Common Good Cyber Fund Grant Program

The Common Good Cyber Fund (CGCF), launched in 2025 in close collaboration with the Common Good Cyber Ecosystem Committee and a Strategic Advisory Committee, aims to sustain nonprofit organizations whose work strengthens the public-interest cybersecurity ecosystem. 

CGCF consists of pooled donations from a mix of donors, including the Australian Department of Foreign Affairs and Trade, Craig Newmark Philanthropies, the Foreign, Commonwealth & Development Office of the United Kingdom, Global Affairs Canada, the Internet Society, and the Ministry of Foreign Affairs of the Kingdom of the Netherlands. 

Program Overview 

Digital and cyber threats are rising in frequency and sophistication, with disproportionate impacts on vulnerable communities and underserved regions where digital defenses are weakest. High-risk actors, including NGOs, journalists, human rights defenders, and dissidents, face targeted activity that can reach across borders in the online information environment. 

The nonprofit cybersecurity ecosystem plays a vital yet under-recognized role in countering these threats, mitigating harm, and defending online civic space. However, this ecosystem remains severely underfunded and overstretched, leaving community actors and vulnerable populations exposed to escalating digital cyber threats. 

The Common Good Cyber Fund is designed to strengthen this ecosystem by supporting the nonprofits who provide these critical services. An initial pilot program was initiated in late 2025, which provided a proof of concept for an open call for applications launching in June 2026. 

CGCF Program Objectives 

The Common Good Cyber Fund seeks to fund nonprofits across the globe whose work supports the following objectives:

• Objective 1: Maintenance of critical cybersecurity infrastructure.
• Objective 2: Delivery of scalable support to secure Internet users from digital harm, including state-directed cyber activity and digital transnational repression.
• Objective 3: Advancement of a safer Internet for vulnerable groups and high-risk communities, including civil society and journalists.

The descriptions below provide additional detail on what the program objectives look like in practice. Applicant organizations’ work may span more than one of these objectives, but proposals must indicate the primary objective their work aligns with in their application.

Objective 1: Maintenance of critical cybersecurity infrastructure

This program objective supports the Internet’s shared security “plumbing”, the technical services and operational capabilities that many organizations rely on, but few can fund on their own. Strong proposals deliver durable improvements that reduce risk beyond a single organization or community and are designed to keep working after the grant ends.

Examples of work supported under this objective can include:

• internet infrastructure protection, including DNS security, routing security, secure defaults, and other widely deployed controls
• large-scale threat detection and analysis, including noncommercial threat intelligence that can be shared responsibly
• response-enabling services that help others act faster, including tooling, coordination, automation, and operational support
• maintenance and improvement of security-relevant open systems where long-term upkeep is the primary constraint

Objective 2: Delivery of scalable support to secure Internet users from digital harm, including state-directed cyber activity and Digital Transnational Repression

This program objective funds capabilities that protect people and organizations facing persistent digital threats, including state-directed cyber activity and digital transnational repression (DTNR). It prioritizes approaches that help high-risk users prevent compromise, respond quickly, and recover safely.

Examples of work supported under this objective can include:

• rapid response and incident assistance for civil society and independent media, including account takeover recovery, device triage, and secure restoration workflows
• threat-informed hardening and secure onboarding for high-risk users, including safer email and endpoint practices, multi-factor authentication (MFA), account recovery, backups, and secure communications, tailored to real attacker tradecraft
• protective service delivery at scale, including managed support models, “clinics,” remote assistance, and regional responder networks that can handle volume without lowering quality
• privacy-preserving coordination and information sharing that surfaces patterns and actionable indicators without exposing beneficiaries or partners

This objective also recognizes that targeted digital harm is not evenly distributed. DTNR and related campaigns can include gendered tactics, including sexualized harassment and smear campaigns that disproportionately target women in public-facing roles.

Objective 3: Advancement of a safer Internet for vulnerable groups and high-risk communities, including civil society and journalists

This program objective supports work that translates operational insight into safer outcomes for vulnerable groups and high-risk communities, including civil society and journalists. In this program, advocacy is eligible when it is tightly connected to security outcomes, such as adoption of safer practices, improved protective mechanisms, and stronger coordination that reduces exposure to harm.

Examples of work supported under this focus area can include:

• evidence-based policy or standards work grounded in operational threat realities, aimed at concrete improvements in protective practice, platform safeguards, or security defaults
• responsible vulnerability and abuse reporting pathways, including coordination that improves how threats are surfaced and mitigated without increasing exposure for targets
• norms and coordination mechanisms that improve ecosystem response, such as incident coordination protocols, trusted escalation channels, and shared approaches to protecting at-risk groups

Eligibility and Selection Criteria

CGCF supports nonprofit organizations whose work aligns with the Fund’s objectives and who provide cybersecurity infrastructure and/or direct services for high-risk digital actors.

In 2026, CGCF expects to prioritize organizations capable of ecosystem building, especially those based in the global majority, or those with the capacity to regrant to smaller organizations working in the global majority. Organizations who demonstrate a history of addressing issues of gender equity, including technology-facilitated gender-based violence (TFGBV), will be additionally prioritized when applying for grants aligned with Objectives 2 and 3.

Applications are assessed based on:

• Confirmation that the applicant is a qualifying nonprofit organization (U.S. 501(c)(3) or equivalent) focused on cybersecurity.
• Confirmation that the applicant organization has an official bank account in their name that can receive funds from a foundation based in the United States
• Alignment with CGCF’s purpose and program objectives.
• Evidence that the organization delivers cybersecurity infrastructure and/or services that protect high-risk communities and strengthen broader resilience.
• Demonstrated organizational capacity, including credible implementation and governance.
• Potential to contribute to ecosystem building, including reach across geographies and, where relevant, the ability to support smaller organizations.

Governance and Decision-Making

The Internet Society Foundation is the grantmaking organization that developed the Common Good Cyber Fund grant program in furtherance of the Fund’s purposes, manages grant applications, reviews applicants and prospective grantees, selects grantees, and oversees grant management and reporting.

The Global Cyber Alliance (GCA) chairs the Fund’s Strategic Advisory Committee, which is made up of technical and policy experts who provide strategic advice and guidance to help ensure the Fund remains responsive to evolving threats and needs.

To support the open call for proposal process, an Independent Program Review Committee (IPRC) will be convened. Reviewers will be selected from diverse backgrounds and geographies, including cybersecurity experts and cross-sector professionals (civil society, journalism, policy, and research).

Funding

In 2026, the Internet Society Foundation is expected to award at least USD $3.5 million through multi-year operating grants funded by the Common Good Cyber Fund. Grants awarded through this open call are expected to be two-year awards, typically in the range of USD $100,000 to $300,000, with a maximum total grant amount of $300,000 over the full grant period.

Timeline

• The call for proposals will launch by June 2026, with an application window open for at least six weeks.
• Applications will be screened by late July, with the strongest applications advancing to external review.
• Declined applicants will be notified of the decisions after grant awards have been made.
• Due to the high volume of applications anticipated, individual feedback on declined proposals will not be possible.

Helpful Resources

Info session to learn more about this program:

• Info Session on 20 May at 14:00 UTC
  This Webinar will be held in English with live interpretation in French and Spanish. Register today.
• Common Good Cyber Fund Application Guide
• Common Good Cyber Fund Evaluation Framework and Grantee Reporting Metrics (coming soon)
  

Questions? 

If you have questions about this program or the application process, please email [email protected] 

---

Explore our Funding Areas to see how we support the global Internet community, and subscribe to our newsletter for the latest news and announcements from our projects.