OpenAI offers data residency for global enterprise customers

Companies and developers already use ChatGPT to empower teams and build products. What if you could also decide where that information is stored? OpenAI has just expanded the data residency option for enterprise customers, letting you store data in specific regions to meet local rules and data protection policies.

What OpenAI announces

OpenAI now lets eligible customers of ChatGPT Enterprise, ChatGPT Edu and the API Platform choose to have their customer content stored in a local region. This applies both to new workspaces and to projects on the API platform, and aims to help organizations meet regulatory and privacy requirements.

Data residency is currently available in: Europe, United Kingdom, United States, Canada, Japan, South Korea, Singapore, India, Australia and the United Arab Emirates. OpenAI plans to expand availability to more regions over time.

How it works for companies and developers

For ChatGPT Enterprise and ChatGPT Edu you can create new workspaces configured with data residency so content is stored in the selected region. This includes conversations, uploaded files, custom GPTs, image generation artifacts and more.

On the API Platform, approved enterprise customers for advanced data controls create a new Project in the dashboard and choose their preferred region. Requests made through those Projects are handled in the selected region and responses are not stored at rest on OpenAI’s global servers.

Data remains confidential, secure and is your property. Data residency adds an extra layer of control for enterprise customers.

Security, encryption and compliance

OpenAI supports data residency on top of existing controls and certifications:

• Advanced encryption: AES-256 for data at rest and TLS 1.2+ for data in transit.
• Enterprise Key Management (EKM): if you want, you can bring your own encryption keys for content stored at rest.
• No training on customer data by default: models do not use enterprise plan or API data for training unless the customer explicitly authorizes it.
• Certifications and standards: support for GDPR, CCPA, and compliance with CSA STAR, SOC 2 Type 2 and various ISO/IEC standards.
• Data Processing Addendum (DPA): a contract that clarifies responsibilities and helps meet obligations under GDPR and other regulations.

What this means in practice

Do you run a fintech in Europe that needs data to stay inside the European Union? A university in India with local storage requirements? A startup in Singapore building regulated products? Now, if you’re an eligible customer, you can set where your data lives from the start.

Practical steps:

• For ChatGPT Enterprise and ChatGPT Edu: create a new workspace and select the residency region when setting it up.
• For the API Platform: request approval for advanced controls, create a Project and choose the region in the dashboard.
• Review the DPA and EKM options if you need extra control over keys and compliance.

Keep in mind the option is available only to eligible customers and availability will continue to expand.

Final reflection

This isn’t just a technical tweak. It’s a practical step that makes it easier for companies of different sizes to meet local rules and keep more control over their data without sacrificing the productivity AI offers. Isn’t it reassuring to be able to choose where your information lives, especially when rules and risks vary so much between countries?

Original source

https://openai.com/index/expanding-data-residency-access-to-business-customers-worldwide