We’re looking for tech companies of all sizes to trial and experiment with Arm’s Morello SoC and demonstrator board based on CHERI, a new instruction set architecture developed by the University of Cambridge.

Programme benefits

For six months participating companies will have access to an Arm Morello Board, with its cutting-edge CPU architecture, technical guides and support, to trial these new technologies within their systems.

Through the Digital Security by Design Technology Access Programme, UK-based companies can use these technologies to uncover security vulnerabilities in their own systems before they become a problem, and provide findings that could influence the design of future computer systems.

These technologies, which can eliminate most memory safety issues in C and C++, include CHERI, a new architecture developed by the University of Cambridge along with the Morello Board, a real-world test platform developed by Arm for the Morello prototype architecture based on the CHERI protection model.

CHERI technology can be applied to legacy C or C++ with minimal changes to an existing code base.

The Technology Access Programme will give qualifying companies access to Arm’s Morello technology free of charge as well as £15,000 in funding.

Who should apply

This programme is for companies that:

  • Are based in the UK
  • Use C and C++ as the main programming languages for their software
  • Are able to evaluate C and C++ on new architectures, in the context of performance and improving security. 
  • Have engineers and a company culture interested in exploring, experimenting and inventing with new technologies, with a view of finding commercial applications.
  • Want to influence the future of secure software architecture.
  • Have a strong focus on security and sectors that have safety critical systems e.g. aerospace, autonomous systems, healthcare, supply-chain, telecommunications, transportation, and utilities.

Programme tiers

The Technology Access Programme offers two levels of participation available to UK companies:

Tier 1

Tier 1 is only for UK Companies with under 250 employees

  • Receive £15,000 in funding during the course of the 6 month programme
  • Get access to an Arm Morello board
  • Participate in one-to-one check-in sessions, practical demonstrations and focused activities for the experimentation programme
  • Receive technical guidance and support from Digital Security by Design programme team
  • Access Digital Catapult’s labs with state-of-the art IoT and 5G network testing facilities

Tier 2

Tier 2 is for all UK Companies

  • Get access to the Arm Morello Board for 6 months
  • Receive technical guidance and support from Digital Security by Design programme team
  • Access Digital Catapult’s labs with state-of-the art IoT and 5G network testing facilities


Other ways to get involved

Academic institutions or companies based outside of the UK can apply for a Morello Board outside of the Technology Access Programme.

Programme requirements

Over the six month period of the programme successful applicants will be expected to:

  • [Tier 1 & 2 ] Participate in one onboarding day at the start of the programme
  • [Tier 1 & 2 ] Write two technical reports –a short feedback report based on the experience gained, and a final report
  • [Tier 1] Participate in monthly online peer-to-peer knowledge sharing sessions
  • [Tier 1] Attend monthly online one-to-one progress-update sessions with the Digital Security by Design team
  • [Tier 1] Provide a mid-way demonstration or presentation on experimental outcomes or learnings

Technical details

  • The architecture is currently only supported by CHERI-adapted versions of the open-source Linux/Android/FreeBSD Operating Systems distributed by Arm and the University of Cambridge.
  • CHERI-enabled C/C++ (Clang/LLVM) toolchains are currently available. Additional operating system enablement is currently being addressed by a joint development between Arm, University of Cambridge, Microsoft and Google.
  • The Morello Platform Model runs on Linux for testing/PoC purposes. QEMU-Morello runs on Linux and macOS. The Morello Instruction Emulator runs on Arm v8.0 Linux.


Find quick answers to commonly asked questions relating to the Technology Access Programme

  • What is the Digital Security by Design Technology Access Programme?

    The purpose of the Technology Access Programme is to build a pipeline and community of developers and early stage technology companies in the UK that are able to utilise Digital Security by Design technologies and make use of relevant hardware that will become available over the course of the programme.This activity will establish the foundations so that the UK becomes the leading edge supplier of more secure products and services and technologies.

  • What are the key dates for the programme?

    The programme is currently closed for applications until late September 2022, at which point we will announce new dates.

  • Who will be running the Technology Access Programme?

    Digital Catapult will run the Technology Access Programme.

  • Why is Digital Catapult asking the innovator community to experiment with this prototype?

    Digital Catapult will distribute Morello boards and lead in gathering evidence that will eventually explain what it means for real software to use these boards. During the programme, we will be looking for compelling examples from the selected companies in each cohort to share where security and performance are aligned and to check if there is no tradeoff.

  • Who can apply to join the programme?

    The DSbD Technology Access Programme has been designed for all types of businesses, from early stage startups looking to refine business propositions to mature startups seeking early access to revolutionary technology before it is fully ready for commercial deployment.

    This new architecture has wide appeal and is not restricted to any particular industry. We are looking at startups, scaleups and mid-size companies who want to make their systems and products secure from cyber threats and vulnerabilities.

    The architecture is currently only available for Linux/Android/CheriBSD Operating Systems.The Morello FVP runs on Linux for testing/PoC purposes. Additional operating system enablement is currently being addressed by a joint development between Arm, University of Cambridge, Microsoft and Google.

    The requirements for applications to the Digital Security by Design Access programme are:

    – The company has to be registered with Companies House in the UK, e.g. established in the UK with the majority of work carried out in the UK

    – The company must have a business bank account

    – A company representative must be able to attend all the activities, e.g. onboarding, final demo-day and participate in periodical meetings for the duration of the programme.
    Please note programme, which are subject to change.

  • How do I apply to join the programme?

    – Complete the short registration of interest form on this website

    – An email will be sent to the address indicated in the short registration of interest form with the link to the full application form.

  • Does my organisation need to be a UK registered company to enter?

    Yes, you have to be registered with Companies House. We will consider bidders that hold any legal form of business (e.g. ltd company, sole trader, consortium).

  • Does my organisation need to be UK based?

    Yes, your organisation need to be based in the UK.

  • As a startup or scaleup, do I need to be working in cyber security already?

    No, but you will need to provide details of specific security concerns and threats you have considered for your product.

  • What if I am involved in another accelerator programme, or have been involved in a previous Digital Catapult programme?

    Participating or having participated in accelerator or other startup support programmes does not preclude you from taking part in the Digital Security by Design TAP.

    If you have been part of any previous Digital Catapult programme you are welcome to join, for other programmes your participation will be dependent on the terms of the programme itself and what you have agreed to in the terms and conditions. De minimis funding will also need to be considered when applying to join the programme.

  • Who are the judges and when will I hear back on the result of my application?

    Applications will be judged by a team of DSbD experts from Digital Catapult, UK Research and Innovation, and other organisations specialising in this technology. Successful applicants will be informed on the result of their applications within 4 to 6 weeks of applying.

  • What are the eligibility criteria for the programme?

    Tier 1 companies (company receives access to the board, funding and hands on technical expertise) will be assessed on the following criteria:

    Relevance – The proposed use case or experimentation is relevant to DSbD technologies, CHERI, and the capabilities of the Morello Board.

    Innovation – The proposed use case is novel and will provide valuable insights to the DSbD programme.

    Impact and scalability – The proposed use case or experimentation has the potential to scale and create impact beyond the immediate demonstrator.

    Expertise and commitment of team – The business has the relevant expertise to take part and adequate resources committed to the programme.

    Technical feasibility – The experimentation and project plan presented is feasible within the timeframe, budget, and resource available.


    Tier 2 companies (company only receives the board with limited technical guidance) will be assessed on the following criteria:

    Relevance – The business and its solutions are relevant to DSbD applications

    Interest – The business clearly states their interest and ambition, and potential areas of exploration with the Morello board

  • How are applications selected?

    The criteria will be presented as statements. Each of the criteria has the same weights. The judges will respond by indicating how strongly they accept these statements.

    During the application process we reserve the right to conduct enhanced financial or legal due diligence to ensure applicants will be able to meet all commitments.


  • What if my application is not successful to join the cohort of tier 1 companies?

    If you are not successful you may still be able to take part in the programme through the Tier 2 route, but will not receive funding and 1:1 check-in sessions with DSbD Experts. You may also find another Digital Catapult programme of relevance, check our website for all our programmes.

  • How is the programme funded?

    The programme is funded by UKRI through the Industrial Strategy Challenge Fund, as part of the Digital Security by Design initiative.

  • Is there a fee to be involved for applications from the innovation community?

    No, the programme is free to take part for applicants. Tier 1 companies who are shortlisted will receive £15,000 for the experimentation companies. Tier 2 companies will not receive funding.

  • What if my resources run over budget?

    The Technology Access Programme funding is £15,000 for winning applicants. Further expenditure produced by the companies will have to come from their own budget.

  • As an applicant, what’s the contracting process and terms and conditions to be on the programme?

    Applications are governed by the competition rules. If you are successful, a participation agreement will be issued which governs your activities on the programme with respect to the experimentation of the Morello board, programme deliverables and payment milestones.

  • Who will my application data be shared with?

    The application information will only be used for the purposes of the programme and its evaluation, and will only be retained for the duration of the programme (two years), and for participants on the programme for the evaluation period (maximum five years) and otherwise to comply with legal requirements.

    Please see the Technology Access Programme Competition Terms for more details.

Sign up to the newsletter

Become a subscriber to Digital Security by Design updates – with regular communications on our news, insights and opportunities, you’ll be the first to know about our work and ways to get involved.

Delivered by Digital Catapult, funded by UKRI through the Digital Security by Design programme.