Control #
D
2
.
2
Run AI workloads only in approved regions
Restrict all model training, fine-tuning, and inference to infrastructure located in approved regions. This applies to production and non-production environments.
Evidence
Policy documentation defining model residency rules
Evidence of geo-restriction settings in cloud platforms
Cloud configuration logs demonstrate models are deployed in the correct region
Recommended actions
Model your geo-restriction strategy using the NIST information lifecycle
Use a framework like the NIST information lifecycle to guide your geo-restriction strategy:
1. Creation or Collection
Ensure data collection systems (e.g., user inputs, data ingestion pipelines) are hosted or routed through approved regions.
Log collection endpoints and verify alignment with data residency rules.
2. Processing
Validate that any preprocessing, transformation, or labeling is done in-region.
Ensure third-party services (e.g., enrichment APIs, annotation platforms) comply with geographic restrictions.
3. Storage
Use cloud storage policies to restrict datasets, model artifacts, logs, and embeddings to compliant regions.
Configure backup and disaster recovery storage to meet the same requirements.
4. Use (Inference / Training)
Confirm that both training jobs and inference endpoints are region-bound.
Cloud configurations (e.g., GCP, AWS, Azure) should enforce compute resource residency.
5. Dissemination
Monitor how outputs (e.g., predictions, summaries, generated content) are shared or served, especially across borders.
6. Destruction and Deletion
Ensure deletion policies apply at the region level, and verify that data sanitization and model decommissioning procedures are geographically scoped.
Include logs and temporary artifacts in data destruction workflows.