Retell + NIS2: Is Full EU Data Residency Actually Possible?

Support Help
1

A few days ago I asked about GDPR + NIS2 constraints while building a multilingual voice agent on Retell. The team responded and clarified a few things.

What I understood so far:

  • No training on customer call data

  • Subprocessor changes → 15 days notice + 10-day objection window

  • Breach notification within 5 business days

  • Data retention is configurable (can disable storage)

  • SCCs are available if needed

So overall, from a GDPR standpoint, this looks workable.

Where I’m stuck and need help:

Right now I’m building this system for an EU-based client that falls under NIS2, so the bar is higher than standard GDPR compliance. The requirement from their side is very clear: all data — processing, storage, and any related flow — needs to stay in the EU. This isn’t a “we’ll manage it contractually” situation. If the infrastructure itself is not EU-hosted, they won’t approve the deployment.

The issue I’m facing is that I can’t find a clear, reliable answer on whether Retell actually supports this. The documentation talks about compliance in a general sense, and SCCs help bridge legal gaps, but they don’t solve the core requirement here, which is physical/data residency. I’ve also come across a few mentions of EU hosting or enterprise setups, but nothing concrete enough that I can take back to the client with confidence.

At this point, everything else in the system works fine — the product fits, the workflow is solid, and we’re ready to move forward. This one piece is the only blocker, and without a clear answer, I can’t decide whether to continue with Retell or switch to something else before going deeper into implementation.

What I need clarity on:

  1. Does Retell currently support full EU data residency (not just via SCCs, but actual EU-hosted infrastructure)?

  2. If yes, how can I access or enable it?

  3. If not, is this something that’s planned in the near future?

  4. If it’s not supported, what alternatives are people using for strict EU/NIS2 requirements?

Please answer these questions.

Thankyou.

2

Hi @saad

Thank you for sharing your questions. I’ve forwarded them to our team for review.

We’ll get back to you as soon as we have an update.

Best regards

3

Hey @saad

Here are the answers to your questions.

Does Retell support full EU data residency?
No — not currently. As stated in our compliance documentation https://docs.retellai.com/general/compliance, we do not currently operate services within the European Union. All data processing and storage happens in the US (AWS US regions).

What we do offer for GDPR:

  • GDPR compliance via legal transfer mechanisms — we offer a self-serve Data Processing Addendum (DPA) with Standard Contractual Clauses (SCCs) available at https://click-agreements.retellai.com
  • SOC 2 Type I & II certification and HIPAA compliance — details at our Trust Center https://trust.retellai.com
  • Data encryption in transit and at rest

However, as you correctly identified, SCCs address the legal basis for cross-border data transfers under GDPR — they do not satisfy a physical EU data residency requirement, which is what NIS2-regulated entities typically demand.

Is EU hosting planned?
I don’t have a confirmed timeline for EU-hosted infrastructure on our roadmap. I’m flagging this to our product and leadership team as a concrete enterprise need, since we’re seeing increasing demand from EU-facing builders.

Partial mitigation (if helpful):
If your architecture allows it, you could use Retell’s Custom LLM integration to host your own LLM within the EU, keeping the LLM processing leg EU-resident. However, Retell’s core STT, TTS, telephony, and call storage would still flow through US infrastructure — so this doesn’t achieve full residency.

Thank You