Regulus
Install See the diff

Plugin

Data residency plugin

RegulusDataResidencyPlugin
BeforeAgentCallbackAfterModelCallback

Fail-closed residency on memory and artifact writes. Checks the resolved region against the active profile's allowed set. Cross-border writes are denied, not silently dropped.

What it does #

The residency plugin checks every memory write, artifact store write, and model invocation against the resolved residency rule for the active regulation profile set. Cross-region writes fail closed; the agent sees a RESIDENCY_DENIED decision in place of the write.

Why fail-closed matters #

GDPR Article 44 (international transfers) and the equivalent UK GDPR provision impose strict conditions on personal-data transfers outside the originating jurisdiction. The plugin’s failure mode is the question: if your residency check fails open (the write goes through when the region check errors), you’ve potentially exported personal data without a lawful basis. The plugin fails closed instead.

Resolution rules #

Multiple profiles compose:

  • Intersection. Active profiles’ residency sets intersect. If two profiles’ sets don’t overlap, the plugin requires an explicit override profile (residency-override.yaml) and audits the override.
  • Strict mode. regulus.residency.strict-mode: true denies if any region cannot be resolved (e.g. an unknown service region).
  • Override audit. If an override is configured, every write emits an OVERRIDE_USED event in the audit chain with the override’s identifier — so a DPO can review.

Memory + artifact services #

The plugin pairs with the residency-aware service extensions:

  • RegulusVertexAiSessionService — region check on session create.
  • RegulusFirestoreMemoryService — region check on memory write.
  • RegulusGcsArtifactService — region check on artifact create.

The plugin also gates the model invocation itself: a Tier-1 model provisioned in us-central1 will be denied for an EU AI Act agent unless explicitly overridden.

Configuration #

regulus:
  residency:
    strict-mode: true
    allowed-regions:
      - europe-west2  # London
      - europe-west3  # Frankfurt
    override-file: classpath:residency-override.yaml

The override file lists the override IDs that are accepted, each with a documented justification and the DPO sign-off Principal.

Status today #

The plugin enforces residency on the wrapped service extensions (RegulusVertexAiSessionService etc.). Custom service implementations must opt into the check by implementing the ResidencyAware interface. The default ADK services that aren’t wrapped are not gated — mix with care.

Regulations this plugin emits evidence for

Install the CLI All 8 plugins