GRC Report Staff

Europe’s insurance sector is proving resilient in an increasingly unsettled world but the clouds are not lifting. According to the January 2026 Insurance Risk Dashboard published on Thursday by European Insurance and Occupational Pensions Authority, overall risks in the European insurance market remain stable at a medium level, even as persistent geopolitical tensions continue to weigh on the broader economic and market outlook.

The Dubai Financial Services Authority has fined reinsurance broker Ed Broking (MENA) $455,176 after concluding that the firm engaged in misleading and deceptive conduct across a series of reinsurance placements in the Dubai International Financial Centre.

The Dutch Data Protection Authority is sharpening its regulatory focus as it looks ahead to a more complex digital landscape. In its 2026 annual plan, the Authority sets out three priorities that will guide its work through 2028: mass surveillance, artificial intelligence, and digital resilience.

Australia’s Federal Court has ordered Australian Unity Funds Management Limited to pay a civil penalty of $4.95 million (AUD 7.125 million) after finding the firm failed to properly assess whether a retail investment product was suitable for investors, breaching the country’s design and distribution obligations.

Germany’s financial regulator, Federal Financial Supervisory Authority (BaFin), has published new supervisory guidance aimed at helping financial entities manage information and communication technology (ICT) risks arising from the use of artificial intelligence. Released on January 30, 2026, the document focuses squarely on how AI-related risks should be addressed within the framework of the EU’s Digital Operational Resilience Act (DORA).

Artificial intelligence is no longer confined to pilots, innovation labs, or tightly controlled proofs of concept. It is spreading across the enterprise, and in many organizations, governance, risk, and control structures are struggling to keep pace. That tension sits at the center of the 2026 edition of The State of AI in the Enterprise: The Untapped Edge, released this week by the Deloitte AI Institute. Based on a global survey of more than 3,200 senior business and IT leaders, the report captures a moment where AI ambition is accelerating, enterprise exposure is widening, and governance maturity is emerging as a critical constraint on scale.

France’s privacy regulator (CNIL) has sanctioned France Travail and fined the company €5 million over a breach that occurred in the first quarter of 2024. The regulator concluded that the agency failed to put in place security measures commensurate with the risks involved in processing highly sensitive personal data.