EIOPA oversight 2025 activities, documented in a report published on 26 June 2026, reveal a regulator pushing national competent authorities harder than ever toward a common supervisory standard — with cross-border insurers, internal-model groups and the DallBogg enforcement sequence all feeling the pressure. The EIOPA Oversight Activities Report 2025 catalogues a year of intensified country visits, sharper college engagement, and — for the first time — formal digital operational resilience oversight under DORA. For cross-border insurers and their supervisors, the direction of travel is unambiguous: convergence is no longer aspirational, it is operationally enforced.
Ten Country Visits, 33 Colleges: Reading the 2025 Supervisory Footprint
The headline numbers from EIOPA’s 2025 programme are deceptively compact. EIOPA conducted 10 country visits: three focused on prudential topics, six on conduct-of-business supervision, and one on pension-related matters. Against a backdrop of 12 on-site country visits in 2024, the absolute count fell — but the shift reflects a deliberate pivot rather than reduced ambition. The authority applied a risk-based filter to college participation, actively engaging in 33 of the 60 colleges of supervisors, down from 41 EU/EEA Colleges of Supervisors in 2024, concentrating resources where cross-border risk profiles warranted closer scrutiny.
The conduct-heavy weighting of country visits — six of ten — signals that retail market behaviour and policyholder protection remain live fault lines. Three prudential visits kept pressure on balance-sheet adequacy assessments, while EIOPA enhanced coordination among national supervisors and strengthened supervisory capacity across the EEA through technical assessments as well as active college participation. For NCAs in smaller or mid-tier markets, that capacity-building dimension matters: EIOPA’s visits increasingly arrive with benchmarks, not merely questions.
Internal Models Under the Microscope: Comparative Studies as a Convergence Tool
Insurers running internal models face growing analytical scrutiny from the centre. EIOPA’s comparative study programme — which produced four studies in 2024 covering non-life underwriting risk, market and credit risk, life risks, and diversification — fed directly into 2025 supervisory engagements, giving NCAs cross-sectoral benchmarks against which to test local model approvals. The authority’s oversight-related engagements in 2025 spanned a wide range of areas from prudential and conduct-of-business matters to the supervision of internal models and cross-border groups.
For groups with approved partial or full internal models, the practical implication is that no NCA operates in a data vacuum any longer. Where a model’s outputs sit outside EIOPA’s comparative range, supervisors now have an explicit reference point to raise at college meetings. The Solvency II supervisory guidelines locked in for January 2027 implementation will sharpen this further, making model-review timelines and documentation standards central planning items for any group expecting NCA engagement before the end of 2026.
Group Supervision Tightened: December 2025 Guidance Closes the Exclusion Door
One of the most consequential 2025 outputs sat outside the oversight report itself but feeds directly into its narrative. EIOPA’s December 2025 revised guidance on group supervision — referenced in the oversight activities review — streamlined the supervisory framework materially: the number of guidelines was reduced by 33%, stripping out duplication and tightening the remaining text. The substantive policy tightening, however, runs in the opposite direction to the headline reduction. The revised guidance makes explicit that exclusions from group supervision are permissible only in exceptional circumstances and must be duly justified.
That sentence carries real weight for cross-border holding structures that have historically relied on broad interpretations of supervisory perimeter. Group supervisors and NCAs are now expected to document the exceptionality of any exclusion, and the burden of justification sits firmly with the firm and the lead supervisor. For compliance teams managing multi-jurisdictional group structures, revisiting the perimeter assessment before the Solvency II 2027 application date is no longer optional housekeeping — it is a regulatory preparation task with a deadline.
The DallBogg case illustrates how the convergence logic plays out at its sharpest end. The Bulgaria DallBogg licence withdrawal tested EIOPA’s escalation model in a full cross-border enforcement sequence, demonstrating that supervisory convergence is not merely a compliance narrative: it is the framework within which licence continuity decisions are ultimately made.
DORA Enters the Supervisory Mainstream: Digital Resilience as a 2025 First
The most structurally novel element of the 2025 oversight report is the explicit inclusion of digital operational resilience. Following the implementation of DORA, EIOPA’s oversight work extended to digital operational resilience issues for the first time, covering areas such as cyber incident reporting and crisis management preparedness. The January 2025 DORA application date made insurance groups subject to binding ICT risk management, incident classification, and third-party testing requirements — and EIOPA’s first oversight cycle under the new framework has now completed.
The supervisory environment in which this occurred was already demanding. As EIOPA’s 2025 Annual Report noted, 2025 was marked by geopolitical instability, rapid advances in artificial intelligence, more frequent and intense weather events, and the rise of cyber threats — precisely the risk landscape that DORA was designed to address. For insurers, the combination of DORA’s operational requirements and EIOPA’s new oversight mandate means that cyber risk governance and incident-reporting processes will now be stress-tested at the supervisory level in the same way that capital models have been for a decade.
The full scope of EIOPA’s 2025 supervisory programme — from country visits and college engagement to the DORA extension — is detailed in the EIOPA Oversight Activities Report 2025 publication, available through EIOPA’s newsroom. Firms preparing for the January 2027 Solvency II application should treat this report as an advance indicator of where NCA scrutiny is likely to intensify. The EIOPA 2025 Annual Report covering ten years of Solvency II under pressure provides the broader institutional backdrop to the oversight activities documented here.
