EIOPA revokes several guidelines to avoid DORA overlaps

Written by Adam Cadle

03/01/2025

The European Insurance and Occupational Pensions Authority (EIOPA) has removed several previous guidelines in relation to Solvency II and the IORP II Directive to avoid overlaps and duplicates with the Digital Operational Resilience Act (DORA).

EIOPA said its aim, by removing the guidelines, is to “foster a unified regulatory framework” for DORA in the European insurance and occupational pension fund sectors.

The three guidelines and opinions removed are: Guidelines on information communication technology security and governance, issued in the context of Solvency II and, Guidelines on outsourcing to cloud service providers, issued in the context of Solvency II.

The third is an amendment to the Opinion on the supervision of the management of operational risks faced by IORPs, issued in the context of IORP II, by removing the section on cyber risks along with all references and annexes relating to it.

The changes will take effect from 17 January 2025, the date that DORA comes into force.

“Following the withdrawal of the guidelines and the introduction of amendments to the opinion, national supervisors across the European Economic Area are expected to adjust their national frameworks to remove duplicities that may exist and to continue ensuring a level playing field,” EIOPA stated.

Related Articles