What is GDPR?
The General Data Protection Regulation is a European Union law that governs how personal data is collected, processed, and stored. It took effect on 25 May 2018 and applies to any organisation that processes data of EU residents, regardless of where the organisation is based.
For AI applications, GDPR creates three primary constraints: data residency (where data is processed), data minimisation (sending only necessary data to models), and right to erasure (the ability to delete user data from all systems, including training data).
Why it matters
GDPR determines which model providers and hosting regions are viable for EU-facing applications. A US-hosted model that processes EU personal data requires specific legal frameworks (EU-US Data Privacy Framework) or data processing agreements. EU-resident hosting eliminates this complexity. sourc.dev tracks EU data residency as a verified attribute on every entity — it is one of the most filtered attributes in the directory.