Loading the catalogue…
Loading the catalogue…
Compliance posture
Stav's assessment · serving-side
Google LLC is a US-incorporated operator subject to CLOUD Act and FISA 702, operating Gemini inference globally on its own infrastructure with EEA serving available only through billing-enabled Vertex AI with explicit EU region-pinned endpoints — a configuration that EU regulated customers must actively select rather than receive by default. Stav's operational verdict: EEA-routed inference is technically available via billing-enabled Vertex AI with ZDR approved in writing, but the unresolved CLOUD Act/FISA 702 exposure requires a Transfer Impact Assessment and a derogation under GDPR Article 49 or documented supplementary measures (e.g. customer-managed encryption) before this provider can be used for regulated personal data; free-tier and consumer API key deployments are unsuitable for any personal or regulated data.
Vertex AI supports named EEA region-pinned endpoints (Belgium, Netherlands, Finland, Warsaw), but the consumer Gemini API (AI Studio) processes globally with no region pinning, and the latest model generations may transiently lack single-EU-region endpoints.
Google LLC is US-incorporated and subject to CLOUD Act and FISA 702 regardless of where inference physically runs; SCCs cannot cure this structural exposure, and the EU-US DPF is subject to an active CJEU challenge (Latombe) with the PCLOB rendered non-functional in early 2025.
Paid tiers commit to no training use and ZDR is available per-project on request, but ZDR is not the default and requires explicit approval; Grounding with Google Search/Maps carries a mandatory 30-day retention with no opt-out even under ZDR, and the free tier trains on prompts by default.
Risk assessment
Google LLC is incorporated in the United States and is subject to the CLOUD Act (which allows US authorities to compel disclosure of data held anywhere) and FISA Section 702 (reauthorised with expanded scope in April 2024). These statutory obligations override contractual commitments such as SCCs and cannot be cured by EU-region data localisation alone. The EU-US Data Privacy Framework does not remove CLOUD Act or FISA 702 exposure, and the PCLOB—the independent oversight body cited 31 times in the DPF adequacy decision—was rendered non-functional in early 2025 after the Trump administration dismissed its members. An active CJEU challenge (Latombe, appealed October 2025) could invalidate the DPF, as happened to Safe Harbour and Privacy Shield. source ↗
LEGAL_EXPOSUREThe consumer Gemini API (ai.google.dev / AI Studio) processes data globally with no region pinning. EU data residency is only guaranteed when using Vertex AI with an explicit EU region endpoint (e.g. europe-west1, europe-west4) or Workspace Enterprise with the EU multi-region configured. Newer model generations (e.g. Gemini 3.5 Flash as of May 2026) initially launch on global endpoints only and gain regional EU endpoints over time, meaning the latest models may transiently have no EU-resident inference path. The global endpoint explicitly does not support data residency requirements per Google's own documentation. source ↗
DATA_RESIDENCYOn the paid Gemini API, prompts and responses are logged for a limited period solely for abuse/prohibited-use-policy detection. The retention window is not stated as a fixed number of days in the standard paid terms (unlike the free tier, which is up to 30 days). Grounding with Google Search and Google Maps features each store prompts and outputs for 30 days with no opt-out. Zero Data Retention (ZDR) is available per-project on request for eligible paid customers but must be explicitly applied for and approved; it is not the default. When ZDR is approved, all user content and identifiable metadata are cleared prior to logging.
Safeguards
Google Cloud holds ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC 2 Type II, SOC 3, and BSI C5:2020 certifications, covering cloud security, privacy information management, and cloud-specific controls. Reports are downloadable via the Compliance Reports Manager. source ↗
On the paid Gemini API and Vertex AI, Google contractually commits not to use customer prompts or responses to improve its products. Human review of conversations does not occur without explicit consent. Workspace Enterprise admins can shorten or fully disable prompt storage for their domain. source ↗
Zero Data Retention (ZDR) is available for eligible paid Gemini API and Vertex AI projects on a per-project basis. When approved, all user content (prompts and responses) and identifiable metadata (IP addresses, account IDs) are cleared prior to logging. Customers must request and receive approval from Google's account team. source ↗
Vertex AI supports EU region-pinned inference endpoints (europe-west1 Belgium, europe-west4 Netherlands, europe-north1 Finland, europe-central2 Warsaw). Gemini Enterprise supports EU multi-region data residency for at-rest storage and ML processing. Workspace Enterprise supports EU data-region locking including for Gemini features in Workspace apps. source ↗
Privacy-policy issues
Free-tier AI Studio trains on prompts by default; human reviewers may annotate inputs/outputs. source ↗
The unpaid Gemini API and AI Studio tiers use submitted content for model improvement and allow human annotation of inputs and outputs; the terms explicitly warn against submitting sensitive or personal data. EEA users receive a no-training carve-out by Google's self-assertion but this is not independently verified.
Grounding features carry a mandatory 30-day retention with no opt-out. source ↗
Both Grounding with Google Search and Grounding with Google Maps store prompts, contextual information, and generated output for 30 days with no mechanism to disable this retention, even for customers who have otherwise obtained Zero Data Retention status.
ZDR is not a default; it requires explicit per-project application and approval. source ↗
Zero Data Retention is an opt-in feature that must be requested from the Google Cloud account team on a per-project basis; customers who do not proactively request and receive approval remain subject to abuse-monitoring prompt logging for an unspecified limited period.
Certifications & legal documents
Endpoints served · 9
Google Cloud holds a comprehensive, sourced certification stack — ISO 27001, 27017, 27018, 27701, SOC 2 Type II, SOC 3, BSI C5:2020, and FedRAMP — backed by custom Titan hardware, Access Transparency logs, and VPC Service Controls for network isolation.
A Cloud DPA with SCCs is publicly available for billing-enabled GCP projects, but DPA coverage depends on account provisioning method (consumer API keys may not be covered), and the DPF as the primary transfer mechanism is politically fragile and under active legal challenge.
The free-tier AI Studio / unpaid Gemini API uses submitted content to improve products and services including for machine-learning purposes; human reviewers may annotate inputs and outputs. The terms explicitly warn against submitting sensitive, confidential, or personal data on this tier. EU customers in EEA/Switzerland/UK receive the paid-tier no-training policy even on free tiers per Google's regional commitments, but this regional carve-out is contractually self-asserted by Google and not independently audited. source ↗
SERVING_RETENTIONGoogle publishes a third-party sub-processor list at cloud.google.com/terms/subprocessors. However, sub-processor lists for the Gemini Developer API (ai.google.dev) are distinct from Google Cloud / Vertex AI sub-processors; the extent to which the consumer API sub-processor chain overlaps with the Cloud DPA sub-processor list is not clearly delineated in public documentation. For certain Advanced AI partner models on Vertex AI, prompt and response logs are shared in real-time with the MaaS partner's trust and safety teams when the Advanced AI Safety Addendum applies. source ↗
SUBPROCESSINGThe Google Cloud DPA (cloud.google.com/terms/data-processing-addendum) is available for Workspace and GCP customers and includes SCCs for third-country transfers. However, the Gemini Developer API (ai.google.dev) operates under separate Terms of Service; whether the Cloud DPA automatically covers Gemini API calls depends on how the customer has provisioned their account (billing-enabled GCP project vs. consumer API key). Customers using a consumer API key without a billing-enabled GCP project may not be covered by the Cloud DPA and SCCs. source ↗
CONTRACTUALFISA 702 authorises bulk collection from US electronic communications service providers targeting non-US persons abroad, describing essentially every European business customer. For national-security requests there is no adversarial process, no customer notice, and no practical way to challenge. Austrian, French, and Italian DPAs have issued enforcement decisions concluding that certain US cloud arrangements violate GDPR, effectively ruling that CLOUD Act exposure without adequate technical mitigation constitutes a GDPR transfer violation. GDPR Article 48 states that foreign court orders for data transfer can only be enforced in the EU if based on a recognised international agreement. source ↗
LEGAL_EXPOSUREA Cloud Data Processing Addendum is publicly available and includes Standard Contractual Clauses for third-country transfers. A HIPAA Business Associate Addendum is available for Gemini for Workspace as of September 2025. A published third-party sub-processor list is maintained at cloud.google.com/terms/subprocessors. source ↗
Google operates its own global fibre infrastructure and data centres with custom hardware security (Titan security chips). Access Transparency logs provide near-real-time audit logs of Google administrator access to customer content. VPC Service Controls and Private Service Connect allow network-isolation of Gemini API traffic to avoid public internet transit. source ↗
Google publicly documents the Zero Data Retention feature, per-feature retention windows (including the 30-day Grounding with Google Search/Maps carve-out), the abuse-monitoring logging basis, and the conditions under which data may be shared with MaaS partners. A public status page and incident history are maintained. source ↗
Google Cloud is one of the three major hyperscalers with a global multi-region infrastructure. Google publishes per-service SLAs (cloud.google.com/terms/sla) and operates a public service health dashboard. Mandiant (acquired by Google) provides 24/7 incident response capability. source ↗
Gemini Developer API DPA coverage depends on account provisioning method. source ↗
The Cloud DPA and SCCs apply to billing-enabled GCP-project-backed Gemini API usage; customers using a consumer API key without GCP billing may not be covered by the Cloud DPA, leaving the legal basis for GDPR-compliant third-country transfer unclear.
CLOUD Act / FISA 702 exposure unresolved by SCCs or DPF; active Schrems III challenge pending. source ↗
As a US-incorporated entity, Google remains subject to CLOUD Act production orders and FISA 702 collection regardless of EU data residency or SCCs. The EU-US DPF—which is the primary transfer mechanism cited in Google's DPA—is subject to an active CJEU challenge (Latombe) appealed in October 2025, and its political underpinnings have weakened following the dismantling of the PCLOB in early 2025.