In today’s increasingly digital and complex geopolitical landscape, one technology trend is coming to the forefront: Knowing where your data is stored and processed is no longer a luxury—it’s a necessity. For European organisations, this is a particularly important requirement. Compliance with regulatory frameworks, growing customer demands for data privacy, operational resilience, and national security concerns all require tighter control over data location and handling. Or to use the flavor of the day: Organisations are demanding technology that enables increased ‘digital sovereignty’. At Zscaler, we are entrusted by almost 2,500 organisations across Europe (over 8,650 worldwide) to securely connect users, devices and applications through a Zero Trust architecture. Every day, we protect 45% of the Fortune 500 and 35% of the Global 2000 companies from threats, while enabling fast, seamless access to digital resources.We take that responsibility seriously—ensuring our customers across the public and private sectors maintain control over their data at every step. With this in mind, we want to remind you of the protections Zscaler provides, especially with respect to data control, which is always at the forefront of our customers’ minds.Data Control RequirementsData control and digital sovereignty impose significant compliance requirements on businesses; different jurisdictions demand varying security measures, retention periods, and disclosure practices, with varying penalties for non-compliance. For European businesses, this often translates into the need to keep data within the European Union or national borders to ensure legal compliance and mitigate risk. Indeed, maintaining control over where and how sensitive data is stored and processed is increasingly viewed as a core element of strategic cybersecurity and risk management and critical to data confidentiality, integrity, and availability.The General Data Protection Regulation (GDPR) is the cornerstone of data privacy in Europe. It imposes strict obligations on how personal data is collected, stored, processed, and transferred. But GDPR is only part of the picture. National demands—such as those governing critical infrastructure—may impose additional localisation requirements or stricter data handling rules. This regulatory complexity has only intensified with the rise of global SaaS and cloud services, which often involve cross-border data transfers and third-country access risks.For this reason, many organisations are moving away from centralised systems, towards architectures such as that pioneered by Zscaler, which can be configured to better meet local requirements. This also delivers tangible performance and resiliency benefits: keeping data close to where it’s used reduces latency, improving user experience and application responsiveness. Zscaler’s Trust CommitmentAt Zscaler, maintaining the trust our customers place in us is paramount, that’s why we built privacy and security into the architecture of our cloud-native platform, and deliver transparency and control to our clients. Key to this trust relationship are each of the following three pillars: Data Localization & Customer ControlWe adhere to the principles of Privacy by Design and Privacy by Default. This means:Zscaler does not store customer content. In support of additional visibility or countering a cyber threat, customers may direct Zscaler to retain specific types of content.We operate 25 datacentres in Europe, including 19 in the EU, to deliver low-latency, high-performance access. Customers have the option to exclusively use Zscaler’s European infrastructure, meaning transactions can be processed locally, and can individually opt in/out of any datacentre worldwide.Zscaler stores transaction logs that include user and IP address information, as well as metadata about the transaction, including bytes transferred or threats detected. Customers have full control over where their logs are stored. By default, European log data is stored in Europe. Customers can opt to host their own log servers.Logs are automatically deleted after they expire—six months by default for Internet Access logs.Zscaler provides customers with granular controls to prevent data loss. This includes indexing the sensitive data within the customer’s environment. As traffic is inspected by Zscaler (inline and out-of-path) it can be matched against the indexes, meaning Zscaler doesn’t ever see the original content.Transparency & Government AccessWe take a firm stance on transparency and customer control. In 2024, Zscaler received 91 government requests for user personal data. We disclosed zero. Over the last six years, we’ve received a total of 304 such requests and have never disclosed user data in response. Read the Zscaler Transparency Report here.Built for ResilienceOur cloud infrastructure is designed with multi-layered failover and disaster recovery capabilities:Blackouts are addressed through autonomous or manual failover mechanisms that reroute traffic in case of local datacentre outages. Zscaler operates multiple datacentresin many European countries. Customers can utilise any Zscaler datacentre for traffic processing.Brownouts are mitigated via features like latency-based dynamic service edge selection and customer-controlled datacentre exclusion.In the event of a catastrophic outage—such as a natural disaster, cyberattack, or sabotage—Zscaler’s business continuity framework ensures uninterrupted access to internet, SaaS, and private applications. Traffic can be rerouted to private service edges and limited to critical apps as needed.Our Commitment to Europe’s Digital FutureAt Zscaler, we understand that our European customers expect more than just compliance—they demand sovereignty, service continuity, control, and confidence in how their data is handled. Our platform is purpose built to meet these demands, aligning with the region’s regulatory landscape while supporting innovation and performance. We are committed to supporting and enabling Europe’s digital ambitions on Europe’s terms by delivering technology made for Europe, helping organisations modernise securely and without compromise. Because in the end, trust is the foundation of digital transformation, and without it, the pursuit of competitiveness and agility will stall before it even begins.
[#item_full_content] In today’s increasingly digital and complex geopolitical landscape, one technology trend is coming to the forefront: Knowing where your data is stored and processed is no longer a luxury—it’s a necessity. For European organisations, this is a particularly important requirement. Compliance with regulatory frameworks, growing customer demands for data privacy, operational resilience, and national security concerns all require tighter control over data location and handling. Or to use the flavor of the day: Organisations are demanding technology that enables increased ‘digital sovereignty’. At Zscaler, we are entrusted by almost 2,500 organisations across Europe (over 8,650 worldwide) to securely connect users, devices and applications through a Zero Trust architecture. Every day, we protect 45% of the Fortune 500 and 35% of the Global 2000 companies from threats, while enabling fast, seamless access to digital resources.We take that responsibility seriously—ensuring our customers across the public and private sectors maintain control over their data at every step. With this in mind, we want to remind you of the protections Zscaler provides, especially with respect to data control, which is always at the forefront of our customers’ minds.Data Control RequirementsData control and digital sovereignty impose significant compliance requirements on businesses; different jurisdictions demand varying security measures, retention periods, and disclosure practices, with varying penalties for non-compliance. For European businesses, this often translates into the need to keep data within the European Union or national borders to ensure legal compliance and mitigate risk. Indeed, maintaining control over where and how sensitive data is stored and processed is increasingly viewed as a core element of strategic cybersecurity and risk management and critical to data confidentiality, integrity, and availability.The General Data Protection Regulation (GDPR) is the cornerstone of data privacy in Europe. It imposes strict obligations on how personal data is collected, stored, processed, and transferred. But GDPR is only part of the picture. National demands—such as those governing critical infrastructure—may impose additional localisation requirements or stricter data handling rules. This regulatory complexity has only intensified with the rise of global SaaS and cloud services, which often involve cross-border data transfers and third-country access risks.For this reason, many organisations are moving away from centralised systems, towards architectures such as that pioneered by Zscaler, which can be configured to better meet local requirements. This also delivers tangible performance and resiliency benefits: keeping data close to where it’s used reduces latency, improving user experience and application responsiveness. Zscaler’s Trust CommitmentAt Zscaler, maintaining the trust our customers place in us is paramount, that’s why we built privacy and security into the architecture of our cloud-native platform, and deliver transparency and control to our clients. Key to this trust relationship are each of the following three pillars: Data Localization & Customer ControlWe adhere to the principles of Privacy by Design and Privacy by Default. This means:Zscaler does not store customer content. In support of additional visibility or countering a cyber threat, customers may direct Zscaler to retain specific types of content.We operate 25 datacentres in Europe, including 19 in the EU, to deliver low-latency, high-performance access. Customers have the option to exclusively use Zscaler’s European infrastructure, meaning transactions can be processed locally, and can individually opt in/out of any datacentre worldwide.Zscaler stores transaction logs that include user and IP address information, as well as metadata about the transaction, including bytes transferred or threats detected. Customers have full control over where their logs are stored. By default, European log data is stored in Europe. Customers can opt to host their own log servers.Logs are automatically deleted after they expire—six months by default for Internet Access logs.Zscaler provides customers with granular controls to prevent data loss. This includes indexing the sensitive data within the customer’s environment. As traffic is inspected by Zscaler (inline and out-of-path) it can be matched against the indexes, meaning Zscaler doesn’t ever see the original content.Transparency & Government AccessWe take a firm stance on transparency and customer control. In 2024, Zscaler received 91 government requests for user personal data. We disclosed zero. Over the last six years, we’ve received a total of 304 such requests and have never disclosed user data in response. Read the Zscaler Transparency Report here.Built for ResilienceOur cloud infrastructure is designed with multi-layered failover and disaster recovery capabilities:Blackouts are addressed through autonomous or manual failover mechanisms that reroute traffic in case of local datacentre outages. Zscaler operates multiple datacentresin many European countries. Customers can utilise any Zscaler datacentre for traffic processing.Brownouts are mitigated via features like latency-based dynamic service edge selection and customer-controlled datacentre exclusion.In the event of a catastrophic outage—such as a natural disaster, cyberattack, or sabotage—Zscaler’s business continuity framework ensures uninterrupted access to internet, SaaS, and private applications. Traffic can be rerouted to private service edges and limited to critical apps as needed.Our Commitment to Europe’s Digital FutureAt Zscaler, we understand that our European customers expect more than just compliance—they demand sovereignty, service continuity, control, and confidence in how their data is handled. Our platform is purpose built to meet these demands, aligning with the region’s regulatory landscape while supporting innovation and performance. We are committed to supporting and enabling Europe’s digital ambitions on Europe’s terms by delivering technology made for Europe, helping organisations modernise securely and without compromise. Because in the end, trust is the foundation of digital transformation, and without it, the pursuit of competitiveness and agility will stall before it even begins.
