This page provides a high-level view of the compliance certifications and security controls that are supported by Vertex AI Search.
Certifications
Vertex AI Search and the RAG APIs are compliant as follows:
| Compliance certification | Vertex AI Search Standard Edition | Vertex AI Search Enterprise Edition | RAG APIs * |
|---|---|---|---|
|
HIPAA
†
|
✔ | ✔ | ✔ |
| ✔ | ✔ | ✔ | |
| ✔ | ✔ | ✔ |
* The RAG APIs are ranking , grounded generation , and check grounding .
† Vertex AI Search Pre-GA offerings are included in the Google Cloud Business Associate Agreement (BAA). If you will be using Vertex AI Search to store or process Protected Health Information in a manner subject to the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and/or any amendments or regulations under HIPAA, you must enter into an appropriate BAA with Google. For more information, see HIPAA Compliance on Google Cloud .
Security controls
Vertex AI Search provides security horizontals. The CMEK controls are only available in the Enterprise Edition.
| Security controls compliance | Standard Edition | Enterprise Edition |
|---|---|---|
| ✔ US and EU multi-region APIs only | ✔ US and EU multi-region APIs only | |
| ✘ | ✔ US and EU multi-region APIs only * |
|
| ✔ | ✔ | |
| ✔ US and EU multi-regions only | ✔ US and EU multi-regions only |
* Using external key manager (EKM) or hardware security module (HSM) with CMEK is in GA with allowlist.
The following table identifies security controls for RAG APIs.
| Security controls compliance | Ranking API | Grounded generation API | Check grounding API |
|---|---|---|---|
| N/A | N/A | N/A | |
| N/A | N/A | N/A | |
| ✔ | ✔ | ✔ | |
| ✔ | ✔ | ✔ |
What's next
Learn more about Google Cloud compliance .
