Legal Hub

The Digital Operational Resilience Act (Regulation (EU) 2022/2554), or DORA, is an EU Regulation that takes effect on January 17, 2025. It aims to establish a high level of digital operational resilience across the financial services sector in the EU.

DORA primarily applies to financial entities as defined in Article 2(2) of the Regulation.

Pipedrive adheres to the requirements outlined in Article 30(2) of DORA for non-critical and non-important ICT service providers.

This includes ensuring operational resilience, maintaining robust data security measures, notifying customers of significant disruptions, and cooperating with the supervisory authorities of financial entities.

No. As outlined in Section 15.9 of Pipedrive’s Terms of Service, these clauses automatically apply whenever a Pipedrive customer qualifies as a financial entity under Article 2(2) of DORA.

No. Pipedrive’s platform supports sales management and process optimization, but it does not directly impact the delivery of core financial services to end clients.

Disruptions to Pipedrive services would not pose a systemic risk to financial entities. Therefore, Pipedrive’s services do not qualify as critical or important under Article 3(23) of DORA, and Pipedrive is not classified as a critical ICT service provider.

As a SaaS provider with thousands of customers, including many subject to DORA, Pipedrive is unable to review and sign individual customer templates of DORA clauses due to scalability and operational considerations.

Instead, Pipedrive has prepared standardized clauses designed to ensure compliance with DORA while reflecting the specifics of Pipedrive’s services.