Unlocking AI flexibility in Switzerland: A guide to cross-region inference for EU data processing and model access

Almost a year after bringing Amazon Bedrock and multiple generative AI models to Europe/Zurich, we’re introducing Cross-Region Inference (CRIS). Amazon Bedrock’s cross-Region Inference intelligently routes inference requests across multiple AWS Regions to optimize performance and availability. CRIS is enabled by leveraging geographic or global inference profiles. When using geography-based inference profiles (such as US, EU, or APAC), these benefits come at no additional charge for using cross-Region inference and the price is calculated based on the Region you made the request in (source Region). While global cross-Region inference for Anthropic’s Claude Sonnet 4.5 offers approximately 10% savings on both input and output token pricing compared to standard regional inference.

Cross-Region Inference available in Europe/Zurich

With CRIS, your requests originating from your source Region (Europe/Zurich) are automatically routed to optimal commercial AWS Regions, known as destination Regions, based on real-time capacity and performance metrics. Cross-Region inference profiles are named after the model they support and defined by the Regions they support. Check Getting started with cross-region inference in Amazon Bedrock for more details.

Network routing overhead
When Amazon Bedrock routes your requests from Europe/Zurich to an optimal destination Region, there is a measurable latency cost. According to AWS testing, cross-Region routing in Europe incurs single to double-digit milliseconds of additional latency. The table below shows inter-Region network latencies from AWS Network Manager (Infrastructure Performance, AWS Console). However, this represents only a small fraction of total LLM processing time, which typically requires seconds rather than milliseconds.

What does this mean for Swiss customers?

Customers running generative AI workloads in the Zurich Region can now perform inference in other AWS EU Regions or globally, gaining access to a broader choice of models while maintaining data sovereignty commitments, data protection, and transparency. From the Zurich Region (eu-central-2), five new system-defined inference profiles are now available:

AWS defines inference profiles for each geographic area (such as the EU) and names them after the model and supported Regions. Each geography-specific inference profile includes model details and identifies the source and destination Regions used for inference. As these profiles are immutable, their destination Region list never changes once created. In contrast, global system-defined inference profiles aren’t limited to a single geography and evolve over time as AWS adds new commercial Regions where your requests can run.

To check the source and destination Regions for an inference profile, you can use the AWS Management Console (under Amazon Bedrock > Infer > Cross-Region inference), consult the documentation, or use the following AWS CLI command:

aws bedrock get-inference-profile --inference-profile-identifier eu.anthropic.claude-sonnet-4-5-20250929-v1:0 --region eu-central-2
{
    "inferenceProfileName": "EU Anthropic Claude Sonnet 4.5",
    "description": "Routes requests to Claude Sonnet 4.5 in eu-north-1, eu-west-3, eu-south-1, eu-south-2, eu-west-1, eu-central-1.",
    "createdAt": "2025-09-27T06:33:52.787000+00:00",
    "updatedAt": "2025-09-28T06:56:14.850000+00:00",
    "inferenceProfileArn": "arn:aws:bedrock:eu-central-2:012345678901:inference-profile/eu.anthropic.claude-sonnet-4-5-20250929-v1:0",
    "models": [
        {
            "modelArn": "arn:aws:bedrock:eu-north-1::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
        },
        {
            "modelArn": "arn:aws:bedrock:eu-west-3::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
        },
        {
            "modelArn": "arn:aws:bedrock:eu-south-1::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
        },
        {
            "modelArn": "arn:aws:bedrock:eu-south-2::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
        },
        {
            "modelArn": "arn:aws:bedrock:eu-west-1::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
        },
        {
            "modelArn": "arn:aws:bedrock:eu-central-1::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
        },
        {
            "modelArn": "arn:aws:bedrock:eu-central-2::foundation-model/anthropic.claude-sonnet-4-5-20250929-v1:0"
        }
    ],
    "inferenceProfileId": "eu.anthropic.claude-sonnet-4-5-20250929-v1:0",
    "status": "ACTIVE",
    "type": "SYSTEM_DEFINED"
}

Note: The get-inference-profile command is available in AWS CLI 2.31.4 or higher. Check Installing or updating to the latest version of the AWS CLI for details.

Transparency and control over your data

Data processing and security

When using CRIS, your content generally remains in the source Region; however, notably, your input prompts (request data) move outside, and output results (response data) are generated outside your source Region during cross-Region inference. In such cases, input prompts and outputs are encrypted during transmission across AWS’s backbone. Your prompts and outputs in the destination Region exist in memory only and are not stored or persisted. This also applies when you use multi-modal requests with images stored in a bucket in the source Region. The image is included as base64-encoded binary data in your prompt and will not be stored in a bucket in the destination Region. Check AWS documentation for more details.

Amazon Bedrock cross-Region inference

Logging and monitoring

By default, the metadata of every API call (excluding the actual payload) within AWS is logged in Amazon CloudTrail (in customer accounts), including all API calls to Bedrock. You can find these logs from the past 90 days in Amazon CloudTrail under Event History when filtering for event source bedrock.amazonaws.com. For an ongoing record of events, you can configure CloudTrail to store these events longer-term.

When examining relevant events in CloudTrail, you’ll see all details including source and destination Regions of the model invocation, with the inferenceRegion field in the additionalEventData section showing where the request was actually processed.

Bedrock API call logging in Amazon CloudTrail

…
    "eventTime": "2025-10-07T07:01:49Z",
    "eventSource": "bedrock.amazonaws.com",
    "eventName": "ConverseStream",
    "awsRegion": "eu-central-2",
    "requestParameters": {
        "modelId": "arn:aws:bedrock:eu-central-2:012345678901:inference-profile/eu.anthropic.claude-sonnet-4-5-20250929-v1:0"
    },
    "responseElements": null,
    "additionalEventData": {
        "inferenceRegion": "eu-south-2"
    },
…

Optionally, Amazon Bedrock gives you extra transparency through Model Invocation Logging. This feature collects detailed information about every call in your account’s source Region, including the full request, response, and metadata. You can send the logs to Amazon CloudWatch Logs or Amazon Simple Storage Service (Amazon S3). Model invocation logging is turned off by default, and you enable it explicitly when needed.

When using cross-Region inference, Amazon CloudWatch, AWS CloudTrail and Model Invocation Logging continue to record log entries only in the source Region of the customer AWS account where the request originated. This design simplifies monitoring and logging and maintains data residency requirements by storing all records in the source location, regardless of which destination Region actually processes the request.

Access control

As a customer, you maintain full control over your data. You determine where your data is stored and who has access to it. AWS Identity and Access Management (IAM) helps you enforce least privilege principles to control who can access your data in your source Region, ensuring that content you don’t want processed in a destination Region is not included in the prompts. In the following example; the IAM role, assumed by the generative AI application, restricts access to data that the customer does not want to move outside their source Region for processing. The data owner can leverage the full power of IAM to define what principals or resources or applications can perform what actions on their data under what conditions.

Implementing Least Privilege Access Control Across AWS Regions for AI Applications

Security considerations

Network security
All API connectivity to AWS is encrypted with TLS in transit. Additionally, you can use AWS PrivateLink to establish private connectivity from your Amazon Virtual Private Cloud (VPC) to Amazon Bedrock without exposing your VPC to internet traffic. When using CRIS, backend traffic to other Regions is sent through AWS’s backbone.

Regional controls and policies
Service Control Policies (SCPs) and IAM policies work together to control where CRIS is allowed. Using SCPs, you can control which Regions can be used in general, and using IAM policies, you can define which users or roles have permission to run inference. Check Getting started with cross-region inference in Amazon Bedrock for more details.

Note: If any destination Region in a cross-Region inference profile is blocked in your SCPs, the request will fail even if other Regions remain allowed. To ensure efficient operation, update your SCPs and IAM policies to allow all required Amazon Bedrock inference actions (such as bedrock:InvokeModel* or bedrock:CreateModelInvocationJob) in all destination Regions included in your chosen inference profile. To learn more, see Enabling Amazon Bedrock cross-Region inference in multi-account environments.

Opt-in Regions

A cross-Region inference profile can route requests to any destination Region it includes -even opt-in Regions. Normally, you must explicitly enable opt-in Regions at the AWS account or organization level. However, when you use a cross-Region inference profile, AWS automatically routes your inference requests to all destination Regions in the profile, regardless of whether you’ve opted in to them.

Compliance

Note: This guidance is for informational purposes only and does not constitute legal advice.

Swiss organizations may want to consider conducting compliance due diligence when processing data that could constitute personal data. The Swiss Federal Act on Data Protection (FADP) generally defines personal data as ‘any information relating to an identified or identifiable natural person’. However, the specific application of this definition depends on individual circumstances and should be evaluated by qualified legal counsel.

When processing information that may constitute personal data, due diligence typically encompasses areas such as:

• Review of applicable data protection laws.
• Assessment of regulatory guidance requirements.
• Evaluation of internal policies and contractual arrangements regarding cross-border data processing.

Note: The scope and requirements of any due diligence should be determined in consultation with qualified legal counsel based on the organization’s specific circumstances.

Swiss data protection framework
AWS customers can use AWS services in compliance with the FADP. AWS provides multiple technical, organizational, and contractual measures that enable customers to protect their data when using AWS services, including a Swiss Addendum to the AWS Data Processing Addendum (AWS DPA) that addresses the requirements of the FADP. The AWS DPA and the Swiss Addendum are both incorporated in the AWS Service Terms (Section 1.14) and apply automatically when customer’s use of the AWS services is subject to the FADP.

Cross-Region inference and data transfer frameworks

EU Regions information
As of the date of publication of this blog, all EU/EEA countries and hence all countries included in the current immutable EU CRIS inference profiles (Sweden, France, Italy, Spain, Ireland, and Germany) are recognized by Switzerland as jurisdictions that guarantee an adequate level of data protection.
With respect to Ireland, it is worth mentioning that the assessment of the adequacy of data protection does not include the disclosure of personal data in terms of the cooperation provided for under Directive (EU) 2016/680, i.e. with respect to the exchange of personal data between competent Irish and Swiss law enforcement bodies. The transfer of personal data by commercial and/or public sector entities outside of this scope are generally not impacted by this Directive.
US Regions compliance
For global CRIS profiles that may process data in US Regions, organizations should note that Switzerland recognized the Swiss-US Data Privacy Framework on August 14, 2024, with an effective date of September 15, 2024. Under this framework, transfers of personal data from Switzerland to US companies that have obtained and maintain current certification under the Swiss-US Data Privacy Framework are permitted without requiring additional data transfer mechanisms such as Standard Contractual Clauses.
AWS maintains certification under both the EU-US and Swiss-US Data Privacy Frameworks. Check the Data Privacy Framework FAQs.

Regulatory compliance
Swiss legal experts Laux Lawyers have published several opinions stating that highly regulated Swiss industries can legally process and store sensitive data outside Switzerland while complying with data protection as well as official and professional secrecy requirements. This includes financial services, public administration, and healthcare. For financial services, the 2019 Swiss Banking Secrecy and Cloud Computing opinion states that, with appropriate contractual safeguards and technical controls, client-identifying data may be hosted and processed by foreign cloud providers without breaching banking-secrecy duties. The 2023 Whitepaper on Cloud for Public Services confirms that cantonal and federal authorities may outsource both data processing and storage abroad so long as security, auditability and continuity requirements are met. Likewise, the 2024 Cloud for Healthcare paper shows that patient confidentiality and data protection laws are fully respected by mature cloud solutions—allowing hospitals and clinics to store and process health data on foreign platforms under strict encryption, access-control and audit regimes.

Geographic profile immutability
Geographic CRIS inference profiles are immutable, meaning if an inference profile is tied to a geography (such as US, EU, or APAC), its destination Region list will never change. AWS will not add Regions to geographic inference profiles. AWS might create new inference profiles that incorporate new Regions, and you can update your systems to use these profiles by changing the IDs in your setup. In contrast, global cross-Region inference profiles for specific models can change over time as AWS adds more commercial Regions where requests can be processed. For more detailed information refer to Supported Regions and models for inference profiles.

Getting started

Note: As of October 15th, 2025, Amazon Bedrock has simplified model access – all foundation models are now automatically available without manual enablement. The Model Access dashboard and manual model enablement steps are no longer required. However, Anthropic models still require a one-time First-Time Usage form submission. Your existing IAM policies and SCPs continue to work as before for access control. Check Simplified model access in Amazon Bedrock for details.

Once compliance due diligence is complete and legal approval is obtained, follow these steps to implement Cross-Region Inference:

1. Update model identifiers: Replace existing model IDs with the appropriate Cross-Region Inference profile IDs in your application code.
2. Consider model updates: If upgrading model versions (e.g., Claude 3.5 to Claude 4.5), check this blog.
3. Configure access controls:
   1. Update IAM policies to grant access to the new inference profiles and relevant foundation models.
   2. Adjust Service Control Policies (SCPs) if using AWS Organizations.
   3. Optional: Enable Bedrock Model Invocation Logging to support validation.
4. Complete first-time usage requirements: For Anthropic models, submit the required First-Time Usage form through the Model Catalog page in the Amazon Bedrock console, the Anthropic provider page, or via direct API submission. (Note: Organizations using AWS Organizations can complete this at the management account level, with approval automatically extending to child accounts.)
5. Validate implementation: Test your applications with the new inference profiles to ensure functionality and performance meet requirements.

Conclusion

Cross-Region Inference for Amazon Bedrock in Europe (Zurich) represents a significant enhancement to AI infrastructure, providing Swiss and European organizations with the scalability, resilience, and compliance they need for production generative AI applications while maintaining the highest standards of data protection and regulatory compliance.

To learn more about our compliance and security programs as well as common privacy and data protection considerations, see AWS Compliance Programs and the dedicated AWS Compliance Center for Switzerland. As always, we value your feedback and questions; reach out to the AWS Compliance team through the Contact Us page.

As you get started with Amazon Bedrock, we encourage our customers to reach out to generative AI and security teams here in Switzerland by contacting your AWS sales representatives.