The regulation has been directly applicable since January 2025.
In the course of implementing DORA, insurance undertakings have been confronted with a wide range of new organisational and technical requirements. Key questions include:
- How should digital risks be systematically identified, assessed, and managed within the ICT risk management framework?
- What implications does DORA have for existing governance structures and internal control systems within the undertaking?
- What requirements apply to the reporting of major ICT-related incidents to supervisory authorities, the systematic execution of digital operational resilience testing, and the management and oversight of ICT third-party service providers?
In addition to outlining the regulatory basis, the session will particularly address the interaction between DORA and existing supervisory frameworks like Solvency II.