Digital finance strategy (DORA – MiCA - DLT)

Digital Operational Resilience Act (DORA)

Together with the adoption of its Digital Finance Strategy in September 2020, the European Commission published its proposal for a Regulation on digital operational resilience for the financial sector (Digital Operational Resilience Act - DORA). Insurance intermediaries were included in the scope of the Commission’s proposal for DORA, together with much larger financial entities like insurers or credit institutions. The DORA proposal also introduced an EU oversight framework for critical ICT (Information and Communication Technology) service providers (such as Big Techs which provide cloud computing to financial institutions).

Legislative proposal for a regulation on markets in crypto-assets (MiCA)

Crypto-assets are defined as “a digital representation of value or rights, which may be transferred and stored electronically, using distributed ledger technology or similar technology” (Article 3.2, MiCA proposal). There are many different types of crypto-assets; a basic taxonomy distinguishes between payment tokens (means of exchange or payment), investment tokens (have profit rights attached) and utility tokens (enable access to a specific product or service).

A pilot regime for market infrastructures based on distributed ledger technology (DLT)

At the end of 2021/beginning of 2022, the EP and the Council reached an agreement on a pilot scheme based on distributed ledger technology (DLT). The Commission's proposal for a Regulation on “a pilot regime for market infrastructures based on distributed ledger technology” was part of the Commission's Digital Finance Strategy and was presented together with the proposal for MiCA (and the proposal for DORA).

Cyber Resilience Act

The European Commission’s work programme for 2022, released on 19 October 2021, announced a proposal on a European Cybersecurity Resilience Act (legislative) that is expected to be published in Q3 2022. As the Commission’s President Ursula von der Leyen stated in her State of the Union Address in September 2021, the Act seeks to establish common cybersecurity rules for digital products and associated services that are placed on the market across the European Union. She also underlined that the EU should strive to become a leader in cybersecurity.

Open finance

In February 2021, the Commission addressed a request to EIOPA, ESMA and EBA for Technical Advice on Digital Finance and related issues. The three ESAs were asked for advice on how to address the risks and opportunities arising out of digital finance, how to address the related prudential supervisory challenges arising from more fragmented and non-integrated value chains, from “platformisation” and bundling of financial services as well as from groups combining different activities. The ESAs’ Advice to the Commission aims to assist it to address the upcoming challenges and to propose, where relevant, changes to the existing legislative framework.

Artificial Intelligence (AI)

EIOPA Report on AI Governance Principles in Insurance

In June 2021, the Consultative Expert Group on Digital Ethics (GDE) set up by EIOPA published a Report on “Artificial Intelligence Governance Principles: Towards Ethical and Trustworthy Artificial Intelligence in the European Insurance Sector”. BIPAR was represented in the Expert Group.

Artificial Intelligence Act

In April 2021, the European Commission proposed new rules on Artificial Intelligence (AI Act). The proposed Regulation on AI is cross-sectoral and will apply to both public and private actors inside and outside the EU as long as the AI system is placed on the Union market or its use affects people located in the EU. It can concern both providers and users of high-risk AI systems. It does not apply to private, non-professional uses.

EU Liability Rules for AI

In October 2021 the European Commission launched a public consultation on the rules on compensation for damage caused by defective products, specifically by the use of Artificial Intelligence (AI) in products and services.  The consultation looked into some policy options, among which is the harmonisation of strict liability (without the need to prove negligence) for damage caused by the operation of certain AI-enabled products or the provision of certain AI-enabled services that expose the public to the risk of damage to important values, like life, health and property. This may be combined with (voluntary/mandatory) insurance for damage caused by this type of AI system.

Distance Marketing of Financial Services Directive (DMFSD)

The 2002 Directive on Distance Marketing of Consumer Financial Services (DMFSD) aimed at ensuring the free movement of financial services in the Single Market by harmonising certain consumer protection rules governing this area. It applied horizontally to any service of a banking, credit, insurance, including those of insurance intermediaries, personal pension, investment or payment nature. The Directive set out information obligations to be provided to the consumer prior to the conclusion of the distance contract (pre-contractual information), granted for certain financial services a right of withdrawal to the consumer, and banned unsolicited services and communications from suppliers.

Digital Services Act and Digital Markets Act

The European Commission, the EP and the Council have been working since December 2020 on a set of new EU rules for all digital services, including cloud services, messaging, social media, online marketplaces, and other online platforms and app stores that operate in the European Union: the Digital Services Act and the Digital Markets Act. The new rules will introduce a horizontal framework for all categories of content, products, services, including financial services, and activities provided, for example, via online intermediary services.

Data Act and Data Governance Act

The proposed Regulation on harmonised rules on fair access to and use of data, also known as the Data Act, of February 2022, and the proposed Data Governance Act of November 2020, are both part of the overall 2020 European strategy for data.  While the Data Governance Act creates the processes and structures to facilitate data, the Data Act clarifies who can create value from data and under which conditions.

European Single Access Point (ESAP)

In November 2021, the European Commission adopted a package of follow-up measures regarding the Capital Markets Union (CMU). The package includes a proposal for a Regulation “establishing a European single access point (ESAP) providing centralised access to publicly available information of relevance to financial services, capital markets and sustainability”. It also includes two other proposals (an Omnibus Directive and an Omnibus Regulation), that will amend a number of existing EU Directives and Regulations (including, for example, the IDD, MiFID II and the SFDR) in the related fields.