On 6 February 2020, EIOPA published its Guidelines on outsourcing to cloud service providers (the Guidelines). The Guidelines will apply from 1 January 2021 to all cloud outsourcing arrangements entered into or amended on or after that date.
The Guidelines address a number of issues, including, the following:
- what should be considered within the ‘scope’ of outsourcing to cloud service providers;
- governance of cloud outsourcing arrangements, including the requirement that thorough risk assessments be carried out when outsourcing any critical or important functions or activities (CIFA) to a cloud service provider;
- changes to the risk profile of the undertaking as a result of the outsourcing to a cloud service provider should be reflected in its Own Risk Solvency Statement (ORSA);
- papering of cloud outsourcing arrangements, including documenting the arrangement in a written agreement, updating the undertaking’s outsourcing policy and making notifications to the undertaking’s supervisory authority;
- due diligence of cloud outsourcing arrangements, including a set of criteria to be followed to assess whether a cloud outsourcing arrangement relates to a CIFA; and
- sub-outsourcing of CIFAs to cloud service providers.
The Guidelines will apply to both individual insurance and reinsurance undertakings and to groups as defined in the Solvency II Directive.
Recommended Insights
Announcement
16
Apr 2025
William Fry is pleased to announce the appointment of three new Partners: David O'...

Managing Partner
Stephen Keogh
Announcement
24
Apr 2025
William Fry advises DCC plc on its proposed sale of its healthcare division to Hea...

Partner
Mark Talbot
Article and Insights
25
Apr 2025
High Court reaffirms that surcharge interest rates that are 'extravagant and uncon...

Partner
David O’Shea
Article and Insights
22
Apr 2025
The Central Bank has changed its daily portfolio disclosure requirement for UCITS ...

Partner
Sergey Dolomanov
Announcement
11
Apr 2025
William Fry is proud to announce that the Firm has won two awards at the Managing ...

Managing Partner
Stephen Keogh
Article and Insights
14
Apr 2025
The EU's €200 billion AI Continent Action Plan aims to establish European digital...

Partner
Barry Scannell
prev
next