Skip to content
Security & Compliance

Provider Compliance Matrix

Vendor security evaluation for regulated industries. Compare GPU cloud providers across SOC 2, HIPAA, FedRAMP, ISO 27001, GDPR, and PCI DSS — so your legal, security, and procurement teams can make decisions with verified, structured data.

10 providers6 certifications trackedData residency by regionLast verified July 2026

Showing all 10 GPU cloud providers

Legend✓ CertifiedIn ProgressPartial— Not certified
Provider
SOC 2
Audit
HIPAA
Health Data
FedRAMP
US Gov
ISO 27001
ISMS
GDPR
EU Privacy
PCI DSS
Payments
Docs
AWS6/6
✓ Type II✓ BAAHigh (GovCloud)✓ Certified✓ CompliantLevel 1Trust
GCP6/6
✓ Type II✓ BAAHigh✓ Certified✓ CompliantLevel 1Trust
Azure6/6
✓ Type II✓ BAAHigh (Gov)✓ Certified✓ CompliantLevel 1Trust
Lambda2/6
✓ Type IIPartial✓ CompliantTrust
CoreWeave4/6
✓ Type II✓ BAAIn Progress✓ Certified✓ CompliantTrust
RunPod1/6
In Progress✓ CompliantTrust
Nebius2/6
In Progress✓ Certified✓ CompliantTrust
Together AI3/6
✓ Type II✓ BAA✓ CompliantTrust
Crusoe3/6
✓ Type II✓ BAAIn Progress✓ CompliantTrust
Hyperstack2/6
✓ Certified✓ CompliantTrust

Data Residency & Region Coverage

All 10 providers · July 2026
AWS7 regions
USEUAPCASAMEAF

30+ regions

GCP6 regions
USEUAPCASAME

40+ regions

Azure7 regions
USEUAPCASAMEAF

60+ regions

Lambda4 regions
US-EastUS-WestEU-CentralAP
CoreWeave3 regions
US-EastUS-WestEU-West
RunPod3 regions
USEUAP

Community cloud — region not guaranteed

Nebius2 regions
EU (Finland)EU (Netherlands)
Together AI1 region
US

Inference API

Crusoe1 region
US

Multiple DCs, Stargate partner

Hyperstack4 regions
EU (Norway)EU (Sweden)CanadaUS

Key Takeaways for Security Teams

Hyperscalers: Full Stack

AWS, GCP, and Azure hold all six certifications — including FedRAMP High and PCI DSS Level 1. For strictly regulated industries (healthcare, fintech, federal contracting) these three are the only fully certified GPU cloud options as of July 2026.

Specialist Clouds: Maturing

CoreWeave leads the specialist tier with SOC 2 Type II, HIPAA BAA, ISO 27001, and FedRAMP in progress. Lambda and Together AI hold SOC 2 + HIPAA but lack FedRAMP and ISO. "In Progress" signals active pursuit — track for 2026–2027 procurement cycles.

Emerging: GDPR + SOC 2

RunPod, Nebius, and Hyperstack are GDPR-compliant with SOC 2 in progress or achieved. These are appropriate for EU-based, non-regulated ML workloads. For HIPAA, FedRAMP, or PCI DSS requirements, look to the hyperscaler or specialist tier.

Disclaimer: Last verified July 2026 — certifications change. Always verify directly with the provider before procurement decisions. GPUAdvisor is not a legal or compliance authority. Links to provider trust pages are provided for reference only and do not constitute an endorsement or legal opinion. Consult your legal and security teams before committing to any provider for regulated workloads.

Need help mapping compliance requirements to providers?

Our advisory team works with regulated-industry buyers in healthcare, fintech, and government contracting.