The Portuguese Insurance Regulator has approved Circular No. 6/2026 setting out changes to the RiskOutlook reporting form. The update is intended to simplify the form and make it more proportionate, while aligning it with the growing relevance of cyber risk and the implementation of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector, known as DORA. The changes add a dedicated risk class for cyber risk and digitalization risk, introduce additional questions on digital operational resilience, and remove the ad hoc components covering cyber risks, sustainable finance and climate change. The revised RiskOutlook form applies to information reporting due from July 1, 2026.
Portuguese Insurance Regulator (ASF)2026-06-26
Portuguese Insurance Regulator updates RiskOutlook reporting form for cyber risk and DORA implementation
The Portuguese Insurance Regulator has revised the RiskOutlook reporting form to reflect cyber risk and DORA-related digital operational resilience requirements. The changes add a dedicated cyber and digitalization risk class, include new resilience questions, remove certain ad hoc components, and apply to reporting due from July 1, 2026.