PensionsEurope has argued that there is a “broader need for a more comprehensive simplification of [the] Digital Operational Resilience Act (DORA)”, while highlighting concerns about the impact of horizontal financial regulation on IORPs, something it has “repeatedly raised in the past”.

In response to the European Commission’s (EC) call for evidence on the digital omnibus package, PensionsEurope stressed that IORPS remain “fully committed” to meeting the requirements of DORA.

However, the association reiterated that second-pillar pension funds differ significantly from other financial entities, as occupational pensions are typically managed through social partners and are linked to employer affiliation.

“Including IORPs within horizontal financial market regulation – without taking into account their specific characteristics and without applying a level of proportionality that properly reflects their specific role as pension institutions with a social purpose providing financial services – continues to be a fundamentally problematic approach,” it stated.

It pushed for the simplification of DORA, beyond incident reporting, as the specific characteristics of IORPs and their service providers have not been “sufficiently considered” within the current regulatory framework.

Therefore, the association called for technical adjustments to DORA, or supervisory guidance, which could help to “deliver genuine simplification in the field of major ICT-related incidents reporting” by reducing the number of reporting fields and extending reporting deadlines in ICT incident reporting.

“Together, these modifications would considerably ease the compliance burden on IORPs while ensuring that supervisors continue to receive timely and meaningful information,” it stated.

“Simplification must not be interpreted as requiring the creation of a centralised EU reporting hub, as suggested by the European Supervisory Authorities (ESAs) in their recent report.

“From the perspective of the funded pension sector, such a hub would not deliver simplification but rather increase cost and complexity, disrupt already established communication channels with competent national authorities, and risk introducing delays and fragmentation.”

In its submission, PensionsEurope noted that level 1 of DORA already establishes effective mechanisms for the sharing of information that ensures comprehensive cross-authority information flows without the need for a new centralised structure.

In a continuation of its theme of simplification, it suggested that broader aspects of DORA also present opportunities for simplification. It said that DORA should allow for a principle-based approach and, for IORPs, ensure the application of the principle of proportionality defined in the IORP II Directive.

However, it warned that a double layer of regulation should be avoided.

It added that smaller and less complex entities, such as IORPs, should not be subject to the same obligations as systemically critical players.

“Obligations stemming from the oversight regime of critical ICT third-party providers should be streamlined, as they are excessively burdensome,” it said.

On the issue of ICT, PensionsEurope said that requiring pension fund managers to maintain detailed records of their ICT service providers and their subcontractors creates an “excessive regulatory burden that is inconsistent with the principle of proportionality”.

“Addressing these issues – alongside simplifying incident-reporting requirements – would enable the Digital Omnibus to deliver genuine regulatory simplification while fully maintaining the objectives of operational resilience and supervisory objectives,” it stated.

The EC will publish its digital omnibus package on 19 November 2025.

---