This post covers the US regulatory landscape for AI data residency as of April 2026. It is a companion to our infrastructure guide on self-hosted AI, which covers the architecture, hardware selection, and operational reality of on-premise inference regardless of jurisdiction. We also have regional guides for Canadian and UK/EU markets.
The US Landscape
There is no single US federal data residency law. AI data residency requirements come from a patchwork of sector-specific federal regulations, agency guidance, and a growing body of state privacy legislation. Two companies in the same city, processing similar data, can face very different compliance requirements depending on their industry and customer base.
The US also occupies a unique position in the global data residency conversation. For organizations in Canada, Europe, and Australia, the CLOUD Act is the primary threat to their data residency guarantees because it allows US authorities to compel disclosure from US-headquartered providers regardless of where the data is stored. US-based organizations do not face that cross-border tension because the compulsion originates from their own jurisdiction. It becomes relevant when a US company serves international customers and those customers discover that their data, stored on US-provider infrastructure in their own country, is reachable by US courts. If that describes your business, this matters for your compliance posture. Our infrastructure guide covers the CLOUD Act in more detail.
The sections below cover each major regulatory framework that imposes requirements relevant to AI data handling, processing location, and third-party risk management for US companies.
HIPAA and Protected Health Information
HIPAA requires that any entity processing Protected Health Information (PHI) execute a Business Associate Agreement (BAA) with every service provider that touches that data. The BAA must specify how PHI is handled, where it is processed, and what security controls are in place.
Vendors routinely market HIPAA compliance as if it meant US-only processing, however, HIPAA is silent on data location. What it demands is the contractual and technical accountability chain described above, which means every component in the AI pipeline that sees patient data needs to be covered under a BAA. That includes the inference endpoint, any embedding or vector database that stores document chunks derived from patient records, any logging system that captures input/output pairs, and any fine-tuning pipeline that uses PHI as training data. If you are sending PHI in a prompt to a cloud LLM API, the API provider must be a Business Associate with a signed BAA.
Several major AI API providers now offer BAA-eligible tiers. OpenAI launched "OpenAI for Healthcare" with BAA support, data residency options, customer-managed encryption keys, and a contractual guarantee that customer data is not used for model training. Anthropic, Google, and Microsoft offer similar BAA-eligible configurations through their enterprise and API products. The important detail: the default API access for most of these providers is not BAA-covered. You need to be on the correct plan and have the agreement executed before any PHI touches the endpoint.
AI-specific BAA considerations: Standard BAAs were written before generative AI was common and may not address AI-specific data flows. When reviewing or negotiating a BAA with an AI vendor, confirm that it explicitly covers whether PHI can be used for model training (it should be prohibited), data retention policies for prompts and outputs, sub-processor coverage (the cloud infrastructure provider under the AI vendor), and data residency for inference processing. A BAA that covers "data storage" but not "inference processing" may leave a gap.
De-identification as a compliance path. HIPAA's Safe Harbor method (removing 18 specific identifier categories) or Expert Determination method can take data outside HIPAA's scope entirely. If your AI use case can work with de-identified data, this is the most straightforward compliance path. De-identification must be done before data reaches the AI pipeline, not as a processing step within it. A system that receives PHI, strips identifiers, and then sends the de-identified text to an LLM has still processed PHI in the first step, and the entire pipeline is in scope.
Building AI on regulated data? We've designed de-identification pipelines and boundary architectures that keep PHI and other sensitive data out of your inference path.
OCR enforcement trends. The HHS Office for Civil Rights has increased enforcement activity around third-party technology and tracking tools since its December 2022 bulletin clarifying that HIPAA applies to tracking technologies on covered entity websites. While that bulletin specifically addressed web analytics, the underlying principle applies to AI: if PHI is transmitted to a third party, HIPAA applies regardless of how the transmission is framed technically. Healthcare data breaches cost an average of $7.42 million and took 279 days to contain in 2025, according to IBM's Cost of a Data Breach Report, the longest lifecycle of any industry.
GLBA, OCC, and Financial Services
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to protect nonpublic personal information (NPI) and explain their information-sharing practices to customers. The FTC's Safeguards Rule, which underwent significant amendments effective June 2023, requires non-bank financial institutions to develop, implement, and maintain a comprehensive information security program with specific requirements around access controls, encryption, multi-factor authentication, and breach notification.
The definition of "financial institution" under GLBA is broad. It covers any company "significantly engaged" in financial activities, including mortgage companies, auto dealerships with financing, tax preparers, financial advisors, and payment processors. If your business receives, maintains, or transmits nonpublic personal financial information about consumers, you likely fall under the Safeguards Rule. The small business exemption only applies to firms with fewer than 5,000 customer records, and even those firms must have a written security program.
AI-specific implications. The Safeguards Rule does not mention AI by name, but its requirements around third-party risk management, data encryption, access controls, and continuous monitoring all apply when a financial institution sends NPI to an AI service. The FTC's 2023 amendments added specific technical requirements: MFA for all access to customer information, encryption of data at rest and in transit, annual penetration testing, and breach notification to the FTC within 30 days for incidents affecting 500+ individuals. Violations can result in fines of up to $51,744 per violation per day.
Banking regulators and third-party AI. The OCC, FDIC, and Federal Reserve issued final interagency guidance on third-party relationships in June 2023 (OCC Bulletin 2023-17). This guidance treats AI providers as third-party service providers subject to the same risk management expectations as any other vendor. Banks must conduct due diligence before engaging an AI vendor, monitor the relationship on an ongoing basis, secure contractual protections around data handling and service levels, and plan for contingencies if the vendor fails or the relationship ends. The guidance explicitly addresses subcontractor chains ("4th party" relationships), meaning that if your AI vendor runs on a cloud provider, you need to understand the risks introduced by that cloud provider as well.
For AI deployments specifically, banking examiners expect you to demonstrate that you understand where your data is processed, who has access, and what the jurisdictional risks are. A cloud provider's assurance that data stays in the US will not satisfy an examiner who asks about subprocessor chains, administrative access from offshore support teams, or the provider's obligations under foreign legal process.
The Bank Policy Institute published a detailed paper on navigating AI in banking that identifies four risk management areas particularly relevant to AI: risk governance, model risk management (under SR 11-7), data risk management, and third-party risk management. Banking organizations are expected to integrate oversight of AI into their existing enterprise risk management frameworks, not treat it as a separate category.
GLBA modernization. The House Financial Services Committee is actively working on modernizing GLBA's privacy provisions, with draft legislation that would expand coverage to data aggregators and payment platforms, update the definition of NPI, and potentially preempt state privacy laws for covered financial institutions. This is in early stages as of April 2026, but financial institutions should track it because the modernized requirements may include AI-specific governance obligations.
FedRAMP and Government Work
If you are processing federal government data or selling to federal agencies, FedRAMP (Federal Risk and Authorization Management Program) defines the security requirements. FedRAMP authorization is based on NIST SP 800-53 controls and is categorized into Low, Moderate, and High baselines. FedRAMP High requires more than 400 security controls and is required for the most sensitive unclassified government data, including Controlled Unclassified Information (CUI).
AI is being fast-tracked. In August 2025, GSA and FedRAMP announced an initiative to prioritize authorization of AI-based cloud services that provide conversational AI for federal workers. This initiative, part of the FedRAMP 20x modernization pilot, aims to get qualifying AI services authorized in as little as two months, compared to the traditional multi-year timeline. The criteria require enterprise-grade features (SSO, SCIM, RBAC, real-time analytics), data separation guarantees (no cross-customer model training), and the ability to meet FedRAMP 20x Low authorization requirements. FedRAMP planned to finalize the first three AI prioritization authorizations in January 2026.
The FedRAMP marketplace now lists over 500 authorized cloud services. IBM announced FedRAMP authorization for 11 AI and automation solutions in April 2026, including watsonx products, deployed on AWS GovCloud. This is the pattern: AI vendors achieving authorization through deployment on already-authorized government cloud infrastructure.
What this means for self-hosted AI. If your organization processes federal data and the relevant agency requires FedRAMP authorization, your self-hosted inference infrastructure must meet the same NIST 800-53 controls. This is achievable but requires significant documentation, continuous monitoring, and either an agency ATO (Authority to Operate) or a FedRAMP authorization. The FedRAMP 20x pilot is making this faster for cloud AI services, but self-hosted deployments still go through the traditional ATO process with the sponsoring agency.
Practical advice: If you are selling AI services to federal agencies and do not yet have FedRAMP authorization, deploying on an already-authorized infrastructure provider (AWS GovCloud, Azure Government, Google Cloud for Government) and pursuing authorization through that platform is typically faster than authorizing your own infrastructure from scratch. If you need self-hosted infrastructure for sovereignty reasons, begin the ATO process early; it will take months, not weeks.
State Privacy Laws
As of April 2026, 20 US states have comprehensive privacy laws in effect. Indiana, Kentucky, and Rhode Island took effect on January 1, 2026, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Oregon, Texas, Montana, Delaware, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, and Tennessee.
No new comprehensive state privacy laws were enacted in 2025, but several states amended existing frameworks, and the enforcement landscape intensified significantly.
California remains the most demanding. The CCPA/CPRA applies to for-profit businesses that meet any of: annual gross revenue exceeding $26.6 million (2025-2026 inflation-adjusted figure), processing personal data of 100,000+ California residents annually, or deriving 50%+ of revenue from selling personal information. New regulations effective January 1, 2026 added:
- Automated Decision-Making Technology (ADMT) requirements. Businesses must provide opt-outs when ADMT is used in decisions that "replace or substantially replace human decision-making." Human reviewers must be able to interpret ADMT outputs and have authority to change or correct the final decision. This directly applies to AI systems making decisions about consumers.
- Privacy risk assessments. Required before initiating processing that presents a "significant risk" to consumer privacy, including selling/sharing personal information, processing sensitive personal information, using ADMT for significant decisions, and training AI technologies.
- Cybersecurity audits. Mandatory independent audits for businesses meeting specified revenue/data-volume thresholds, with phased certifications due starting April 1, 2028.
The CPPA has hundreds of investigations in progress as of early 2026, with penalties of up to $7,988 per intentional violation, and the agency can investigate conduct dating back to January 1, 2020.
Texas has real enforcement teeth. Texas entered enforcement under the Texas Data Privacy and Security Act (TDPSA, effective July 2024) with a signal that it intends to pursue significant penalties. A settlement exceeding $1 billion with a major technology company in 2025 established Texas as a jurisdiction with genuine enforcement capacity.
Colorado's requirements diverge from California's. Colorado's Privacy Act requires businesses to honor universal opt-out mechanisms, conduct DPIAs for high-risk processing, and produce detailed risk assessment documentation that diverges materially from California's ADMT regime. Businesses cannot produce a single assessment document that satisfies both states. Colorado has no cure period and no private right of action.
AI-specific state regulation. California's Transparency in Frontier Artificial Intelligence Act took effect on January 1, 2026. Colorado has delayed but not abandoned its comprehensive AI Act. The overall trend is convergence of privacy and AI governance requirements at the state level, with California and Colorado leading.
For AI systems specifically: If your AI application processes personal data of consumers in multiple states, you are likely subject to multiple overlapping state laws with different requirements for opt-out mechanisms, risk assessments, data minimization, and automated decision-making disclosures. A single national compliance program is increasingly difficult to maintain because the requirements conflict in places. California requires privacy risk assessments for AI training; Colorado requires separate DPIAs with different scopes; other states have different thresholds for coverage entirely. Budget for compliance counsel who specializes in multi-state privacy.
Sector-Specific Considerations
Beyond the frameworks above, several sectors have additional requirements that affect AI data handling:
Insurance. The NAIC (National Association of Insurance Commissioners) has been developing model bulletins on AI use in insurance, focusing on bias testing, transparency, and governance. Several states have adopted or are adopting these model provisions. If your AI system is used in underwriting, claims, or pricing decisions, state insurance regulations may impose additional requirements beyond general privacy law.
Securities. The SEC has proposed rules around predictive data analytics and AI in broker-dealer and investment adviser contexts, focusing on conflicts of interest. While the rulemaking timeline is uncertain, firms using AI for investment recommendations or trading should anticipate compliance obligations around model governance and disclosure.
Education. FERPA (Family Educational Rights and Privacy Act) protects student education records and imposes requirements similar to HIPAA's BAA structure when data is shared with third parties. AI tools processing student data need appropriate agreements in place.
Need help with AI compliance for regulated industries? We build compliant AI infrastructure for healthcare, financial services, and government-adjacent organizations. From initial compliance assessment through architecture, deployment, and ongoing operations, we can help you navigate the regulatory requirements for your specific sector and data classification. Talk to our team.
What This Means for Infrastructure Decisions
US regulation generally focuses on accountability rather than localization. You must know where your data is processed, who has access, and what controls are in place. You must have appropriate agreements with every third party in the chain. You must be able to demonstrate all of this to your regulator or auditor. Narrow exceptions to this pattern exist in some state and sector-specific contexts.
For most US organizations, cloud AI APIs from major providers are compliant if properly configured, with the correct plan tier, signed agreements, and documented risk assessments. Self-hosted infrastructure becomes relevant when:
- Your regulator requires controls that go beyond what cloud providers offer (particularly in banking and government)
- Your data classification requires that no third party process it at all
- You serve international customers whose regulators have stricter data sovereignty requirements (see our Canadian and UK/EU guides)
- Your inference volume makes self-hosting more cost-effective and you want to own the security surface end-to-end
Our infrastructure guide covers the technical architecture, hardware selection, security design, and operational reality for self-hosted AI deployments.