Private insurance and reinsurance in Greece is primarily regulated by Law 4364/2016 (the “Insurance Regulation Act”), which transposed EU Directive 2009/138/EC (the “Solvency II Directive”) into Greek law. The Insurance Regulation Act governs the establishment, operation and governance of insurance and reinsurance undertakings in Greece, their capital and funding requirements, the permitted lines of insurance, the insurance contracts and other regulatory matters. While private insurance contracts may, in principle, be freely negotiated by the parties, Law 2496/1997 (the “Insurance Contract Act”) sets minimum standards governing the rights of insurers and insureds, the content of insurance contracts, the pre-contractual and ongoing disclosure obligations of each party, the applicable time frames and the rights to cancel or rescind. Insurance distribution is separately regulated by Law 4583/2018 (the “Insurance Distribution Act”), which harmonized Greek law with EU Directive 2016/97/EU (the “IDD”).

The competent authority for the supervision of the private insurance sector is the Bank of Greece (“BoG”, in Greek “Trapeza tis Ellados”). Through its Occupational and Private Insurance Supervision Directorate, the BoG exercises prudential supervision over Greek insurance and reinsurance undertakings, foreign insurance and reinsurance undertakings operating in Greece through a branch, and Greek insurance distributors. It also monitors the compliance of EU insurance and reinsurance undertakings and insurance intermediaries operating in Greece under the freedom to provide services or the freedom of establishment with the applicable general good requirements. The decisions and guidelines issued by the BoG concerning the operation of insurance and reinsurance undertakings form part of the insurance regulatory framework. The BoG is a member of the Board of Supervisors of the European Insurance and Occupational Pensions Authority (EIOPA).

Although the Greek regulatory framework sets broadly similar requirements for the establishment and operation of all insurance and reinsurance undertakings, it regulates life and non-life insurers and reinsurers differently. Insurers are not permitted to carry on both life and non-life activities in Greece under a single license, except that insurance undertakings which obtained a single license on or before January 1, 1981 may continue to offer both lines under that existing license. This restriction does not apply to reinsurers, which may obtain a single license covering both life and non-life reinsurance.

Primary insurance contracts may be negotiated freely between the parties but must comply with the minimum requirements of the Insurance Contract Act, which is intended to protect the insured as the typically weaker party to the contract. That level of protection is not required for reinsurance contracts, where both parties are deemed to be well aware of the risks involved and of market practice.

Insurance distribution is a regulated activity in Greece and insurance intermediaries are subject to the provisions of the Insurance Distribution Act, which transposed the IDD into the Greek legal order.

Insurance intermediaries seated in Greece are divided in three categories: insurance agents, coordinators of insurance agents and insurance brokers. In order to engage in insurance distribution activities, the insurance intermediaries must meet regulatory requirements and professional standards, which include the obligation to:

• hold a certification of professional skill and knowledge and complete training sessions on yearly basis;
• be registered with the insurance intermediaries’ special register (following submission of evidence regarding the absence of criminal offenses, good standing, professional liability insurance et al.);
• comply with professional conduct and client information requirements.

The conduct of insurance and/or reinsurance activities in Greece is subject to prior authorisation by the BoG. The Insurance Regulation Act provides that the BoG must examine an authorisation request and either grant the authorisation or reject the application within six (6) months from the submission of a complete application. In the event of rejection, or failure to respond within this timeline, the applicant is entitled to file an application for annulment before the Council of State.. The key criteria for an insurance or reinsurance undertaking to obtain a license are that it has the centre of its central administration and its registered seat in Greece, is established in a specific legal form (i.e. société anonyme, inter-insurance partnership or European company) and has as its corporate object the provision of insurance or reinsurance activities or strictly related tasks. The applicant must also provide satisfactory evidence of compliance with the regulatory requirements relating to minimum statutory capital, governance structure, officers’ qualifications and the applicable regulatory framework generally.

EU/EEA insurers and reinsurers may conduct insurance activities in Greece under the freedom to provide services (FOS) or the freedom of establishment (FOE) subject to notifying the BoG prior to the beginning of their operations and complying with the general good requirements applicable in Greece. Non EU/EEA insurance and reinsurance undertakings may operate in Greece through establishing a branch and prior license by the BoG. Non EU/EEA reinsurance undertakings may provide reinsurance in Greece without establishment and local authorization under the principle of equivalence.

No specific restrictions apply to the ownership of, or control over, an insurance undertaking; however, prior notification to the BoG and a regulatory approval are required where a legal or natural person intends to acquire (or further increase), directly or indirectly, a qualifying holding (i.e. at least 10%, 20%, 1/3 or 50% of the share capital) in an insurance undertaking, or to acquire control over such undertaking. Following such notification, the BoG assesses the proposed transfer on the basis of, indicatively, the proposed acquirer’s reputation and financial soundness, the identity and financial standing of the persons controlling the proposed acquirer, the ability of the insurance undertaking to continue to meet the requirements of its operating license, the transparency of the transaction and compliance with applicable anti-money laundering and counter-terrorist financing legislation.

The BoG has the right to make inquiries and request additional information regarding the proposed transfer and must approve or reject the transfer within a period of 60 business days. Assessment period can be suspended by the BoG for up to 20 business days. Such suspension period may be extended by 30 business days in case the proposed acquirer is seated outside the EU.

The applicable regulatory framework does not permit the provision of insurance services without obtaining a license by the BoG. As regards third-country reinsurance businesses, the operation on a non-admitted basis is possible under the principle of equivalence as provided under the Solvency II Directive and implemented in Greece by virtue of the Insurance Regulation Act and the decisions issued by the BoG.

Third-country insurers, insurance brokers or other types of market intermediaries establishing a branch in Greece must comply with the regulatory requirements applicable for the same entities incorporated in Greece. EU/EEA entities operating in Greece under the freedom to provide services (FOS) or the freedom of establishment (FOE) must comply with the general good requirements applicable in Greece.

In addition to the general obligation to comply with the regulatory requirements applicable to equivalent entities established in Greece, branches of overseas insurers may be set up in Greece subject to furnishing the required documentation and information to the BoG and obtaining its prior authorization. In particular, branches of overseas insurers must, inter alia, hold an amount of eligible own funds meeting the solvency criteria of the Insurance Regulation Act, conduct insurance only in the classes for which they have been authorized, appoint a legal representative residing in Greece and meet any applicable reporting and notification obligations. Additional requirements may apply depending on the classes of insurance for which authorization has been obtained (e.g. motor vehicle liability). As with Greek-based insurance undertakings, the transfer of their insurance contract portfolio to Greek, EU/EEA or third-country insurance businesses is subject to BoG approval and to satisfaction of certain conditions, and any expansion of their operations into classes of insurance not covered by their license must first be authorized by the BoG. Where the supervising authority of the home state prohibits the free disposal of the branch’s assets located in Greece, the BoG is obliged to assist in the execution of such decision.

Administrative and criminal sanctions are applicable in case of conduct of insurance activities without prior license.

Natural persons conducting insurance or reinsurance, or intermediating in the conclusion of insurance or reinsurance contracts, in breach of the licensing principle may be punished with imprisonment of at least one (1) year. Where a legal entity operates without a license, the criminal sanctions are imposed on the natural persons exercising its management or administration.

Administrative sanctions may be imposed on both legal entities and natural persons and may consist of a reprimand or a fine of up to €2,000,000. The criteria for determining the administrative sanction and calculating the fine include, in particular, the impact of the breach on the local insurance market or on systemic stability, the prejudice to the interests of the insureds, the actual damage caused by the breach and any remedy provided, the measures taken to avoid recurrence, the level of cooperation with the supervisory authority, the need for specific and general deterrence, and whether the breach is of a continuing character.

Insurance and reinsurance contracts concluded without proper authorization in violation of licensing requirements are considered null and void; however, this nullity and invalidity may not be used against the bona fide contracting parties (policyholders and insurance beneficiaries).

The BoG exercises prudential supervision of the entities operating in the insurance sector with respect to both their activities and their financial condition. Supervision is exercised on both an ex ante and an ex post basis. The BoG has extensive powers to conduct inspections and to investigate written complaints. During investigations, the BoG may access all information and documents relating to the entities concerned, which are not entitled to invoke banking secrecy, data protection laws or any other form of confidentiality to avoid disclosure. The BoG may also impose administrative sanctions, including reprimands, administrative fines, disciplinary penalties and the compulsory termination of insurance activities, depending on the severity of the breach.

The Insurance Regulation Act follows closely the provisions of the Solvency II Directive regarding the applicable solvency requirements. The supervision carried out by the BoG is based on an investigative and risk-based approach and depends, in particular, on the nature, complexity and volume of the risks undertaken by each company. Its scope is mainly prudential in nature. The BoG may carry out on-site and off-site inspections, request any information, and have full access to the books and records of the supervised entities. It generally retains great discretion with respect to the frequency and types of regulatory examinations that it may carry out and has extensive powers to impose corrective measures.

Insurance and reinsurance companies must comply with the solvency capital requirements of the Insurance Regulation Act aiming to guarantee that they are in a position to meet any obligations arising from the conduct of business.

Companies must calculate their solvency capital requirement (SCR) on the assumption that they will carry out business as a going concern. They must also take into account all quantifiable risks that they are exposed to, cover existing business and business to be written in the following 12 months, and have the SCR correspond to the value-at-risk of the basic own funds of an insurance or reinsurance undertaking of a confidence level of 99.5 per cent over a one-year period.

As to the minimum capital requirements, the Insurance Regulation Act introduces the following minimum thresholds (depending on the type of license):

• €2,700,000 for non-life insurers, including captive insurance undertakings (unless such companies insure risks in classes 10 to 15. in which case the minimum capital requirement amounts to €4 million);
• €4,000,000 for life insurers, including captive insurance undertakings;
• €3,900,000 for reinsurance companies (with the exception of captive reinsurers for which the amount is limited to €1,300,000); and
• €6,700,000 for insurance undertakings with a single license for both life and non-life authorised on or before 1 January 1981 (or €8,000,000 in case such companies also cover risks in classes 10 to 15).

The minimum capital requirement may neither fall below 25 per cent nor exceed 45 per cent of the solvency capital requirement, including any capital add-on imposed by the Bank of Greece. The minimum capital requirement must be measured and reported to the Bank of Greece at least quarterly.

Policyholder protection is ensured under Greek law through various schemes, including special guarantee funds, namely:

• the “Private Life Insurance Guarantee Fund” which is established for the protection of life insurance policyholders in the event of bankruptcy or revocation of the license of their life insurance company. The main objective of the Fund, which is supervised by the BoG is to arrange for the smooth transfer of the relevant life portfolio to another insurance company, or to compensate the policyholders for their claims under their respective policies up to the limits set in the law.
• The “Auxiliary Insurance Fund of Liability Arising out of Motor Accidents” which is established and operates under the supervision of the BoG, for the protection of motor-vehicle policyholders in the event of bankruptcy or license revocation of the insurance company, or for the provision of compensation to the policyholders for damage incurred by accidents caused by uninsured vehicles.

Each Fund is financed through mandatory contributions payable, respectively, by the life and non-life insurers writing business in Greece. The contribution is calculated as a per cent over the insurer’s annual gross written premium and a portion of it is charged to the policyholder.

In addition to the above special schemes, the insurance legislation is structured around the protection of the policyholders. In this respect, the Insurance Contract Act mainly consists of mandatory provisions that aim to protect policyholders and insureds and can be derogated only in the direction of enhancing the rights of the policyholders.

According to the provisions of the Insurance Regulation Act, following closely the Solvency II Directive, insurance undertakings belonging to a group are subject to more enhanced supervision, including special solvency calculation methods, intra-group rules for capital generation or deletion, as well as specific arrangements with regard to risk management and internal audit. These provisions apply to captive (re)insurance undertakings, (re)insurance holding companies and mixed-activity insurance holding companies and include inter alia the following obligations:

the notification to the BoG of any significant concentration risk, at least on an annual basis; and

the notification to the BoG, as soon as practicable and at least on an annual basis, of any significant intra-group transactions, including transactions between the insurance undertaking and a natural person with close links to such undertaking.

In case solvency risks are identified, and the BoG is not the regulatory authority in charge of the group supervision, the BoG can take appropriate measures at the level of the insurance undertaking, not at group level.

According to the provisions of the Insurance Regulation Act, insurance and reinsurance undertakings are under the obligation to ensure that members of the Board of Directors, as well as any person responsible for the company’s day-to-day management, including those persons who effectively run the business or are in charge of key functions, must at all times:

• be professionally fit, meaning that they must possess adequate professional qualifications, knowledge and experience to ensure the undertaking’s sound and prudent management;
• be reliable, i.e. of good reputation and integrity.

Proof evidencing the fitness and good reputation of the above persons must be submitted to the BoG, such as criminal records, good-standing et al.

The rule of thumb is that the directors and senior management of a (re)insurance undertaking have civil and criminal liability for acts or omissions, unless there is proof that they have exercised their duties with due care and diligence.

The Insurance Regulation Act additionally provides for the personal liability of the directors and senior managers for regulatory breaches by the insurance undertaking. Indicatively, the BoG has the power to impose to senior managers an administrative fine of up to €2,000,000 in case of violation of the applicable insurance regulatory framework, or of up to €200,000 in case there is refusal to cooperate with the regulatory authority, or a regulatory investigation or audit is hindered or impeded.

In addition to other applicable requirements, insurance undertakings must have the centre of their administration and their registered seat in Greece and be established in a specific legal form (i.e. société anonyme, inter-insurance partnership or European company) in order to obtain a license. Non EU/EEA insurance undertakings that wish to write insurance in Greece must establish a Greek branch following authorization by the BoG and appoint a legal representative residing in Greece. EU/EEA insurance undertakings operating in Greece under the freedom of establishment (FOE) are required to have a branch legal representative residing in Greece, while no minimum presence requirements apply to entities operating under the freedom to provide services (FOS).

The outsourcing of critical or important functions or activities, as well as changes thereto is subject to prior notification to the BoG. The Insurance Regulation Act defines the situations where outsourcing is not permitted, hence shall be prohibited by the BoG. In particular, the outsourcing of functions or activities must not result or threaten to result in:

• materially impairing the quality of the governance system of the insurance undertaking
• unduly increasing the operational risk;
• impairing the capability of the BoG or any other EU regulator to monitor the compliance of the insurance undertaking with its regulatory or other obligations;
• undermining the continuous and full service to the insureds.

The insurance undertaking remains liable for any civil, criminal or regulatory liability or obligation arising in connection with the outsourced services.

In respect of outsourcing to cloud service providers, BoG Executive Act No 180/3/17.12.2020 – adopting the EIOPA guidelines on outsourcing to cloud service providers – sets specific instructions for (re)insurance undertakings and insurance groups outsourcing activities either to cloud service providers or to service providers that, while not directly providing cloud services, substantially rely on cloud infrastructure for the provision of their services. Accordingly, since 1 January 2021 the insurance undertakings concerned are required, inter alia, to update their outsourcing policy, assess the risks relating to each outsourcing arrangement and maintain a dedicated register of such agreements. Additional reporting obligations to the BoG also apply.

Insurance and reinsurance undertakings are required to adopt and maintain risk management policies, including insurance, reinsurance and investment risk management, which shall include principles for the selection of counterparties, provisions for risk reduction and monitoring of creditworthiness and diversification of counterparties. Risk management policies must be consistent with the undertaking’s overall business strategy. In addition, the practices adopted by insurance and reinsurance undertakings must be compliant with the general legal and regulatory obligations as regards relationships with third parties.

As regards digital operational resilience, since 17 January 2025 insurance and (re-)insurance undertakings, (re-)insurance intermediaries and ancillary insurance intermediaries must comply with the requirements of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (the “DORA Regulation”). These obligations aim to enhance cybersecurity and safeguard the operational resilience of insurance undertakings against information and communication technology (ICT) related incidents. In this context, insurance undertakings must, inter alia, put in place an internal governance and control framework and establish ICT-related incident reporting and management processes.

In addition, insurance and reinsurance undertakings are under the general obligation to dispose adequate organizational and operational structures and to be able to adapt such structures to their operations and business environment within a reasonable period of time. Also, insurance and reinsurance undertakings must include in their business continuity policy contingency plans, identifying vulnerable areas and addressing relevant risks, such plans to be updated and tested on a regular basis.

According to Greek law, insurance and reinsurance undertakings are free to decide how they invest their assets, provided that they follow the “prudent person principle”, without being obligated to any kind of limitation, prior approval or notification requirement.

Accordingly, (re)insurance companies investing their assets are required to take into account the best interest of the insured parties and to take steps to secure that the invested capital is always available. Specifically, insurance and reinsurance undertakings with respect to their assets’ portfolio should only invest in assets and securities whose risks can be adequately identified, measured, monitored, managed and reported, by also assessing their overall solvency needs as prescribed by the law. Moreover, the investments, especially the ones that refer to capital associated with the minimum capital requirements and the solvency capital requirements of the company, should take place in a manner that ensures the security, quality, liquidity and profitability of the company’s portfolio. Assets covering technical provisions must, in addition, be invested in a manner appropriate to cover the nature and duration of the insurance liabilities. Finally, certain additional requirements apply in the case of insurance policies associated with investments, where the investment risk is borne by an insured natural person.

Insurance (and reinsurance) undertakings are under the obligation to adopt and maintain risk management policy with regard to reinsurance and other risk mitigation techniques. The risk management policy must at least address matters such as the determination of the amount of risk that the undertaking must transfer or mitigate, the principles of selecting reinsurers, the procedures for assessing effective risk transfer, the liquidity risk management procedures, etc. On the condition that insurance undertakings adhere with the principles adopted in their risk management policies, there are no specific regulatory requirements from a legal perspective regulating the level or type of reinsurance utilized and insurance undertakings are free to decide the allocation of insurance risks without being required to obtain prior approval or provide notification, provided always that they follow the “prudent person principle”.

The sale of insurance in Greece is supervised primarily through a rigorous, insured-focused legal framework designed to ensure that policyholders make informed decisions when entering into an insurance contract. This includes provisions governing the content of mandatory pre-contractual information, the obligations of insurance intermediaries to provide guidance and advice to their customers, claims-handling obligations, cooling-off rights and the policyholder’s right to rescind where the insurance contract deviates from the coverage sought in the insurance application.

The general terms and conditions of insurance products are not subject to prior control or approval by the BoG. The BoG has, however, the authority to request the non-systematic communication of such terms and conditions, to request information with regard to concluded insurance contracts and even to demand the discontinuance of the sale of a specific insurance product, activity or practice if it is found by the BoG to violate the applicable regulatory framework.

Cross-border business operations in Greece by EU/EEA insurance undertakings or intermediaries are allowed on the basis of either the freedom of services (FOS) or the freedom of establishment (FOE) and subject to compliance with the general good requirements set by the BoG. On the contrary, third-country insurance undertakings can undertake business operations in Greece only subject to establishment and authorisation granted by the BoG on the basis of reciprocity with the home country of the insurance undertaking concerned.

As a matter of principle, insurance contracts may be concluded through distance selling or online sales, since the application for insurance, the insurer’s proposal and the policyholder’s acceptance of that proposal can be made in writing, orally or by any technological means (e.g. through the exchange of e-mails or an online application and acceptance process). Law 2251/1994, as in force (the “Consumers’ Protection Act”), implementing into Greek law the provisions of EU Directive 2002/65/EC on the distance marketing of consumer financial services, recognises additional rights for consumers, including policyholders, in the case of distance selling. The Consumers’ Protection Act and the Insurance Distribution Act require that adequate pre-contractual information be made available to consumer-policyholders, in writing or, subject to specific requirements, through any other durable medium, before any commitments under the policy are undertaken; otherwise the policy may be considered null and void. In the case of telephone sales, the process must be recorded with the consumer’s consent and specific information must be provided, including the identity of the person contacting the consumer and that person’s relationship with the insurer.

The Insurance Contract Act comprises a set of semi-mandatory rules intended to protect policyholders and insureds, in the sense that those rules may be derogated from only to their benefit and only to enhance the protection afforded to them under the Insurance Contract Act. The general rule is that all policyholders and insureds are subject to the same set of protective rules, effectively being treated as consumers regardless of whether the insurance relates to their business activities or covers personal needs. Limited derogations in favour of the insurer are permitted where the insurance relates to business activities and covers professional needs, and only with respect to those provisions expressly identified in the Insurance Contract Act. The protective regime of the Insurance Contract Act is not mandatory in respect of certain large risks, and the parties concerned may derogate from it at their discretion.

Insurance Regulation Act includes a general obligation for compliance with Consumers’ Protection Act for the protection of consumers, setting additional requirements for unfair contract terms, distance selling contracts and misleading advertising in insurance contracts. Insurance contracts are also subject to the applicable legal framework for the protection of personal data of individuals.

According to the Insurance Regulation Act, (re)insurance companies established in Greece or operating in Greece under the FOS or FOE regime may freely form their premiums in accordance with their techno-economic needs. Premiums are not subject to systematic notification to or prior approval from the BoG. Only in the context of general price-control system, the BoG may require, following a relevant decision published in the Government Gazette, the notification of premiums and increases thereof. As regards life insurance, the BoG may require insurance companies based in Greece to systematically disclose the technical nature of the data used to calculate premiums and relevant technical provisions solely for the purpose of monitoring compliance with actuarial principles.

The main protections offered under the Insurance Contract Act are summarized as follows:

• the insurer has specific information duties against the policyholder and insured prior to the conclusion of the insurance contract and during its term;
• any agreement limiting the rights of the policyholder, beneficiary or insured is considered null and void;
• the insurer must inform the insured of its right to object to the insurance contract and the right to withdraw from the insurance contract.

Insurance legal and regulatory framework in Greece does not provide for a special resolution regime applicable to insurers.

In the case of complaints raised by insureds against insurance undertakings and insurance intermediaries established in Greece or operating in Greece under the FOS or FOE regime, the regulatory framework provides that the insureds may recourse for an out-of-court resolution of their complaint to the General Secretariat for Consumers or the Ombudsman for Consumers. Insurance undertakings and insurance intermediaries must inform the insureds of their right to out-of-court resolution, also indicating any applicable deadlines.

Greek courts are well equipped to handle complex commercial claims, and there is significant experience and case law in insurance matters. Courts handling commercial claims in Greece are composed exclusively of judges. Where necessary, the courts may appoint experts to assist in clarifying the technical aspects of a claim. The parties may appeal a decision of the Court of First Instance to the Court of Appeal, which will review the matter anew on the merits. Decisions of the Court of Appeal may be set aside by the Supreme Court (Court of Cassation) on points of law only. This system provides an important degree of certainty for the parties involved but may require a material period of time to bring a case to a final conclusion.

The standard market practice is that disputes arising from insurance contracts are subject to the jurisdiction of the competent court – one of the reasons being the high cost of ad hoc and institutional arbitration, which would prevent most insureds from seeking judicial protection. In cases where the risks involved or the claims are considerably high or when the parties prefer to ensure confidentiality of the details of their dispute and faster resolution of the claim, they may address their claim to arbitration. The arbitration agreement must be in writing and may either be included in the insurance contract or negotiated and agreed in a separate agreement.

Under Greek law, insurance disputes can be subject to alternative dispute resolution (conciliation, mediation and arbitration). The Greek Procedural Code encourages alternative dispute resolution through a mandatory mediation process on certain civil and commercial disputes (e.g. economic claims of more than €30,000 and family law disputes) as a condition for addressing the dispute to the court. In the case of insurance claims, the insureds are also encouraged to address to the General Secretariat of Consumers or the Consumer’s Ombudsman for the conciliation of their dispute with the insurer. Although the alternative dispute resolution is promoted, the market trend is that the parties continue to have recourse to the competent courts for the resolution of their disputes. Arbitration clauses are not common to the majority of insurance contracts, mostly due to the higher costs involved as compared to court resolution. Arbitration is usually selected by the parties where the risks involved or the claims are considerably high or when the parties prefer to ensure confidentiality of the details of their dispute or resolve the dispute faster. The arbitration agreement must be in writing and may either be included in the insurance contract or negotiated and agreed in a separate agreement.

Reinsurance disputes are commonly resolved by arbitration and are usually subject to foreign law.

The transfer of all or part of the portfolio of insurance contracts of a (re)insurance undertaking seated in Greece to a Greek or an EU (re)insurance undertaking is subject to the prior approval by the BoG which is granted provided that the transferee insurance undertaking (i) is licensed to conduct business in the same classes of insurance and (ii) possesses eligible own funds to cover the solvency capital requirements as adjusted further to the portfolio transfer. The approval by the BoG is granted subject to the satisfaction of the following additional conditions:

• in case the portfolio comprises risks situated in other EU member state, the regulator of such member state has granted its consent; consent is deemed to have been granted upon expiry of a three-month period that follows the inter-regulator request by the BoG;
• the transfer is not prejudicial to the interests of the policyholders or any other persons having rights or obligations under the contracts to be transferred. Policyholders are given the opportunity to object to the transfer of their insurance contracts; however the BoG can still authorize the transfer if the contracts of the opposing policyholders represent no more than 15 per cent of the entire portfolio.

The decision of the BoG approving the transfer is notified to the EU and the regulators concerned.

Special provisions apply in the case of a portfolio transfer by the Greek branch of an insurance undertaking seated in an EU Member State or a third country.

The Greek insurance market is relatively concentrated, with a limited number of large and mid-sized undertakings holding significant market share following sustained merger and acquisition activity in recent years. Distribution remains largely relationship-driven and continues to rely on traditional agency and brokerage networks, which together with the existing concentration may present structural challenges for new entrants.

From a regulatory perspective, there are no formal barriers to entry for undertakings that meet the applicable requirements. However, the sector is subject to an extensive prudential and conduct framework. Authorisation by the Bank of Greece requires full compliance with the regime established under Law 4364/2016 (implementing Solvency II), as well as the Insurance Distribution Directive (IDD), including capital adequacy, governance, risk management and reporting obligations. The associated compliance and operational costs are material, particularly for greenfield entrants.

In addition, certain practical constraints arise at local level. In particular, insurance policies must, in principle, be drafted in the Greek language, which necessitates appropriate localisation of documentation and operational processes.

Overall, while the regulatory framework is formally open and aligned with EU principles -including the EU passporting regime, which the Bank of Greece does not seek to discourage -the combination of prudential requirements, compliance costs, market concentration and entrenched distribution structures constitutes a non-negligible barrier to entry, in practice favouring well-capitalised and operationally mature applicants.

Insurance in Greece has traditionally been distributed through channels that rely on personal contacts and relationships between the parties. Digital sales have emerged over the last few years, mainly in non-life lines of business, while the traditional channels still remain dominant. Since the outset of the Covid-19 pandemic and the imposition of physical-distancing measures, there has been a more dynamic shift toward the use of digital tools and the development of remote distribution channels. This trend increasingly challenges purely relationship‑based intermediation models and intensifies competition, as consumers have become more willing to compare and purchase policies digitally, at least for less complex insurance products.

In addition, continuing technological innovation and the related emergence of new types of cyber-security risks have driven increased appetite among Greek businesses for cyber-security insurance products, although such coverage is currently offered by Greek insurance undertakings most often in collaboration with international insurance groups that have the required expertise to assess cyber-security risks.

In Greece, the digitization of the insurance sector is a highly topical issue, and over the last few years many insurers, as part of their digital transformation strategies, have implemented digital tools used, among other things, to sell insurance products and handle claims. The DORA Regulation has also introduced a more prescriptive framework for ICT risk management, incident reporting, digital operational resilience testing and the oversight of critical ICT third‑party providers, which requires a significant compliance uplift for insurers. The Greek regulator considers the digitization of insurance transactions a challenge to be addressed, while nonetheless allowing the practice and safeguarding consumers’ trust in the insurance sector.

The use of customer data by insurance undertakings is governed by Regulation (EU) 2016/679 (“GDPR”) and Law 4624/2019, which frames the provisions of the GDPR into Greek law. Accordingly, there are no specific rules for insurers in addition to the generally applicable data protection regime. Under the provisions of Article 23 of Law 4624/2019 the processing of genetic data for life and health insurance purposes is explicitly prohibited.

In principle, there are no additional restrictions or requirements on sharing customer data overseas/on a cross-border basis other than those provided for in the GDPR. However, the Insurance Regulation Act implicitly imposes a restriction on the free transfer of customer data outside the EU by providing that the BoG must be able:

• to monitor the compliance of the insurance undertakings with their obligations, and
• in case of permitted outsourcing, to have effective access to the business premises of the service provider and exercise this right of access, either directly or through the EU corresponding supervisory authorities.

Within the framework of the initiatives of the EU for sustainable development, the EU, inter alia, has adopted Regulations (EU) 2019/2088 (“SFDR Regulation”) and (EU) 2020/852 (“Taxonomy Regulation”), which impose sustainability-related disclosure obligations to the market participants and financial advisers, aiming especially to the promotion of investments which respect the ESG criteria and contribute to sustainable development. In this context, insurers are subject to transparency obligations to the extent that they fall into the following categories: (a) being an insurance undertaking which makes available an insurance‐based investment product (IBIP); or (b) being an insurance intermediary or undertaking which provides insurance advice with regard to insurance-based investment products. Greece has adopted measures for the implementation of the SFDR Regulation and the Taxonomy Regulation, which are also applicable to insurance undertakings. Insurance undertakings are required to self-measure and report on yearly basis their carbon footprint, as well as any measures and actions voluntarily adopted for the reduction or offsetting of carbon emissions.

By way of example as regards transparency obligations, insurers that are also financial market participants or operate as financial market advisers under the EU Regulations mentioned above must publish on their websites information about the policies they implement for the integration of sustainability risks in their investment decision-making process or in their insurance advice.

For completeness, Delegated Regulation (EU) 2021/1257 for the integration of sustainability factors, risks and preferences into the product oversight and governance requirements and into the rules on conduct of business and investment advice for insurance-based investment products also applies to insurance undertakings and insurance intermediaries.

Insurance and reinsurance undertakings are subject to the general legal framework applicable in respect to equality of rights, diversity and inclusion.

For listed companies, the recently enacted Law 5178/2025 introduced an obligation requiring the participation of the underrepresented gender in the Board of Directors at a percentage of at least 25%. For listed companies meeting specific size criteria (i.e. employing at least 250 employees and having an annual turnover of at least €50,000,000 or an annual balance sheet total of at least €43,000,000), the participation threshold for the underrepresented gender rises to 33%.

Over the next five years, the Greek insurance market is expected to grow, driven by increased exposure to global risks, changing customer expectations and continued technological development. In this context, insurers that make effective use of M&A -both to expand their portfolios and capabilities and to streamline operations- are likely to strengthen their position, alongside intermediaries benefiting from the ongoing consolidation of the distribution market.

Opportunities are likely to arise across both life and non-life business. The relatively low penetration of life and health insurance in Greece suggests scope for further growth, particularly as demand for private coverage increases. In the non-life sector, climate-related risks are expected to drive demand for new types of products, including parametric insurance and energy-related covers, in line with the energy transition and related investment activity.

Cyber risk is also expected to remain a key area of development. At the same time, the use of artificial intelligence is becoming more prominent across underwriting, claims handling, fraud detection and customer service. Insurers and intermediaries that integrate these tools in a controlled manner -ensuring appropriate governance, transparency and data protection- are likely to be better placed to respond to both commercial and regulatory pressures.

Overall, the market is likely to favour operators that combine scale, technical capability and the ability to adapt to a more complex risk and regulatory environment.