Answer given by Mr Gentiloni on behalf of the European Commission
The Recovery and Resilience Facility (RRF) is a performance-based EU instrument. Payments are made after the submission of requests for payments, subject to the satisfactory fulfilment of agreed milestones and targets. When Greece submits its next payment request, the Commission will assess whether the contract was awarded for the project linked to Cybersecurity strategy (milestone 104), based on the documentary evidence submitted.
The Commission is not involved in the national procedures linked with the implementation of RRF-funded measures but monitors ex post implementation. Member States remain responsible for complying with EU and national public procurement laws, including to ensure the prevention, detection and correction of conflicts of interests, corruption and fraud, and double funding.
The RRF Regulation requires a control framework that is tailored to its unique nature as a performance-based EU spending programme. In the assessment of the Greek Plan, the Commission assessed the control systems proposed by Greece and deemed them as adequate.
Payments under the RRF are not linked to costs and can therefore not directly be tied to specific projects. In line with the RRF Regulation and the Financing Agreement, the Commission is empowered to carry out several types of audits (targeted audits on suspected cases of fraud, corruption or conflict of interest).
Under the RRF, Member States receive tranches of the overall amounts based on the satisfactory fulfilment of specific milestones and targets. There is no direct transfer of EU funds to specific projects.