Verfahrensangaben

Bug Bounty Program Services
VO: VgV Vergabeart: Offenes Verfahren Status: Veröffentlicht

Fristen

Fristen
19.06.2026
30.06.2026 10:00 Uhr
30.06.2026 10:01 Uhr

Adressen/Auftraggeber

Auftraggeber

Auftraggeber

SPRIND GmbH
HRB 36977
Lagerhofstr. 4
04103
Leipzig
Deutschland
DED51
Friedrich Graf von Westphalen & Partner mbB Rechtsanwälte
sprind.ausschreibungen@fgvw.de
+49697191890-12

Angaben zum Auftraggeber

Von einer Bundesbehörde kontrolliertes oder finanziertes öffentliches Unternehmen
Wirtschaftliche Angelegenheiten

Gemeinsame Beschaffung

Beschaffungsdienstleister
Weitere Auskünfte
Rechtsbehelfsverfahren / Nachprüfungsverfahren

Stelle, die Auskünfte über die Einlegung von Rechtsbehelfen erteilt

Zuständige Stelle für Rechtsbehelfs-/Nachprüfungsverfahren

Vergabekammer des Bundes
022894990
Kaiser-Friedrich-Straße 16
53113
Bonn
Deutschland
DEA22
vk@bundeskartellamt.bund.de
+492289499-163

Zuständige Stelle für Schlichtungsverfahren

Auftragsgegenstand

Klassifikation des Auftrags
Dienstleistungen

CPV-Codes

72222300-0
72200000-7
Umfang der Beschaffung

Kurze Beschreibung

SPRIND GmbH intends to award a framework agreement for the provision of a bug bounty program and vulnerability disclosure services supporting the security of the German EU Digital Identity (EUDI) Wallet ecosystem.
The bug bounty platform provider will operate a public bug bounty program on its own plat-form, attract and manage a qualified community of security researchers, and deliver end to end services from submission intake and vulnerability triage to researcher management and bounty payout administration.
The agreement is aimed at experienced providers with a proven track record in running large scale bug bounty programmes, especially for public sector bodies or operators of critical infrastructure.

Further information on the scope of services can be found in the service description (Annex B of Part C framework agreement).

Beschreibung der Beschaffung (Art und Umfang der Dienstleistung bzw. Angabe der Bedürfnisse und Anforderungen)

SPRIND GmbH intends to award a framework agreement for the provision of a bug bounty program and vulnerability disclosure services supporting the security of the German EU Digital Identity (EUDI) Wallet ecosystem.
The bug bounty platform provider will operate a public bug bounty program on its own plat-form, attract and manage a qualified community of security researchers, and deliver end to end services from submission intake and vulnerability triage to researcher management and bounty payout administration.
The agreement is aimed at experienced providers with a proven track record in running large scale bug bounty programmes, especially for public sector bodies or operators of critical infrastructure.

Further information on the scope of services can be found in the service description (Annex B of Part C framework agreement).

Umfang der Auftragsvergabe

1.600.000,00
EUR

Laufzeit des Vertrags, der Rahmenvereinbarung oder des dynamischen Beschaffungssystems

Laufzeit in Monaten
12

The Framework Agreement shall remain in force for a fixed term of 12 months from the effective date. The Framework Agreement shall automatically extend for a further period of twelve (12) months unless SPRIND GmbH notifies the Service Provider in writing not later than (thirty) 30 days before the end of the then current term that no such extension shall take effect. Automatic extension pursuant to this Clause may occur on no more than two occasions
2
Erfüllungsort(e)

Erfüllungsort(e)

---
Lagerhofstraße 4
04103
Leipzig
Deutschland
DED51

Weitere Erfüllungsorte

Zuschlagskriterien

Zuschlagskriterien

---
Weitere Informationen

Angaben zu Mitteln der europäischen Union

Angaben zu KMU

Angaben zu Optionen

With regard to the options for the SPRIND GmbH, reference is made to the tender documents and, in particular, to the framework agreement.

Zusätzliche Angaben

The stated estimated value of the framework agreement, amounting to EUR 1.6 million, relates to the maximum contract term of 3 years.
The stated maximum value of the framework agreement, EUR 2.4 millions, relates to the maximum contract term of 3 years.

Verfahren

Verfahrensart

Verfahrensart

Offenes Verfahren

Angaben zum Verfahren

Reference is made to Section 14 of the Public Procurement Ordinance (VgV).

Angaben zum Beschaffungsübereinkommen (GPA)

Besondere Methoden und Instrumente im Vergabeverfahren

Angaben zur Rahmenvereinbarung

Rahmenvereinbarung ohne erneuten Aufruf zum Wettbewerb

1
2.400.000,00
EUR

Angaben zum dynamischen Beschaffungssystem

Entfällt

Angaben zur elektronischen Auktion

Angaben zur Wiederkehr von Aufträgen

Angaben zur Wiederkehr von Aufträgen

Strategische Auftragsvergabe

Strategische Auftragsvergabe

Gesetz über die Beschaffung sauberer Straßenfahrzeuge

Energieeffizienz-Richtlinie

Angaben zu elektronischen Arbeitsabläufen

Angaben zu elektronischen Arbeitsabläufen

Erforderlich
Auftragsunterlagen

Sprache der Auftragsunterlagen

Englisch
Sonstiges / Weitere Angaben

Kommunikationskanal


Communication shall only take place via the electronic procurement platform DTVP.
https://www.dtvp.de/Satellite/notice/CXP4D9LMSTR

Einlegung von Rechtsbehelfen

According to Article 160, Section 3 of the German Act Against Restraint of Competition (GWB), application for review is not permissible insofar as
1. the applicant has identified the claimed infringement of the procurement rules before submitting the application for review and has not submitted a complaint to the contracting authority within a period of 10 calendar days; the expiry of the period pursuant to Article 134, Section 2 remains unaffected,
2. complaints of infringements of procurement rules that are evident in the tender notice are not submitted to the contracting authority at the latest by the expiry of the deadline for the application or by the deadline for the submission of bids, specified in the tender notice.
3. complaints of infringements of procurement rules that first become evident in the tender documents are not submitted to the contracting authority at the latest by the expiry of the deadline for application or by the deadline for the submission of bids,
4. more than 15 calendar days have expired since receipt of notification from the contracting authority that it is unwilling to redress the complaint.
Sentence 1 does not apply in the case of an application to determine the invalidity of the contract in accordance with Article 135, Section 1 (2). Article 134, Section 1, Sentence 2 remains unaffected.

Frühere Bekanntmachung zu diesem Verfahren

Anwendbarkeit der Verordnung zu drittstaatlichen Subventionen

Zusätzliche Informationen

The stated estimated value of the framework agreement, amounting to EUR 1.6 million, relates to the maximum contract term of 3 years.
The stated maximum value of the framework agreement, EUR 2.4 millions, relates to the maximum contract term of 3 years

Angebote

Anforderungen an Angebote / Teilnahmeanträge

Übermittlung der Angebote / Teilnahmeanträge

Anforderungen an die Form bei elektronischer Übermittlung

Sprache(n), in der (denen) Angebote / Teilnahmeanträge eingereicht werden können

Englisch

Varianten / Alternativangebote

Elektronische Kataloge

Nicht zulässig

Mehrere Angebote pro Bieter

Nicht zulässig
Verwaltungsangaben

Bindefrist

3
Monate

Bedingungen für die Öffnung der Angebote

Bidders are not permitted to attend the opening of bids.

Nachforderung

Eine Nachforderung von Erklärungen, Unterlagen und Nachweisen ist nicht ausgeschlossen.

SPRIND GmbH asks - within its discretion - the bidder to submit, complete or correct documents, within the framework laid down by law (Section 56 (2) VgV).

Bedingungen

Ausschlussgründe

Ort der Angabe der Ausschlussgründe

Auswahl der Ausschlussgründe

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)

In accordance with Sections 123,124 GWB (Act Against Restraints of Competition), Section 21 AEntG (Posted Workers Act), Section 98c AufenthG (Residence Act), Section 19 MiLoG (Minimum Wage Act), Section 21 SchwarzArbG ( Act to Combat Illegal Employment) and Section 22 LkSG (Supply Chain Due Diligence Act)
Teilnahmebedingungen

Eignungskriterien / Ausschreibungsbedingungen

Eignungskriterium

Eintragung in das Handelsregister

If the company is registered in the commercial register or a comparable register in the country of origin, submission of a copy of the extract from the commercial register or equivalent proof from the respective country of origin (not older than 90 days at the time of expiry of the tender deadline) at the request of the client (SPRIND GmbH) after expiry of the tender deadline is required. For foreign documents that are not written in German or English, a simple translation into German or English must be enclosed.

Eignungskriterium

Spezifischer durchschnittlicher Jahresumsatz

Self-declaration regarding the company's total turnover and from the business area for "Bug Bounty Program Services" (area of activity of the contract to be awarded) (EUR / net) in the last three completed financial years.

Please use the relevant form "Part_Appendix 01_Self-declarations and evidence".

Eignungskriterium

Referenzen zu bestimmten Dienstleistungen

At least three references from reference provider (RP) for the performance of comparable services (successfully bug bounty programs services for government agencies or operators of critical infrastructure (KRITIS) since January 1, 2023, (it is sufficient that the comparable services were also provided in the reference period in the specified reference project, e.g., a reference that began on January 1, 2022, and ended on February 1, 2023, would be sufficient) are to be provided. Only references to successfully bug bounty program services for government agencies or operators of critical infrastructure (KRITIS) are permitted. Each referenced bug bounty program needs to have at least 10 successful bounty payments and needs to be on a bug bounty platform with at least 1,000 security researchers on it. Each reference must be either completed or ongoing. In the case of an ongoing reference specifications of the planned/contractual project duration and information on the current status must be included.

The reference providers must be government agencies or operators of critical infrastructure (KRITIS). For verification purposes, at least one reference must include the contact details of a responsible person at the respective company (reference provider), i.e., name, telephone number, and/or email address.

Minimum requirements for each reference are therefore:

1. Since January 1, 2023
2. Completed and ongoing reference; if ongoing, specifications of the planned/contractual project duration and information on the current status of the reference project must be included
3. The respective reference must include successfully bug bounty program services for government agencies or operators of critical infrastructure (KRITIS)
4. Each referenced bug bounty program needs to have at least 10 successful bounty payments
5. Each referenced bug bounty program needs to be on a bug bounty platform with at least 1,000 security researchers on it
6. For all 3 references the name and address of the reference provider must be entered/provided.
7. At least one reference must also include the contact details of a responsible person at the respective company (reference provider), i.e., name, telephone number, and/or email address.
8. Of the three references, at least two must be from different reference providers
9. Self-references, i.e. references where the reference provider is the tenderer or a member of the tendering consortium itself, are not permitted and will not be accepted as valid references.

Please use the relevant form "Part A_Appendix 01_Self-declarations and evidence".

Eignungskriterium

Berufliche Risikohaftpflichtversicherung

Self declaration to undertake to take out and maintain business liability insurance with the coverage amounts specified below in the event of an award. Insurance coverage shall be provided without restriction and in full for the entire duration of the contact.

The sum insured is available twice per annum.

Financial loss, personal injury, property damage: At least EUR 1,0 million each claim.

Please use the relevant form "Part A_Appendix 01_Self-declarations and evidence".

Eignungskriterium

Zertifikate von unabhängigen Stellen über Qualitätssicherungsstandards

Self-declaration that the relevant company is certified to ISO/IEC 27001, SOC2 Type 2 or equivalent.

SPRIND GmbH reserves the right to request a copy of the certificate and in case of an equivalent certificate, additionally the justification/evidence that this certificate is equivalent after deadline for tenders has passed. Documents that are not in German or in English must be translated in German or in English.

Finanzierung

Rechtsform des Bieters

Bedingungen für den Auftrag

Bedingungen für den Auftrag

Reference is made to the tender documents.

Angaben zu geschützten Beschäftigungsverhältnissen

Nein

Angaben zur reservierten Teilnahme

Angaben zur beruflichen Qualifikation

Erforderlich für das Angebot

Angaben zur Sicherheitsüberprüfung