The European Insurance and Occupational Pensions Authority (EIOPA) announced today that it will withdraw two previously published Guidelines and amend an Opinion – all related, at least in part, to the use of information communication technology (ICT) by undertakings. This decision comes in anticipation of the Digital Operational Resilience Act (DORA) coming into application.
By taking this step, EIOPA aims to eliminate overlaps and foster a unified regulatory framework for digital operational resilience in the European insurance and occupational pension funds sectors. Recognising the comprehensive nature of DORA, which fully encompasses the objectives and provisions of two previous EIOPA Guidelines and a subsection of an Opinion by the authority, EIOPA has decided to:
- withdraw the "Guidelines on information communication technology security and governance" issued in the context of Solvency II;
- withdraw the "Guidelines on outsourcing to cloud service providers" issued in the context of Solvency II; and
- amend the "Opinion on the supervision of the management of operational risks faced by IORPs" issued in the context of IORP II, by removing the section on cyber risks along with all references and annexes relating to it.
The changes will take effect from 17 January 2025 and will be reflected on the respective pages linked above.
Following the withdrawal of the Guidelines and the introduction of amendments to the Opinion, national supervisors across the European Economic Area are expected to adjust their national frameworks to remove duplications that may exist and to continue ensuring a level playing field.
Notes
EIOPA, together with the other two European Supervisory Authorities, is actively supporting undertakings and supervisors throughout the implementation of DORA. For more information on DORA and its implementation, please visit our dedicated webpage.
Details
- Publication date
- 19 December 2024