This page provides a high-level view of the compliance certifications and security controls that are supported by Google Agentspace. The two components of Agentspace (Agentspace and NotebookLM Enterprise) have different compliance certifications and security controls.
Certifications
Agentspace and the NotebookLM Enterprise are compliant as follows:
| Compliance certification | Agentspace | NotebookLM Enterprise |
|---|---|---|
| HIPAA | ✔ | ✔ |
| ISO 27001, ISO 27017, ISO 27018, and ISO 27701 | * | * |
| SOC 1, SOC 2, SOC 3 | * | * |
| PCI DSS | * | * |
* Compliance certifications at Google Cloud are maintained through a structured internal process featuring regular independent audits for new and existing products. We have a long history of meeting certification requirements, including ISO 27xxx, SOC reports, and PCI DSS. Agentspace and NotebookLM Enterprise, being built on the same Google Cloud infrastructure as many of our certified products, already inherit a significant number of security and privacy controls and will be included in future certification audits.
Security controls
Agentspace provides the following security horizontals.
| Security controls compliance | Agentspace | NotebookLM Enterprise |
|---|---|---|
| Data Residency (DRZ) | ✔ US and EU multi-region APIs only | ✔ US and EU multi-region APIs only |
| Customer-managed encryption keys: CMEK for Agentspace CMEK for NotebookLM Enterprise |
✔ US and EU multi-region APIs only 1 |
✔ US and EU multi-region APIs only 1 |
| VPC Service Controls | ✔ | ✔ |
| Access Transparency | ✔ US and EU multi-regions only | ✔ US and EU multi-regions only |
1 Using external key manager (EKM) or hardware security module (HSM) with CMEK is in GA with allowlist.
What's next
Learn more about Google Cloud compliance.