Compliance and Data Residency in Multi-CDN
Synopsis This chapter explains how compliance and data residency requirements shape a multi-CDN deployment. It describes how to constrain routing by jurisdiction, how to handle telemetry and logs without exporting sensitive data, how to align encryption and key custody with regional obligations, and how to verify behavior in production. The objective is predictable data location and lawful processing without degrading reliability or performance. Scope and regulatory context Compliance spans content delivery, control planes, logs, real user measurement, and provider support systems. Obligations arise from privacy laws, sector rules, contracts, and customer commitments. Multi-CDN introduces additional processors and network paths. Architecture and operations must express where data is processed, where it is stored, who accesses it, and how long it is retained. The model treats providers as processors under documented agreements and keeps data flows narrowly defined. ...