Subscribe
23 March 2021Insurance

Insurance Europe calls for assurances that re/insurers will be exempt from the EU’s NIS2 Directive

Insurance Europe has welcomed the European Commission’s proposal for a revised Network and Information Security (NIS2) Directive to enhance the cyber resilience of the European Union.

In particular, Insurance Europe said it supported the decision to leave insurance companies outside the scope of the proposed NIS2 Directive. Insurance companies will be subject to the Digital Operational Resilience Act (DORA), it noted, which will introduce requirements for insurance companies to demonstrate robust cyber risk management, incident-reporting, stress-testing and third-party arrangements.

“A single set of cybersecurity rules offers more effective governance than many separate rules,” Insurance Europe noted.

The trade association said absolute clarity is needed around the legal references applicable to insurance companies, to allow carriers to plan and implement a phased process of adaptation to new guidelines and to the DORA. To this end, it is important that insurers are given assurances that they will remain outside the scope of NIS2, not just now but in the future.

Specifically, Insurance Europe proposed modifying the NIS2 text to remove a reference to equivalence that it said could lead to “uncertainty and many open questions.” This clause is unnecessary, Insurance Europe argued, given the requirements under DORA are already “more detailed and more extensive than those found under the NIS Directive.”

It also called for the minimum harmonisation clause in article three of NIS2 to be clarified to make it clear that the cybersecurity of European insurers will only be harmonised at the level of the DORA. “This will provide the necessary legal certainty to insurers by ensuring that member states do not add additional sectors, subsectors or types of entities to Annexes I and II,” it said.

Insurance Europe also called for Europe’s regulatory authorities and re/insurance companies to do more to improve data sharing, to ensure stakeholders have access to accurate cyber-incident data. “The data that is publicly available at EU level is currently very limited,” it warned.

“The NIS2 proposal offers an opportunity to foster greater transparency about cyber-related incidents by making anonymised incident data available for use by the cyber re/insurance underwriting community, thus contributing to increasing the overall cyber resilience of the EU,” it added.

Insurance Europe also highlighted significant differences between how countries report cyber incidents, and welcomed references in the NIS2 proposal to the possible role of ENISA in issuing technical guidance. This would be a necessary first step towards more harmonisation of cyber reporting in the EU, it said.

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk


More on this story

Insurance
Solvency II review should reduce barriers to business
29 January 2020   Insurance Europe president questions the need for prudential enhancements.
Insurance
More work needed for GDPR to succeed
28 January 2020   More uniform application of the regulation is needed – Insurance Europe
Insurance
Major rule changes could undermine insurers’ ability to cover certain risks, says Insurance Europe
10 January 2022   The lobby group says new rules should only be considered in the case of a clear protection gap.


Editor's picks

Insurance
Marsh won't go wholesale despite E&S heat; likes holding clients close
19 April 2024

Editor's picks

Insurance
Marsh won't go wholesale despite E&S heat; likes holding clients close
19 April 2024
Insurance
Generali revolution: insurance redrawn, asset management given wing
18 April 2024
Insurance
Aegis raids AIG to rebuild cyber offer after eight-year hiatus
18 April 2024
Insurance
Munich Re shakes up P&C underwriting leadership across Asia & Africa
18 April 2024
Insurance
Price competition is back, just as claims inflation tames, CFOs warn
17 April 2024
Insurance
Major leadership shift at Lloyd’s as veteran exits; eyes Americas expansion
11 April 2024

More articles

Ardonagh snaps up €45.5m GWP broker in ‘mature and complex’ European market for expansion
Everest ups GWP 18% in Q1, leans towards higher margin reinsurance
Tokio Marine creates global media division, aiming for market leadership
Arch Capital grows GWP 24% in Q1 on heavy lean into reinsurance
Aspen ups GPW 17% Q1, but suffers 5.7 ratio point margin slide
AIG draws new diversity chief; says meaningful talent development top priority
MS Amlin boosts claims bench strength with senior HDI Global hire
First-ever Africa-focused syndicate enters Lloyd’s of London market