Cybersecurity SME
Check Compliance

IVASS 38 Key Requirements for Other Sectors | ComplyDev

IVASS 38. Corporate governance system for insurance undertakings Competent Authority: IVASS - Institute for the Supervision of Insurance. Deadline: Ongoing compliance

Last updated: 13/03/2026

Key Points

  • Risk management system (including ICT)
  • Key control functions
  • Outsourcing policies
  • Reporting to the Board of Directors
  • DORA compliance effective January 17, 2025

What is IVASS 38 and how does it apply to Other Sectors?

IVASS 38. Corporate governance system for insurance undertakings Competent Authority: IVASS - Institute for the Supervision of Insurance. Legal Basis: IVASS Regulation No. 38 of July 3, 2018. Deadline: Ongoing compliance

Who in the Other Sectors sector must comply with IVASS 38?

IVASS 38. Companies in other sectors with basic cybersecurity obligations 5-250 employees. For Medium enterprises (50–249 employees) in the Other Sectors sector, IVASS 38 compliance requires specific attention to: Key Requirements: Risk management system (including ICT); Key control functions; Outsourcing policies.

Penalties for non-compliance with IVASS 38

Penalties: Administrative penalties from IVASS. Important: The IVASS 38 compliance deadline is approaching. Do not wait to start your assessment.

How to start your IVASS 38 compliance journey

Check your IVASS 38 compliance for free. ComplyDev's AI-powered assessment analyses your Other Sectors company against 111+ EU regulations in 20 minutes — no registration, no credit card. Key Requirements: Risk management system (including ICT); Key control functions; Outsourcing policies.

Sector Advice

  • Check your IVASS 38 compliance for free. ComplyDev's AI-powered assessment analyses your Other Sectors company against 111+ EU regulations in 20 minutes — no registration, no credit card.
  • For Medium enterprises (50–249 employees) in the Other Sectors sector, IVASS 38 compliance requires specific attention to:
  • Key Requirements: IVASS - Institute for the Supervision of Insurance. Deadline: Ongoing compliance.

Frequently Asked Questions

IVASS 38 Key Requirements
Risk management system (including ICT); Key control functions; Outsourcing policies; Reporting to the Board of Directors; DORA compliance effective January 17, 2025
IVASS 38 Penalties
Administrative penalties from IVASS
IVASS 38 - Other Sectors
Start your free cybersecurity compliance assessment — no registration required, results in 20 minutes.

Related Pages

IVASS 38 for the Other Sectors Sector

Discover in just a few minutes your Other Sectors company's compliance level with IVASS 38 and receive a personalised action plan.

Cybersecurity for the Other Sectors Sector

Guide to cybersecurity compliance for the Other Sectors sector. NIS2, GDPR, DORA and other regulations: requirements, penalties and costs for other sectors.

IVASS 38 Compliance Checklist for Other Sectors | ComplyDev

Compliance Checklist for IVASS 38 compliance in the Other Sectors sector. Free assessment, no registration required.

IVASS 38 Complete Guide for Other Sectors | ComplyDev

Complete Guide for IVASS 38 compliance in the Other Sectors sector. Free assessment, no registration required.

IVASS 38 Audit Preparation for Other Sectors | ComplyDev

Audit Preparation for IVASS 38 compliance in the Other Sectors sector. Free assessment, no registration required.

Want a Detailed Report?

With the Premium plan you get full gap analysis, intervention plan and personalised cost estimates.

View Plans