EIOPA 2026 Priorities: Key Supervisory Themes For Insurers' Horizon Scanning

On 1 October 2025, the European Insurance and Occupational Pensions Authority (EIOPA) published its strategic supervisory priorities for 2026.

These priorities form part of EIOPA's ongoing three-year supervisory cycle (2024–2026), aimed at enhancing supervisory convergence across the EU.

Through this coordinated framework, EIOPA supports National Competent Authorities (NCAs) in aligning their supervisory practices with common EU objectives, particularly in response to emerging risks and evolving regulatory demands. As a result, Irish insurers can expect the Central Bank of Ireland to reflect these priorities in its own supervisory agenda next year. Insurers may wish to consider how these priorities could inform their compliance planning for 2026, where relevant to their business models and risk exposures.

2026 Focus Areas

For 2026, EIOPA's two core areas of focus are implementing the Digital Operational Resilience Act (DORA) and supervising sustainability risks. In addition, attention will be given to the insurance sector-specific areas of calculating the Solvency Capital Requirement (SCR) for Collective Investment Undertakings (CIUs) and the fair treatment of consumers in claims management, especially in the context of increasing digitalisation.

Insurers can expect NCAs to conduct the following risk-based and proportionate supervisory assessments in 2026:

DORA:

• ICT Risk Management Frameworks: NCAs will evaluate the development and maturity of firms' ICT risk management frameworks, including how risks are identified, assessed, and mitigated.
• Proportionality and Tailoring: The adequacy of these frameworks will be assessed in light of each firm's business model, risk profile, and strategic objectives. Supervisors will expect proportionate and tailored approaches.
• Incident Management: NCAs will monitor major ICT-related incidents, focusing on timely reporting, effective response, and the integration of lessons learned into future risk planning.
• Third-Party Risk Management: Given the increasing reliance on external ICT service providers, NCAs will assess the robustness of third-party risk management, including contractual safeguards, oversight mechanisms, and contingency arrangements.
• Digital Resilience Testing: Firms' digital resilience testing programmes will also be reviewed to ensure they are comprehensive, risk-based, and embedded within broader operational resilience strategies.

Sustainability Risks:

• Materiality Assessments: Evaluating the relevance and depth of sustainability risk assessments, tailored to each firm's business model and risk profile.
• Product Oversight: Ensuring products offer fair value and that sustainability-related features are clearly disclosed.
• Scenario Analysis: Reviewing the credibility and integration of climate scenarios within the ORSA.
• Investment Alignment: Assessing how sustainability risks are reflected in investment strategies and adherence to the prudent person principle.
• Sustainability Claims: Verifying the accuracy and substantiation of sustainability-related claims at both the product and firm level.
• Risk Management Capacity: Evaluating whether the risk function has the expertise and resources to oversee sustainability risks effectively.

SCR calculation for CIUs: For insurers with 20% or more of their investments in CIUs, EIOPA will assess year-end 2025 supervisory reporting data to identify potential inconsistencies and reporting issues, focusing on:

• SCR Calculation Methods: Identifying inconsistencies in how insurers calculate the SCR for CIUs — whether using full look-through, simplified look-through, or the Type 2 equity approach.
• Reporting Quality: Detecting outliers in the accuracy and completeness of reported information, particularly regarding the chosen look-through method and associated risk indicators.
• Use of Simplified Approaches: Reviewing undertakings that apply data groupings or simplified look-through methods to more than 20% of their total assets, to ensure appropriate application and justification.

Fair treatment of consumers in claims management: Given persistent issues in claims handling, EIOPA expects NCAs to continue monitoring whether claims are managed in a timely and appropriate manner, including in the context of increasing digitalisation. Insights from EIOPA's retail risk indicators and complaints data will support this work.

• Outlier Identification: EIOPA will again share data with NCAs on outliers, including insurers with high claims denial ratios, to support risk-based supervisory follow-up.
• Root Cause Analysis: For insurers with identified issues, NCAs will assess whether concerns stem from product design, value for money, or deficiencies in claims handling.
• Focus on Digital and Outsourced Claims Handling: Where claims issues are linked to digitalisation or outsourcing, NCAs may engage with firms to evaluate the impact of these practices on claims outcomes and consumer experience.
• Monitoring and Data Collection: NCAs will continue to collect and analyse data on claims, including motor third-party liability (MTPL) and broader non-life lines, with a focus on complaints.

Contributed by James O'Brien

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.