infrastructure mapping and monitoring in the context of supporting a risk management decision support system for large scale systemic risks – as covered by the ATLANTIS project. The report presents an integrated modular methodological framework that integrates remote sensing technologies – considering a set of diverse technologies, including satellites, drones, and aircraft imagery.

The document reviews current literature to identify best practice and innovative approaches that may be leveraged in the project. It then presents the methodological framework to be deployed in the next phase of the work and highlights some case studies that provide proof-of-concept of the advancements that the proposed remote sensing techniques may offer in pre-crisis, near real-time and post-crisis situations. It also addresses challenges related to data availability, temporal resolution, and integration of remote sensing platforms, providing valuable insights for stakeholders involved in critical infrastructure monitoring and management. By applying the technology to case studies across Europe, including in Slovenia, which was hit by disastrous floods in the months following the publication of this deliverable; the report clearly demonstrates the value that the utilisation of earth observation imagery can have in improving situational awareness and disaster risk management decision support systems for critical infrastructure.

The findings presented in the report provide the foundations for the integration of remote sensing technological capabilities in the decision support system tool being developed within ATLANTIS.

D2.3 – Cyber Preventive measures

The ATLANTIS project aims at enhancing resilience and Cyber-Physical-Human (CPH) security of the key European Critical Infrastructures (CIs), going beyond the scope of distinct assets, systems, and single CI. This goal will be achieved by addressing resilience at the systemic level against major natural hazards and complex attacks that could potentially disrupt vital functions of the society.

In this frame, the purpose of the Work Package 2 is to study, test and set in place preventive technologies to reduce systemic risk by design. In the cyber-security domain, we have identified three different sets of technologies that would help ensure the continuity of services. The purpose of the first one is ensuring the resiliency and the self-healing of CI and inter-CI IT systems. They are based on micro-services and orchestrators to avoid single points of failure and to be able to ensure the continuity of services. The second set of technologies aims at backing up Position, Navigation and Time (PNT) services that are widely used in CIs and for which a breakdown could seriously put at risk their operations. And finally, the third one is about the traceability of information considering we must ensure that any information transferred between CIs is fully trustable to allow the best management of any incoming problematic situation.

Thus, this document covers the three different sets of technologies with a specific focus on the information traceability ones and a state of the art on the resiliency by design and on the resilient PNT. First, it gives an overview of previous EU projects that have already studied and set in place such kind of technologies. Then it indicates how we are going to extend their outcomes and what will be the traceability mechanisms that will be used in the framework of the ATLANTIS project.

D3.1 – Systemic Risks and Incidents Awareness

The purpose of the deliverable is to provide a detailed description of the designed solution for the detection and analysis of systemic risks, cyber-physical threats, or hazards within the ATLANTIS Security Framework in order to build comprehensive situational awareness. Situational awareness aims to support decision-making and risk mitigation to minimize the impact of risks and cascading effects within the targeted infrastructure or other connected infrastructures.

The deliverable examines various phases of the risk management process involving Protective Technologies to reduce systemic risks by innovation. The process begins with the information gathering layer, capable of interfacing uniformly with physical, cyber, cyber-physical, and human sensors without capturing sensitive information from sources through the adoption of appropriate Machine Learning (ML) models. At the same level as the detection layer, we find Human-in-Vicinity (HiVIC) solutions that involve people in the vicinity of the incident for gathering additional information to complement the situational picture.

These pieces of information are then analysed and processed by the core of the system, which deals with building situational awareness and employs the Digital Twin technological approach. The hybrid digital twin incorporates cyber, physical, and cyber-physical models of critical infrastructure elements involved in managing critical events or threats, as well as ML models constructed from historical data obtained from detection components. The digital twin is used to digitally map the properties and state of critical infrastructures, enabling monitoring, analysis, and simulation of the system’s behaviour in the real world.

The deliverable also describes the process leading to the identification and application of machine learning models to predict potential systemic risks or identify imminent risks that need to be managed, involving the implementation of real-world mitigation strategies. The solution also includes a disinformation-fighting layer that provides strategies and solutions for managing content verification on social media or the web in general, content contextualization, and provenance management. Information derived from disinformation- fighting tools can also be used to enhance situational awareness.

D3.2 – Systemic Risks and Incidents Awareness

The objective of this deliverable is to present a detailed and comprehensive report on the solutions implemented for managing Systemic Risks and Incident Awareness. It outlines the goals and achievements of T3.1, T3.2, T3.3 and T3.6 under WP3 – Protective Technologies, aimed at reducing systemic risks through innovation.

The primary objective is to detect and identify hazards and threats related to ATLANTIS Critical Infrastructures, evaluate the associated risks and identify potential systemic risks. This process also involves gathering and analysing relevant data to build a robust and comprehensive situational awareness, enabling more effective risk management and proactive threat mitigation strategies.
The deliverable is structured into five main sections:

Section 2: Detection and data gathering layer, sensor details, data adaptation, analytics, and monitoring;
Section 3: Disinformation fight, information contextualization and provenance;
Section 4: Situation Awareness & Comprehension Framework
Section 5: Humans in Vicinity Sensing and Engagement
Section 6: Conclusions and next steps

The previous iteration of this report was released at M14 as D3.1 and the next and final iteration will be released at M30 as D3.3 – beta version.

D3.3 – Systemic Risks and Incidents Awareness (beta version)

This document, D3.3 – Systemic Risks and Incident Awareness (beta version), serves as the final deliverable of Work Package 3 (WP3) – Protective Technologies within the ATLANTIS project. It consolidates the outcomes of T3.1, T3.2, T3.3, and T3.6, focusing on innovative solutions aimed at detecting, assessing, and mitigating systemic risks while enhancing situational awareness for Critical Infrastructures (CIs). The document begins by outlining the methodologies and technologies developed for hazard detection, threat identification, and risk evaluation within the ATLANTIS ecosystem. The approach integrates comprehensive data collection, advanced analytics, and proactive risk mitigation strategies, ensuring a robust situational awareness framework. This document marks the third and final iteration of the systemic risk management solution, building upon D3.1 (due at M14) and D3.2 (due at M22). The final assessments highlight significant advancements in threat detection efficiency and risk evaluation precision. With the integration of enhanced monitoring mechanisms, this deliverable establishes a comprehensive framework for safeguarding CIs against evolving threats. The core technical developments are structured into the following key sections:

Detection and Data Gathering (Section 2): This section details the implementation of the detection layer, covering sensor technologies, data adaptation, analytics, and real-time monitoring. The deployed system effectively interfaces with existing CI infrastructure, standardizes data formats, and ensures high levels of data privacy and security.
Disinformation Mitigation (Section 3): The section presents validated solutions for identifying and countering misinformation, disinformation, and malicious information threats. Implemented tools have successfully demonstrated their effectiveness in increasing transparency, improving trust, and mitigating information-related risks, including deepfake detection and network-based deception analysis.
Situation Awareness & Comprehension Framework (Section 4): This section evaluates the integration of continuous systemic risk analysis and interdependency-based situational awareness. The inclusion of risk propagation models has significantly enhanced the system’s capability to assess cascading impacts across interconnected assets. The dynamic Situation Picture model has provided valuable decision-support insights during pilot demonstrations.
Humans in Vicinity Sensing and Engagement (Section 5): The HiVIC approach has been implemented to enable a proximity-based sensing and engagement strategy, enhancing the interaction between humans and critical infrastructure environments. The integration of Distributed Ledger Technology (DLT) ensures secure and private communication between volunteers and infrastructure operators.

Overall, D3.3 serves as a reference for future systemic risk management and situational awareness solutions, strengthening the resilience and security of CIs. The findings underscore major improvements in threat identification, risk assessment, and strategic response, providing valuable guidance for CI operators and security technology providers.

D3.4 – Incidents Mitigation by Innovation

This executive summary outlines the key components and findings of the first version of the incident mitigation by innovation solution within the WP3 of the ATLANTIS project. The document provides a comprehensive overview of incident mitigation in the context of cyber-physical systems and critical infrastructure, emphasizing the relationship between risk and resilience management.
The deliverable comprises of six main sections:

Section 2: Explores incident mitigation, integration into ATLANTIS architecture, in critical infrastructure protection.
Section 3: Strategies and policies importance, challenges in coordinated approach, and real-world examples are here presented.
Section 4: Stresses integrating situational awareness into risk reduction strategies and innovative technologies.
Section 5: Focuses on risk management, safety, security, proactive hazard management.
Section 6: Introduces decision making in crisis and the role of command-and-control tools.
Section 7: Explains the Risk Reduction and Incident Mitigation framework using advanced technologies for crisis response.

The next iteration of this report will be released at M26 (as D3.5 – alpha version) and at M31 (as D3.6 – beta version).

D3.5 – Incidents Mitigation by Innovation (alpha version)

This executive summary of the D3.5 deliverable outlines the key components and findings of the Task 3.5 – Risk Reduction & Incident Mitigation/Recovery Decision Support System within Work Package 3 (WP3) of the ATLANTIS project. The document provides a complete overview of the Risk Reduction and Incident Mitigation and Decision Support System framework for enhancing the resilience and security of critical infrastructures (CIs) against large-scale, transnational, and systemic risks.

The deliverable comprises five main chapters:

Section 1: Introduces the purpose and scope of the deliverable, introducing the purpose and scope of this deliverable and how it supports the understandability of the advanced concepts of the systemic risks in critical infrastructures, outlining the methodological approach supported by the deliverable structure.
Section 2: Details the Incident Mitigation framework, exploring how innovation supports the transition from incident awareness to mitigation, including the application of strategies, policies, and coordinated approaches. This chapter examines how Artificial Intelligence (AI) and Machine Learning (ML) techniques directly combat systemic risks by analyzing complex interdependencies within critical infrastructure networks. These advanced algorithms detect subtle risk patterns across interconnected systems, predict potential cascade failures, and automatically generate targeted countermeasures. This systematic approach enables proactive risk mitigation by identifying and addressing vulnerabilities before they trigger system-wide failures. This chapter underlines the opportunity of using coordinated approaches of mitigation with respect to content operators who focus on multiple facets with requirements in the domain of Cyber-Physical-Human (CPH) Protection The perspective is widened to long-term interests of stakeholders like regional authorities and policy makers. The Risk Reduction and Incident Mitigation (RRIM) framework integrates advances Generative AI capabilities to enhance incident response. For example, to analyze incoming security alerts, automatically identifying attack patterns and generating detailed threat assessments. These capabilities improve situational awareness and response effectiveness and enable the RRIM to quickly targeted mitigation strategies.
Section 3: Presents the RRIM framework, describing the architecture for incident detection and mitigation, data processing systems, classification models, and knowledge-driven assessment methodologies within for decision support, risk assessment and risk reduction. This section provides a detailed overview of the technical solutions that are integrated in the Decision Support System (DSS) and Risk Reduction and Incident Mitigation (RRIM), naming the AI and ML models for data-processing and analysis who are observed methodologically to assure effectiveness and efficiency for a sustainable approach integrating the continues learning and optimization paradigm.
Section 4: Addresses optimizations in incident mitigation with focus on policy compliance, cyber-physical security enhancement, system sustainability, and improvement of end-user capabilities in managing cyber-physical threats. This section underlines the importance of conformity with regulations and incident response plans, the legal and strategical alignment to enhancing the CPH security using the cutting-edge innovations and methods, to ensure the sustainability and resiliency of the AI based systems and improved capabilities of the end-users to manage cyber-physical threats more efficiently.
Section 5: Concludes with a summary of key findings, outlining future work directions for continued research and development in Critical Infrastructure Protection (CIP). Overall, the future look involves the commitment to focus on improving the human-AI collaboration, driven by the feedback of the Large-Scale Pilots operators who test the functionality. This will be an opportunity for the technical partners to offer support and training for human operators to work effectively with the AI Systems. The next iteration of this report will be released as D3.6 – Incidents Mitigation by Innovation (beta version) at M31.

D4.1 – CCI-SAAM Coordinated Framework

This document describes the basic version of the Cross-domain, Cross-CI, Cross-border knowledge Sharing, risk Assessment, threat Analysis and countermeasures Mitigation (CCI-SAAM) Coordinated Framework, which combines the features from the initial releases of the related components created under Work Packages (WP) WP4 and Tasks T4.1, T4.2, and T4.3.

The CCI-SAAM Coordinated Framework’s basic version offers (i) the background analysis, (ii) describes the architecture and the functionality of the proposed framework, (iii) provides an overview of the implementation details, including the requirements, the design, and the deployment aspects, and, ultimately, the evaluation plan of the components it consists of. In fact, the following topics are clarified by this report:

The background information that has been leveraged to reach the proposed framework;
The description of the proposed framework, its architecture and functionality;
The most recent developments in the implementation of the components forming the CCI-SAAM coordinated framework;
The methodology for the evaluation of the framework and its constituent parts.

Deliverable D4.2 – CCI-SAAM Coordinated Framework (alpha version), is anticipated to contain the second iteration of the framework at M26.

D4.2 – CCI-SAAM Coordinated Framework (alpha version)

This document describes the Alpha version of the Cross-domain, Cross-CI, Cross-border knowledge Sharing, risk Assessment, threat Analysis and countermeasures Mitigation (CCI-SAAM) Coordinated Framework, which combines the features from the latest releases of the related components created under WP4 and T4.1, T4.2, and T4.3. It can be considered the accompanying report of the Alpha Release of CCI-SAAM Framework, along which they form Deliverable 4.2.

The CCI-SAAM Coordinated Framework’s Alpha version (i) describes the architecture of the proposed framework both as a whole and of specific parts of it, (ii) provides information on the implementation details of each framework’s component, including functionality description, technologies used, interfaces exposed and deployment aspects, and ultimately, (iii) reports on the validation of the components it consists of.
In summary, the following topics are clarified by this report:

The list of components of the proposed framework as well as its architecture in the means of sequence, data flow, and deployment diagrams;
The implementation details (functionality, technologies, interfaces, deployment) of the latest versions of the components forming the CCI-SAAM Coordinated Framework;
The validation of the framework and its constituent parts.

Deliverable D4.3 – CCI-SAAM Coordinated Framework (beta version), is anticipated to contain the final iteration of the framework at M32.

D4.4 – ATLANTIS Integrated Framework

This document describes the ATLANTIS Integrated Framework (version 1) and constitutes the deliverable D4.4, which is the first of the three versions of the ATLANTIS Integrated framework, as foreseen in the DoA. This document offers an overview of the deployment options of ATLANTIS, describing how these options promote platform reproducibility and uphold its resilience and performance capacity. Finally, it reports on the verification and validation reports of the framework’s components while it provides descriptions of the design and functionality aspects of the ATLANTIS Integrated Framework components. It also discusses how the initial versions of the various components get integrated into a coherent framework offering coordinated services.

The goal of the presented and implemented ATLANTIS Development, Security and Operations (DevSecOps) lifecycle design is to automate and integrate security throughout the entire ATLANTIS software development process. Furthermore, the concepts of Continuous Integration and Continuous Delivery (CI/CD) are integrated into the ATLANTIS development process in order to generate consistent and dependable software results. To be more precise, GitLab CI/CD is used to implement the ATLANTIS CI/CD workflow, with the necessary security enhancements added to guarantee security presence throughout the entire DevOps cycle. Utilizing cutting-edge container and container orchestration technologies, the ATLANTIS CI/CD workflow is actually implemented through a private GitLab CI/CD instance hosted on the deployment platform that is being presented.

In addition, the approach for the verification and validation of the integrated platform and its components is presented in this document.

This document also discusses the integrated ATLANTIS framework, weighing the project vision against the overall ATLANTIS functionality, presenting functionality interaction diagrams as well as a functional architectural view diagram. In fact, the primary focus of this initial integrated prototype is on design specifications, which include aspects of inter-component communication and deployment aspects.

D4.5 – ATLANTIS Integrated Framework (alpha version)

Building upon the foundational efforts documented in the previous report (D4.4, due at M17), D4.5 – ATLANTIS Integrated Framework (alpha version) offers an intermediate release of the ATLANTIS framework, demonstrating practical advancements in cooperative prevention, anticipation, and mitigation of systemic risks across multiple critical infrastructures. Its principal goals include refining the architecture, embedding security by design, and validating core functionalities through laboratory testing. Achieving these objectives has involved close collaboration among numerous project partners and development teams, facilitating synchronised component development, streamlined testing workflows, and the exchange of best practices for secure integration.

A key achievement of this alpha version is the successful deployment of a DevSecOps pipeline, which embeds security considerations at every stage of the software development lifecycle. This pipeline supports continuous integration, testing, and deployment of containerised components, ensuring that new features and updates can be rapidly and safely introduced. Additionally, the Integrated Framework now incorporates a robust toolset for user access management, message brokering, and distributed ledger functionalities, reinforcing its scalability, reliability, and resilience. Through targeted lab tests, it has been validated that essential modules, ranging from advanced analysis engines to visualisation dashboards, operate effectively both on their own and when integrated into a cohesive system.

The objectives have been met by systematically aligning technical developments with the requirements of diverse critical infrastructure sectors. Joint efforts in design updates, compatibility checks, and security assessments have enabled the project teams to address interoperability, data interchange, and deployment challenges in a timely manner. As a result, the alpha version demonstrates tangible progress in creating a framework capable of managing complex cyber-physical environments while preserving performance and scalability targets.

Although D4.5 briefly references earlier and forthcoming deliverables, its primary focus is on detailing the progress made to date. This includes refined architecture, enhanced security controls, and strengthened integration processes, developments that collectively support greater involvement of end users and enable further large-scale validation activities in the project’s final stages.

D5.1 – LSP set-up and Data Management Plan (DMP)

The ATLANTIS project aims at enhancing resilience and Cyber-Physical-Human (CPH) security of the key EU Critical Infrastructures (CIs), going beyond the scope of distinct assets, systems, and single CI, by addressing resilience at the systemic level against major natural hazards and complex attacks that could potentially disrupt vital functions of the society.

The deliverable provides the initial Data Management Plan (DMP) for the ATLANTIS project. The DMP is part of Work Package 5 – “Cross-CI Large Scale Pilots validation and penetration testing” and it is a living and changing document in which information will be made available on a finer level of granularity through updates as the implementation of the project progresses and when significant changes occur. DMP gives an overview of the ATLANTIS Data Management life cycle for data to be gathered, processed, and/or generated as part of making its research data findable, accessible, interoperable, and re-usable (FAIR), in accordance with the FAIR Data Management guidelines. FAIR data management ensures that the improvements and results generated based on these data can be duplicated and used by future EU-funded initiatives and the community at large.

The deliverable also includes foundations for the 3 Large Scale Pilots (LSPs) involving different parts of Europe’s Critical Infrastructure. Within each Pilot, different scenarios involving project partners are reported in which different types of cyber, physical and/or hybrid attacks are simulated. The purpose of these pilots is to test the resilience of European Critical Infrastructures and test part of the technologies developed within the project. The DMP will serve as a guide during the course of the project by providing guidance for the collection and management of sensitive and non-sensitive data, clarifying those in the public domain from those requiring special management procedures in accordance with current national and international standards.

D6.1 – Project Web site & Social Channels

This is the report of the delivered website and social media channel for the ATLANTIS project. The project website, www.atlantis-horizon.eu, is a key instrument for promoting ATLANTIS and disseminating important project information. The website gives a general summary of the project’s background, idea, objectives, and organizational scheme. It also emphasizes the roles and areas of expertise played by each consortium partner. Additionally, it will offer deliverables to the public. The content of the website is expanded over time with different kinds of materials for dissemination.

Social media platforms are the second important tool for promoting ATLANTIS and for building a strong network of academics, professionals, and other stakeholders. The ATLANTIS LinkedIn account https://www.linkedin.com/company/atlantis-horizon-europe-project was set up as a first step to establish contact with the key players in the field. Additionally, to enhance our digital presence and engagement, we have launched an ATLANTIS YouTube channel (https://www.youtube.com/@Atlantis-eu), dedicated to sharing our video content.

D6.2 – Market study and exploitation plans (initial version)

D6.2 – Market study and exploitation plans (initial version) represents the first version of the “Market study and exploitation plans” which is the result of the work conducted under Task 6.3 – Exploitation strategy and Sustainability plans. It represents a key result of WP6 – Impact Creation and Outreach for assuring the future exploitation of the main reached results in the project. The focus of this deliverable is: a) to provide an overview of the current status of the market where the potential project outcomes could be launched; b) to understand also what the market already provide in order to satisfy the market needs that ATLANTIS project aims to cover; c) to introduce the potential customers; d) to provide an overview of the project results; e) to identify the potential value proposition and the ATLANTIS Business Model Canvas.

In addition, as part of these activities, the individual exploitation plans of each have been collected and analysed in order to understand how to exploit the project results both individually and in collaboration with other partners. Moreover, this deliverable collects a market study analysis concerning the main ATLANTIS markets along with the current solutions offered in the market, main ATLANTIS outcomes and proposed solutions along with the ATLANTIS Business Model Canvas, potential ATLANTIS target customers.

In this context, the partners have identified and described their Key Exploitable Results (KERs) underlining the main features and the value of each result in order to take into account the options that they consider valid and feasible for the future commercial exploitation.

Finally, the ATLANTIS exploitation strategy has been detailed. It aims at enabling an active use of the exploitable results created by the project to generate positive impacts. More specifically, in this deliverable, a structured and in-depth analysis of the exploitable results has been presented in order to structure exploitation planning and ensure a sustainable exploitation. To strengthen the exploitation potential, ATLANTIS expects the development of joint exploitation strategies by groups of partners that can mutually benefit from a cooperative scheme.

In conclusion, the IPR theme has been also analysed in the deliverable. The IPR Management focuses on the careful handling of IPR issues in the ATLANTIS project, that are of strategic importance in order to facilitate the exploitation of its solutions. Furthermore, early individual exploitation plans of all the partners involved.

D6.3 – Market study and exploitation plans (intermediate version)

The mission of ATLANTIS is to improve the resilience and protection capabilities of interconnected European Critical Infrastructures (ECI). These infrastructures face evolving systemic risks due to existing and emerging large-scale, combined, cyber-physical threats and hazards. The goal is to guarantee the continuity of operations while minimizing cascading effects in the infrastructure itself, the environment, other Critical Infrastructures (Cis), and the involved population.

This report represents the second version of the “Market study and exploitation plans” which is the result of the work conducted under Task 6.3 – Exploitation strategy and Sustainability plans. It represents a key result of WP6 – Impact Creation and Outreach for assuring the future exploitation of the main reached results in the project. In this context, the partners have identified and described their Key Exploitable Results (KERs), underlining the main features and the value of each result to be considered as valid and feasible for the future commercial exploitation.

The focus of this deliverable is to provide an updated overview of the current status of the market where the potential project outcomes could be launched. The key aim of the ATLANTIS Exploitation Framework is to define a concrete exploitation strategy to pave the grounds for the future exploitation of project main results, both at individual partners’ and at Consortium level. The ATLANTIS exploitation strategy has been detailed: it aims at enabling an active use of the exploitable results created by the project to generate positive impacts. More specifically, in this deliverable, a structured and in-depth analysis of the KERs has been presented to structure exploitation planning and ensure a sustainable exploitation. In particular, the more mature results have been further analysed and this work has been conducted with the support of the Horizon Result Booster service. The chosen service is related to “Portfolio Dissemination & Exploitation Strategy”, module C. The aim of Exploitation Service (Module C) is to support single projects in exploiting their research results and enhance beneficiaries’ capacity to improve their exploitation strategy. The Booster experience has been a learning process for the ATLANTIS. The Consortium partners have learnt new skills and competencies that have replicated the analysis on the other KERs. To strengthen the exploitation potential, ATLANTIS expects the development of joint exploitation strategies by groups of partners that can mutually benefit from a cooperative scheme. For this reason, some joint exploitation schemas have been provided and analysed.

D6.5 – Dissemination & Standardisation & Communities Liaison

In recent years, the European Union has been faced with numerous crises, ranging from pandemic to escalating conflicts and the growing threat of climate change. These crises have highlighted the paramount importance of resilient Critical Infrastructures (CIs) that can withstand complex, large-scale, transnational, cross-domain, systemic risks, and are thereby able to ensure stability, security, and prosperity in the region.

The mission of ATLANTIS is to improve resilience of the interconnected European CIs exposed to evolving systemic risks due to existing and emerging large-scale, combined, cyber-physical-human threats, and thereby guarantee continuity of vital operations, while minimizing cascading effects in the infrastructure itself, the environment, other CIs, and the involved population. To this end, ATLANTIS has defined concrete and ambitious strategic goals that include generating new knowledge, developing and deploying sustainable organisational measures and technological solutions, and enhancing collaboration among various CI stakeholders across Europe.

To ensure that the obtained insights, know-how, and innovations generate direct, tangible, and long-lasting impacts, the project defines several complementary activities including collaboration, communication, dissemination, training, standardisation, and policy making.

These activities have different goals and target audiences, use different tools and channels, and comprise different actions based on the different phases of the project and maturity of project results.

In the AWARENESS phase (October 2022 – March 2024), ATLANTIS focuses on creating awareness about its mission and goals. Key activities include establishing the ATLANTIS brand, collaborating with relevant networks, employing communication and dissemination channels, and planning knowledge transfer. These efforts aim to engage researchers, software developers, CI operators, standardization bodies, and policymakers.

In the ENGAGEMENT phase (April 2024 – March 2025), the project, ATLANTIS shifts its focus to result-oriented engagement activities. The efforts are put into actively disseminating knowledge, promoting project results, and creating opportunities for exploitation. Training new experts and influencing emerging standards and policies are also goals for this phase.

The SUSTAINABILITY phase (M31 – M36, April 2025 – September 2025) concentrates on maintaining project outcomes and impacts beyond completion. ATLANTIS works on disseminating results, promoting their adoption and replication, and advocating for changes in standards, policies, and practices.

The first ATLANTIS report on impact generation activities provides a deeper insight into the refined strategy for promoting project activities and results, transferring newly generated knowledge, and shaping the future standards and policies at local and European level. With a focus on increasing awareness, engagement, and sustainability, ATLANTIS strives to leave a lasting impact on the CI landscape, while adhering to open science practices.

D6.6 – Dissemination & Standardisation & Communities Liaison (intermediate version)

The second ATLANTIS report on impact generation provides an insight into the activities that the consortium has undertaken in the first 18 months towards promoting project activities and initial results, transferring the knowledge generated so far, and shaping the future standards and policies at both local and European level. Based on the results of these activities, and the overall progress of the project, we also present a refined strategy for future impact generation.
Specifically, for each of the above-mentioned activities, we elaborate on the following:

The goals we have reached based on the targets defined in the initial version of this report (D6.5), and activities we plan in order to achieve even more in the future.
The target audience we have engaged so far and the communities we still aim to reach.
The tools and the channels we have and will (continue to) use for it. The discussion includes an updated evaluation of the relevant Key Performance Indicators (KPIs).

The next iteration of this report will be released at the end of the project, at Q3/2025 as D6.7.

D7.1 – Project Handbook

D7.1 – Project Handbook outlines the internal procedures of the ATLANTIS project in terms of project execution, administrative management, management structures, communication and collaboration. It contains all the guidelines, processes, procedures, tools to be adopted by all partners to refer during the lifetime of the project. In addition, it describes the risk management processes and internal Quality Assurance (QA) procedures to be applied within the ATLANTIS project. Along with the QA procedures, an initial list of quality management assignments to the partners regarding the quality control of ATLANTIS deliverables is also presented. Likewise, as part of the risk management methodology, the document presents the risk registry of the project. The latter will be periodically updated and reviewed by the coordinating team and the work package leaders.

D8.1 – POPD – Requirement No.1

This deliverable fulfils one of the ethics requirements (No.1) laid out by the European Commission within WP8 of ATLANTIS:

Clarification how all of the personal data that will be processed are relevant and limited to the purposes of the research project (in accordance with the ‘data minimization‘ principle) must be submitted as a deliverable before the start of the relevant activities
Description of the anonymization/pseudonymization techniques that will be implemented must be submitted as a deliverable before the start of the relevant activities.
For personal data that are transferred from a non-EU country to the EU (or another third state), justification that such transfers comply with the laws of the country in which the data was collected must be submitted as a deliverable before the start of the relevant activities.
An explicit confirmation that the data used in the project is publicly available and can be freely used for the purposes of the project must be submitted as a deliverable before the start of the relevant activities.
For the further processing of previously collected personal data, an explicit confirmation that the beneficiary has lawful basis for the data processing and that the appropriate technical and organizational measures are in place to safeguard the rights of the data subjects must be submitted as a deliverable before the start of the relevant activities.

Also, in the Ethics Summary Report two considerations were made, regarding the processing of personal data in ATLANTIS:

The project will collect, manage and generate diverse types of data (personal, sensitive and secondary data), both from project activities and from the three pilots.
The project involves processing or collection of sensitive personal data such as health data and possibly the utilization of electronic health records of hospitals. One of these hospitals is located in Albania.

Based on the above, the document provides, firstly, the methodology used for the preparation of this deliverable and for collecting the requested information. Also, the applicable legal framework is being detailed and the main concepts are being explained, to facilitate the reading and understanding of the subsequent sections.

Furthermore, the Consortium explains, applying ‘data minimization principle’, how personal data processed are relevant and limited to the purposes of the research, the anonymization/pseudonymization techniques that will be implemented, the transfer of personal data within ATLANTIS project and the re-use of personal data by the ATLANTIS project.

D8.2 – AI – Requirement No.2

This deliverable fulfils the second and last of the ethics requirements (No.2) laid out by the European Commission within WP8 of ATLANTIS:

A detailed explanation on the measures taken to prevent, avoid and mitigate potential bias, discrimination and stigmatisation in input data and algorithm design and outcomes, covering the development, deployment and post-deployment phases, must be submitted as a deliverable before the start of the relevant activities.
A detailed explanation on how humans will maintain meaningful control over the most important aspects of decision-making process (related to thread detection and prevention to critical infrastructures) must be submitted as a deliverable before the start of the relevant activities.

Also, in the Ethics Summary Report two considerations were made, regarding the involvement of AI-based system/techniques in ATLANTIS:

AI-based multimodal analytics will be used. Other AI will be developed to help human-AI interactions and AI explainability tools.
The measures taken to prevent, avoid and mitigate potential bias, discrimination and stigmatisation in input data and algorithms design and outcomes, covering the development, deployment and post-deployment phases, are not sufficiently addressed.

Based on the above, the report provides, firstly, the methodology used for the preparation of this deliverable and for collecting the requested information. Also, the main outcomes from Task 1.3 – Ethical, Data Confidentiality & GDPR compliance requirements, relevant for development, deployment and/or use of artificial intelligence (AI)-based systems or techniques in ATLANTIS project are being presented. The deliverable also defines specific requirements which needs to be assessed and adopted by the Consortium in order to comply with the above-mentioned Ethics Requirement.

Furthermore, a checklist is being proposed to the technical partners involved in T1.4, T3.1, T3.2, T3.3, T3.4, T3.5, T4.1 and T4.2, based on the requirements and ethical principles described in “Ethics By Design and Ethics of Use Approaches for Artificial Intelligence” Guidelines released by the EC.