Security you can rely on

Your AI workloads deserve uncompromising protection — enterprise-grade encryption, smart access management and secure-by-design infrastructure.

Nebius GPU Cloud is built to secure every layer of your compute experience.

Security

By design

We integrate security into the design and development of our systems from the outset, ensuring that security controls and safeguards are built-in, not bolted on.

By default

We configure our systems to be secure by default, ensuring that the most secure settings and options are enabled automatically, without manual intervention or explicit configuration.

Security compliance

We are committed to the highest standards of security, privacy and business continuity, implementing GDPR and CCPA-compliant policies and practices with full transparency.

These certifications and audit reports are currently in progress, and are expected to be completed this year.

ISO/IEC 27001

ISO/IEC 27799

ISO 22301

ISO/IEC 27701

ISO/IEC 27017/18

ISO/IEC 27032

SOC 2 Type II

HIPAA

Key security features

Data center security

Our infrastructure is hosted in data centers that meet high industry standards for physical and environmental security.

These facilities are equipped with multi-layered access controls, including biometric authentication, video surveillance and 24/7 on-site security personnel. Critical systems are protected by redundant power, cooling and fire suppression systems, to ensure high availability and resilience.

Secure SDLC

Our software development process employs separate development, test and production environments, with strict segregation of responsibilities.
We implement comprehensive version control and maintain controls over source code libraries, to ensure we adhere to structured SDLC methodologies. Security is integrated into every development phase — we conduct thorough application security testing and utilize automated source-code analysis tools to detect potential security defects before deployment.

Customer workload isolation

We design our infrastructure to ensure strong isolation between customer environments, to prevent unauthorized access and data leakage across tenants.

Network isolation

Customer environments are segmented using virtual private clouds (VPCs) which provide isolated software-defined networks for secure communication and access control.

InfiniBand isolation

We enforce traffic segregation across the InfiniBand network layer, ensuring strict separation of data paths.

Kubernetes isolation

In our Managed Services for Kubernetes® offering, each tenant’s cluster is isolated at the virtual machine level. This ensures that workloads run in dedicated environments, enhancing both security and performance.

Shared responsibility matrix

Understanding who’s responsible for what is critical to maintaining a secure cloud environment. Our shared responsibility model clarifies security obligations between Nebius and our customers.

Applications

Orchestration

Compute. Networking. Storage

On Premise

Identity & access management

Customer data backups

Application security

OS security

Network security (overlay)

Monitoring and logging

Encryption at rest

Network security (underlay)

Hardware security

Data center security

Nebius

Customer

Shared**

Privacy and data protection

GDPR and other applicable legislation

As an EU data processor, we operate under GDPR — the gold standard for data privacy worldwide. This regulatory framework ensures our customers receive comprehensive data protection that meets the highest global standards. By building privacy by design into our products, we provide the robust data protection that GDPR compliance guarantees, fostering customer trust while ensuring full regulatory compliance.

Our technical and organizational measures are designed to safeguard data and uphold data subject rights; and ensure transparency, security and accountability throughout our services.

Data residency

We honor our customers’ data residency requirements by ensuring that customer data remains within the geographic region of their choice. Our infrastructure is designed to support regional data localization, allowing customers to select where their data is stored and processed.

This approach helps meet compliance obligations and organizational policies related to security and privacy.

Privacy by default and design

We embed Privacy by Design and by Default principles through concrete actions: conducting privacy impact assessments for each and every initiative potentially affecting personal data, establishing clear boundaries for legitimate interest processing, and maintaining full transparency in our communications.

Our systems default to the most privacy-friendly settings, implement role-based access controls, and automatically anonymize data where feasible. We integrate privacy considerations into our architecture from the ground up, ensuring data protection is built into our systems rather than added as an afterthought.

Contact us

If you have any questions or concerns related to security, or if you’ve noticed something suspicious, please email us.

For any privacy-related inquiries, please contact our privacy team.

* Excluding Network SSD Non-replicated and Network SSD IO M3 disks.

** Logging, monitoring and encryption are shared responsibilities in Nebius, as customers must configure observability and choose between encrypted or faster unencrypted storage based on their needs.