Data Residency for AI Agents: IL / EU / US Compliance Guide
Keep AI agent data within designated regions. GDPR, data sovereignty, LLM-provider residency, and a compliance checklist for AI workloads.
What you will learn
- Understand why data residency matters for AI agent workloads
- Choose the right region for your workspace based on compliance requirements
- Ensure agent data, LLM calls, and audit trails stay within regional boundaries
- Meet GDPR Article 44-49 requirements for cross-border data transfers
- Pick LLM providers that match your residency commitment
TL;DR — Data residency for AI is not just about where the database lives. It is about where the LLM processes your prompt. Pick a region for the workspace (IL / EU / US), then pair it with a regional LLM provider endpoint (Azure OpenAI EU, Bedrock EU, Vertex EU) for a clean end-to-end story.
Why Data Residency Matters for AI Agents
AI agents process, generate, and store data with every action. When an agent makes an LLM call, the prompt and response traverse networks. When it logs an action, data is written to a database. When it accesses customer information, PII enters the pipeline. Where all this data lives — geographically — is not just a technical detail. It is a legal requirement.
GDPR (EU), CCPA (California), PDPA (Israel), and similar regulations require that personal data is stored and processed in specific regions. For AI agents, this means every LLM call, every audit log entry, and every credential must respect regional boundaries.
Agent data scattered across US data centers. LLM calls go to OpenAI (US). Audit logs in Google Cloud (US-central). No way to prove data residency to an EU regulator. GDPR violation risk.
Workspace region set to EU. All BigQuery data in europe-west1. LLM calls routed through EU endpoints. Audit trail stored in EU. Clean compliance story for regulators.
Three Regions Available
- Israel (IL) — me-west1 (Tel Aviv). For Israeli companies and Middle East operations. Compliant with Israeli Privacy Protection Law.
- European Union (EU) — europe-west1 (Belgium). For GDPR compliance. Data never leaves EU boundaries.
- United States (US) — us-central1. For US-based operations. Compliant with CCPA and SOC 2.
Region selection happens once during workspace creation and cannot be changed. This is by design — it guarantees that data residency is immutable. Choose carefully based on where your primary customers and compliance obligations are.
What Stays in Region
- Tenant data — all workspace data stored in regional BigQuery dataset (ds_tenant_{region})
- Agent execution data — tasks, runs, approvals, timeline events (ds_agents_{region})
- Audit trail — every agent action logged in regional tables
- Credentials — encrypted LLM API keys stored in regional tenant tables
- LLM responses — cached responses stored in regional cache
GDPR Compliance Checklist
- Region selection: EU workspace for EU customer data
- Data Processing Agreement (DPA) signed and available at /dpa
- Sub-processors listed at /trust with data locations
- Right to deletion: supported via GDPR data deletion API
- Consent management: cookie consent banner with GTM conditional loading
- Audit trail: 365-day retention for compliance evidence
- Encryption: AES-256-GCM at rest, TLS 1.3 in transit
- Records of processing activities (ROPA) exported from the admin console quarterly
Dobby provides a signed Data Processing Agreement (DPA) for enterprise customers. Regional data isolation is enforced at the infrastructure level — datasets are physically separated in BigQuery with region-locked configurations. Cross-region views (for platform admins only) use UNION ALL queries that never move data.
LLM Provider Data Residency
An often-overlooked aspect: where does the LLM provider process your data? When your agent sends a prompt to OpenAI, that data goes to OpenAI's servers. The Gateway tracks which provider received which data, giving you a complete data flow map for regulators.
For strict data residency, use providers with regional endpoints: Azure OpenAI (EU regions), AWS Bedrock (eu-west), or Google Vertex AI (europe-west). The Gateway routes to these regional endpoints when configured.
Review your LLM provider's data processing terms. OpenAI's API data is processed in the US. For EU-strict workloads, consider Azure OpenAI with EU hosting or Mistral (based in France, EU data processing).
Frequently Asked Questions
Can I run cross-region analytics?
Platform admins can see aggregated cross-region metrics via UNION ALL views that execute regionally and return summary data only. Raw customer data never leaves its region.
Does data residency slow down my agents?
For users in the same region, no — latency is typically lower than global routing. For users geographically far from the workspace region, expect standard inter-region network latency (usually 50-150ms added per round trip).
What if I have customers in both EU and US?
Create separate tenants (or separate orgs) per region. A tenant's region is chosen at creation and locked. Many enterprises run one org per region, federated under a single identity provider via SSO.
Is training data separate from prompt data?
Yes. By default, prompts and completions are not used to train models. Dobby disables provider-side training on every supported provider where the option exists (OpenAI, Anthropic, Google) and this is documented in the DPA.