The Danish Financial Supervisory Authority has launched its first thematic review under the Digital Operational Resilience Act (DORA), examining how selected insurance companies and pension funds have implemented the regulation, with a particular focus on information technology risk management. The review forms part of the authority’s broader DORA-related IT supervision, which includes IT inspections, ongoing supervisory dialogue and follow-up on IT incidents across in-scope financial entities. As part of the thematic exercise, firms must account for their implementation of DORA, with specific attention on their approach to the core IT risk management provisions and how IT risk management is embedded in senior management and governance. The authority is reviewing 14 insurers and pension funds and expects to publish the results in spring 2026.
Danish Finanstilsynet 2025-10-10
Danish Financial Supervisory Authority launches thematic review of 14 insurers and pension funds’ implementation of DORA IT risk management rules
The Danish Financial Supervisory Authority has initiated its first thematic review under the Digital Operational Resilience Act (DORA), focusing on IT risk management in selected insurance companies and pension funds. This review is part of broader DORA-related IT supervision, including inspections and dialogue on IT incidents. Results from the review of 14 firms are expected in spring 2026.