Search QAs

Does an insurance entity licensed outside the EU, which is a subsidiary of a company based in the EU, and with operations also outside the EU, fall within the scope of DORA?

Is it in line with Article 30(3)(e)(i) of Regulation (EU) 2022/2554 (DORA), in conjunction with Article 8 of Commission Delegated Regulation (EU) 2024/1773, to appoint an independent third party to perform a regular joint audit of a third-party ICT service provider that supports critical or importan…

We refer to the upcoming entry into application of the DORA regulation. An institution for occupational retirement has recently contacted the NCA regarding the following issue: - that institution for occupational retirement provides pension benefits for contractual agents (employees) of a regional p…

Pursuant to article 2 of DORA, professionals of the financial sector defined in articles 257 seq. of the Luxembourg law on the insurance sector dated 7 December 2015 (as amended from time to time) are not in the scope of DORA. Nevertheless, some of the professionals of the insurance sector provide I…

Does the DORA impose an obligation to notify of the responsible contact people? Are the Solvency II and fit and proper guidelines to be observed in this context?

If a company has both DORA regulated activities and other - non-regulated - activities, does DORA apply to those other non-regulated activities as well? If so, is there a minimum % that the DORA regulated activities should be of the overall company activities for the non-regulated activities to be regulated by DORA as well?

What guidelines should an insurance company follow, with regards to ICT, that falls within the exeption of DORA, now that the EIOPA guidelines on Communication technology security and governance have been revoked?

We are contacting regarding a question we have regarding the ITS ICT services supply chain – Information Registry. The question is as follows: We understood that since the RTS – ICT Services Outsourcing (RTS) has been rejected, this would also apply to the registration of third-party ICT services in…

In Finland telecom operators are strictly regulated, regulations include “Act on electronic communication services (917/2014)", which does not allow to give access to a telecom operators data. This means that data communications service providers are not able to agree to a customer's requirement to …