Introducing data residency in Europe
Data residency builds on OpenAI’s enterprise-grade data privacy, security, and compliance programs supporting customers worldwide.
We’re announcing data residency in Europe for ChatGPT Enterprise, ChatGPT Edu, and the API Platform. This helps organizations operating in Europe meet local data sovereignty requirements when using OpenAI products in their businesses and building new solutions with AI. Data residency builds on OpenAI’s existing enterprise-grade data privacy, security, and compliance features.
With data residency, API customers can now choose to process data in Europe for eligible endpoints, and new ChatGPT Enterprise and Edu customers can choose to have customer content stored at rest in Europe.
Eligible customers can enable European data residency by creating a new Project(opens in a new window) in the API Platform dashboard and selecting Europe as the region. API requests initiated through these Projects will be handled in-region by OpenAI with zero data retention, meaning model requests and responses are not stored at rest on our servers. As of now, European residency can only be configured for new Projects—existing Projects cannot be updated to have European data residency after creation.
New ChatGPT workspaces can be set up with data residency in Europe, allowing customer content to be stored at rest in the region. This includes users’ conversations with ChatGPT and custom GPTs in your Enterprise or Edu workspace, including user prompts, uploaded files, and content across text, vision, and image modalities.
Data residency builds on OpenAI’s robust data privacy, security, and compliance features, which support hundreds of organizations partnering with OpenAI in Europe today—from start-ups and large enterprises to academic institutions—including Booking.com, BBVA, Zalando, Klarna, Oxford University, Estée Lauder Companies, Ipsos, Swiss Re, Scania, Spotify, and Santander.
These features include:
- Advanced encryption techniques: We use AES-256 for data at rest and TLS 1.2+ for data in transit between customers and OpenAI, and OpenAI and our service providers, to safeguard data confidentiality and integrity during storage and transmission across networks.
- No training on customer data: By default, OpenAI’s models are not trained using data from ChatGPT business plans or the API unless a customer explicitly opts in to share data with us.
- Comprehensive data protection: Our data protection practices can support compliance with GDPR, CCPA, and other privacy laws, and adhere to the CSA STAR and SOC 2 Type 2 standards.
- Data Processing Addendum (DPA): We offer a comprehensive DPA that clarifies roles and responsibilities under GDPR and other privacy regulations, helping organizations meet their compliance obligations.
For the API Platform and ChatGPT business products, data remains confidential, secure, and entirely owned by you. Data residency further enhances data control for organizations operating in Europe.
For more details on data residency eligibility and supported data, visit our help pages for the API Platform(opens in a new window) and ChatGPT(opens in a new window), or contact our team for more information on using OpenAI’s products with European data residency.
We look forward to partnering with more organizations across Europe and around the world on their AI initiatives, while maintaining the highest standards of security, privacy, and compliance.