Skip to main content

Foundation Model APIs compliance and security

This article describes the compliance standards and security profile support for Databricks Foundation Model APIs.

Databricks Foundation Model APIs support various compliance standards to meet enterprise security and regulatory requirements. The availability of these standards varies by deployment mode: pay-per-token or provisioned throughput.

Compliance standards support: Pay-per-token

Pay-per-token workloads are HIPAA compliant.

  • For customers with the Compliance Security Profile enabled, pay-per-token workloads are available provided that compliance standard HIPAA or None is selected.
  • Other compliance standards (PCI-DSS, FedRAMP, IRAP, CCCS, UK Cyber Essentials Plus) are not currently supported for pay-per-token workloads.

See Compliance security profile standards: Foundation Model APIs workloads.

Compliance standards support: Provisioned throughput

Provisioned throughput workloads support the full range of compliance standards available for Model Serving:

  • HIPAA compliance across all regions.
  • Additional compliance standards (PCI-DSS, FedRAMP, IRAP, CCCS, UK Cyber Essentials Plus) in supported regions.
  • Recommended for all workloads that require compliance certifications beyond HIPAA.

See Compliance security profile standards: Foundation Model APIs workloads.

note

These compliance standards require served containers to be built in the most recent 30 days. Databricks automatically rebuilds outdated containers on your behalf. However, if this automated job fails, an event log message like the following appears:

"Databricks couldn't complete a scheduled compliance check for model $servedModelName. This can happen if the system can't apply a required update. To resolve, try relogging your model. If the issue persists, contact support@databricks.com."

Data processing and residency

The region and corresponding geography where your Foundation Model API requests are processed depends on your workspace region and the specific model being used:

  • As part of providing the Foundation Model APIs, Databricks might process your data outside of the region and cloud provider where your data originated.
  • If your workspace is in a Model Serving region but not a US or EU region, your workspace must be enabled for cross-Geo data processing.
  • See Designated Services for geographic areas that process pay-per-token and provisioned throughput workloads.

Regional model availability

Certain models have regional restrictions based on compliance and infrastructure requirements.

Region

Models

Details

US-only models

The following models are supported only in Foundation Model APIs pay-per-token supported US regions:

  • Anthropic Claude Opus 4
  • Meta Llama 3.1 405B Instruct
  • BGE Large (En)

EU and US models

Anthropic Claude 3.7 Sonnet and Anthropic Claude Sonnet 4 are available in pay-per-token EU and US supported regions.

If your workspace is not in an EU or US region but is in a supported Model Serving region, you can enable cross-Geo data processing to access these models.

Security best practices

Topic

Details

Access control

  • Foundation Model API endpoints are protected by workspace-level access controls.
  • Only workspace admins can modify governance settings for Foundation Model APIs endpoints.
  • Endpoints respect networking-related ingress rules configured on the workspace.

Network security

  • Endpoints respect IP allowlists and PrivateLink configurations.
  • You can restrict outbound network access from Model Serving endpoints by configuring network policies.
  • See Manage network policies for more information.

Container security

  • Model Serving does not provide security patches to existing model images to avoid destabilization of production deployments.
  • New model images created from new model versions will contain the latest patches.
  • Containers are automatically rebuilt every 30 days for compliance requirements.

Additional resources

Last updated on