We know that understanding new regulations like the EU Data Act is important to you. We've reviewed the Act and its updated guidance from the European Commission to clarify its application to Okta's services.

The short answer is: We believe the EU Data Act does not apply to Okta.

• EU Data Act

Why the Data Act Does Not Apply to Okta

Okta provides identity and access management services. Our core function is to securely manage digital identities and control who can access which applications.

Crucially, we do not process or store "connected product or related service data" as defined by the Data Act. Because we focus on identity and access—and not on the operational data generated by connected products—our services do not fall under the scope of this new regulation.

How Okta Already Aligns with the Act's Goals

While we do not believe the Data Act applies, it's important to know that Okta's services already embody the Act's core principles: data access, control, and transferability.

• You are in Control: Okta’s services are designed to enable our customers to  maintain centralized control over and access to user data.

• Ease of Transferability: We are confident that our customers' data portability needs are well-served by the access and export features in our services. We make it easy for you to facilitate the secure transfer of user data to other services.

As your trusted identity partner, Okta remains committed to providing you with the tools to manage your data securely and efficiently, and we will continue to monitor and align our services with the evolving regulatory landscape.