Question 1

What is EDIH-AICS, and who is behind it?

Accepted Answer

The EDIH-AICS (European Digital Innovation Hub Artificial Intelligence & Cybersecurity) is an EU-cofunded hub that supports SMEs, public institutions, and research organizations in the secure and responsible use of artificial intelligence and cybersecurity solutions.
The hub brings together expertise from universities, research institutes, the private sector, and public administration, and offers impartial access to technology, knowledge, and funding.

Question 2

What specific services does EDIH-AICS offer?

Accepted Answer

Many basic services—including initial consultations, orientation sessions, and select workshops—are free or heavily subsidized for SMEs and public institutions, as the hub is co-financed by EU and national funds.
For more extensive projects, customized pilot implementations, or longer-term support programs, participants may be required to cover a partial amount of the costs. The exact terms will be discussed transparently during the initial consultation.

Question 3

How can my organization benefit from EDIH-AICS?

Accepted Answer

Getting started is easy:
Contact us via the web form or by email
Free initial consultation to assess your needs (approx. 60 minutes)
Recommendations for suitable services and funding opportunities
Support for pilot projects, training, or networking
We work with organizations of all sizes—from 5-person businesses to federal agencies.

Question 4

What should we do if our organization falls victim to a cyberattack?

Accepted Answer

Follow a clear step-by-step plan:
Immediate action: Disconnect affected systems from the network (do not shut them down)
Notify the IT emergency contact or external service provider
Contact the BSI reporting center (mandatory for KRITIS and NIS2-regulated entities)
Notify the data protection authority if personal data is affected (72-hour deadline under the GDPR)
File a criminal complaint with the cybercrime division of the relevant State Criminal Police Office (LKA)
Keep printed copies of emergency contacts stored separately from IT systems—in an emergency, these may not be accessible.

Question 5

What are the minimum IT security requirements for a government agency?

Accepted Answer

Public institutions are subject to different framework requirements depending on their level and size:
BSI IT-Grundschutz: mandatory for federal agencies; recommended for state and local governments
NIS2 Directive (transposed into national law as of October 2024): applies to public administrations above certain thresholds
Minimum technical measures: MFA, patch management, encrypted communication, regular backups
Organizational measures: emergency plan, security officer, awareness training
The EDIH-AICS offers free security assessments for public institutions. Please feel free to contact us.
.

Question 6

What are the most pressing cyber risks for small and medium-sized enterprises?

Accepted Answer

According to the BSI situation report, these are the most common attack vectors for SMEs:
Ransomware: Data encryption accompanied by a ransom demand — often delivered via email attachments
Phishing: Deceptively authentic emails designed to trick users into revealing login credentials or making payments
Unpatched software: known vulnerabilities that were not patched in a timely manner
Weak or reused passwords without multi-factor authentication
Over 80% of all attacks exploit human error as a point of entry. Employee training is often more effective than individual technical measures.

Question 7

What funding is available for AI and cybersecurity projects?

Accepted Answer

There are various EU and national funding programs:
DIGITAL Europe Program (DIGITAL): Digitalization, AI, cybersecurity — accessible through EDIHs, among other channels
Horizon Europe: Research and innovation projects, including for SMEs through the EIC and KDT JU
Federal funding programs: Central Innovation Program for SMEs (ZIM), AI transfer projects of the BMBF
State programs: Different digitization funding options depending on the federal state
The EDIH-AICS provides free advice on suitable funding programs: You can find further initial information in our Investment Guidelines or from our AI funding superhero, Edda.

Question 8

Can we use AI tools in a way that complies with the GDPR?

Accepted Answer

Yes, subject to the following conditions:
Enter into a Data Processing Agreement (DPA) with the AI provider in accordance with Article 28 of the GDPR
Ensure that data processing takes place within the EU/EEA or in an appropriate third country
Document the use of AI in the record of processing activities
Inform data subjects in the privacy policy
Conduct a data protection impact assessment (DPIA) if necessary.

Question 9

How is AI changing the cyber threat landscape?

Accepted Answer

AI acts as an amplifier on both sides:
Attackers use AI to create more credible phishing emails (no more spelling mistakes), convincing deepfakes, and automated vulnerability scanning
Defenders benefit from AI-powered anomaly detection, faster threat analysis, and automated responses
Train employees to check senders and communication patterns—not just content. Classic telltale signs like spelling errors are absent in AI-generated attacks.

KI Helpdesk

Allgemeines