Home  ›  Blog  ›  AI Vendor Data Residency
AI · Procurement · Data Residency

AI data residency — the clauses that hold.

Every AI vendor sales pitch references data residency. Almost none of the standard contracts actually deliver it. The default OpenAI, Anthropic, Microsoft Copilot and Google Gemini enterprise terms grant region-of-processing commitments that are heavily caveated — training datasets, model fine-tuning, telemetry, and incident-response data each have their own residency footprint, and the standard contract papers them over. The clauses that hold are not in the default template.

Updated: April 2026 Reading time: 14 min Audience: CIO, CISO, Procurement, Legal
AI and data privacy
Where data actually lives

The five residency footprints to map.

An AI service does not have a single data residency posture; it has five. Each one needs to be mapped, contractualised and audited. The vendor's default residency commitment usually covers only the first one.

Footprint one: inference input/output

The prompt the user sends and the completion the model returns. This is the data the vendor will commit to residency on. The clauses are mature and the technical controls (region-pinning, in-region key management) are typically deliverable.

Footprint two: training data

Whether customer prompts are used for model training. The default enterprise position from frontier-model vendors is "no training" for enterprise tenants — but the clause is sometimes scoped to a specific deployment and not to all interactions. Read the scope carefully.

Footprint three: fine-tuning data

If the customer fine-tunes a model, where the fine-tuned weights are stored. Some vendors store fine-tuned weights in a region different from the inference region. The fine-tune residency clause needs to be explicit.

Footprint four: telemetry and abuse-monitoring

Vendors typically retain interaction logs for abuse monitoring (usually 30 days, sometimes longer). The retention region is frequently not the customer's region of processing. The standard contract usually allows it; explicit residency clauses can constrain it.

Footprint five: incident-response data

When an incident occurs — content violation, suspected jailbreak, security event — the vendor pulls a snapshot of the affected data into a security-response environment that may sit outside the standard residency boundary. This is the footprint regulators care about most and contracts cover least.

AI vendor contract under review?

We map all five residency footprints and pre-negotiate the clause language for each.

Contact Us →
The clauses that hold

Region pinning and training exclusion.

The standard residency clause in most AI vendor contracts reads "data will be processed in the [region] region." This is too thin. The clauses that hold under regulator scrutiny — Schrems II, FedRAMP, GDPR Article 28, the EU AI Act conformity provisions — are specific in three dimensions.

Dimension one: data category specificity

The clause should enumerate the residency commitment for each of the five footprints separately. A blanket "data" commitment is rarely sufficient under regulator review.

Dimension two: change-of-residency mechanics

What happens if the vendor needs to move the residency footprint — for capacity, for a region launch, for an acquisition. The clause should require advance notice (90 days is typical), a customer right of objection, and a remediation path that does not require the customer to bear migration cost.

Dimension three: sub-processor mapping

AI vendors routinely subcontract to hyperscalers, GPU providers, model-host operators. Each sub-processor inherits a residency posture. The contract should require a sub-processor list, a residency commitment that flows through the supply chain, and a customer notification right for new sub-processors.

Download the AI Vendor Contract Red Flags playbook.

Includes the five-footprint residency template and the sub-processor mapping checklist.

Get the playbook →
What different vendors offer

The default postures of the frontier model vendors.

OpenAI Enterprise and OpenAI for Business

Enterprise tenants get a "no training" default and a US-by-default residency footprint, with EU residency available on request as of 2024. Fine-tune storage and telemetry residency are typically aligned with the inference region but should be confirmed in the order form. Sub-processor list available under NDA.

Microsoft Azure OpenAI Service

Azure OpenAI inherits the broader Azure residency model — explicit region pinning, in-region key management options, and the Azure DPA flowing through. Training is opt-out by default for enterprise tenants. The incident-response footprint follows Azure's standard model.

Anthropic Claude Enterprise / Claude for Business

Enterprise tenants receive a "no training" default. Inference residency is configurable by region. Sub-processor disclosure is typical for enterprise contracts.

Google Cloud Vertex AI / Gemini Enterprise

Inherits the Google Cloud residency model with explicit region selection, customer-managed encryption keys, and a sub-processor list. Training defaults to opt-out for enterprise.

Across all four, the standard contract gets the inference footprint right and gets the other four footprints incomplete. The negotiation is in the order form, not the master agreement. Our SaaS procurement advisory team maps the clause language for each footprint and pre-negotiates it into the order form before signature.

Regulator scrutiny

What auditors and DPOs actually ask.

Data Protection Officers and external auditors increasingly scrutinise AI vendor contracts for the residency posture under specific compliance regimes. The questions cluster around five themes.

  1. Schrems II / GDPR Article 28. Is personal data of EU data subjects processed in the EU, and what supplementary measures exist for any sub-processor transfers?
  2. EU AI Act. For high-risk uses, is the data flow consistent with the conformity assessment, and is the training-data exclusion documented?
  3. FedRAMP / IL-4 / IL-5. For US federal-adjacent use cases, is the AI vendor's authorisation boundary clearly drawn and is the data confined within it?
  4. Sector regulators. For healthcare (HIPAA), financial services (DORA, PCI-DSS), critical infrastructure (NIS2), are the residency and sub-processor postures consistent with the sector regime?
  5. Internal data classification. Does the AI service have a clear approved-classification ceiling, and is the residency posture sufficient for the highest classification permitted?

DPO or auditor reviewing an AI vendor contract?

We pre-package the residency posture in the format DPOs and auditors actually accept.

Contact Us →
FAQ

Common questions.

Do AI vendors actually honour residency commitments?
Yes, for the contracted footprint. The issue is rarely the commitment being broken; it is the commitment being narrower than the customer assumed. The five-footprint map is the way to expose the gap.
Can I prevent my prompts from being used for training?
Yes for enterprise contracts with OpenAI, Microsoft Azure OpenAI, Anthropic and Google Vertex AI. The clause needs to be specific — "no training, no fine-tuning, no model improvement" covers the standard interpretations.
What is sub-processor flow-through?
It is the contractual mechanism that ensures any sub-processor the vendor engages inherits the same residency, security and processing commitments. Without flow-through, the vendor's commitments break at the first sub-processor.
Does the EU AI Act change residency requirements?
Indirectly. The AI Act focuses on use-case risk classification rather than residency directly, but for high-risk uses the conformity-assessment artefacts must be consistent with the data flow — which makes residency posture a transitive requirement.
How long do AI vendors retain interaction logs?
Typically 30 days for abuse-monitoring purposes on enterprise tenants, with some vendors offering 0-day retention as a contractual option. Standard consumer/business tiers may retain longer; enterprise tiers can usually negotiate down.
Can residency clauses be added mid-term?
Yes — typically through an amendment to the order form or a Data Processing Addendum. Mid-term amendments are common around DPO escalation, regulator inquiry, or new sector-regulation onset.

AI vendor selection in flight?
Map the residency footprint before signature.

Our AI procurement practice maps the full five-footprint residency posture and pre-negotiates the clauses that hold.

The Compliance Brief

Weekly compliance intelligence for IT leaders.