[Marcin Gajkowski]

Actually, an interesting question Tom!

In my domestic market, i.e. Poland D&O has become a quite popular insurance product. Historically, the demand was mainly driven by fines & penalties coverage available in D&O policy, mainly because a few civil litigation against D&O’s has been observed (editor’s note: now it is going to change). On the contrary, over the last 10 years the regulatory environment in my country has becoming very unfavorable for business, which was inspired by populist politicians. Accordingly, coverage that includes fines and penalties, as well as accompanying legal costs, has been sought.

It is fair to say that the insurance ability to insure these penalties falls into a gray area. The only consensus is that penalties imposed under criminal law cannot be insured. Of course, D&O insurance covers penalties imposed on D&O’s and not those on the company. However, the lack of an “insured v. insured” exclusion in a Polish D&O policy means that a penalty imposed on a company can be treated as its loss. Hence, the claim for it asserted against the members of the board of directors whose errors and omissions led to the penalty can be well-based.

Getting back to cyber, I hope I was able to clarify that your question about the consequences of NIS 2 for D&O policy providers seems to be on point. Well, at least in Poland, but from what I read in your comment, perhaps also in the Netherlands.