This page describes the data residency support for backup vault, including supported workloads and limitations.
Data residency for backup vault meets compliance and regulatory requirements by allowing you to limit the geographic locations (regions) where Google Cloud data is stored. With data residency, organization policy administrators can enforce geographic locations where backup data can be stored.
Organizations with data residency requirements can set up a Resource Locations organization policy constraint that restricts the location of new backup resources at the organization, project, or folder level of their resource hierarchy.
Data residency scope and behavior
Data residency enforcement against the organization policy is checked only when new resources are created. For example, if the organization policy is set after some Backup vault have already been created, only new resources that violate the constraint will be blocked and the existing resources will be unaffected. Existing Backup Plans will continue to function normally, however manually triggered restore operations or creation of new Backup Plans that violate data residency constraints will fail if the restore location is not permitted by the policy.
Data residency compatibility
Data residency enforcement can be used with all workloads that don't depend on a management server and backup/recovery appliance.
Customers still have complete control over the location of backups managed by management servers and backup/recovery appliances, through the configuration options in the management server. However, these workloads are not constrained by the organizational policies.