+33 9 84 25 52 61
Sign in
About Obexal

Identity that stays in Europe.

We build a sovereign identity provider for the people and the AI agents that run your organisation. Designed and hosted in France, on open standards.

Our mission

Make identity, both human and machine, sovereign in Europe.

Identity is the control plane of every digital organisation. It decides who signs in, what they can reach and, increasingly, what autonomous software is allowed to do on their behalf. Today most of that control sits with a handful of providers outside the European Union.

Obexal exists to give European organisations a real alternative: a full identity provider they can adopt without giving up jurisdiction over their most sensitive data. One platform for employees and for AI agents, built on open protocols, operated inside the EU. See what that means in practice on our sovereignty page.

What we believe

Sovereignty is not a feature

It is a starting point. Obexal is designed and hosted in the EU, with no dependency outside the EU and self-hosted fonts (no CDN). Data location is a decision you get to make, not a surprise you discover later.

Open standards, no lock-in

OIDC, OAuth 2.1, SAML 2.0 and SCIM 2.0. Standards let you connect any app and leave on your own terms. We win by being good, not by trapping you.

Agents are identities too

AI agents sign in, hold scopes and act on people's behalf. They deserve the same governance as human accounts: scoped credentials, expiry, review and a kill switch.

Evidence over adjectives

A security buyer needs proof, not slogans. Versioned policy-as-code, an audit log and a real-time audit stream mean decisions are traceable and reviewable.

Fail closed by design

When a policy is unclear or a limit is reached, access is denied rather than granted. Safety is the default, not an option you remember to turn on.

Built for two audiences

Security and privacy leaders who carry the risk, and the developers who ship the integrations. Both should find Obexal precise and honest.

Who builds Obexal

No invented names, no stock team photo: the honest state of the company.

Obexal is published by a French company currently being structured. The founder designs, develops and hosts the product in France, and answers every enquiry directly: contact@obexal.com, +33 9 84 25 52 61.

We would rather state this plainly than invent a team page. The company registration details will be published here as soon as they are complete.

How Obexal supports EU compliance

We help you meet your obligations. We do not claim your compliance for you.

Governance you can show an auditor

Obexal is GDPR-oriented and gives AI agent oversight the controls regulators expect: traceability, human supervision and the ability to stop an agent. We support your compliance work; we do not declare ourselves AI Act compliant on your behalf. The full security posture is documented on our security page.

  • Versioned policy-as-code with simulation before apply and version restore
  • Full audit log plus a real-time audit stream endpoint
  • Per-agent policy: scope ceiling, TTL cap, audience allowlist, fail-closed
  • Kill switch to suspend or revoke any agent or credential
  • Human in the loop: periodic review and self-service delegation
Hosting
France, datacenter in the Paris region
Data residency
European Union
External dependencies
None outside the EU in the request path, no external CDN
TLS
1.2 minimum, 1.3 preferred, HSTS
Certifications
Not certified to date: ISO 27001:2022 mapping documented, SecNumCloud roadmap under way

Questions people ask us

Is Obexal really hosted in Europe?

Yes. Obexal is hosted in France, in a datacenter in the Paris region, with data residency in the EU. There is no dependency outside the EU in the request path, no external CDN, and fonts are self-hosted. More detail on the sovereignty page.

Do you hold ISO 27001, SOC 2 or HDS?

Not certified to date. We document a mapping to ISO 27001:2022, and the SecNumCloud roadmap is under way. We state certification status plainly rather than imply badges we do not hold; details on the security page.

Are you AI Act compliant?

We do not claim to be AI Act compliant, and no vendor can grant you compliance. Obexal provides controls that support your obligations: agent traceability, an audit log, human supervision and a kill switch.

Who is behind Obexal?

A French company currently being structured. The founder designs, develops and hosts the product in France, and answers directly. The registration details are not published yet: they will appear here as soon as the incorporation is complete.

Who is Obexal for?

European organisations that want a sovereign identity provider for their workforce and for their AI agents, without giving up open standards or the option to leave.

How do I reach the team?

Through the contact page, by email at contact@obexal.com or by phone at +33 9 84 25 52 61. We usually reply within one business day.

Bring your identity home.

Try Obexal, or talk to the team about a sovereign rollout for people and AI agents.