Choosing an AI service with an EU data region does not, on its own, prove there are no international transfers. Hosting, support, telemetry, sub-processors, backups and remote access all need to be checked. Whenever personal data is made available to an entity outside the EEA, Chapter V of the GDPR applies on top of every other processing obligation.
Map the real data flow
The first step is to build an inventory covering every data flow involved in using the AI service:
- prompts and attachments;
- responses;
- logs and telemetry;
- embeddings and indexes;
- training or fine-tuning data;
- memory;
- connected tools;
- backups;
- support;
- moderation and safety.
For each flow, record the exporter, the importer, the country, the purpose, the data category, the frequency, the transfer mechanism and the retention period.
A data region is not the same as no access
A provider can store data in the EU and still allow support from third countries, or rely on sub-processors with a global footprint. The assessment must therefore be based on the contract and the actual architecture of the service, not on the region selector shown in the interface.
The question to answer is who can access the data, with what credentials, from where, and whether that access is technically possible, regardless of where the data is advertised to reside.
Order of mechanisms
Adequacy decision
If the European Commission has recognised an adequate level of protection for the destination country, data can flow under that decision, subject to its scope and conditions.
Article 46 safeguards
Absent an adequacy decision, standard contractual clauses (SCCs), binding corporate rules or other valid mechanisms can be used. The 2021 SCCs require specific annexes and a genuine description of the measures actually applied, not a generic boilerplate reference.
Article 49 derogations
These are designed for specific, one-off situations and must not be used to support transfers that are massive, repetitive and structural.
SCCs and annexes
The annexes to the standard contractual clauses must identify:
- parties and roles;
- data subjects and data categories;
- frequency;
- purpose;
- retention period;
- sub-processors;
- competent authority;
- technical and organisational measures.
Copying the phrase “encryption and access control” without describing how it is actually implemented is not enough to support the required safeguards.
Transfer impact assessment (TIA)
A transfer impact assessment (TIA) examines whether the law and practice of the destination country could undermine the agreed safeguards. It should cover:
- the transfer and the mechanism used;
- the country and the importer;
- relevant legislation in the destination country;
- documented experience, where relevant;
- the possibility of public authority access to the data;
- applicable supplementary measures;
- residual risk after applying the measures;
- approval and periodic review.
A TIA must not rely solely on the provider's own representations.
Supplementary measures
Technical
- strong encryption;
- keys under European control where feasible;
- pseudonymisation;
- minimisation;
- local pre-processing;
- data segregation;
- time-limited, logged access.
Contractual
- challenging access requests;
- transparency;
- notification;
- access limitations;
- audit rights;
- return and deletion.
Organisational
- government request policy;
- oversight of support access;
- training;
- record-keeping;
- periodic review of sub-processors.
If no measure can guarantee protection essentially equivalent to that of the EU, the transfer must not go ahead.
AI-specific considerations
AI services can generate derived data, embeddings or inferences. Even when they do not reproduce the original data verbatim, these outputs can still be personal data and must be included in the transfer analysis.
It is also necessary to check whether the provider uses the content to improve its own models. That purpose can change its role in the processing and require a different legal basis, more information for data subjects, and tighter control by the customer.
Sub-processors
The contract must set out the list, location, role and change mechanism for sub-processors. A general authorisation requires prior notice and a genuine right to object under the applicable terms, not a clause that empties it of substance.
A long chain of sub-processors increases uncertainty. It must be possible to identify who hosts the data, who moderates it, who monitors it and who provides support at every link in the chain.
Transfers through connected tools
An AI agent can send data to search engines, email, CRM systems or connected plugins. Each tool is an independent flow that must be assessed separately. Permissions and recipients must be explicitly restricted; the model itself cannot be left to decide the destination jurisdiction.
Records and transparency
The record of processing activities (RPA) must reflect the transfers and the safeguards applied. Information given to data subjects must mention the destination countries or categories, the mechanisms used, and how to obtain a copy of the safeguards where applicable.
Transparency alone does not legitimise a disproportionate transfer: a legal basis and a genuine need must exist first.
Ongoing review
Several triggers require the analysis to be revisited:
- a new sub-processor;
- a change of region;
- a change in the law;
- a new tool;
- use of data for training;
- a security incident;
- a new category of data processed;
- a change of model or product.
The contract and its analysis are monitored on an ongoing basis; they are not filed away once and forgotten.
Review plan
Week 1
Technical and contractual inventory.
Week 2
Roles, countries and mechanisms.
Week 3
Transfer impact assessment (TIA) and supplementary measures.
Week 4
Decision, documentation and configuration.
Common mistakes
- Relying solely on the provider offering an EU region.
- Ignoring support access and telemetry.
- Signing the SCCs without completing the annexes.
- Using Article 49 routinely instead of as an exception.
- Failing to assess embeddings as possible personal data.
- Not knowing who the sub-processors are.
- Leaving the agent's connected tools uncontrolled.
- Encrypting with keys managed by the same provider without assessing the risk.
- Not informing data subjects.
- Not reviewing later changes to the service.
Checklist
- All data flows identified.
- Exporter and importer determined.
- Countries and remote access reviewed.
- Adequacy decision or valid safeguard applied.
- SCCs complete, with annexes.
- TIA documented.
- Supplementary measures defined.
- Sub-processors identified.
- RPA and data subject information updated.
- Change monitoring in place.
Frequently asked questions
Does hosting in Europe avoid international transfers?
Not necessarily. Support, sub-processors and remote access from outside the EEA must also be reviewed.
Are the SCCs always enough?
No. The context of the destination country must be assessed, and supplementary measures applied where needed to achieve protection essentially equivalent to that of the EU.
Is an embedding personal data?
It can be, if it relates to an identified or identifiable person, or allows them to be singled out or inferred. It must be assessed case by case, depending on the context.
Can consent be used as the basis for these transfers?
The Article 49 derogations (including explicit consent) are restrictive and are rarely an adequate basis for structural, recurring services.
Official sources consulted
- AEPD (Spanish DPA): safeguards for international transfers
- EDPB: guidance for small businesses
- European Commission: SCCs, questions and answers
- AEPD (Spanish DPA): guidance on agentic AI
Summum Consultoría can map the data flows, review the SCCs and TIA, and coordinate the necessary technical and organisational measures.