EIOPA publishes its Annual Work Programme 2026
Written by
RegCORE Client Alert | Insurance Union
QuickTake
Every year, usually during the fourth quarter, EU-level authorities such as the European Insurance and Occupational Pensions Authority (EIOPA) publish their Annual Work Programmes (AWPs) setting out their priorities and resourcing for the coming calendar year. Some authorities, such as EIOPA also publish a multi-year priority plan in what is known as a Single Programming Document (SPD). Both the AWPs and SPDs are of relevance to national competent authorities (NCAs) and more importantly the relevant firms within the scope of EIOPA’s and NCA’s regulatory and supervisory mandate.
On 29 September 2025, EIOPA published its AWP for 2026,Available here.Show Footnote which should be read in conjunction with its (revised) SPD for 2025-2027As published in its revised form on 19 December 2024 available here.Show Footnote as supplemented by its Union-Wide Strategic Supervisory Priorities – Focus areas for 2026Available here.Show Footnote (USSP 2026). As in previous years, the 2026 AWP and the USSP 2026 reflect EIOPA’s continued commitment to sustainable finance, digital transformation, supervisory convergence, policy development, financial stability, governance and consumer protection, digital transformation and geopolitical tensions as well as the growing “pensions gap”. As in 2025, supervised firms should note the emphasis on integrating Environmental, Social and Governance (ESG) considerations into their risk management frameworks, particularly considering new guidelines and reporting requirements under the Solvency II Directive (Solvency II Review) plus the interplay with the EU’s Insurance Distribution Directive (IDD) and the Sustainable Finance Disclosure Regulation (SFDR). Additionally, firms must prepare for increased scrutiny on digital operational resilience, with the Digital Operational Resilience Act (DORA) coming into effect on 17 January 2025, mandating robust IT systems and oversight of Critical Third-Party Providers (CTPP).
As in 2025, EIOPA's continued focus on supervisory convergence and the harmonisation of practices across Member States means that firms engaged in cross-border activities should anticipate more consistent regulatory oversight and be prepared for potential adjustments in their compliance frameworks. Lastly, the 2025 publications signal a proactive stance on emerging risks such as cyber threats and the ethical use of artificial intelligence (AI), indicating that firms should bolster their cybersecurity measures and ensure fair and non-discriminatory AI practices. Overall, the 2026 publications when compared to priorities for 2025 and certainly 2024 outline a more comprehensive regulatory landscape that demands heightened vigilance, adaptability and proactive engagement from supervised firms to align with EIOPA's strategic objectives (and as executed in supervision carried out by the NCAs) for a more resilient and sustainable financial sector.
This Client Alert discusses the relevant issues and key legal and regulatory considerations for relevant market participants as well as the key differences between EIOPA’s 2025 and 2026 AWPs. This Client Alert should be read together with other thematic deep dives on reforms and developments as well as our standalone analysis of all relevant 2026 work programmes from the European Commission and EIOPA’s sister European Supervisory Authorities (the ESAs) as well as those of the Banking Union authorities (ECB-SSM and SRB).In addition to our analysis for 2026, analysis from previous years is equally available on our EU RegCORE webpage.Show Footnote Readers may also find benefit in consulting “Navigating 2026”, a comprehensive playbook providing a more granular annual outlook from PwC Legal’s EU RegCORE on the forthcoming regulatory policymaking agenda, the supervisory cycle and assessment of any commonalities and trends across plans for 2026 and beyond.
Key takeaways from EIOPA’s 2026 AWP
As in previous years, EIOPA uses its 2026 AWP to outline its strategic priorities and communicate a comprehensive roadmap and resourcing plan for EIOPA's activities and publications (through Guidelines, Implementing Technical Standards (ITS) and Regulatory Technical Standards (RTS) that it is mandated to publish along with other rulemaking instruments and statements on supervisory expectations (a list thereof is set out in the 2026 AWP directly with individual line items assessed in further detail in Navigating 2026).
In addition to the above, EIOPA will increase its focus on enhancing the quality and effectiveness of supervision, moving from horizon scanning to “practical supervision”, integrating sustainable finance considerations, supporting digital transformation of the market (in particular open insurance, AI, decentralised finance (DeFi) and crypto-assets) and ensuring financial stability.
In terms of more “practical supervision”, EIOPA's role in Colleges of Supervisors continues to aim at supporting group supervisors and addressing and following up on relevant risks. When needed, joint on-site inspections will be proactively sought. As announced in the 2025 AWP, supervisory priorities from the EU’s Union-Wide Supervisory Priorities for oversight tasks will be followed during 2026 and beyond. Since 2025, EIOPA is conducting oversight for DORA’s purposes on CTPPs. EIOPA will assist NCAs in overseeing digital operational resilience and implementing new regulations like threat-led penetration tests and cyber incident reporting for firms.
In addition to the overarching themes introduced above, EIOPA will pursue the following main priorities as part of its annual activities in 2026:
Sustainable finance
A central pillar of EIOPA’s 2026 agenda is sustainable finance. EIOPA is intensifying its efforts to close natural catastrophe protection gaps by promoting best practices in risk assessment and management, with a particular focus on overcoming demand-side barriers to insurance uptake.
EIOPA is also committed to strengthening risk-based supervision of sustainability risks, monitoring the implementation of sustainability-related requirements and actively combatting greenwashing. This will involve the deployment of supervisory technology (SupTech) tools to detect misleading sustainability claims at both the product and entity level. Furthermore, EIOPA aims to enhance its role as a centre of excellence for catastrophe modelling and data, facilitating the sharing of innovative methodologies and best practices across the sector.
The integration of ESG risks into the prudential framework, support for the analysis of sustainability risks,active participation in the EU and international sustainable finance initiatives will be key features of the EIOPA’s work. For regulated firms, this means a heightened expectation to embed ESG considerations into risk management frameworks, ensure the accuracy and substantiation of sustainability claims and participate in industry-wide efforts to address protection gaps and improve catastrophe risk modelling.
Digitalisation
Digitalisation remains a major focus for EIOPA, as it continues to support the digital transformation of the insurance and pensions sectors. The supervision of artificial intelligence (AI) will be a priority, with an emphasis on ensuring fair and ethical treatment of consumers and monitoring the development of the cyber insurance market.
Equally, as announced in the 2025 AWP, EIOPA will finalise policy work on ethical and fair data use under the Financial Data Access Regulation (FIDAR) framework, clarify data ethics and leverage SupTech to enhance supervisory tools and processes. EIOPA will also support NCAs in adopting innovative technologies, contribute to the implementation of the AI Act and address risks associated with distributed ledger technology (DLT), blockchain and crypto-assets. For firms, this translates into a need to strengthen AI governance, ensure compliance with evolving data ethics standards and bolster cyber resilience in line with regulatory expectations.
Supervision and supervisory convergence
Supervision and supervisory convergence are at the heart of EIOPA’s strategy for 2026 and beyond. EIOPA will operate cross-border cooperation platforms to coordinate supervisory responses and support enforcement at the EU level, particularly for services provided under freedom of establishment or freedom to provide services. EIOPA will oversee CTPPs in collaboration with other ESAs, contribute to the supervision of digital operational resilience—including cyber incident reporting and threat-led penetration testing—and conduct mystery shopping exercises on digital distribution.
Peer reviews on reinsurance supervision and sustainability risk assessment, as well as the monitoring of customer-centric business models and the development of a conduct risk dashboard, will further enhance supervisory responsiveness.
EIOPA will also address issues related to internal models, participate in colleges of supervisors and promote convergence in data reporting to reduce the reporting burden on firms. These initiatives signal to firms the importance of robust cross-border compliance, effective internal model governance and readiness for increased supervisory scrutiny, particularly in digital and conduct risk areas.
Policy development
Policy development will be another key area of activity, with EIOPA prioritising the timely update of technical standards, guidelines and reports following the Solvency II review, with a strong emphasis on proportionality and simplification.
EIOPA will execute mandates under the EU’s Retail Investment Strategy (RIS) limb of the EU’s Savings and Investments Union, including the development of IT tools and consumer testing and contribute technical expertise to the review of the Institutions for Occupational Retirement Provision (IORP II) Directive and the Pan-European Personal Pension Product (PEPP) Regulation. These efforts are aimed at addressing pension gaps and supporting the development of supplementary pensions. Firms should therefore anticipate ongoing developments in policy and reporting requirements, particularly under Solvency II, the Retail Investment Strategy and the IORP II Directive and prepare for the associated operational and compliance challenges.
Financial stability contributions
Financial stability remains a core objective for EIOPA, which will further enhance its framework for assessing economic, market and emerging risks, with particular attention to systemic risk monitoring—including non-conventional risks such as cyber threats.
The implementation of the Insurance Recovery and Resolution Directive (IRRD) will strengthen crisis prevention and preparedness, while EIOPA’s contribution to the development of a European Network of National Insurance Guarantee Schemes and the provision of technical advice on minimum common standards will further bolster the sector’s resilience. Firms will be expected to demonstrate robust crisis preparedness, high data quality and effective risk management practices in response to these initiatives.
Governance of EIOPA and its interoperations with NCAs
Governance and organisational resilience are also prominent in EIOPA’s 2026 agenda. EIOPA will maintain a strong corporate culture and cost-effective operating model, with continued focus on high standards of integrity, diversity and inclusion.
Strengthening its cybersecurity posture and aligning with evolving EU standards, as well as reducing the environmental impact of its operations and maintaining accreditation under the EU’s Eco-Management and Audit Scheme, are key operational objectives. For firms, this underscores the importance of strong governance, cyber resilience and sustainability in their own operations.
The look further ahead
Looking ahead, EIOPA’s 2026 AWP signals a continued evolution towards a more resilient, sustainable and digitally enabled insurance and pensions sector in the EU. Supervised firms are advised to proactively engage with these developments, ensuring alignment with EIOPA’s strategic objectives and regulatory expectations. The focus on supervisory convergence, sustainable finance, digital transformation and robust governance will require firms to maintain high standards of compliance, innovation and consumer-centricity in the year ahead.
Key takeaways from the USSP 2026
EIOPA’s USSP 2026 sets out the focus areas for attention that will guide NCAs and, by extension, regulated (re-)insurance undertakings across the EU. The priorities reflect the evolving risk landscape, regulatory developments and persistent consumer protection concerns within the sector. For 2026, EIOPA’s focus areas—DORA and Sustainability Risks—are complemented by targeted areas of attention, namely the Solvency Capital Requirement (SCR) calculation for Collective Investment Undertakings (CIUs) and the fair treatment of consumers in claims management, particularly in the context of digitalisation. These priorities reflect both the maturing regulatory environment and the increasing complexity of risks facing the sector.
With the implementation of DORA, regulated firms must ensure that their ICT risk management frameworks are robust, proportionate and fully integrated into their overall business and ICT strategies. Supervisory scrutiny will extend to the active engagement of boards and senior management in ICT risk oversight, the adequacy of incident response and reporting mechanisms and the comprehensiveness of third-party risk management, especially regarding CTPPs. Firms should anticipate more frequent and detailed supervisory interactions, including both onsite and offsite reviews and must be prepared to demonstrate operational readiness and resilience through well-documented policies, procedures and testing programmes.
Sustainability risks are now firmly embedded in the prudential and conduct supervisory agenda. EIOPA expects firms to conduct materiality assessments of sustainability risks within their Own Risk and Solvency Assessment (ORSA) processes, ensuring these are tailored to the firm’s specific risk profile and business strategy. Scenario analysis, particularly in relation to climate change, must be credible and underpinned by sound assumptions. The risk management function should be equipped with the necessary expertise and governance structures to oversee sustainability risks and there must be clear alignment between sustainability risk management and investment decision-making, consistent with the prudent person principle. Furthermore, firms must ensure that any sustainability-related claims made in relation to products or their overall profile are accurate, substantiated and aligned with EIOPA’s principles to prevent greenwashing. Product design and distribution processes should be reviewed to ensure that value for money and transparency—especially regarding exclusions or limitations related to sustainability—are maintained.
The increasing concentration of CIUs in insurers’ investment portfolios has prompted EIOPA to intensify its scrutiny of SCR calculations. Firms with significant exposures (20% or more of investments in CIUs) will be subject to detailed assessments of their application of the look-through approach, data quality and consistency in supervisory reporting. Inaccuracies or inconsistencies may trigger targeted supervisory interventions and firms should ensure that their governance arrangements for investment risk management are robust, particularly where exposures to private equity and alternative investment funds are material.
Persistent issues in claims management, highlighted by recurring consumer complaints and low satisfaction rates, have led EIOPA to prioritise the fair treatment of consumers in this area. Firms should review their claims handling processes, with particular attention to the impact of digitalisation and outsourcing. Supervisory authorities will monitor claims management practices, identify outliers (such as high claims denial ratios) and may require remediation where issues are identified. Firms must ensure that their processes are transparent, timely and consumer-centric, with clear communication and fair outcomes at the forefront.
Considering these developments, regulated firms are advised to adopt a proactive and integrated approach to compliance and risk management. This includes conducting gap analyses against supervisory expectations, enhancing board and senior management oversight of key risk areas, investing in data quality and reporting systems and embedding consumer protection and sustainability considerations throughout their operations. The evolving supervisory landscape will demand heightened vigilance, adaptability and engagement from firms to ensure alignment with EIOPA’s strategic objectives and to mitigate the risk of regulatory intervention.
In addition to the above, it is important to review how the focus, tone and expected level of scrutiny differs, even if ever so slightly between EIOPA’s 2025 publications and the 2026 AWP.
Key messages and differences between EIOPA’s 2025 AWP and SPD and 2026 AWP
The 2026 AWP, as supplemented by the USSP 2026, marks a shift from preparatory and mapping work in both publications i.e., the 2025 AWP and SPD for 2025-2027 to concrete implementation, delivery of new tools and enhanced supervisory scrutiny, especially in digital, sustainability and consumer protection domains. The level of operational detail, resource allocation and specificity of outputs is significantly increased in the 2026 AWP even if it is narrower in tangible focus for that year when compared to the multi-annual priorities set out in the SPD 2025-2027.For a review of the differences between 2024 and 2025 please see here.Show Footnote
