Editor’s Note: This post was updated on January 17, 2025 to reflect the enforcement date of DORA.
Today marks the compliance deadline for financial entities under the European Union’s Digital Operational Resilience Act (DORA).
At Salesforce, compliance is a cornerstone of our commitment to customers. As an ICT third-party service provider in the EU, we’re dedicated to maintaining the security, availability, and resilience of our services. We will continue to work with our customers, national supervisory authorities, and industry stakeholders to support compliance with DORA and ensure a secure digital ecosystem.
Explore further: Our DORA FAQ details how Salesforce has prepared for DORA and how our customers’ use of our services can support their own DORA compliance journeys.
Reach out to Salesforce for your DORA-ready Financial Services Addendum (FSA), or any other questions you may have, by contacting your Account Executive or opening a case with the Salesforce customer support team via the Help & Training success community here. Also see our DORA contractual mapping resource.
November 10, 2022
The European Parliament today adopted the Digital Operational Resilience Act (DORA), a new regulation unifying standards for digital and cyber resilience in the financial sector.
Why it’s important: With much of the financial industry now “digital first,” more businesses rely on the security and availability of third-party digital services, including cloud service providers like Salesforce. This has created a new urgency for regulators to ensure the resilience of the infrastructure that underpins the sector — with DORA setting a benchmark for financial services regulation in Europe and beyond.
Driving the news: DORA is a first-of-its kind financial regulation aimed at strengthening the security of the financial sector and its resilience to an evolving cyber threat landscape.
- It harmonizes existing EU-wide industry measures and controls — including those covering risk management, incident management, and operational resilience testing.
- It also allows regulators to oversee and directly regulate third-party service providers that provide critical digital and data services to financial entities.
The bottom line: Salesforce is committed to ensuring the security and availability of its services for all customers and to achieving and upholding ongoing compliance with the applicable provisions of DORA.
- With compliance likely to be an iterative process contingent on evolving technical standards and regulatory engagement, Salesforce will continue to partner with financial services customers to manage operational risk, build trust, drive ongoing innovation, and support compliance for DORA and beyond.
- Salesforce has released this new FAQ to guide customers in the financial services sector who may be impacted by DORA.
Zoom out: With DORA’s adoption by the EU Parliament, a few steps remain before it’s passed into law.
- DORA is expected to be published in the Official Journal of the EU in late 2022 or early 2023.
- Financial institutions and their third-party service providers will then have two years to comply with its requirements, with DORA expected to be fully applicable by late 2024 or early 2025.
Explore further: Learn more about DORA, how it may affect your business, and what Salesforce is doing to prepare for compliance:
- Read the Salesforce DORA FAQ.
- Visit Salesforce’s Compliance and Security pages.