![OpenAI]()
On Thursday, OpenAI announced the launch of data residency in Europe, enabling organizations across the continent to comply with local data sovereignty regulations while using the company's AI products.
Data residency determines where an organization’s data is physically stored and how it is governed under local policies. Many major tech firms, including cloud providers, have already established European data residency programs to help businesses align with data protection laws such as the General Data Protection Regulation (GDPR), Germany’s Federal Data Protection Act, and the U.K.’s Data Protection Act.
Big Tech Moves Toward Localized Data Storage
The shift toward stronger data sovereignty has been gaining momentum. In October, GitHub launched cloud data residency in the EU for its GitHub Enterprise customers. Around the same time, Amazon Web Services (AWS) introduced a “sovereign cloud” for Europe, ensuring that metadata remains within EU borders. Google followed suit by offering data residency options for machine learning processing in the U.K.
With OpenAI’s latest move, ChatGPT Enterprise and Edu customers can now opt to have their data stored at rest within Europe. API users can also select in-region processing for “eligible endpoints.” Additionally, OpenAI confirmed that API requests made under European data residency will be processed with zero data retention, meaning model queries and responses won’t be stored permanently. However, the company noted that this feature is currently limited to new projects and cannot be applied retroactively to existing ones.
Regulatory Scrutiny and the Future of AI Data Governance
OpenAI’s data handling practices have drawn scrutiny from European regulators. Authorities in Spain and Germany have launched investigations into ChatGPT’s data processing, while Italy’s data protection watchdog recently fined the company €15 million ($15.6 million) over alleged violations of consumer data protection laws.
The debate over AI-related data residency is not unique to OpenAI. Chinese AI startup DeepSeek, which runs a language model and chatbot, has also faced regulatory concerns over its data processing practices.
Last year, the European Data Protection Board (EDPB) released guidelines to assist EU regulators in assessing AI services' compliance with data protection rules. The report highlighted key concerns such as the lawfulness of data collection, transparency, and accuracy—issues that remain central to the ongoing discussion about AI governance in Europe.
With this latest data residency initiative, OpenAI aims to strengthen its presence in Europe while reinforcing security, privacy, and compliance measures for organizations using its AI solutions.