A single AI call can route customer data through three jurisdictions in a second. Most data protection frameworks were not designed for that, and most organisations are not configured for it.
When a knowledge worker enters a prompt, the request typically leaves the office network, traverses a content-delivery network, arrives at a model provider's API gateway, is routed to whichever data centre has capacity, may be load-balanced across regions, and produces a response that travels back along a similar path. Each hop is a transfer. Each transfer creates a momentary copy. Each copy lives somewhere under some jurisdiction's law for at least as long as it takes to be deleted — assuming it is deleted.
For a regulated dataset — personal data under the UK GDPR, special category data, or customer information under sectoral rules — every one of those hops is in principle a cross-border data transfer subject to its own legal basis (ICO 2024).
The Court of Justice of the European Union's decision in Schrems II established that adequacy decisions and standard contractual clauses are not sufficient on their own; they must be backed by an assessment of the destination country's laws and, where necessary, supplementary technical and organisational measures (CJEU 2020). The EU-US Data Privacy Framework restored a workable path for many transfers, but it remains subject to ongoing legal challenge.
For AI specifically, the practical consequence is that where the model runsis now a procurement-grade question. Suppliers who can demonstrably keep data within a named region, and who can evidence it, have a measurable commercial advantage.
The EU AI Act covers providers and deployers placing AI systems on the EU market, regardless of where the supplier is established (European Parliament 2024). The UK is pursuing a sector-led, principles-based approach co-ordinated through existing regulators (DSIT 2023). Several US states — Colorado, California and others — have enacted or proposed laws covering automated decision-making, employment use and generative-AI disclosure. China requires generative-AI services that touch the public to obtain regulatory filings and observe content rules (CAC 2023).
An organisation operating across these jurisdictions cannot adopt a single AI policy. It needs a baseline that satisfies the strictest applicable rules and a set of jurisdictional overlays that handle the local specifics.
The pattern that works for organisations of moderate complexity has three layers.
1. A live data-flow register. For each AI system, record the data categories it processes, the regions in which it processes them, the model providers and sub-processors involved and the transfer mechanism that legitimises each hop. This is the document a regulator will ask for first.
2. Jurisdictional risk classification. Mark each AI system with the jurisdictions of its data subjects, of its deployers and of its providers. Apply the obligations of all three.
3. Region-pinned procurement defaults. Where you have a choice — and you usually do — prefer suppliers and configurations that pin processing to a named region with evidenced controls. Pay the small premium. Audit it.
Cross-border AI risk is not solely a technical or legal matter. Employees in different countries form different expectations about what is permissible. A practice that is routine in one office is a regulatory issue in another. Training and communication have to be jurisdictionally aware, particularly for distributed teams using the same tools.
ISO-STANDARD.app records data flows, jurisdictions and transfer mechanisms for every AI system you run — with controls tuned to the strictest applicable regime.
ISO-STANDARD.app ships a ready-to-adopt ISO 42001 workspace with the risk register, controls catalogue, policies and audit-ready exports already wired together — no spreadsheet sprawl, no consultant lock-in.
Prefer a conversation? Email hello@iso-standard.app — a real human responds within one business day.
