Provide proportionate and risk-based DORA regulation that fits the specific size and risks of insurers, the Association said in response to the first set of draft lower regulations of the Digital Operational Resilience Act.
The main common thread is that the rules are insufficiently risk-based and proportionate and therefore take too little account of the specific size and risks of insurers. An important wish, in the joint response with Insurance Europe, is that the designers of the rules, the four European supervisors (ESAs), draw up the rules in such a way that the sector can translate them into measures that are operationally and financially feasible.
Resilient to cyber threats
DORA sets legal requirements that the EU hopes will help the financial sector become more resilient to cyber threats. More specifically, Insurance Europe has responded to the following ideas from the four ESAs: the elaboration of an ICT risk management framework, criteria for classifying ICT-related incidents, the design of information registers and contract conditions for ICT service providers.
Strict regulations
DORA is a European Regulation. This is one of the strictest forms of regulation applicable to all EU countries. In other words, there is little to no room for personal interpretation. The Member States must therefore take over Dora one on one. The regulation came into force on 16 January 2023 and insurers must comply with the requirements on 17 January 2025. Want to know more? Earlier, Anne-Mieke Dumoulin-Siemens of Verbondspartner Ekelmans Advocaten answered five questions about DORA.
Early next year, when there is more clarity about the rules and requirements for financial institutions from DORA, the Association will organize a webinar about the consequences for insurers. Keep an eye on the website of the Association.
Was this article useful?