Skip to content

Region support

The Data Localization Suite allows you to restrict where your data is processed and stored. The table below shows which regions are available for each DLS feature:

  • Geo Key Manager — restricts where your TLS private keys are stored.
  • Regional Services — restricts which Cloudflare data centers can decrypt and inspect your HTTPS traffic.
  • Customer Metadata Boundary (CMB) — restricts where your logs and analytics data are stored.

Region types

Regional Services regions come in two types:

  • Managed regions — predefined regions that Cloudflare maintains, identified by a region key (for example, eu or us). These are the regions listed in the tables below. They are available to all accounts, though some may require specific entitlements. Most customers use a managed region.
  • Custom regions — regions tailored to your account that restrict processing to a specific set of data centers, for when the managed regions do not meet your compliance requirements. Custom regions are set up through your account team. They are available for Regionalized Spectrum Applications and Regionalized IP Bindings, but not for Regional Hostnames.

Managed and custom regions apply to Regional Services. The other Data Localization Suite features use their own region settings:

  • Customer Metadata Boundary can be set to the United States or the European Union. By default no boundary is applied. FedRAMP customers set it to the United States.
  • Geo Key Manager controls where TLS private keys are stored using its own set of locations.

The tables below show which managed regions each product supports.

Available regions

Some regions are defined by geography (for example, "Germany"), while others are defined by compliance frameworks:

  • FedRAMP Moderate — the US Federal Risk and Authorization Management Program, a government security certification standard. "Domestic" means only US-based certified data centers. "International" includes certified data centers outside the US.
  • IRAP Protected — the Australian government's Information Security Registered Assessors Program. This region includes IRAP-assessed data centers, which may be located outside Australia.
  • ISO 27001 Certified European Union — restricts traffic to EU data centers that hold ISO 27001 certification, an international standard for information security management.
  • Cloudflare Green Energy — restricts traffic to data centers powered by renewable energy sources. This is an energy-sourcing constraint, not a geographic one.

"Exclusive of" regions work in reverse — they exclude specific countries rather than restricting to them. For example, "Exclusive of Russia and Belarus" means Cloudflare will use any data center worldwide except those in Russia and Belarus.

Support by product and region is summarized in the following table. In the Customer Metadata Boundary column:

  • ✅ — the region corresponds to a metadata boundary you can select. CMB supports the United States and the European Union only; FedRAMP regions use the United States boundary.
  • "Can use EU metadata boundary." — the country is within the European Union, so the EU boundary applies.
  • ✘ — Customer Metadata Boundary is not available for this region.
RegionGeo Key ManagerRegional ServicesCustomer Metadata Boundary
Australia1
AustriaCan use EU metadata boundary.
Brazil
Canada1
Cloudflare Green Energy
European Union
Exclusive of Hong Kong and Macau
Exclusive of Russia and Belarus
FedRAMP Moderate Compliant (Domestic)1
FedRAMP Moderate Compliant (International)
FranceCan use EU metadata boundary.
Germany1Can use EU metadata boundary.
Hong Kong
India1
IRAP Protected
ISO 27001 Certified European UnionCan use EU metadata boundary.
ItalyCan use EU metadata boundary.
Japan1
NATO
NetherlandsCan use EU metadata boundary.
Russia
Saudi Arabia
Singapore1
South Africa
South Korea1
SpainCan use EU metadata boundary.
Switzerland
Taiwan
Turkey
United Arab Emirates
United Kingdom1Can use EU metadata boundary.
United States of America
US State of California
US State of Florida
US State of Texas

Refer to the table below for the complete list of available regions and their definitions.

RegionDefinition
AustraliaCloudflare will only use data centers that are physically located within Australia to decrypt and service HTTPS traffic.
AustriaCloudflare will only use data centers that are physically located within Austria to decrypt and service HTTPS traffic.
BrazilCloudflare will only use data centers that are physically located within Brazil to decrypt and service HTTPS traffic.
CanadaCloudflare will only use data centers that are physically located within Canada to decrypt and service HTTPS traffic.
Cloudflare Green EnergyCloudflare will only use data centers that are committed to powering their operations with renewable energy.
European UnionCloudflare will only use data centers that are physically located within the European Union. For more details, refer to the list of European Union countries.
Exclusive of Hong Kong and MacauCloudflare will only use data centers that are NOT physically located within Hong Kong and Macau to decrypt and service HTTPS traffic.
Exclusive of Russia and BelarusCloudflare will only use data centers that are NOT physically located within Russia and Belarus to decrypt and service HTTPS traffic.
FedRAMP Moderate Compliant (Domestic)Cloudflare will only use data centers that are FedRAMP Moderate certified and located within the United States.
FedRAMP Moderate Compliant (International)Cloudflare will only use data centers that are FedRAMP Moderate certified, including certified locations outside the United States.
FranceCloudflare will only use data centers that are physically located within Metropolitan France (the European territory of France) to decrypt and service HTTPS traffic.
GermanyCloudflare will only use data centers that are physically located within Germany to decrypt and service HTTPS traffic.
Hong KongCloudflare will only use data centers that are physically located within Hong Kong to decrypt and service HTTPS traffic.
IndiaCloudflare will only use data centers that are physically located within India to decrypt and service HTTPS traffic.
ISO 27001 Certified European UnionCloudflare will only use data centers that are physically located within the European Union and that adhere to the ISO 27001 certification.
IRAP ProtectedCloudflare will only use data centers that are IRAP protected, including certified locations outside Australia.
ItalyCloudflare will only use data centers that are physically located within Italy to decrypt and service HTTPS traffic.
JapanCloudflare will only use data centers that are physically located within Japan to decrypt and service HTTPS traffic.
NATOCloudflare will only use data centers that are physically located within North Atlantic Treaty Organization (NATO) countries. For more details, refer to the list of NATO countries.
NetherlandsCloudflare will only use data centers that are physically located within the Netherlands to decrypt and service HTTPS traffic.
RussiaCloudflare will only use data centers that are physically located within Russia to decrypt and service HTTPS traffic.
Saudi ArabiaCloudflare will only use data centers that are physically located within Saudi Arabia to decrypt and service HTTPS traffic.
SingaporeCloudflare will only use data centers that are physically located within Singapore to decrypt and service HTTPS traffic.
South AfricaCloudflare will only use data centers that are physically located within South Africa to decrypt and service HTTPS traffic.
South KoreaCloudflare will only use data centers that are physically located within South Korea to decrypt and service HTTPS traffic.
SpainCloudflare will only use data centers that are physically located within Spain to decrypt and service HTTPS traffic.
SwitzerlandCloudflare will only use data centers that are physically located within Switzerland to decrypt and service HTTPS traffic.
TaiwanCloudflare will only use data centers that are physically located within Taiwan to decrypt and service HTTPS traffic.
TurkeyCloudflare will only use data centers that are physically located within Turkey to decrypt and service HTTPS traffic.
United Arab EmiratesCloudflare will only use data centers that are physically located within United Arab Emirates to decrypt and service HTTPS traffic.
United KingdomCloudflare will only use data centers that are physically located within the United Kingdom to decrypt and service HTTPS traffic.
United States of AmericaCloudflare will only use data centers that are physically located within the United States of America to decrypt and service HTTPS traffic.
US State of CaliforniaCloudflare will only use data centers that are physically located within the US State of California to decrypt and service HTTPS traffic.
US State of FloridaCloudflare will only use data centers that are physically located within the US State of Florida to decrypt and service HTTPS traffic.
US State of TexasCloudflare will only use data centers that are physically located within the US State of Texas to decrypt and service HTTPS traffic.

Footnotes

  1. Only supported in Geo Key Manager v2, the current version with expanded region support. 2 3 4 5 6 7 8 9