Foundation Model APIs compliance and security

This article describes the compliance standards and security profile support for Databricks Foundation Model APIs.

Databricks Foundation Model APIs support various compliance standards to meet enterprise security and regulatory requirements. The availability of these standards varies by deployment mode: pay-per-token or provisioned throughput.

Compliance standards support: Pay-per-token

Pay-per-token workloads are HIPAA compliant.

• For customers with the Compliance Security Profile enabled, pay-per-token workloads are available provided that compliance standard HIPAA or None is selected.
• Other compliance standards (PCI-DSS, FedRAMP, IRAP, CCCS, UK Cyber Essentials Plus) are not currently supported for pay-per-token workloads.

Compliance standards support: Provisioned throughput

Provisioned throughput workloads support the full range of compliance standards available for Model Serving:

• HIPAA compliance across all regions.
• Additional compliance standards (PCI-DSS, FedRAMP, IRAP, CCCS, UK Cyber Essentials Plus) in supported regions.
• Recommended for all workloads that require compliance certifications beyond HIPAA.

note

These compliance standards require served containers to be built in the most recent 30 days. Databricks automatically rebuilds outdated containers on your behalf. However, if this automated job fails, an event log message like the following appears:

"Databricks couldn't complete a scheduled compliance check for model $servedModelName. This can happen if the system can't apply a required update. To resolve, try relogging your model. If the issue persists, contact support@databricks.com."

Data processing and residency

The region and corresponding geography where your Foundation Model API requests are processed depends on your workspace region and the specific model being used:

• As part of providing the Foundation Model APIs, Databricks might process your data outside of the region and cloud provider where your data originated.
• If your workspace is in a Model Serving region but not a US or EU region, your workspace must be enabled for cross-Geo data processing.
• See Designated Services for geographic areas that process pay-per-token and provisioned throughput workloads.

Regional model availability

Certain models have regional restrictions based on compliance and infrastructure requirements.

The following table summarizes region availability limitations for pay-per-token endpoints:

Region	Models	Details
US-only models	The following models are supported only in Foundation Model APIs pay-per-token supported US regions: Anthropic Claude Opus 4
EU and US models	Anthropic Claude 3.7 Sonnet and Anthropic Claude Sonnet 4 are available in pay-per-token EU and US supported regions.	If your workspace is not in an EU or US region but is in a supported Model Serving region, you can enable cross-Geo data processing to access these models.

Security best practices

Topic	Details
Access control	Foundation Model API endpoints are protected by workspace-level access controls Only workspace admins can modify governance settings for Foundation Model APIs endpoints Endpoints respect networking-related ingress rules configured on the workspace
Network security	Endpoints respect IP allowlist configurations. You can restrict outbound network access from Model Serving endpoints by configuring network policies. See Manage network policies for more information.
Container security	Model Serving does not provide security patches to existing model images to avoid destabilization of production deployments. New model images created from new model versions will contain the latest patches. Containers are automatically rebuilt every 30 days for compliance requirements.

Additional resources

• Foundation Model APIs overview
• Foundation Model APIs rate limits and quotas
• Model Serving limits and regions
• Databricks Geos
• Designated Services