This page provides a high-level view of the compliance certifications and security controls that are supported by Google Agentspace. The two components of Agentspace (Agentspace Enterprise and NotebookLM Enterprise) have different compliance certifications and security controls.
Certifications
Agentspace Enterprise and the NotebookLM Enterprise are compliant as follows:
| Compliance certification | Agentspace Enterprise | NotebookLM Enterprise |
|---|---|---|
| HIPAA | ✔ | ✘ |
| ISO 27001, ISO 27017, ISO 27018, and ISO 27701 | ✔ * | ✘ |
| SOC 1, SOC 2, SOC 3 | ✔ * | ✘ |
* Because Agentspace Enterprise shares infrastructure and an API with Vertex AI Search, its ISO and SOC compliance is inherited from Vertex AI Search. See Certifications for Vertex AI Agent Builder.
Security controls
Agentspace provides security horizontals.
| Security controls compliance | Agentspace Enterprise | NotebookLM Enterprise |
|---|---|---|
| Data Residency (DRZ) | ✔ US and EU multi-region APIs only | ✔ US and EU multi-region APIs only |
| Customer-managed encryption keys (CMEK) | ✔ US and EU multi-region APIs only * |
✘ |
| VPC Service Controls | ✔ (Preview) | ✔ |
| Access Transparency | ✔ US and EU multi-regions only | ✘ |
* Using external key manager (EKM) or hardware security module (HSM) with CMEK is in GA with allowlist.
What's next
Learn more about Google Cloud compliance.