Claude EU Hosting: How to Keep Your Data in Europe Under GDPR
Can Claude be hosted in the EU?
Not through claude.ai or the direct Anthropic API — those use US infrastructure by default. EU-only Claude processing requires deployment via AWS Bedrock EU profiles (Frankfurt, Ireland, Paris) or Google Cloud Vertex AI EU regions.
- Direct claude.ai and Anthropic API do not offer EU-only data residency.
- AWS Bedrock eu-central-1 (Frankfurt) is the primary confirmed path for German companies.
- Google Cloud Vertex AI provides EU-region alternatives including Belgium and the Netherlands.
- Microsoft 365 Copilot + Claude is explicitly excluded from the Microsoft EU Data Boundary as of January 2026.
Claude EU hosting is not available through the direct Anthropic API or claude.ai by default. If EU-only data processing is a legal requirement for your organisation, the two confirmed architectural paths are Claude via AWS Bedrock EU profiles (Frankfurt eu-central-1, Ireland eu-west-1, Paris eu-west-3) or Claude via Google Cloud Vertex AI EU regions. Direct access to claude.ai or the Anthropic API routes data through US-based infrastructure and relies on Standard Contractual Clauses (SCCs) as the Chapter V GDPR transfer mechanism — which may or may not be sufficient depending on your data categories and internal policies.
This matters most for businesses in Germany and the DACH region that must comply with the GDPR, operate in regulated sectors, or hold contractual commitments to EU-only data processing. Before choosing a deployment path, the architecture decision and the legal setup need to be reviewed together.
The three deployment paths — and what they mean for EU data residency
Not every Claude deployment is equal under GDPR. The table below maps the four main paths to their data residency defaults:
| Deployment path | Data location default | EU-only option | AVV / DPA path | Typical use case |
|---|---|---|---|---|
| claude.ai / Claude.com direct | US by default | No dedicated EU option | Anthropic DPA (Team/Enterprise) | Individual and team productivity |
| Anthropic API direct | US by default | No dedicated EU option | Anthropic commercial DPA | Custom integrations, product development |
| Claude via AWS Bedrock | Configurable by region | Yes — Frankfurt, Ireland, Paris | AWS DPA + Bedrock model terms | Enterprise with existing AWS setup |
| Claude via Google Vertex AI | Configurable by region | Yes — Belgium, Netherlands, Poland, and more | Google Cloud DPA | Enterprise with existing GCP setup |
The key takeaway: EU hosting is an architecture question, not a product feature you can enable with a checkbox. Companies that want confirmed EU-only processing need to deploy through Bedrock or Vertex AI and verify region configuration, cross-region inference settings, and connected services.
Claude via AWS Bedrock — EU regions explained
For most German companies, AWS Bedrock eu-central-1 (Frankfurt) is the primary option for EU-localised Claude deployment. It offers geographic proximity, fits naturally into existing AWS governance and procurement frameworks, and AWS confirms that customer content is encrypted and stored at rest in the region where the service is used.
Key points for legal and procurement teams:
- Primary EU regions: eu-central-1 (Frankfurt), eu-west-1 (Ireland), eu-west-3 (Paris)
- Cross-region inference profiles: Bedrock supports cross-region inference for availability and latency purposes. If this feature is enabled, inference may route to regions outside your chosen primary region. Legal teams should confirm whether cross-region profiles are active.
- Contract shift: When you use Claude via AWS Bedrock, the main processor contract is with AWS, not Anthropic. The AWS DPA and Article 28 GDPR processor terms govern the infrastructure. This is a material legal change versus a direct Anthropic purchase.
- Model-provider layer still applies: AWS publishes separate third-party model terms for Bedrock. The Anthropic model-provider terms for Bedrock describe additional conditions including acceptable use. Procurement must review both the AWS layer and the model-provider layer.
For a full analysis of the AWS legal framework, see our AWS Bedrock DPA and GDPR guide.
Claude via Google Cloud Vertex AI — EU regions
Google Cloud Vertex AI is the second confirmed EU-hosting path for Claude. Google has deployed Claude models in several EU regions, including:
- europe-west1 (Belgium)
- europe-west4 (Netherlands)
- europe-central2 (Poland)
Additional regions may be available depending on model availability at the time of deployment.
Legally, the Vertex AI setup operates under Google Cloud’s DPA and GDPR framework rather than Anthropic’s commercial terms. Key review points:
- Confirm the applicable Google Cloud DPA covers your specific Vertex AI use case and data categories
- Verify which EU regions are active for the Claude model version you intend to use
- Review Google Cloud’s subprocessor list and assess whether any support or operational access could create third-country exposure
- Check whether your Google Cloud agreement includes the EU-region restriction you need, or whether additional configuration is required
Companies that already operate under a mature Google Cloud procurement framework may find Vertex AI the more natural path, while AWS-first organisations will typically default to Bedrock.
Direct Anthropic API — what the contract says about data location
If you use the Anthropic API without Bedrock or Vertex AI, data is processed in Anthropic’s US-based infrastructure. Anthropic’s commercial DPA addresses this through Standard Contractual Clauses (SCCs) as the Chapter V GDPR transfer mechanism, specifically the EU SCCs under Commission Implementing Decision 2021/914.
What this means in practice:
- SCCs are a recognised transfer mechanism under GDPR, but they come with obligations. Companies must perform a Transfer Impact Assessment (TIA) to verify that the SCCs provide effective protection given US law and surveillance frameworks.
- For many internal productivity workflows with low-sensitivity data, SCCs via the direct Anthropic API can be an acceptable setup.
- For workflows involving special categories of personal data (Article 9 GDPR), large volumes of customer data, or data subject to sector-specific regulation, a TIA and closer legal review are needed before relying solely on SCCs.
The practical rule: if your internal policy or customer contracts require EU-only processing, the direct Anthropic API is not sufficient. If SCCs are acceptable for your data and risk profile, the direct API can work — but that decision requires legal input, not just a procurement assumption.
Microsoft 365 Copilot + Claude — the EU Data Boundary gap
One important caveat for companies relying on Microsoft 365 for GDPR geographic compliance: the Microsoft 365 Copilot integration with Claude is explicitly excluded from the Microsoft EU Data Boundary, effective January 2026.
This means:
- Companies using Microsoft 365 Copilot and assuming that all Copilot-connected AI services are covered by the Microsoft EU Data Boundary are wrong — Claude is not included.
- If your organisation’s data governance policy relies on the Microsoft EU Data Boundary as the geographic compliance mechanism, you cannot extend that assumption to Claude accessed through Copilot.
- Microsoft’s own documentation confirms this exclusion. Procurement and privacy teams should verify the current scope of the Microsoft EU Data Boundary against any AI tool integrations before treating them as EU-compliant by inheritance.
This is a frequently missed detail in procurement reviews. The Microsoft EU Data Boundary covers a defined set of Microsoft services — third-party AI models integrated through Copilot are not automatically included.
Practical decision guide — which setup to choose
| Scenario | Recommended path |
|---|---|
| EU-only required, existing AWS contract in place | Claude via AWS Bedrock (Frankfurt eu-central-1) |
| EU-only required, existing Google Cloud contract | Claude via Vertex AI (EU region) |
| SCCs acceptable, no EU-only requirement | Direct Anthropic API with TIA |
| Using Microsoft 365 Copilot | Cannot rely on EU Data Boundary — verify separately |
| Hybrid (some EU-only, some not) | Bedrock or Vertex AI for EU-sensitive workflows; API for others |
The right choice depends on your existing cloud infrastructure, procurement framework, and the data categories you plan to process. For most German companies with established AWS environments, Bedrock is the lowest-friction EU-hosting path for Claude.
What EU hosting does NOT solve
Choosing an EU-hosted deployment path is a necessary step for geographic compliance — but it is not a complete GDPR solution on its own.
Even with Bedrock Frankfurt or Vertex AI EU regions, you still need:
- A valid AVV (Auftragsverarbeitungsvertrag): Either the AWS DPA for Bedrock, the Google Cloud DPA for Vertex AI, or the Anthropic commercial DPA for direct use. The contract must reflect the actual processing setup.
- A subprocessor review: AWS and Google both maintain subprocessor lists. Legal should confirm that any third-country subprocessor exposure is covered by the applicable transfer mechanism.
- A DSFA (Datenschutz-Folgenabschätzung / DPIA) where required: Article 35 GDPR requires a DPIA if the processing is likely to result in a high risk to individuals. EU hosting reduces transfer risk but does not eliminate the DPIA trigger.
- Internal usage rules: Which data may be sent to Claude, by whom, under what conditions, and with what data minimisation measures — these must be documented regardless of geography.
- Works council assessment if needed: Under section 87(1) no. 6 BetrVG, employee-facing Claude deployments may trigger co-determination rights in Germany. EU hosting does not affect this analysis.
For a complete GDPR and procurement review of Claude, see our Claude Enterprise DPA guide.
FAQ
Does claude.ai offer EU servers?
No, not as of April 2026. Direct access through claude.ai or the Anthropic API defaults to US infrastructure. Companies with EU-only data residency requirements cannot rely on the consumer or standard API product for that purpose.
Which AWS Bedrock region is closest to Germany?
The primary region for German companies is eu-central-1 in Frankfurt. This is the standard choice for organisations that need German or EU-proximate data processing. Ireland (eu-west-1) and Paris (eu-west-3) are additional EU options.
Does switching to Bedrock change the legal setup for the AVV?
Yes — switching to Claude via AWS Bedrock means the primary processing contract shifts to AWS, not Anthropic. The AWS DPA governs the infrastructure layer, and Anthropic model-provider terms apply on top. This is a different legal structure than a direct Anthropic purchase and requires its own review.
Is Google Vertex AI GDPR compliant for Claude?
Vertex AI operates within Google Cloud’s GDPR framework, which provides EU-region infrastructure and a DPA structure. However, GDPR compliance for a specific Claude deployment on Vertex AI depends on how you configure the setup, which EU region you use, and whether the Google Cloud DPA covers your data categories. Individual legal advice is recommended.
Can I use Claude for work data with just SCCs from the direct API?
Possibly, but this requires a case-by-case legal analysis. SCCs are a valid Chapter V GDPR transfer mechanism, but they must be backed by a Transfer Impact Assessment and internal documentation. Whether SCCs are sufficient for your specific data types and risk level is a legal question, not a procurement assumption. Where EU-only processing is required contractually or by internal policy, the direct Anthropic API is not the right path.
