Disclosure Requirement IRO-1 – Description of the process to identify and assess material impacts, risks and opportunities
In 2024, VIG conducted its consolidated double materiality assessment using a structured approach in line with the ESRS criteria, including the use of a data model applied to its underwriting and investment portfolios to analyse the positive and negative impact of sectors and their share within the VIG portfolio. This classification is based on widely available sources such as UNEP FI, WWF and other organisations and served as a basis for further discussion. Material topics at the Group level are reported by all fully consolidated subsidiaries according to their classification in the value chain.
Procedure for the double materiality assessment
In the first step, the content requirements of the topical standards according to the ESRS were analysed and identified. On the basis of market standards such as SASB (Sustainability Accounting Standards Board) and GRI (Global Reporting Initiative) it was examined whether additional sustainability topics are relevant for VIG. In addition, company-specific topics were taken into account that were included in VIG’s strategic programme. The value chain was then defined (see chapter ESRS 2 SBM-1 “Strategy, business model and value chain”) and, based on existing documents, the relevant impacts, risks and opportunities were assessed. The double materiality assessment was based on the companies in the financial consolidation group, as they have the greatest influence both financially and in terms of sustainability.
As part of the process, the relevant areas of VIG Holding were identified and their roles were defined in relation to the consolidated double materiality assessment and the respective value chain. The assessment was carried out by expert decision-makers from the local insurance companies and VIG Holding. The results were then validated by internal and external experts and stakeholders as well as by all insurance companies of VIG. Following the adoption of a resolution on the results by the VIG Holding Managing Board, they were communicated to all managing board members of the VIG insurance companies for information.
Identification and assessment of impacts
In underwriting, a distinction was made between impacts for corporates and for retail customers (natural persons and small and medium enterprises). A distinction was also made between life and/or health insurance and non-life insurance. This distinction had no impact on the materiality threshold. In addition, asset management was considered separately. Furthermore, the impact of internal operations was assessed. The potential or actual impacts that VIG might have or already has on governance, the environment, and people, including the potential impacts on their human rights, through its own activities were analysed.
Internal stakeholders such as department managers from specialist departments throughout the value chain and contact persons from subsidiaries such as workers’ representatives were involved in the process. As external stakeholders, the Austrian Insurance Association, representatives of civil society (Vienna University of Economics and Business Administration) and NGOs were involved in the process. The consultation included a presentation of the ESRS standards, the double materiality assessment process and the results available, with a focus on the main topic relevant to the respective external stakeholders. The figure below provides an overview of the process.
Process for the double materiality assessment
Potential and actual impacts were prioritised and evaluated as follows:
Scale: how serious the negative impacts are or how beneficial the positive impacts are for people or the environment.
Scope: the extent of the negative or positive impacts, for example the scope of the environmental damage or the number of people adversely affected.
Irremediable character of the impact (only applies to negative impacts): whether and to what extent the negative impacts could be remediated, i.e. whether the environment or affected people could be restored to their prior condition.
Likelihood (applies only to potential impacts): the likelihood that a potential impact will occur.
All evaluations (severity, scope, irreversibility and likelihood of occurrence) were carried out on a scale of 1 to 5, with the materiality threshold set at 3. If one of the dimensions was assigned a rating of 3 or higher but the average rating was below 3, materiality was assessed separately.
Identification and assessment of risks and opportunities
As part of the risk management process, the interactions between the activities and the associated environmental, social and governance aspects were analysed. This enabled risks and opportunities to be identified that could potentially have significant financial impacts on VIG. The criteria specified by the ESRS were used for the assessment of materiality.
The risks and opportunities were assessed in the same way as the impacts, without geographical restrictions, for internal operations as well as for underwriting and asset management.
The materiality of risks and opportunities was assessed on the basis of the likelihood of occurrence (from less than every ten years to more than 100 times a year) and the potential scale of the financial impacts (from insignificant to serious) associated with the risk or opportunity. Sustainability risks were identified as part of the regular risk inventory process. In order to ensure a structured and uniform approach to the identification of sustainability risks throughout the Group, a Group-wide ESG risk catalogue has also been created, taking into account the guidelines of the Austrian Financial Market Supervisory Authority on dealing with sustainability risks. It includes at least those risks that were identified as material as part of the consolidated double materiality assessment. In addition, each of the identified risks that has an impact on VIG is assigned to a specific VIG risk category. The (re-)insurance companies, asset management companies and pension funds review this risk catalogue regularly for completeness as part of a standardised risk management process (“risk inventory”) and supplement it if necessary. All VIG companies mentioned must evaluate the defined or newly added risks on a qualitative basis with regard to the risk and further development and describe any mitigation measures. In the reporting year, the relevant sustainability risks were also identified and assessed at the VIG companies mentioned and at the level of the insurance companies.
Further risks were included on the basis of industry benchmarks. To assess the potential scale, percentages of VIG’s own funds were used in accordance with the approach defined in the Group-wide VIG risk management policy. The likelihood was also assessed on the basis of the likelihood of occurrence defined in this policy. The scenario analyses conducted as part of the company’s internal risk analysis were an important input for the assessment of materiality. In addition, a Group-wide qualitative assessment of sustainability risks was taken into account as part of a secondary analysis (see also “Procedure for the double materiality assessment”). If it was not possible to quantify the risks and opportunities, the materiality of the risks and opportunities was assessed on a qualitative basis.
These risks, which have been identified in the double materiality assessment and discussed with Risk Management, are implicitly or in some cases explicitly taken into account throughout the Group as part of risk management practices. Risks were handled and examined equally without prioritisation.
Processes, control and management procedures in connection with the double materiality assessment
The description of the regular reporting to the administrative, management and supervisory bodies in chapter ESRS 2 GOV-2 “Information provided to and sustainability matters addressed by the undertaking’s administrative, management and supervisory bodies” is also applicable to the consolidated double materiality assessment. Internal control procedures are carried out by various committees. Further information can be found in ESRS 2 GOV-1 “The role of the administrative, management and supervisory bodies”. It is very important to VIG to be fully aware of all the risks to which it is exposed. The Group-wide risk inventory process supports the company in its task of comprehensively identifying and appropriately assessing these risks. The results of the consolidated double materiality assessment have been discussed in detail with Risk Management. Detailed information is provided in chapter ESRS 2 GOV-5 “Risk Management and internal controls over consolidated non-financial reporting”. The process also includes the systematic identification of potential opportunities, which have been evaluated in close cooperation with the VIG Holding departments. The identified opportunities were presented and discussed in various committees (see ESRS 2 GOV-1 “The role of the administrative, management and supervisory bodies”). This structured procedure takes all relevant perspectives into account and effectively integrates opportunities into strategic planning.
Various external data sources were used to carry out the double materiality assessment. These include SASB (Sustainability Accounting Standards Board), ISS ESG Rating (Institutional Shareholder Services), MSCI (Morgan Stanley Capital International), Sustainalytics, CDP (formerly Carbon Disclosure Project) and the World Economic Forum Global Risks Report. Some topics, such as responsible business conduct and claims processing, were assessed on the basis of a peer group analysis.
In 2025, VIG conducted a review and update of the double materiality assessment. Identified impacts, risks and opportunities were summarised by topic following a structured process in order to avoid redundancies. Based on this categorisation, groups of impacts, risks and opportunities were aggregated in accordance with ESRS 2 AR 18. In addition, positive impacts in individual cases were transferred to actions. Furthermore, the evaluation process aimed to further strengthen communication with internal and external stakeholders on the key topics. In addition to the company-specific topic of social engagement defined in 2024 in ESRS G1 “Business conduct”, two other company-specific topics have been identified: “Artificial intelligence” in ESRS S1 “Own workforce” and “Promoting risk literacy” in ESRS S4 “Consumers and end-users”.
Disclosure Requirement IRO-2 – Disclosure requirements in ESRS covered by the undertaking’s consolidated non-financial report
The disclosure requirements identified and followed in preparing the consolidated non-financial statement on the basis of the results of the double materiality assessment are listed in the annex, including page references to the corresponding disclosures in the consolidated non-financial statement (see “Table for disclosure requirement IRO-2 – List of datapoints in cross-cutting and topical standards that derive from other EU legislation”).
In accordance with the requirements of ESRS 1 Section 3.2 on the identification of material information, VIG has applied a structured evaluation process, which is described in chapter ESRS 2 IRO-1 “Description of the process to identify and assess material impacts, risks and opportunities”. The combination of these inputs ensures that the disclosed information is relevant, comprehensive, and aligned with current priorities and future considerations.
The double materiality assessment is an ongoing process, with a scheduled revision every three years or sooner if significant strategy, market or regulatory changes occur. This is evaluated annually. In addition, VIG monitors emerging issues such as developments in regulatory matters so that they can be taken into account accordingly.
Minimum Disclosure Requirement – MDR-P – Policies adopted to manage material sustainability matters
Below is an overview of Group or Holding Policies and Guidelines, as well as other VIG requirements, established by VIG Holding and to be implemented within VIG depending on their scope of application.
In line with the established document governance framework, VIG governance documents are approved either by the full VIG Holding Managing Board (policies), by the responsible Board member (guidelines), or by the Head of Department or a specific officer (mandatory Operating Procedures). They are reviewed annually to ensure they remain up to date.
All Policies, Guidelines and Operating Procedures are published on the Group-wide Intranet and, where necessary, are also distributed by email to the relevant companies, usually via the respective local contact persons. This ensures that the information is accessible to and usable by those who must comply with the regulations.
The strategic objectives and concepts are described in the “Group Strategy evolve28” section of the Group Annual Report.
VIG strategic programme and sustainability programme
With the involvement of members of the managing boards of the Group companies, the management of VIG Holding has developed the VIG 25 strategic programme, covering the period 2021–2025. Based on insurance industry trends, VIG sets targets and formulates actions that focus on financial stability and profitability, customer proximity, sustainability and market growth. As part of this strategic programme, the VIG sustainability programme was also developed, which aims to further strengthen the importance of sustainability as an integral element and foundation of VIG’s business model and thus ensure the Group’s future success.
At the end of 2025, the “VIG 25” strategy programme was replaced by the further development of “evolve28”, which describes VIG’s strategic orientation for the years 2026–2028. Sustainability has been incorporated into the new strategy as a Group programme. As a result, there are no material changes to the existing sustainability programme or to the associated targets, other than their further expansion and deepening. One of the ways in which sustainability has already been integrated into the business processes is through the “Responsible Insurance” and “Responsible Investment” declarations, which are described in more detail in ESRS E1-2 “Policies related to climate change mitigation and adaptation”. The scope of the strategic and sustainability programmes includes (re-)insurance companies and non-insurance companies. Specific policies and guidelines are implemented locally through the sustainability programme, with the support of the Group Sustainability Office in collaboration with the insurance companies and selected non-insurance companies (further details can be found in ESRS E1-4 “Targets related to climate change mitigation and adaptation”). Local management is responsible for the local policies and guidelines. VIG’s strategy and sustainability approach, including the “Responsible Investment” declaration and “Responsible Insurance” declaration, is publicly available on VIG’s website. For more information, see “Disclosures stemming from other legislation or generally accepted pronouncements on the consolidated non-financial report”.
Since the 2023 financial year, VIG Holding has been working to support the insurance companies in implementing the requirements of the sustainability programme in the best possible way, particularly with regard to decarbonisation options. To this end, discussions were held with the insurance companies under the leadership of the Group Sustainability Office and the relevant departments in the reporting year. The focus was primarily on discussing the steps required for local implementation of the sustainability programme, the creation of measures to reduce emissions and the use of various tools for local support.
ESRS cross-cutting requirements
Concepts that are referenced in two or more key ESRS topics are listed under “ESRS cross-cutting requirements”.
Code of Business Ethics
The Code of Business Ethics is a Group Policy based on the company’s mission statement and the values of VIG. It serves as a uniform code of conduct in VIG by setting binding minimum standards. It is a general guideline for day-to-day business and for relationships with customers, business partners, shareholders and the general public. The code contains the following 15 guardrails:
Compliance with Legal, Regulatory and Internal Provisions
Protection of Human Rights
Diversity and Inclusion
Environmental Protection
Healthy and Safe Workplace
Protection of Company Property
Prevention of Conflicts of Interest
Prevention of Corruption and Bribery
Data Protection
Management of Confidential Information
Fair Competition
Prevention of Market Abuse
Prevention of Money Laundering, Financing of Terrorism and Breaching of International Sanctions
Fair and Professional Treatment of Customers
Reliable Communication
Additional, Group-wide regulations may apply to individual areas of the code, such as conflicts of interest, procurement, international sanctions and money laundering prevention.
The code was approved by the VIG Holding Managing Board and must be implemented at the level of the VIG companies on the basis of a Managing Board resolution. It applies to all VIG (re-)insurance companies, asset management companies and pension funds, whether or not they are based within the European Union or outside of it, provided that VIG Holding (directly or indirectly) holds more than 50% of the shares. These VIG companies are themselves responsible for the appropriate and effective implementation of the code and proper communication of the code to all employees. This also includes training sessions given in the VIG companies. Each one of the companies mentioned must determine, on the basis of a risk-oriented approach, which of their subsidiaries fall within the scope of the Code of Business Ethics and ensure that it is implemented accordingly. Therefore, it has also been implemented in certain non-insurance companies, or their business activities are aligned with the 15 guardrails (see Chapter ESRS G1-3 “Prevention and detection of corruption and bribery”).
The code is reviewed annually to ensure that it is up to date and, if necessary, adapted by Compliance (incl. AML) of VIG Holding. Local compliance officers or Compliance (incl. AML) offer guidance on these matters and on reporting channels compliant with local regulations that can be used to report perceived misconduct (see chapter ESRS G1-1 “Corporate culture and business conduct policies”). The code of conduct applies to all employees, regardless of their position in the company. Furthermore, it calls for customers and business partners to also behave in accordance with the guardrails of the code of conduct. The Code of Business Ethics is publicly available online at group.vig/en/cobe.
Data protection
In both the company’s own interest and in the interest of all policyholders, business partners and employees, great importance is given to the protection of confidential information (business and trade secrets) as well as compliance with statutory data protection regulations (particularly the EU General Data Protection Regulation/GDPR).
Within VIG, a data protection management system has been established, which is continuously further developed, managed and monitored by VIG’s Data Protection Coordinator, who is also the Data Protection Officer of VIG Holding (see chapter ESRS S4-4 “Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities in respect of consumers and end-users, and effectiveness of those actions”).
At the VIG Holding level, the Data Protection Officer of VIG Holding has also set up a data protection management system that ensures compliance with the GDPR and other data protection-relevant regulations. The core element of the Data Protection Management System at VIG Holding level is a guideline aimed at all employees. The regulations and requirements apply to the office workplace, the home workplace and mobile working.
The Data Protection Officer of VIG Holding reports directly to the full Managing Board, both annually and on an ad hoc basis. From an organisational point of view, the VIG Holding Data Protection Officer is integrated into Compliance (incl. AML) of VIG Holding which supports them in the fulfilment of their tasks. Data Protection Management within the operational organisation provides support, in particular on awareness measures and data protection issues that are related to the operational organisation.
Risk management
The Group policy Risk Management defines ten risk categories which cover all possible sources of risk, including sources connected to sustainability risks/ESG factors (environment, social and governance).
All (re-)insurance companies, asset management companies and pension funds fall within the scope of the guideline. The overall responsibility for the risks assumed by VIG lies with the full VIG Holding Managing Board. The responsibility for the risks assumed by the local companies lies with the local managing boards. Within every company, the risk owners for each risk category or sub-risk category are defined during the risk inventory process in order to ensure clear responsibilities at the local level. The document is based on Articles 44 and 246 of the Solvency II Directive and Article 259 of the Delegated Regulation on Solvency II.
The Group policy Risk Management is an essential component of the (risk) management framework within VIG. It supports an active risk culture by comprehensively describing and defining the risk management system, including the risk management organisation and its central risk management processes. The interests of the main stakeholders were taken into account in the definition of the policy. Both the policy and close cooperation between VIG Holding and the local companies enable consistent Group-wide processes and appropriate reporting, taking local circumstances into account. In addition, the policy ensures compliance with the requirements of Solvency II.
Asset management
The Group policy on asset management applies to all (re-)insurance companies of VIG, including VIG Holding, and governs the management of all types of investments and transactions, including, but not limited to, securities (equities, bonds and investment funds), loans and advances, term deposits, financial derivatives, real estate and participations. In addition, this Group-wide policy integrates sustainability matters and requires compliance with VIG’s environmental, social and governance (ESG) requirements, as well as compliance with regulatory requirements.
The Group policy is also in line with VIG’s “Responsible Investment” ESG strategy, which prescribes the integration of environmental, social, governance and human rights aspects into investment processes. The perspectives of key stakeholders are given careful consideration in this context. The aim is to reconcile economic objectives with social and environmental responsibility and to reflect VIG’s commitment to sustainable investments.
Additional requirements for ESRS E1 “Climate change mitigation”
Responsible insurance in corporate business
VIG integrates sustainability into its business operations by assessing environmental and natural disaster risks through Risk Consult Sicherheits- & Risiko- Managementberatung GmbH (Risk Consult) and developing risk mitigation strategies together with customers. Its “Responsible Insurance” declaration provides for underwriting limits for carbon-intensive sectors and excludes insurance for unconventional oil and gas extraction and new deep-sea mining projects, which corresponds to the climate criteria set out in the chapter ESRS E1 “Climate change”. The declaration has been valid since March 2024 for all (re-)insurance companies of VIG. It excludes projects and companies that do not meet VIG’s climate criteria and permits exemptions in the coal sector only if they are in line with the national transition plans and meet the conditions of the “Responsible Insurance” declaration described in chapter ESRS E1 “Climate change”. The requirements approved by the VIG Holding Managing Board are implemented by the management of each VIG company, which must adapt underwriting to national energy strategies and, in exceptional cases, obtain local approval. The underwriting policy is based on European practices and national energy supply strategies and takes relevant EU transition and emissions standards into account. The declaration promotes a transition to a low-carbon economy while ensuring continued insurance coverage for customers and communities. It also takes social criteria into account by requiring customers from the transition sector to submit plans for a just transition for employees and affected regions. It is publicly available at group.vig/en/underwriting.
Responsible investment
VIG has adopted a Responsible Investment declaration, which defines sustainability aspects in its investment decisions. It sets out clear principles for responsible asset management, combining exclusion rules with an engagement approach aimed at encouraging companies to improve their environmental, social and governance performance. The declaration applies to all VIG (re-)insurance companies and includes direct investments, including those via consolidated investment funds, with the exception of securities issued by state or supranational institutions. The requirement was approved by the VIG Holding Managing Board, which bears overall responsibility for implementation, supported by the Group Asset Management incl. Real Estate department, which is responsible for operational implementation and monitoring.
The approach is consistent with international frameworks such as the UN Global Compact. The engagement activities are carried out by the external partner ISS ESG. By embedding sustainability in its investment processes, VIG promotes the interests of its stakeholders. The Responsible Investment declaration is publicly available on the VIG website. More detailed information, including specific criteria and climate related aspects, can be found in chapter ESRS E1 “Climate change”.
Sustainability Bond Framework
VIG has a Sustainability Bond Framework, which was updated in 2025 and sets out the principles and processes for issuing sustainability-related financial instruments. The framework is designed to target funding for activities with potential environmental or social impacts. However, it also defines exclusion criteria in certain sectors (including fossil energies or weapons) and describes the process for project evaluation and selection as well as the management of revenues.
The framework also stipulates that an “allocation report” on the use of funds and an “impact report” on the environmental and social impacts achieved should be published within one year after issue (and thereafter annually). In this context, a Sustainability Bond Committee was established in connection with the issuance of the first sustainability bond in 2021, which ensures that the funds are used in accordance with the framework and that appropriate reporting is provided. It consists of representatives from various areas of VIG – including Group Treasury & Capital Management, Asset Management incl. Real Estate and Compliance. The framework was verified by the independent ESG rating agency Sustainalytics by means of a second-party opinion and is publicly available at group.vig/sustainability-framework2025.
Additional requirements for ESRS S1 “Own workforce”
Fit & Proper
The qualification of persons in key functions is an important factor for the success of (re-)insurance companies. The Group Policy Fit and Proper therefore defines whether a person is professionally qualified (“fit”) and whether they are personally reliable (“proper”), i.e. whether they meet the standards of personal integrity. All (re-)insurance companies of VIG in the EU and Liechtenstein are obliged to apply this Group Policy in full. Other (re-)insurance companies as well as fully or at-equity consolidated non-insurance companies, in accordance with the Group guideline “HR Non-Insurance Companies”, are required, as a minimum requirement, to comply with national law and generally defined standards, such as those relating to anti-discrimination, required qualifications, continuing education or conflicts of interest. The Group Policy Fit & Proper guideline must be reviewed and updated annually by VIG Human Resources if adjustments are necessary on account of changes in the regulatory environment or for internal reasons. VIG Human Resources is available to the companies if they have any questions regarding implementation.
Remuneration
Working hours, required qualifications, as well as the duties and responsibilities of the position in question are all taken into account when setting remuneration levels. It is ensured that the salary does not fall below the minimum wage stipulated under national law or existing collective bargaining agreements. If a variable remuneration component is agreed, the underlying objectives must be communicated in a transparent and clear manner and updated annually. All (re-)insurance and reinsurance companies of VIG in the EU and Liechtenstein are obliged to apply the Group Policy in full. Other (re-)insurance companies as well as fully or at-equity consolidated non-insurance companies, in accordance with the Group guideline “HR Non-Insurance Companies”, are required, as a minimum requirement, to comply with national law and the basic standards defined in the relevant requirements. The Group Policy Remuneration must be reviewed and updated annually by VIG Human Resources if adjustments are necessary on account of changes to the regulatory environment or for internal reasons. VIG takes all relevant statutory requirements into account when setting out and applying the Group Policy. VIG Human Resources is available to the companies if they have any questions regarding implementation.
Diversity strategy
The diversity strategy is based on a genuine appreciation of diversity and an open approach to different backgrounds and perspectives. The aim is to ensure equal opportunities and consistently prevent discrimination. The diversity strategy seeks to promote an inclusive corporate culture through conscious use of diversity, which supports innovation, cooperation and long-term diverse succession planning.
All (re-)insurance companies of VIG are required to implement the diversity strategy. Non-insurance companies in accordance with the Group guideline “HR Non-Insurance Companies” are required to observe the basic principles of diversity management. Management and the HR departments are responsible for the implementation. At VIG Holding level, the focus is on the three dimensions of gender, generations and internationality. In accordance with the principle of local entrepreneurship, the VIG companies choose their own diversity priorities and are independently responsible for the implementation of the diversity concepts. A diversity officer has been appointed to provide coordination and advice. She supports both the holding company and the local VIG companies in implementing and further developing the respective diversity concept. The diversity strategy is described in the Corporate Governance Report. In addition, the topic of diversity will be integrated into Group-wide training programmes.
HR strategy
VIG’s HR strategy provides the framework for addressing key topics under ESRS S1 “Own workforce”. Its objective is to position VIG as a diverse, innovative and learning organisation and to strengthen employees’ motivation, skills and long-term commitment. The HR strategy applies to all VIG (re-)insurance companies. For fully or at-equity consolidated non-insurance companies in accordance with the Group guideline “HR Non-Insurance Companies”, certain basic standards apply. Measures are individually adapted to local circumstances by the local HR departments. Responsibility for implementation lies with the Managing Board, supported by the local HR departments, which are responsible for operational implementation and monitoring.
Artificial Intelligence (AI) – Governance
VIG is committed to the responsible and ethically grounded use of artificial intelligence (AI) in order to ensure innovation and value creation in line with the fundamental rights and security of our stakeholders. In strict alignment with the EU Artificial Intelligence (AI) Act, a Group-wide governance framework has been implemented to ensure compliance with the highest ethical and legal standards. The VIG AI Governance guideline forms the basis for the group-wide framework for responsible AI governance. The core elements aim to govern the entire lifecycle of AI systems (design, development, procurement, deployment and use) across all VIG companies. The guideline defines key governance principles, including ethical use and social responsibility, human oversight and autonomy, risk management, safety and reliability, as well as transparency and explainability. It establishes clear processes for the identification of AI systems, risk and value assessment, and the classification-based application of the requirements of the EU AI Act (prohibited, high-risk, limited and minimal risks). A key component is the establishment of an AI system register for the central recording of all AI initiatives.
The AI Governance guideline applies to all VIG (re-)insurance companies, asset management companies and pension funds of VIG, including VIG Holding within and outside the European Union, provided that VIG Holding (directly or indirectly) holds more than 50% of the shares. Explicit exclusions apply to activities or AI systems classified as prohibited practices under Article 5 of the EU AI Act; their development, procurement, provision or use is prohibited across the Group. Ultimate accountability for the implementation of and compliance with the AI Governance guideline lies with the VIG Holding Managing Board. At the operational level, the Head of VIG Data and Analytics, responsible for VIG Data and Analytics (CDIAO), chairs the VIG AI Board. Management and coordination are the responsibility of the VIG Data and Analytics unit in VIG Holding, which acts as the central point of contact. At the local level, the local Managing Board is responsible for approving and implementing the guideline in a timely manner, as well as for appointing an AI contact person.
The AI Governance policy is primarily aligned with compliance with Regulation (EU) 2024/1689 of the European Parliament and of the Council (EU AI Act) and its subsequent amendments. In addition, the guideline takes into account the requirements and principles of the General Data Protection Regulation (GDPR), particularly with regard to data quality, data protection practices and the rights of data subjects. The guideline ensures that all AI activities also comply with the standards of relevant industry regulations (e.g. DORA for financial companies), where applicable.
The AI Governance guideline is published internally on Groupnet. In addition, the establishment of a VIG network for AI officers (in 2025) provides a collaborative platform and enables the continuous improvement of implementation across all entities.
Additional requirements for ESRS S4 “Consumers and end-users”
Unit-linked life insurance – Investments
The Group guideline sets out minimum standards for the selection, monitoring and due diligence of asset managers and investment funds associated with unit-linked life insurance products (Unit-Linked, UL). It defines the processes and responsibilities for both group-wide and local partnerships and covers due diligence, regular follow-ups and reporting obligations. The guideline aims to ensure transparency, a sound investment policy and compliance with regulatory requirements such as Solvency II. This Group guideline applies to all VIG (re-)insurance companies offering UL products, regardless of whether they operate within or outside the European Union. The member of the VIG Managing Board responsible for asset management is responsible for approving and overseeing the implementation of this guideline. The local companies ensure implementation either through direct approval by their respective member of the Managing Board or by incorporating it into a local governance document.
The Group guideline is aligned with European regulatory standards, in particular Solvency II and the Insurance Distribution Directive (IDD), which require comprehensive due diligence and regular regulatory reporting. The Group guideline protects the interests of customers, shareholders and supervisory authorities by preventing financial and reputational risks through transparent and compliant investment processes. It takes local market perspectives into account and promotes collaboration between local asset management units and VIG Asset Management (incl. Real Estate) to ensure that investment decisions are aligned with stakeholder expectations, regulatory standards and responsible business practices. External stakeholders such as asset managers are informed about the applicable requirements through standardised due diligence and reporting processes.
Life insurance
The VIG Group policy Life Insurance establishes group-wide principles for the life insurance business of VIG and defines uniform standards for product development, portfolio management, distribution, remuneration and the quality of information in order to ensure sustainable profitability and long-term growth. It applies to all life insurance companies and is overseen by the VIG Holding Managing Board, while local implementation is carried out by the respective Managing Boards of the VIG companies. The guideline sets out requirements for product design, including actuarial documentation, profitability tests, legal and compliance reviews, as well as the management of existing contracts and the promotion of transparent and comprehensible communication with customers. When defining the guideline, the interests of customers, distribution partners, supervisory authorities and shareholders are taken into account, particularly through measures to ensure clarity of information, sustainable product development and responsible distribution practices. It is aligned with external and internal standards such as the Insurance Distribution Directive (IDD), the requirements of the European Insurance and Occupational Pensions Authority (EIOPA) and the VIG Life Reinsurance Policy.
Underwriting for retail and standardised SMEs
The VIG Group guideline Underwriting Retail & Standardized SME sets out principles for underwriting and product development in the non-life insurance business for retail customers and standardised SMEs. It describes the entire product development process as well as requirements relating to reinsurance, ESG integration, monitoring and continuous improvement. The guideline applies to all operational VIG insurance companies and is overseen by the VIG Holding Managing Board; local implementation is the responsibility of the respective Managing Boards of the VIG companies. It is aligned with external standards such as the IDD (Insurance Distribution Directive), the EU Green Deal and requirements of the European Insurance and Occupational Pensions Authority (EIOPA).
Information security
The Group information security guidelines apply to all (re-)insurance companies, asset management companies and pension funds, as well as to all non-insurance companies that support insurance companies in the field of IT (i.e. IT service providers), provided that they have their own IT organisation and do not use an IT environment that is shared with affiliated insurance companies in which VIG directly or indirectly holds a majority stake. The companies are responsible for ensuring that their subsidiaries and branch offices comply with the provisions of this guideline. The guidelines are aligned with the ISO/IEC 27001 standard and with mandatory measures for establishing effective controls for electronic information and data, information systems and computer applications, computer, telecommunications and network facilities and equipment, as well as for preventing the loss of confidentiality, integrity and availability. All employees and, where relevant, contractors receive information security training suitable for their job functions.
Third-party risk management
The Group guideline on third-party risk management sets out group-wide principles for the identification, assessment and mitigation of risks arising from the use of ICT services provided by third-party service providers. The guideline defines the entire third-party risk management process, from due diligence to monitoring and the obligation to maintain a Digital Operational Resilience Act (DORA) information register. It applies to all (re-)insurance companies, asset management companies and pension funds, as well as to in-house IT service providers. Responsibility for approval and strategic implementation lies with the Chief Operating Officer (COO) of VIG Holding. Local implementation is the responsibility of the respective Managing Boards of the VIG companies. The Group guideline is primarily aligned with external standards such as DORA and its delegated acts and takes into account the interests of supervisory authorities and the operating companies.
IT risk management
The Group guideline on IT risk management applies to all (re-)insurance companies, asset management companies and pension funds, as well as to all non-insurance companies that support insurance companies in any way in the field of IT (i.e. IT service providers), provided that they have their own IT organisation and do not use an IT environment that is shared with affiliated insurance companies in which VIG directly or indirectly holds a majority stake. The companies are responsible for ensuring that their subsidiaries and branch offices comply with the provisions of this guideline.
The guideline is aligned with internationally recognised best practices and/or standards such as the ISO/IEC 27005 standard or COBIT 5.0. All employees and, where applicable, contractors have access to specialist articles and can participate in regularly held training sessions and knowledge-sharing meetings.
Additional requirements for ESRS G1 “Business conduct”
Compliance management system
The Group-wide policy Compliance Management System policy provides minimum requirements and standards for the implementation of a compliance management system as an integral part of an effective Group-wide governance system and fulfils the requirements for a compliance policy according to Art 270 of Commission Delegated Regulation (EU) 2015/35, Art. 10 of Commission Directive 2010/43/EU and Art. 61 of Commission Delegated Regulation (EU) 2031/2013.
It describes in detail how the compliance management system must be established at the level of VIG Holding and the VIG companies, which tasks and responsibilities are performed by the local compliance officers, and how the interaction between VIG Holding and the local level is organised within VIG Compliance (incl. AML). Further details regarding VIG’s compliance management system are governed by an additional Group-wide compliance management implementation guideline.
The Compliance Management System policy also covers the authorisation to draft Group-wide guidelines on compliance-related topics in certain fields. It applies to all (re-)insurance companies, asset management companies and pension funds, provided that VIG Holding (directly or indirectly) holds more than 50% of the shares.
Conflicts of interest
The prevention of conflicts of interest is one of the 15 guardrails of the COBE and is complemented by a group-wide guideline on conflicts of interest. It sets out minimum standards for the identification, prevention, handling and disclosure of conflicts of interest. It also establishes a common understanding of conflicts of interest and defines situations in which conflicts of interest may arise (see also Chapter ESRS G1-3 “Prevention and detection of corruption and bribery”). The guideline applies to all (re-)insurance companies, asset management companies and pension funds, provided that VIG Holding (directly or indirectly) holds more than 50% of the shares.
Prevention of money laundering and terrorist financing
The Group-wide guideline on the prevention of money laundering and terrorist financing sets out Group-wide minimum standards for the prevention of money laundering and terrorist financing based on the 4th and 5th EU Anti-Money Laundering Directives. These include requirements relating to internal controls, strategies and procedures, such as the appointment of local anti-money laundering officers, the preparation of a company-wide risk assessment and a local policy, the conduct of training, rules for fulfilling customer due diligence obligations and for submitting suspicious activity reports (see also chapter ESRS G1-3 “Prevention and detection of corruption and bribery”). The guideline applies to all (re-)insurance companies, asset management companies and pension funds, provided that VIG Holding (directly or indirectly) holds more than 50% of the shares and that they are subject to EU or national regulations on the prevention of money laundering and terrorist financing.
International sanctions
To ensure compliance with the sanctions regimes that are relevant for VIG in any case – namely those of the United Nations, the European Union, the United States of America and the United Kingdom – as well as any other local sanctions regimes, a Group-wide guideline has been adopted. This guideline applies to all (re-)insurance companies, asset management companies and pension funds, provided that VIG Holding (directly or indirectly) holds more than 50% of the shares. It requires VIG companies to screen customers, investment recipients, employees, suppliers and other business partners before entering into a business relationship, as well as all payment recipients before executing payments. In addition, the guideline sets out specific due diligence requirements for certain countries and goods. In addition, the use of sanctions clauses is required under the guideline. At the level of VIG Holding, there is a separate guideline that further specifies and supplements the minimum standards set out in the Group guideline (see also chapter ESRS G1-3 “Prevention and detection of corruption and bribery”).
Minimum safeguards screening in underwriting
The guideline establishes group-wide uniform processes for the application of minimum safeguards in the underwriting process and thereby ensures compliance with Article 18 of the EU Taxonomy Regulation (EU) 2020/852 regarding the reporting of taxonomy-aligned premiums. This VIG Group guideline applies to all operational (re-)insurance companies that underwrite premiums in accordance with taxonomy eligibility. It sets out appropriate screening procedures at various stages of the customer relationship, uses market-standard screening tools and defines processes for handling relevant screening results.
Minimum Disclosure Requirement – Actions MDR-A – Actions and resources in relation to material sustainability matters
Above all, the priorities defined in VIG’s strategy and sustainability programme apply, which are described in the Group Annual Report. Actions relating to material sustainability matters are described in the thematic standards; see, for example, ESRS E1-3 “Actions and resources in relation to climate policies”.