DORA Regulation - Information for Operators

The Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (Digital Operational Resilience Act - DORA), applicable as of 17 January 2025, establishes a common framework for the management of risks associated with information and communication technologies (ICT).

The regulation and its implementing acts (Implementing Technical Standards and Regulatory Technical Standards) provide for numerous technical-administrative requirements for financial entities and national Authorities.

As far as the insurance sector is concerned, the DORA regulations are applicable to insurance and reinsurance companies subject to Solvency II and insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries which do not qualify as microenterprises or as small or medium-sized enterprises (which employ 250 or more persons and have an annual turnover exceeding EUR 50 million or an annual balance sheet total exceeding EUR 43 million).

This page contains the communications to insurance operators issued by IVASS, relevant European and national regulations, and operational documentation for the transmission of mandatory reports under DORA.

Last update

19 March 2025

Share on:

IVASS COMMUNICATIONS

  1. Letter to the market of 07/03/2025 (only in Italian) PDF 358.4 KB DORA Reporting - Register of information
  2. Letter to the market of 14/02/2025 (only in Italian) pdf 323.3 KB Reporting of serious cyber incidents and cyber threats under Regulation EU 2022/2054 (DORA)
  3. DORA incident reporting template xlsx 127.9 KB Letter to the market of 14 February 2025
  4. DORA cyber threat reporting template xlsx 65.7 KB Letter to the market of 14 February 2025

EU RELEVANT REGULATIONS

  1. Regulation 2022/2554 (DORA) (External link)Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector
  2. Commission Implementig Regulation (EU) 2024/2956 of 29 November 2024 (External link)Regulation laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to standard templates for the register of information
  3. EBA - Reporting framework and controls (External link)
  4. File for sample reporting (External link)
  5. Decision of EBA, EIOPA and ESMA of 8 November 2024 (External link)Decision concerning the reporting by competent authorities to the ESAs of information necessary for the designation of critical ICT third-party service providers (Article 31(1)(a) of DORA)

OPERATIONAL DOCUMENTATION

  1. Infostat platform for the transmission to IVASS of supervisory and statistical reporting (External link)
  2. Infostat user's manual (only in Italian) pdf 1.1 MB
  3. Infostat Accreditation form (only in Italian) docx 115.9 KB