Insurance

• Solvency II Directive 2009/138/EC & Delegated Regs

The Solvency II framework establishes the core prudential regime for insurance and reinsurance undertakings in the European Union. It regulates how insurers must assess and manage capital adequacy, risk exposure, and governance, ensuring that they remain financially sound and capable of meeting their obligations to policyholders.

For the insurance industry, Solvency II introduces a risk-based approach to capital requirements, linking solvency levels to the actual risks undertaken by the insurer. It also imposes detailed rules on corporate governance, internal controls, risk management, and supervisory reporting, reinforced by extensive Delegated Regulations that define technical standards and calculation methods.

By harmonising supervision across Member States, Solvency II enhances policyholder protection, market stability, and regulatory transparency, making compliance with its requirements a central pillar of lawful and sustainable insurance operations throughout the EU.

• Insurance Distribution Directive (IDD) 2016/97/EU

The Insurance Distribution Directive regulates the sale and distribution of insurance products across the European Union, covering insurers, insurance intermediaries, brokers, and digital distribution platforms. Its primary objective is to ensure consumer protection, transparency, and fair treatment throughout the insurance sales process.

For the insurance industry, the IDD introduces strict requirements on pre-contractual disclosures, suitability and appropriateness assessments, conflict-of-interest management, and professional competence of distributors. It applies equally to traditional and online channels, making it particularly relevant for digital insurance offerings.

By harmonising distribution rules across Member States, the IDD enhances trust, consistency, and accountability in insurance markets, ensuring that insurance products are sold in the best interests of customers while supporting a competitive and transparent EU insurance sector.

• PRIIPs Regulation (EU) 1286/2014 (where applicable)

The PRIIPs Regulation governs the sale of packaged retail and insurance-based investment products, including certain life insurance and investment-linked insurance products. Its purpose is to enhance consumer understanding and comparability of complex financial products offered by insurers.

For the insurance industry, the Regulation requires the preparation and delivery of a Key Information Document (KID) that clearly explains the product’s features, risks, costs, and potential returns in a standardised format. This obligation applies where insurance products include an investment component and are marketed to retail clients.

By improving transparency and standardisation, the PRIIPs Regulation strengthens investor protection and market confidence, ensuring that insurance-based investment products are distributed fairly and with full disclosure of associated risks.

• GDPR (policyholder data)

The GDPR governs how insurance companies collect, process, and protect policyholder and beneficiary personal data, which often includes sensitive information such as health, financial, and claims-related data. Given the data-intensive nature of insurance operations, compliance with GDPR is a core regulatory obligation for insurers.

For the insurance sector, the Regulation requires lawful processing grounds, enhanced security measures, and strict confidentiality, particularly when handling special categories of data. It also imposes transparency obligations, data-subject rights management, and accountability for data processing throughout the insurance lifecycle—from underwriting and claims handling to fraud prevention and reinsurance.

By setting high standards for data protection, the GDPR strengthens policyholder trust, regulatory compliance, and operational integrity, making privacy governance an essential component of modern insurance business.

• DORA (ICT risk where relevant)

DORA establishes a unified EU framework for managing information and communication technology (ICT) risks in the financial sector, including insurance and reinsurance undertakings. It addresses the growing reliance of insurers on digital systems for underwriting, claims processing, customer portals, and data analytics.

For the insurance industry, DORA introduces obligations related to ICT risk governance, incident reporting, operational resilience testing, and oversight of outsourced ICT service providers, such as cloud and software vendors. Insurers must ensure that digital disruptions, cyber incidents, or system failures do not compromise their ability to meet obligations to policyholders.

By harmonising ICT resilience standards across the EU, DORA strengthens business continuity, cyber preparedness, and supervisory oversight, making digital risk management a central component of compliant and sustainable insurance operations.

• Insurance Code

• Ordinances of the Financial Supervision Commission (FSC)

• Measures Against Money Laundering Act (certain products/distributors)