DORA – The New EU Regulation on Digital Operational Resilience

Einleitung/Dauer

With the Digital Operational Resilience Act (DORA), the European Union has established a harmonised regulatory framework aimed at strengthening the digital resilience of financial institutions – including insurance undertakings – against ICT disruptions, cyberattacks, and other technology-related risks. The regulation has been directly applicable since January 2025.

In the course of implementing DORA, insurance undertakings have been confronted with a wide range of new organisational and technical requirements. Key questions include:

• How should digital risks be systematically identified, assessed, and managed within the ICT risk management framework?
• What implications does DORA have for existing governance structures and internal control systems within the undertaking?
• What requirements apply to the reporting of major ICT-related incidents to supervisory authorities, the systematic execution of digital operational resilience testing, and the management and oversight of ICT third-party service providers?
  

In addition to outlining the regulatory basis, the session will particularly address the interaction between DORA and existing supervisory frameworks like Solvency II.

Preliminary Programme
Friday, 12 June 2026
09:30-09:45 DORA – A brief introduction
09:45-10:45 ICT risk management
10:45-11:15 Reporting of major ICT-related incidents
11:15-11:45 Break
11:45-12:00 Digital operational resilience testing
12:00-12:45 Managing of ICT third-party service providers
12:45-13:00 Conclusion and Initial Supervisory and Audit Experiences

All the above times are given in CEST (Central European Summer Time).

Vorgehensweise und Ziele

The three-hour web session provides participants with a structured overview of the key elements of the DORA Regulation. It explains the regulatory objectives pursued by the European Union, systematically presents the core regulatory requirements, and discusses typical implementation challenges faced by insurance undertakings in practice. The session will also provide insights into initial experiences in Germany with DORA-related audits conducted by BaFin and external auditors.

Teilnehmer

The web session may be of interest to professionals who would like to learn more about this important regulatory requirement, which significantly affects the (IT-) governance framework of insurance undertakings. Prior knowledge of DORA requirements is not necessary; however, familiarity with general governance requirements under Solvency II may be beneficial.

Technical Requirements
Please check with your IT department if your firewall and computer settings support web session participation (the programme Zoom will be used for this online training). Please also make sure to join the web session with a stable internet connection.

Dozierende

Dr Bernd Fröhler
Bernd has more than 20 years of experience in business consulting and in various top management positions in the life insurance industry. Most recently, he was CEO of an international life insurance company focusing on the unit-linked business and prior to that Executive Director for EY with a focus on top management consulting and the implementation of complex regulatory issues. In the meantime, he works as an independent advisor. Besides his work as a lecturer, he supports insurance undertakings mainly in project management and regulatory issues like IDD / POG, DORA, ESG and Solvency II.

Sprache/Kurztitel

The language of the web session will be English.

CPD Credits
For this web session, the following CPD credits are available under the CPD scheme of the relevant national actuarial association:

Austria: 3 points
Belgium:  3 points
Bulgaria:  4.5 points
Croatia: individual accreditation
Czechia:  3 hours
Denmark: 3 credits
Estonia:  3 hours
Finland: 3 points
France:  18 points
Germany:  3 hours
Greece: 4 points
Hungary:  3 hours
Iceland: 3 credits
Ireland: 3 hours
Italy: GdLA individual accreditation
Latvia: 3 hours
Lithuania: 3 hours
Netherlands:  approx. 3 points (individual accreditation)
Norway: 3 points
Poland: 3 hours
Portugal: 3 hours
Serbia: 3 hours
Slovakia:  individual accreditation
Slovenia:  individual accreditation
Spain: CAC: 3 hours, IAE: 3 hours
Switzerland:  individual accreditation
USA: SOA (Section B): up to 3.6 hours

No responsibility is taken for the accuracy of this information.