Stay organized with collectionsSave and categorize content based on your preferences.
This page provides a high-level view of the compliance certifications and
security controls that are supported by Google Agentspace. The two components of
Agentspace (Agentspace and
NotebookLM Enterprise) have different compliance certifications
and security controls.
Certifications
Agentspace and the
NotebookLM Enterprise are compliant as follows:
*Compliance certifications at Google Cloud are maintained through a
structured internal process featuring regular independent audits for new and
existing products. We have a long history of meeting certification requirements,
including ISO 27xxx, SOC reports, and PCI DSS.
Agentspace and NotebookLM Enterprise,
being built on the same Google Cloud infrastructure as many of our certified
products, already inherit a significant number of security and privacy controls
and will be included in future certification audits.
Security controls
Agentspace provides the following security horizontals.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-05 UTC."],[[["\u003cp\u003eThis page outlines the compliance certifications and security controls for Google Agentspace, which includes both Agentspace Enterprise and NotebookLM Enterprise.\u003c/p\u003e\n"],["\u003cp\u003eAgentspace Enterprise holds HIPAA, ISO (27001, 27017, 27018, 27701), and SOC (1, 2, 3) compliance certifications, while NotebookLM Enterprise does not have any of these certifications.\u003c/p\u003e\n"],["\u003cp\u003eAgentspace Enterprise's ISO and SOC compliance is inherited from Vertex AI Search due to their shared infrastructure and API.\u003c/p\u003e\n"],["\u003cp\u003eBoth Agentspace Enterprise and NotebookLM Enterprise support Data Residency (DRZ) and VPC Service Controls, but only Agentspace Enterprise supports Customer-managed encryption keys (CMEK) and Access Transparency.\u003c/p\u003e\n"],["\u003cp\u003eAgentspace Enterprise and NotebookLM Enterprise are both limited to US and EU multi-region APIs for data residency.\u003c/p\u003e\n"]]],[],null,["# Compliance and security controls\n\nThis page provides a high-level view of the compliance certifications and\nsecurity controls that are supported by Google Agentspace. The two components of\nAgentspace (Agentspace and\nNotebookLM Enterprise) have different compliance certifications\nand security controls.\n\nCertifications\n--------------\n\nAgentspace and the\nNotebookLM Enterprise are compliant as follows:\n\n^\\*^ Compliance certifications at Google Cloud are maintained through a\nstructured internal process featuring regular independent audits for new and\nexisting products. We have a long history of meeting certification requirements,\nincluding ISO 27xxx, SOC reports, and PCI DSS.\nAgentspace and NotebookLM Enterprise,\nbeing built on the same Google Cloud infrastructure as many of our certified\nproducts, already inherit a significant number of security and privacy controls\nand will be included in future certification audits.\n\nSecurity controls\n-----------------\n\nAgentspace provides the following security horizontals.\n\n^1^ Using external key manager (EKM) or hardware security module\n(HSM) with CMEK is in GA with allowlist.\n\nWhat's next\n-----------\n\nLearn more about [Google Cloud compliance](/security/compliance)."]]
