Run AI models and store AI data in approved regions

For the purposes of this questionnaire, approved regions refer to geographic locations that you (the vendor) have designated as authorized for running AI workloads or storing AI-related data. These regions may be defined based on internal policy, customer contracts, or applicable legal and regulatory requirements. This section assesses how those region lists are maintained and enforced. 1. Do you maintain a list of approved regions for AI model execution and data storage? If yes, provide the current list and describe the criteria or frameworks (e.g., regulatory, contractual, internal risk) you use to approve or exclude regions. 2. How do you ensure that AI workloads are executed only within the approved regions? Describe the systems or enforcement mechanisms in place (e.g., cloud provider restrictions, deployment policy enforcement, monitoring). 3. What safeguards prevent AI data from transiting outside of approved regions? Include technical controls, encryption boundaries, routing constraints, or alerting mechanisms that support regional data residency. 4. Have you conducted any audits or assessments in the past 12 months to verify compliance with your approved-region restrictions? If so, summarize who conducted the review, what was assessed, and any findings or actions taken.