Security you can rely on
Your AI workloads deserve uncompromising protection — enterprise-grade encryption, smart access management and secure-by-design infrastructure.
Nebius GPU Cloud is built to secure every layer of your compute experience.
Security
Security compliance
We are committed to the highest standards of security, privacy and business continuity, implementing GDPR and CCPA-compliant policies and practices with full transparency.
These certifications and audit reports are currently in progress, and are expected to be completed this year.
Customer workload isolation
We design our infrastructure to ensure strong isolation between customer environments, to prevent unauthorized access and data leakage across tenants.
Network isolation
Customer environments are segmented using virtual private clouds (VPCs) which provide isolated software-defined networks for secure communication and access control.
InfiniBand isolation
We enforce traffic segregation across the InfiniBand network layer, ensuring strict separation of data paths.
Kubernetes isolation
In our Managed Services for Kubernetes® offering, each tenant’s cluster is isolated at the virtual machine level. This ensures that workloads run in dedicated environments, enhancing both security and performance.
Shared responsibility matrix
Understanding who’s responsible for what is critical to maintaining a secure cloud environment. Our shared responsibility model clarifies security obligations between Nebius and our customers.
Applications
Orchestration
Compute. Networking. Storage
On Premise
Identity & access management
Customer data backups
Application security
OS security
Network security (overlay)
Monitoring and logging
Encryption at rest
Network security (underlay)
Hardware security
Data center security
Nebius
Customer
Shared**
Privacy and data protection
.png?cache-buster=2025-06-30T10:52:19.563Z)
GDPR and other applicable legislation
As an EU data processor, we operate under GDPR — the gold standard for data privacy worldwide. This regulatory framework ensures our customers receive comprehensive data protection that meets the highest global standards. By building privacy by design into our products, we provide the robust data protection that GDPR compliance guarantees, fostering customer trust while ensuring full regulatory compliance.
Our technical and organizational measures are designed to safeguard data and uphold data subject rights; and ensure transparency, security and accountability throughout our services.

Data residency
We honor our customers’ data residency requirements by ensuring that customer data remains within the geographic region of their choice. Our infrastructure is designed to support regional data localization, allowing customers to select where their data is stored and processed.
This approach helps meet compliance obligations and organizational policies related to security and privacy.

Privacy by default and design
We embed Privacy by Design and by Default principles through concrete actions: conducting privacy impact assessments for each and every initiative potentially affecting personal data, establishing clear boundaries for legitimate interest processing, and maintaining full transparency in our communications.
Our systems default to the most privacy-friendly settings, implement role-based access controls, and automatically anonymize data where feasible. We integrate privacy considerations into our architecture from the ground up, ensuring data protection is built into our systems rather than added as an afterthought.
Contact us
If you have any questions or concerns related to security, or if you’ve noticed something suspicious, please email us.
For any privacy-related inquiries, please contact our privacy team.
* Excluding Network SSD Non-replicated and Network SSD IO M3 disks.
** Logging, monitoring and encryption are shared responsibilities in Nebius, as customers must configure observability and choose between encrypted or faster unencrypted storage based on their needs.