Article Details

Sovereign-ish: Google Cloud keeps AI data in UK, but not the support. Processing and storage for Gemini 2.5 Flash to stay in Blighty. Google Cloud is attempting to ease concerns about where AI data is stored by offering organizations the option to keep Gemini 2.5 Flash machine learning processing entirely within the UK. The option is an acknowledgment of local data (if perhaps not operational) sovereignty and compliance needs. Having data heading offshore for AI is a big no-no for many sectors, such as financial services. However, UK support calls will be routed to Google's global support personnel, while EU customers can receive support from personnel located in the bloc. Just how sovereign is "sovereign," really? Yes, a customer can select Google Cloud's UK region (europe-west2) when using Gemini 2.5 Flash to store data in that region. Yes, machine learning computations (the "processing") for Gemini 2.5 Flash can be limited to within the UK region. However, for data to unequivocally never leave the UK's jurisdictional boundary, support would theoretically also need to take place in the UK. Veteran Linux vendor SUSE this week, for example, highlighted the risk of data crossing a boundary in the name of customer support. One solution from Google is customers keeping their own encryption keys, ensuring their data remains safe from prying eyes. It would therefore be up to the customer to decide if those keys need to be given up. That said, according to Hayete Gallot, Google's customer experience boss, support generally involves troubleshooting why a virtual machine (VM) has failed or analyzing log files. Alternatives include Google Cloud Airgapped, where open source versions of it's software reside on servers fully disconnected from the internet, or Google Cloud Dedicated, where the software is run by a "trusted partner". However, the latter service is only available in Germany and France at present. Mark Boost, CEO of UK cloud vendor Civo, expressed concern about Google's ties to the US. Also noting plans to upskill UK civil servants in Google's technology, he said: "This new partnership positions Google Cloud at the heart of the UK's digital infrastructure, despite being governed by the US CLOUD Act. "Under this legislation, government data, even if data is hosted in the UK, could still be accessed by US authorities if stored on Google's platform." He added: "What's missing from the announcement is any confirmation that safeguards are in place to prevent overseas access to data stored on Google Cloud. When you're dealing with highly sensitive information, especially NHS health records, the legal framework around data access shouldn't be vague or implied. It should be made crystal clear to the public, whose private information is at stake. Right now, we don't have that assurance." We asked Google about demands for data access from, for example, the US authorities. A spokesperson directed us to the company's whitepaper [PDF] on dealing with government requests. The spokesperson went on to say that Google's processes "meet international best practices for responding to government requests, which we evaluate on a case-by-case basis for adherence to applicable laws and regulations." "In the event of a government request, our policy is to redirect the request to the customer in question." Or there's always the option of encrypting data. The spokesperson added: "Google Cloud offers customer-managed encryption capabilities for GCP and Workspace that give customers complete control of the keys used to encrypt and decrypt their data. This enables customers to deny decryption of their data by any party, including Google Cloud."