Independent assessment by BARR Advisory validates security controls for access management, encryption, monitoring, and risk management
How Apple broke "Sign in with Apple" with an unannounced and silent redirect
SCOTTSDALE, ARIZ., June 3, 2026 — Ory, one of the world’s most widely adopted platforms for customer, workforce, and agent identity management, today announced it has achieved compliance with the Payment Card Industry Data Security Standard (PCI DSS) SAQ D for Service Providers, demonstrating adherence to one of the industry’s most rigorous frameworks for protecting sensitive data through comprehensive security controls, governance processes, and operational safeguards.
BARR Advisory, a PCI Qualified Security Assessor (QSA) firm, served as Ory's QSA, performing the testing procedures and validating Ory's security controls for protecting sensitive data and meeting enterprise security requirements.
Developed by the major payment card brands, PCI DSS establishes strict requirements for organizations that process, transmit, or store payment card information. The framework encompasses a broad range of security disciplines, including access management, encryption, vulnerability management, security monitoring, audit logging, and continuous risk assessment.
PCI DSS compliance serves as a recognized benchmark for security maturity, demonstrating that an organization has implemented and maintains comprehensive controls designed to reduce risk, strengthen resilience, and protect sensitive information.
"Achieving PCI DSS compliance reflects Ory's ongoing commitment to operational excellence and security rigor," said Jeff Kukowski, CEO of Ory Corp. "Our customers trust us to secure identities at scale, and this milestone provides additional assurance that the controls, processes, and governance behind the Ory platform meet demanding industry standards. PCI DSS compliance is another step in our broader strategy to help organizations build secure, scalable, and compliant identity experiences for customers, employees, partners, and AI agents."
The achievement further strengthens Ory's security and compliance program, providing customers with additional confidence as they evaluate identity providers for mission-critical applications and digital services.
Ory’s security program incorporates controls aligned with SOC 2 Type II requirements, with independent validation of the operational effectiveness of security, availability, and confidentiality controls. The organization’s security practices are designed in alignment with ISO 27001 best practices to support continuous risk management and information protection. Built on a zero-trust architecture with strict data minimization and modern encryption standards, Ory is GDPR-ready and aligned with major international privacy requirements, delivering a secure, audit-ready identity and access management foundation.
As organizations continue to modernize authentication, authorization, and identity management, they increasingly seek technology partners capable of demonstrating measurable security maturity and independently validated controls.
PCI DSS requires organizations to maintain robust security practices across their environments, including strong authentication and access controls, encryption of sensitive data, continuous monitoring, vulnerability scanning, incident response procedures, and ongoing security testing. Compliance with the standard helps reduce third-party risk and provides assurance that security controls are operating effectively across the organization.
Read the press release
Ory is the modern identity platform for customer identity and access management (CIAM), B2B IAM, and Agent IAM. Ory is one of the world's most widely adopted IAM platforms and manages more than 2.5 billion identities across open source and commercial deployments. Ory's infrastructure powers 10 percent of the top 40 websites and serves leading enterprises in financial services, technology, media, and other sectors requiring flexible, high performance identity solutions. With over 45,000 GitHub stars and 700 million downloads, Ory delivers enterprise grade security with developer friendly flexibility. Ory is backed by investments from Insight Partners, Balderton Capital, PHX Ventures, and IQT. For more information, visit www.ory.com.
Contact: [email protected]
