What awaits Czech insurance companies under the EU digital strategy (including from the CNB)?

• High-performance computing (€2.2 billion):

○ readily available high-end exascale (next-generation computing systems capable of 10-18 floating operations per second), supercomputing and data infrastructure

○ EU-wide ecosystem of high-performance computing

○ post-exascale infrastructure (including integration with quantum computing technologies and computer science research infrastructures), supporting the necessary hardware and software development

• Artificial Intelligence (AI) (€2.06 billion):

○ Basic capacity

○ Testing and experimental equipment

• Cybersecurity and trust (€1.6 billion):

○ Advanced equipment

○ Knowledge, capacity, skills for cybersecurity

○ NIS2

○ Resilience, risk awareness, civil-defence coordination

• Advanced digital skills (€0.57 billion):

○ Increase the number of talent in the EU

○ Bridging the digital divide, promoting professionalism in cloud, big data analytics, cybersecurity, blockchain, quantum technologies, robotics and artificial intelligence

• Deployment and best use of digital capabilities and interoperability (€1.07 billion):

○ Deployment of state-of-the-art digital technologies (e.g. HPC, AI) and cybersecurity for public sector entities (health, education, justice, customs, transport, mobility, energy, environment, cultural and creative industries)

○ Easy access to (pilot) testing of digital technologies for the EU public sector and industry (especially SMEs)

○ Ensuring continued capacity at EU level, digital development, monitoring, analysing and adapting to rapidly evolving digital trends, sharing best practices

○ Building a European ecosystem for trusted data sharing and digital infrastructure

1. Monitors risks (including cyber) related to IT security and governance.

2. It is working on a system for sharing information on cyber security and attacks between national supervisory authorities.

3. Contributes to the fine-tuning of DORA, for which it is preparing its implementing technical standards. It focuses mainly on cyber incident reporting and cybersecurity resilience testing.

4. It monitors the implementation of its guidelines (i.e. guidelines), particularly in the field of ICT (information and communication technologies). The aim is to identify specific reasonable aspects of implementation (which will use the preparation of technical standards for DORA).

5. Harmonises ICT risk management tools, methods, processes and policies and the content of the policies, procedures and plans envisaged in the Regulation (e.g.: ICT security policies and procedures, ICT business continuity policy, BCP and DRP plans).

6. EIOPA has developed a data management framework for local supervisory authorities. Data quality is essential for control processes. The framework is intended to provide a minimum quality standard that will be required of all local supervisory authorities.

7. The Expert Group on Artificial Intelligence will establish a framework for ethical and trustworthy AI in the European insurance industry (so far, it has issued six governance principles, including guidelines for their implementation in the insurance industry). In the future, EIOPA will further take into account the legislative developments of the Artificial Intelligence Act.

8. EIOPA wants to reach a consensus on the approach to the regulation of innovative products, services and business models. In general, it wants to strengthen the coordination of fintech regulation.

9. It is developing a procedural framework for cross-border testing to facilitate the spread of innovation across the EU, simplify competition, facilitate cross-border communication between local supervisors and increase transparency regarding cross-border testing within the regulatory sandbox.

10. Develop supervisory convergence tools to support local supervisors in conducting business model analysis in the context of the digital insurance market. Business model assessments are intended to give supervisors the opportunity to better understand the factors that create opportunities and vulnerabilities in insurers’ businesses and, as a result, they should be able to develop a more personalised supervisory plan for individual insurers.

11. Establish a technical standard (specific template) for cyber risk reporting. It is monitoring the impact of DORA in this area and wants to focus on tacit underwriting.

12. It will focus on outsourcing to third-party providers. It has already issued its guidelines for outsourcing to the cloud and in the future will also focus on outsourcing of claims handling and UW to third countries.