Policy documents
Versioned policy templates with field-level RBAC. Legal owns the legal text, marketing owns the consumer-facing surface, neither overwrites the other.
— solutions · insurance
The CMS for European insurers.
Carriers and brokers operating in the EU don't want a vendor that explains how they're "DORA-friendly." They want a vendor whose default behaviour satisfies DORA without effort. Estøkad is built so the audit chain, residency proofs, and exit-plan export are byproducts of normal operation — not deliverables you produce under deadline.
— the regulators in scope
What you're held to.
| Framework | What it requires |
|---|---|
DORA | ICT risk register, third-party register, incident log, BCP test results — assembled from your audit chain on demand. |
EIOPA | Pan-EU supervision over solvency and consumer protection. Documentation must hold across every member state you operate in. |
IDD | Insurance Distribution Directive — POG product oversight + governance disclosures must be traceable per product. |
GDPR Art. 32 | Technical and organisational measures appropriate to the risk. Encryption, audit, residency, breach notification. |
— the workflows
What ships through Estøkad.
Regulatory disclosures
KIDs, IPIDs, PRIIPs documents. Approval workflow gates publish; the audit chain captures every transition.
Broker portals
Per-broker content tiers via custom roles. Multi-locale variants for cross-border distribution. Cross-space references for white-label arrangements.
Claims comms
Templated claims correspondence with locale + brand variants. Editor + visual edit overlay so claims handlers can preview before sending.
— why Estøkad fits
The wedge for this industry.
Insurance is the canonical Estøkad customer profile. The buyer cares about three things at the same time: per-country residency for the local supervisor; field-level RBAC so legal can lock the legal text; and the DORA evidence pack so the next audit takes a day rather than a quarter. Each is a checkbox on a procurement form. The combination is what closes the deal.
Where Contentful and Storyblok force you to assemble the DORA evidence pack from audit logs your engineering team has to surface, Estøkad assembles it from the audit chain that's the spine of the platform. The chain is hash-linked with daily Merkle roots; verifiers — including AKI or your national supervisor — validate end-to-end against the workspace's published JWKS.
Per-country residency means the Belgian carrier's data sits in Brussels, the German subsidiary's in Frankfurt, the Swiss broker's in Zurich. No cross-region replication. No fallback. The brand promise is contractual and verifiable.
— how to start
The path to production.
The most common starting shape for insurance customers: workspace per legal entity, spaces per country or product line. Approval workflow active from day one — you don't turn it on after a regulatory finding. Custom roles for legal, product, marketing, claims; field-level grants on the legally-binding fields.
Pricing-wise, the Regulated preset (€1,699/mo) covers most insurance customers — it bundles SAML/SCIM, advanced RBAC, the DORA pack, and 7-year audit retention. Enterprise (€2,999/mo) adds multi-space, multi-locale, and cross-space orchestration for groups with multiple brands. Switzerland residency is an additional €699/mo module on either tier.