Share via

Foundation Model APIs compliance and security

This article describes the compliance standards and security profile support for Databricks Foundation Model APIs.

Databricks Foundation Model APIs support various compliance standards to meet enterprise security and regulatory requirements. The availability of these standards varies by deployment mode: pay-per-token or provisioned throughput.

Compliance standards support: Pay-per-token

Pay-per-token workloads are HIPAA compliant.

  • For customers with the Compliance Security Profile enabled, pay-per-token workloads are available provided that compliance standard HIPAA or None is selected.
  • Other compliance standards (PCI-DSS, FedRAMP, IRAP, CCCS, UK Cyber Essentials Plus) are not currently supported for pay-per-token workloads.

Compliance standards support: Provisioned throughput

Provisioned throughput workloads support the full range of compliance standards available for Model Serving:

  • HIPAA compliance across all regions.
  • Additional compliance standards (PCI-DSS, FedRAMP, IRAP, CCCS, UK Cyber Essentials Plus) in supported regions.
  • Recommended for all workloads that require compliance certifications beyond HIPAA.

Note

These compliance standards require served containers to be built in the most recent 30 days. Databricks automatically rebuilds outdated containers on your behalf. However, if this automated job fails, an event log message like the following appears:

"Databricks couldn't complete a scheduled compliance check for model $servedModelName. This can happen if the system can't apply a required update. To resolve, try relogging your model. If the issue persists, contact support@databricks.com."

Data processing and residency

The region and corresponding geography where your Foundation Model API requests are processed depends on your workspace region and the specific model being used:

  • As part of providing the Foundation Model APIs, Databricks might process your data outside of the region where your data originated, but not outside of the relevant geographical ___location.
  • If your workspace is in a Model Serving region but not a US or EU region, your workspace must be enabled for cross-Geo data processing.
  • See Designated Services for geographic areas that process pay-per-token and provisioned throughput workloads.

Regional model availability

Certain models have regional restrictions based on compliance and infrastructure requirements.

The following table summarizes region availability limitations for pay-per-token endpoints:

Region Models Details
US-only models The following models are supported only in Foundation Model APIs pay-per-token supported US regions:
  • Anthropic Claude Opus 4.1
  • Meta Llama 3.1 405B Instruct
  • BGE Large (En)
EU and US models The following models are available in pay-per-token EU and US supported regions.
  • OpenAI GPT-5
  • OpenAI GPT-5 mini
  • OpenAI GPT-5 nano
  • Anthropic Claude Sonnet 4.5
  • Anthropic Claude Sonnet 4
  • Anthropic Claude 3.7 Sonnet
 If your workspace is not in an EU or US region but is in a supported Model Serving region, you can enable cross-Geo data processing to access these models.

Security best practices

Topic Details
Access control
  • Foundation Model API endpoints are protected by workspace-level access controls.
  • Only workspace admins can modify governance settings for Foundation Model APIs endpoints.
  • Endpoints respect networking-related ingress rules configured on the workspace.
Network security
  • Endpoints respect IP allowlists and Private Link configurations.
  • Private connectivity (such as Azure Private Link) is only supported for model serving endpoints that use provisioned throughput or endpoints that serve custom models.
Container security
  • Model Serving does not provide security patches to existing model images to avoid destabilization of production deployments.
  • New model images created from new model versions will contain the latest patches.
  • Containers are automatically rebuilt every 30 days for compliance requirements.

Additional resources