EIOPA releases 2024 Annual Report – Key developments, regulatory initiatives and strategic priorities

RegCORE – Client Alert | Insurance Union

QuickTake

The European Insurance and Occupational Pensions Authority (EIOPA) published its 2024 Annual Report in June 2025 (the Report), providing a comprehensive overview of its regulatory, supervisory and policy activities throughout 2024. The Report details EIOPA’s progress in advancing sustainable insurance and pensions, addressing protection gaps, supporting digital transformation and cyber resilience, strengthening prudential and conduct supervision and safeguarding financial stability across the EU. EIOPA’s work in 2024 was set against a backdrop of persistent geopolitical uncertainty, economic and environmental risks and rapid technological change, with a continued focus on consumer protection, supervisory convergence and the effective implementation of new and revised EU financial regulations.

As noted in the Report, “EIOPA faced challenges in terms of constrained resources to manage a demanding workload towards ensuring strong and consistent protection of consumer interests across the EU and strengthening the resilience and sustainability of the financial sector, thereby safeguarding its effectiveness, level playing field and financial inclusion.” It nevertheless confirmed it had achieved a 93% completion rate of the priorities and deliverables it had set itself in its 2024 Annual Work Programme.

As explored in this Client Alert, the Report also reiterates EIOPA’s supervisory priorities for 2025-27See also standalone coverage on EIOPA’s priorities in its 2025 Annual Work Programme here and how these interact with plans of other EU authorities here.Show Footnote and should thus also be read together with our standalone coverage on individual developments raised in the Report as well as in similar annual reports published by the other European Supervisory Authorities (ESAs) as well as “Navigating 2025” setting out how these interact with plans of other authorities.Available here.Show Footnote

Key takeaways from the Report

The Report focuses on a number of headline issues that EIOPA advanced during 2024. These include:

Sustainable finance and protection gaps

EIOPA made significant progress in integrating sustainability risks into the prudential framework and supervisory practices, with a particular focus on combating greenwashing and enhancing natural catastrophe protection.

Key initiatives included the launch of a Catastrophe Data Hub, reassessment of Solvency II natural catastrophe capital requirements and proposals on the prudential treatment of sustainability risks. EIOPA equally published a final report and Opinion on greenwashing, providing practical guidance for national supervisors and enhancing regulatory clarity on sustainability claims. Regulated firms must ensure that all sustainability-related disclosures and product features are substantiated, clear and not misleading. The Report signals a move towards stricter scrutiny of ESG claims, with potential regulatory enhancements to clarify what constitutes a “sustainable” insurance product, especially in non-life lines.

EIOPA also conducted the “Fit-for-55” climate risk scenario analysis, assessing the resilience of the EU financial sector to climate and macro-financial shocks. EIOPA’s efforts extended to addressing pension gaps, financial health disparities and the needs of vulnerable consumers, including work on the Pan-European Personal Pension Product (PEPP).

In terms of further implications for firms this may mean:

• Enhanced supervisory scrutiny of sustainability claims and greenwashing risks: firms should expect increased supervisory attention to the adequacy of natural catastrophe risk modelling, capital requirements and product offerings and disclosure. 
• Regulatory reporting: Firms must also anticipate evolving expectations around the quantification and management of sustainability risks, with a likely increase in regulatory reporting and scenario analysis requirements.
• Increased expectations for integration of climate and sustainability risks: into risk management and Own Risk and Solvency Assessment (ORSA) processes. The reassessment of Solvency II natural catastrophe capital charges and the push for forward-looking risk management (e.g., through ORSA scenarios) will require firms to enhance their climate risk assessment capabilities and data quality.

Digital transformation and cyber resilience

EIOPA continued to support the supervisory community and industry in navigating digital transformation, promoting a data-driven culture and addressing associated risks and opportunities. A major focus in 2024 was the implementation of the Digital Operational Resilience Act (DORA), with EIOPA and the other ESAs delivering key technical standards on ICT risk management, third-party risks, incident reporting and penetration testing.

EIOPA also contributed to the development of a pan-European cyber incident coordination framework and strengthened oversight for critical ICT service providers. EIOPA monitored digitalisation trends, AI usage and cyber insurance accessibility and played an active role in preparing for the AI Act, Financial Data Access Regulation (FiDAR) and Markets in Crypto-Assets Regulation (MiCAR).

The Report also highlights EIOPA’s work on cyber-risk crisis exercises and the development of systemic risk assessment methodologies. Firms should expect more intrusive supervisory reviews of cyber resilience, including participation in pan-European exercises and enhanced expectations for cyber insurance offerings.

In terms of further implications for firms this may mean:

• New and enhanced requirements: for ICT risk management, incident reporting and oversight of third-party providers under DORA. 
• Increased compliance: Firms deploying AI systems must ensure compliance with both horizontal (AI Act) and sectoral (insurance-specific) requirements, including transparency, explainability and risk management controls.
• Increased supervisory focus: On digitalisation, AI and cyber risk, with expectations for robust governance and data management. 

Prudential and conduct supervision, supervisory convergence

EIOPA maintained its focus on promoting sound, efficient and consistent prudential and conduct supervision across Europe, particularly in the context of increased cross-border business. EIOPA advanced supervisory convergence through issuing opinions, statements, conducting peer reviews and the development of common benchmarks and supervisory tools. EIOPA provided ongoing support to National Competent Authorities (NCAs) through analytical reports, technical assistance and data-driven supervision.

EIOPA continued to monitor macroeconomic impacts, value for money in financial products and risk transfers and issued guidance on the supervision of captives, third-country reinsurers and reinsurance agreements. Consumer protection remained a core priority, with initiatives such as mystery shopping, market monitoring and enhanced transparency in product disclosures.

In terms of further implications for firms this may mean: 

• Increased convergence: Continued emphasis on by EIOPA and NCAs’ on supervisory convergence and harmonisation of practices across Member States. 
• Increased cross-border scrutiny: On activities, internal models and risk transfer arrangements. 
• Heightened supervisory expectations: For value for money benchmarks, transparency and fairness in insurance and pension products. 
• Ongoing use by supervisors of peer reviews and oversight activities: To ensure consistent supervisory practices and address conduct risks. Firms must ensure that product design, pricing and distribution practices deliver fair value and are supported by robust evidence. The focus on vulnerable consumers and financial inclusion will require firms to review their practices for potential biases or gaps.
• The comparative studies: on internal models (market, credit, non-life underwriting, diversification) and the focus on methodological consistency will require firms using internal models to ensure their approaches are robust, transparent and aligned with best practices. Supervisory scrutiny of model governance and validation processes is likely to intensify.

Policy advice, international cooperation and regulatory simplification

EIOPA’s work on the Solvency II Review, including technical standards and advice on proportionality, aims to streamline requirements for non-small/non-complex undertakings. While this may reduce some compliance burdens, firms must stay abreast of evolving thresholds and ensure they can demonstrate eligibility for proportionality measures. The entry into force of the Insurance Recovery and Resolution Directive (IRRD) introduces new responsibilities for EIOPA inasmuch for firms regarding recovery and resolution planning. Firms must prepare for enhanced requirements around pre-emptive recovery planning, resolvability assessments and participation in resolution colleges.

EIOPA emphasised proportionality in legislation, reducing regulatory burdens through streamlining reporting templates, reducing data points and adjusting materiality thresholds.  EIOPA strengthened international cooperation, supporting the adoption of EU insurance legislation in the Balkans and contributing to global standards via the International Association of Insurance Supervisors (IAIS).

In terms of further implications for firms this may mean:

• Ongoing changes to prudential and conduct requirements: with a focus on proportionality and simplification. 
• Increased international engagement: with international standards and cross-border supervisory practices. This will prompt certain firms to step up their monitoring and adaptation to evolving EU and global regulatory frameworks. 

Financial stability, risk monitoring and stress testing

Financial stability and risk monitoring remain central to EIOPA’s mandate. The shift to a three-year stress testing cycle and the publication of quarterly risk dashboards reflect a more targeted approach to financial stability monitoring.

EIOPA continued to monitor and assess risks and vulnerabilities in the insurance and occupational pensions sectors, publishing biannual Financial Stability Reports and maintaining its Insurance and IORP Risk Dashboards. The 2024 insurance stress test focused on the economic consequences of geopolitical tensions, confirming the resilience of EU insurers but highlighting the financial cost of such shocks.  EIOPA also advanced work on the implementation of the IRRD, with a focus on simplification and risk-based prioritisation.

Critically, while EIOPA has made efforts to streamline and simplify regulatory requirements—such as reducing reporting frequency, leveraging existing data and introducing proportionality—the overall direction is towards increased regulatory expectations, particularly in areas of sustainability, digital resilience and conduct. Firms must balance the benefits of simplification with the need to invest in new systems, data capabilities and governance structures. EIOPA’s push for supervisory convergence is likely to reduce national discretions and lead to a more harmonised regulatory environment. However, differences in local implementation and supervisory culture may persist, especially in areas where EIOPA’s powers are limited. Firms operating cross-border must monitor both EU-level and national developments.

In terms of further implications for firms this may mean:

• Increased supervisory attention to macroeconomic, market and ESG-related risks;
• Regular stress testing and risk assessments, with greater transparency in results; and 
• Ongoing monitoring of exposures to alternative assets, private credit and interconnectedness with other financial sectors.

EIOPA’s organisational development, governance and stakeholder engagement

EIOPA continued to invest in technology plus process optimisation as part of its digital and data driven supervision strategy as well as human resources development, including the implementation of a Diversity and Inclusion Strategy.  EIOPA maintained strong relationships with EU institutions, national authorities and stakeholders and played a leading role in the EU Agencies Network and the Joint Committee of the ESAs.

EIOPA’s strategic priorities for 2025

Looking ahead, EIOPA uses the Report to reiterate its 2025 strategic priorities, which include:

• Advancing sustainable insurance and pensions, with a focus on protection gaps and climate resilience;
• Supporting digital transformation and operational resilience, including DORA implementation;
• Promoting supervisory convergence and consistent conduct and prudential supervision;
• Delivering high-quality policy advice and supporting the implementation of new EU financial regulations;
• Enhancing financial stability through risk monitoring, stress testing and crisis management; and
• Maintaining high professional standards, efficient governance and a positive reputation within the EU and globally.

Outlook

The increasing reliance of EIOPA on data-driven supervision (SupTech, RegTech, digital reporting) may require certain supervised firms to invest in data quality, analytics and reporting infrastructure. The move towards real-time or near-real-time supervision may reduce the window for remediation and increase the risk of supervisory intervention. The emphasis on consumer protection, value for money and financial inclusion reflects a broader shift towards outcomes-based regulation. Many firms may need to move beyond formal compliance to demonstrate that their products and practices deliver tangible benefits to consumers, with a particular focus on vulnerable groups. EIOPA’s engagement with international standard-setters and its support for third-country adaptation of EU rules signal that global regulatory alignment is a priority. Firms with international operations must ensure consistency across jurisdictions and prepare for potential equivalence assessments or changes in third-country regimes.

In practical terms, regulated firms should review and update sustainability-related disclosures and product governance frameworks to address greenwashing risks, enhance climate risk modelling and scenario analysis capabilities and prepare for DORA implementation by conducting gap analyses and updating ICT risk management frameworks. Firms should also assess AI and digitalisation strategies for compliance with both the AI Act and sector-specific guidance, strengthen cyber resilience, align internal model methodologies with EIOPA’s comparative studies, implement robust value for money assessments, monitor developments in recovery and resolution planning, invest in data quality and reporting infrastructure and engage proactively with supervisors at both national and EU level.

Overall, the EIOPA Annual Report 2024 signals a period of significant regulatory evolution for the insurance and pensions sectors. While there are opportunities for simplification and proportionality, the overall trend is towards higher expectations in sustainability, digital resilience, conduct and risk management. Regulated firms must adopt a proactive, strategic approach to compliance, investing in governance, data and technology to meet both current and emerging supervisory demands. Failure to do so may result in increased supervisory scrutiny, reputational risk and potential enforcement action.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.  

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.  

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.   

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award” and the “2025 Regulatory, Governance and Compliance Technology Award in 2025”.  

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.