EIOPA finalises Guidelines on Information and Communication Technology Security and Governance

Today, the European Insurance and Occupational Pensions Authority (EIOPA) finalised the Guidelines on Information and Communication Technology (ICT) Security and Governance.

These guidelines shall provide guidance to national supervisory authorities and market participants on how regulation regarding operational risks set forth in Directive 2009/138/EC and in the Commission's Delegated Regulation 2015/35 is applied in the case of ICT security and governance, considering as well EIOPA's Guidelines on System of Governance.

The objective of the guidelines is to promote the increase of the operational resilience of the digital operations of insurance and reinsurance undertakings against the risks they face. Operational resilience is key to protect insurance and reinsurance undertakings’ digital assets, including their systems and data from policyholders and beneficiaries. In particular, the guidelines:

EIOPA consulted on the guidelines between December 2019 and March 2020 and took into account the views of stakeholders wherever possible.

National supervisory authorities are expected to apply these guidelines from 1 July 2021.

Go to the Guidelines and the resolution of comments