Solvency II's 2026 Revision Gives U.S. Actuaries an Emerging-Risk Governance Benchmark

EIOPA's March 30, 2026 final report on Solvency II supervisory reporting (EIOPA-26-081) proposed cutting quarterly templates by 26 percent and annual templates by 30 percent for solo undertakings, with reductions of 36 and 44 percent respectively for small and non-complex insurers, and a 22 percent reduction in total data points across the entire template set. Those numbers, and the January 30, 2027 hard deadline attached to them, are the most-cited outputs of the Solvency II review in the trade press. For U.S. actuaries, the reporting reduction is background noise. The governance changes running beneath it are not. Directive (EU) 2025/2, which cleared the European Parliament on November 27, 2024, formally embedded mandatory climate scenario analysis inside ORSA, introduced Liquidity Risk Management Plans for selected carriers, expanded the ORSA scope to require macroeconomic scenario coverage, and created macroprudential intervention tools with no equivalent in U.S. state solvency law. The NAIC Journal of Insurance Regulation published a paper on June 1, 2026 examining how emerging risks are being integrated across both EU and U.S. frameworks. Running that comparison against the NAIC's open workstreams, including the RBC Model Governance Task Force gap analysis launched in February 2026 and the ongoing ORSA Guidance Manual review, surfaces a specific set of structural gaps.

These are not distant regulatory policy questions. They are governance decisions that will appear in ORSA submissions, group capital assessments, and board risk committee documentation as early as the 2026 annual cycle for EU subsidiary operations, and as near-term NAIC rulemaking considerations for U.S.-only carriers.

Jan 30, 2027

Hard deadline for full implementation of Directive (EU) 2025/2 requirements, including mandatory climate ORSA scenarios and Liquidity Risk Management Plans

26%

Reduction in quarterly Solvency II reporting templates for solo undertakings under EIOPA's March 2026 final report (EIOPA-26-081)

Minimum number of long-term climate scenarios (differentiated by temperature pathway) now required inside EU insurer ORSA documents

The Revised Directive and Five Structural Changes

Solvency II launched in 2016 with a three-pillar architecture: quantitative capital requirements in Pillar 1, qualitative governance and risk management in Pillar 2, and reporting and transparency in Pillar 3. The Directive (EU) 2025/2 revision touches all three pillars, but the substantive changes cluster in Pillar 2, where the ORSA sits, and in a new set of macroprudential tools that span the framework. Five structural changes define the 2025 revision as a meaningful departure from the 2016 original.

First, sustainability and climate risk moved from EIOPA supervisory opinion guidance (where it sat from April 2021 onward) into the Directive itself, requiring all insurers to incorporate climate risk into their risk management framework and ORSA. Two long-term climate change scenarios are now mandatory: one consistent with limiting global temperature increase to below two degrees Celsius, aligned with the Paris Agreement pathway, and at least one higher-temperature scenario. The assessment must be refreshed at minimum every three years.

Second, Liquidity Risk Management Plans became mandatory requirements for selected undertakings, with stress testing required across three time horizons: short (days to weeks), medium (months), and long (years). The selection criteria are built into the proportionality framework, with larger carriers holding significant liquidity-sensitive liabilities subject to the full LRMP requirement.

Third, the ORSA scope expanded explicitly to require analysis of the macroeconomic environment and its potential impacts. Previous ORSA guidance required carriers to consider reasonably foreseeable material risks, which in practice meant company-specific stress scenarios. The revised Directive adds a formal macroeconomic layer: the ORSA must now engage with systemic market conditions, not only with risks internal to the carrier's own balance sheet and business model.

Fourth, new macroprudential tools were introduced, including the authority for EIOPA and national supervisors to require carriers to take macroprudential actions when systemic signals warrant. EIOPA fulfilled its mandate to develop technical standards for these tools in November 2025, submitting draft standards to the European Commission.

Fifth, proportionality was formalized through a defined small and non-complex undertaking (SNCU) designation. SNCUs that meet quantitative size thresholds qualify for lighter requirements across governance structure, reporting frequency, technical provisions valuation, ORSA scope, and liquidity risk management planning. The companion Level 2 delegated regulation, published as Regulation 2026/269 on February 18, 2026, confirmed these proportionality carve-outs apply no later than January 30, 2027.

No single change is revolutionary in isolation. Together they represent the first structural update to the framework in nine years, and each change has a U.S. counterpart that is either entirely absent or present only as guidance rather than requirement.

Climate Scenarios: From EIOPA Opinion to Formal ORSA Mandate

EIOPA issued its opinion on the supervision of climate change risk scenarios in the ORSA in April 2021. It was an opinion: influential in supervisory dialogue across the EU 27, widely referenced in ORSA submissions from larger European carriers, but not legally binding. National supervisors could follow it or not. Carriers could acknowledge it in ORSA documentation without running a full two-pathway scenario analysis. The Directive (EU) 2025/2 closed that gap. The climate scenario requirement is now written into the primary law, not left to supervisory opinion.

The two-scenario minimum is specific: one must be consistent with the below-two-degree Celsius pathway and one must be a higher-temperature scenario. EIOPA's updated Guidelines on the Supervisory Review Process, published February 13, 2026, specify how national supervisors should assess whether the undertaking's scenario analysis is credible: the scenarios must be applied to material exposures across both physical risk (acute and chronic) and transition risk channels, and the ORSA must document the exposure assessment that determined materiality.

In the U.S., the NAIC's ORSA Guidance Manual under Model Act #505 lists climate change among the reasonably foreseeable and relevant material risks that an ORSA should address. The word "should" in guidance documents carries a different weight than "shall" in a directive. The operational detail for what a compliant climate risk treatment within a U.S. ORSA looks like, what scenarios are required, at what frequency, with what documentation standards, has not been codified at the model act level. Several large carriers have voluntarily incorporated TCFD-aligned scenario work into their ORSA submissions, and the NAIC's Climate Risk Disclosure survey runs as a separate supervisory workflow. The 2026 position of U.S. solvency regulation on climate in ORSA is roughly equivalent to where EU regulation stood in mid-2021: in scope, but with the specific requirements left to guidance rather than mandate.

The ORSA Implementation Subgroup has considered enhancements to the Guidance Manual on climate, and the NAIC Natural Catastrophe Risk and Resilience Task Force has been active on related disclosure questions. But the Solvency II revision's January 2027 deadline for formal, two-scenario climate analysis inside ORSA has no U.S. equivalent on the current rulemaking calendar. For actuaries at U.S. carriers with EU subsidiaries, this creates a documentation divergence that group-level ORSA sign-off will need to address explicitly: the EU ORSA requires a specific two-pathway climate analysis; the U.S. ORSA does not; and the two documents will be reviewed by different supervisors with different expectations.

Liquidity Risk Management Plans: A Formal Pillar 2 Deliverable

Liquidity risk has existed within the Solvency II framework since 2016 as part of the Pillar 2 governance requirements. It was never a standalone plan-level obligation with specified stress horizons. The Directive (EU) 2025/2 changed that in direct response to the March 2023 banking sector liquidity events and EIOPA's subsequent analysis of insurance sector liquidity positions, which found that surrender risk on unit-linked and index-linked books had been underassessed in several national markets.

Under the revised framework, selected undertakings, those with significant liquidity-sensitive liability structures, are required to maintain a formal Liquidity Risk Management Plan covering three time horizons. The short-term horizon (days to weeks) requires cash flow analysis against creditor and surrender demand scenarios. The medium-term horizon (months) requires assessment of funding resilience and asset liquidation capacity. The long-term horizon (years) requires alignment with the business plan and strategic scenario stress tests that the ORSA already requires. SNCUs face a simplified LRMP, but they are not exempt from maintaining one.

In the U.S., liquidity risk treatment is addressed within the ORSA and through two separate supervisory mechanisms: the statutory liquidity stress testing framework adopted by NAIC for large life insurers (total adjusted capital exceeding $30 billion) beginning with the 2021 reporting year, and the Liquidity Stress Test filed annually by those in-scope companies as a Schedule Y supplement. That framework covers roughly 40 life insurance groups. For P&C carriers, regional life insurers below the $30 billion threshold, and most health insurance groups, liquidity risk treatment is left to ORSA documentation and the company's own risk management framework, with no equivalent to the formal LRMP structure with specified short, medium, and long-term stress horizons.

The LRMP Asymmetry for Mixed U.S./EU Groups

A U.S. holding company that owns a European insurance subsidiary faces a structural documentation gap starting January 30, 2027. The EU entity will be required to maintain a Liquidity Risk Management Plan with short, medium, and long-horizon stress testing. The U.S. holding company likely has no equivalent formal LRMP obligation. Group ORSA documentation prepared to satisfy NAIC ORSA submission requirements may not address the EU subsidiary's LRMP in a way that satisfies EIOPA's supervisory expectations. Actuaries who sign off on group ORSA quality should flag this gap explicitly in the 2026 annual cycle rather than deferring it to the January 2027 deadline.

The Reporting Reduction: What EIOPA-26-081 Actually Means

The March 30, 2026 final report on supervisory reporting is the document behind the "26 percent" headline. Its full title is EIOPA Final Report on Implementing Technical Standards on supervisory reporting and public disclosure requirements under Solvency II (EIOPA-26-081), and it is the product of a consultation that opened in the second half of 2024 and was explicitly tied to the European Commission's cross-sector regulatory burden reduction target of at least 25 percent overall, with a 35 percent target for small and medium enterprises.

The insurance-specific outputs exceeded those thresholds. For solo undertakings, the quarterly template count falls by 26 percent and the annual count by 30 percent. For SNCUs, the quarterly reduction reaches 36 percent and the annual reduction reaches 44 percent. The total reduction in individual data items across the template set is approximately 22 percent. The most consequential operational change for actuarial teams is the movement of asset look-through detail from quarterly to annual frequency, and the consolidation of reinsurance recoverables reporting into a counterparty-aggregated quarterly summary with cession-level detail retained only annually.

EIOPA included a transitional provision in the ITS on supervisory reporting. That provision allows carriers to apply the annual reporting simplifications to their 2026 year-end annual submissions even though the full amended ITS does not formally take effect until January 30, 2027. Quarterly reporting simplifications apply from the Q1 2027 reference date, with the first amended quarterly submissions expected in the May 2027 filing window.

For U.S. actuaries, the reporting numbers are useful not because the NAIC Blank and statutory supplemental schedules are organized the same way as Solvency II Quantitative Reporting Templates, but because the EIOPA exercise provides a worked example of what a systematic regulatory burden review actually produces when applied rigorously. The NAIC's statutory financial statement forms have accumulated new disclosure schedules, supplemental exhibits, and investment reporting requirements over the past decade without an equivalent formal scope review. There has been no process comparable to EIOPA-26-081 that asks whether each cumulative data addition to the Annual Statement remains proportionate to the supervisory value it delivers.

The U.S. Framework in the Same Window: ORSA and RBC as of Mid-2026

The NAIC's Risk Management and Own Risk and Solvency Assessment Model Act, #505, became effective in 2014. Its ORSA Guidance Manual frames submissions across three sections: the risk management framework, risk assessment and capital management, and group assessment. The Guidance Manual is reviewed periodically by the ORSA Implementation Subgroup. As of June 2026, the most recent substantive update incorporated feedback on ORSA submission quality and documentation depth, not structural expansion of the risk categories or scenario types required. Climate, cyber, and operational risk are all listed as potential material risks to address. The guidance does not specify mandatory scenario formats, minimum scenario counts, or documentation standards for any of them.

On the capital formula side, the NAIC launched the RBC Model Governance Task Force in February 2025 with a mandate to modernize the governance process for risk-based capital formula changes. The Task Force's most significant output to date is a comprehensive gap analysis of the current framework conducted by Bridgeway Analytics, covering Life, Health, and P&C formulas simultaneously. The gap analysis, which received comments at the February 10, 2026 Task Force meeting, identified asset-specific calibration inconsistencies, structural gaps across formula lines, and the process by which new risks, including cyber, climate, and macroprudential exposures, would be incorporated into future factor updates. As of the Spring 2026 National Meeting, the Task Force had not adopted new RBC factors for any of those three categories, though the gap analysis named all three as candidates for near-term development work.

The existing U.S. treatment of operational risk in RBC provides a useful reference point. The Capital Adequacy Task Force adopted a 3 percent operational risk charge applied after the covariance calculation as a flat add-on to the RBC formula, effective for 2018 year-end reporting. That charge covers cyber risk implicitly as a subset of operational risk. It has not been updated since adoption and is not calibrated to the current cyber loss cost environment: large-account cyber severity has doubled in recent years, and the concentration of systemic exposure in cloud infrastructure and third-party service providers has changed the shape of the cyber tail materially since 2018.

The Solvency II framework's approach to cyber risk followed a different path in the 2025 revision. Rather than an updated capital factor, EIOPA embedded cyber governance into the Pillar 2 supervisory review guidelines revised in February 2026. Those guidelines require national supervisors to assess whether the undertaking has a cyber risk management policy, an IT security function with appropriate resources, and scenario analysis covering at least two cyber stress events. The capital treatment and the governance treatment are parallel but separate. That separation is itself a design choice U.S. regulators have not explicitly made: the NAIC operational risk charge handles capital, but there is no equivalent Pillar 2 governance standard for cyber that supervisors apply across ORSA reviews.

Five Points of Divergence Between the Two Frameworks

Mapping the two frameworks on emerging risk governance produces five structural differences, each with a near-term operational implication.

On climate scenarios: the EU ORSA now requires at least two temperature pathways, assessed every three years, with materiality documentation. The U.S. ORSA Guidance Manual lists climate as a potential material risk and leaves scenario design to the company. U.S. carriers with EU subsidiaries must run the EU scenario analysis. U.S.-only carriers face no equivalent mandatory requirement, though NAIC rulemaking is moving in that direction.

On liquidity risk management: the EU has formalized a three-horizon Liquidity Risk Management Plan for selected carriers from January 2027. The U.S. has a statutory liquidity stress test for large life insurers (greater than $30 billion total adjusted capital), but no equivalent formal LRMP structure for smaller carriers, P&C groups, or holding companies.

On macroprudential tools: the revised Solvency II framework gives supervisors formal authority to require macroprudential action based on systemic signals identified in ORSA analysis. U.S. solvency regulation operates company by company, with the FSOC and Federal Insurance Office occupying adjacent federal space, but no state-level macroprudential activation mechanism built into the ORSA framework.

On proportionality tiers: the EU has a defined SNCU classification with formal carve-outs across governance, reporting, ORSA, and LRMP requirements. U.S. proportionality in solvency oversight is applied informally through state commissioner discretion and NAIC accreditation standards, with no formal tiered ORSA scope requirement built into Model Act #505.

On sustainability integration: sustainability risk is formally part of EU Pillar 2 governance, required within the risk management framework and ORSA. U.S. ESG disclosures (climate risk disclosure surveys, NAIC insurer climate risk survey) and solvency risk management run on separate tracks. There is no formal integration of sustainability risk into ORSA scope requirements at the model act level.

What Groups with European Entities Need to Address Before January 2027

U.S. insurance groups with European subsidiaries have a hard deadline: January 30, 2027, when the revised Directive requirements take effect. For most groups operating EU subsidiaries through a holding structure, the immediate preparation tasks cluster around three areas.

The EU subsidiary's ORSA template needs to be updated to include the climate scenario section: two temperature-differentiated pathways, a materiality assessment documenting why those pathways were selected, and scenario results linked to the relevant risk categories in the ORSA risk register. The ORSA must also explicitly address macroeconomic conditions rather than limiting itself to company-specific stress scenarios. Where the subsidiary qualifies for an LRMP requirement, that plan needs to be drafted, stress-tested across three time horizons, and presented to the board for approval.

Cyber risk documentation within the EU ORSA needs to align with EIOPA's February 2026 updated Guidelines on the Supervisory Review Process. Those guidelines specify that national supervisors will assess whether the undertaking maintains a cyber risk management policy, an IT security function with sufficient resources, and scenario analysis covering at least two distinct cyber stress events. EIOPA guidelines are not directly binding on undertakings, but they set the benchmarks that BaFin, the Central Bank of Ireland, the ACPR, and the other national supervisors across the EU 27 will use when reviewing ORSA submissions in 2027.

The group actuary's sign-off on ORSA quality needs to address the methodology divergence between the EU and U.S. documents directly. A group ORSA that satisfies NAIC ORSA submission requirements may not include the climate scenarios, LRMP documentation, or cyber governance assessment that the EU subsidiary's ORSA now requires. Boards and audit committees reviewing both documents side by side should receive an explicit bridge section explaining the divergence, not an implicit assumption that the two documents are equivalent.

The NAIC JIR Comparison: Where the Frameworks Agree

The NAIC Journal of Insurance Regulation paper published June 1, 2026 on emerging risks in EU and U.S. insurance regulation identifies a point of genuine convergence between the two systems: both frameworks have moved from treating emerging risks as narrative disclosure items to requiring that they be reflected in capital management and risk governance processes. The difference is in the specificity and binding force of those requirements. The EU Directive mandates the form and frequency. The U.S. guidance manual names the risk categories and leaves form and frequency to the company. The practical gap is smaller than the structural gap suggests, because sophisticated U.S. carriers have voluntarily adopted scenario approaches similar to what the EU now mandates. But the floor in the U.S. is set by the guidance standard, not the voluntary practice.

The NAIC Workstreams That Will Narrow the Gap

The NAIC's RBC Model Governance Task Force is scheduled to continue its gap analysis work through the Fall 2026 National Meeting, with recommendations on emerging risk factor development expected in 2027. The gap analysis has specifically identified cyber, climate, and macroprudential risk as candidates for future RBC factor work. The question is not whether those factors will be developed, but in what sequence and on what timeline.

The ORSA Implementation Subgroup's review of potential Guidance Manual enhancements has included climate scenario specificity as one of the areas under consideration. A formal requirement, rather than a guidance suggestion, for at least two climate pathways in ORSA documentation would close the most visible divergence with the EU framework. That change would not require a model act amendment; it would require the NAIC to revise and adopt an updated Guidance Manual through the normal working group process.

The IAIS Insurance Capital Standard comparability assessment adds a third dimension. The ICS, adopted in December 2024 for 61 Internationally Active Insurance Groups across 19 jurisdictions, applies a 99.5 percent VaR solvency standard that is structurally closer to Solvency II's Pillar 1 SCR than to the RBC framework. The U.S. Aggregation Method comparability assessment is ongoing, with a targeted jurisdictional review expected in 2027. For U.S. groups in scope for both the ICS and the Solvency II ORSA through their European entities, the capital standard question and the governance framework question are running in parallel on roughly the same resolution timeline.

Actuaries who track the NAIC's RBC Model Governance Task Force materials against the Solvency II revision will have the most useful advance read on where U.S. emerging risk governance requirements are heading. The EU has set a specific timetable: mandatory climate ORSA scenarios, formal LRMPs, and macroprudential tools all by January 30, 2027. The NAIC's equivalent requirements do not have equivalent deadlines yet. But the gap analysis has named the same risk categories, and the governance framework is moving in the same direction. The distance between where each system sits today is a measure of the speed differential, not a difference in destination.