Group Report 2025

14.3. Activities and objectives in 2024

Based on external and internal developments, activities in 2025 focused on the following:

  • Full internal model

  • Cyber risk and the Digital Operational Resilience Act (DORA)

  • AI Act (Artificial Intelligence Act)

Full internal model

In 2025, work on the “full internal model” project continued as planned. After it was decided to adjust the timetable in 2024, the model was gradually expanded and optimised. The aim remains to finalise the full internal model by 2027 and submit it for official approval. In the meantime, the model is already being used internally in the defined business lines and is being continuously further developed to create a solid basis for final implementation.

Cyber risk and the Digital Operational Resilience Act (DORA)

One focus in 2025 was on strengthening cyber security and implementing the new DORA regulations (Digital Operational Resilience Act). In the face of increasing threats such as from phishing and ransomware, the protection of IT infrastructure and data has been strengthened to avoid financial losses, reputational damage and disruptions to operations.

Key measures included the expansion of the Security Information and Event Management (SIEM) system and the establishment of a Security Operations Centre (SOC) to detect and ward off threats in real time. In addition, training courses were organised for employees to raise awareness of cyber risks. Cyber insurance has been adapted to better cover potential losses. The focus was on building a high level of cyber resilience and full DORA compliance.

AI Act (Artificial Intelligence Act)

In the area of artificial intelligence (AI) and machine learning (ML), UNIQA utilised the opportunities presented by technological advances in 2025 while rising to the associated challenges. Generative AI applications were used for automated customer communication and knowledge management, among other things, and particular attention was paid to data protection and regulatory requirements.

A comprehensive governance framework has already been established to minimise the risk and was further consolidated in 2025. The aim was to use AI and ML technologies responsibly, realise efficiency potential and sustainably improve customer communication.

(Partial) internal model
Internally generated model developed by the insurance or reinsurance entity concerned and at the instruction of the FMA to calculate the solvency capital requirement or relevant risk modules (on a partial basis).
View complete glossary