“Where does our data go?” is one of the first questions UK businesses ask about AI — and rightly so. Here’s what you need to know about AI data residency in 2026, cited to official guidance. (dgm implements osFoundry as an independent partner. General information, not legal advice — involve your DPO.)

UK GDPR governs personal data wherever it’s processed. Data doesn’t have to physically stay in the UK, but international transfers need a valid transfer mechanism — adequacy, or appropriate safeguards such as the IDTA/Addendum. Two practical points:

  • The UK has an adequacy relationship with the EU, so UK–EU data flows are generally straightforward.
  • US transfers need extra care and a lawful transfer basis.

So “data residency” for the UK is less about a hard UK-only rule and more about knowing where data goes and having a lawful basis for it.

Check where your AI provider stores data

Many AI platforms default to US storage — which may be fine with the right safeguards, but is worth knowing, especially for personal, sensitive or regulated data (health, financial, public-sector). Always check the provider’s data-residency options before committing sensitive workloads.

osFoundry’s regions — and the honest gap

For transparency: osFoundry self-reports per-region storage pinning for US, EU and JP — there is no dedicated UK region. For UK businesses with data-residency concerns, the practical answers are:

  1. Use the EU region — UK–EU flows are eased by adequacy; or
  2. Self-host osFoundry in your own AWS, GCP or Azure account (its BYO Cloud model) — so data stays in your own infrastructure entirely.

We’d rather state that plainly than imply a UK region exists.

How to keep UK data under control

  • Choose an appropriate region (EU for UK adequacy comfort, or self-host).
  • Self-host the platform so data never leaves your infrastructure.
  • Bring your own key so prompts go to model providers you choose and control.
  • Minimise the personal data sent to any AI in the first place.
  • Assess transfers as part of a DPIA.

Where osFoundry and dgm fit

For UK data-sensitive workloads, dgm uses osFoundry’s EU region or a self-hosted deployment in your own cloud (with your own KMS keys), plus a data-residency assessment during scoping. osFoundry also supports local inference on your own hardware — so for the most sensitive cases, data needn’t leave the device at all. That range of options is the practical answer to “keep our UK data under control”.

dgm is an independent integration partner with zero integrations so far, and not a law firm. Residency and transfer decisions should be confirmed with your DPO. To scope a data-residency-aware AI project, book a consultation with dgm.