Unlocking Global Security with Local Compliance
At Cloudflare, our mission is to help build a better Internet by providing customers with the tools they need to operate securely and efficiently. Our Regional Services product is a key part of this mission, enabling customers to meet data sovereignty legal obligations using the power of Cloudflare’s global network.
Today, we’re taking two major steps forward: expanding our pre-defined regions for Regional Services and introducing Custom Regions. With these advancements, customers can now define their own geographical boundaries for traffic processing, unlocking a new level of control and flexibility.
Global Security, Local Compliance: The Regional Services Advantage
Regional Services provides the best of both worlds: local compliance and global-scale security. Our approach is fundamentally different from many sovereign cloud providers, as we leverage the full scale of our global network for protection and only inspect data where customers tell us to.
Here’s how it works: traffic is ingested at the closest Cloudflare data center, where we apply massive-scale DDoS mitigation to block volumetric attacks. We then route the traffic to a data center within the customer’s specified region, using the most performant pathway.
New Options Available within Cloudflare Managed Regions
We’ve added new regions to our Cloudflare Managed Regions, including Turkey, the United Arab Emirates (UAE), and IRAP (Australian compliance). Additionally, we’re introducing Custom Regions, which allow customers to define their own geographical boundaries for traffic processing.
Beyond Pre-Defined Boundaries: Introducing Custom Regions
Custom Regions give customers the power to define their own regions, instead of choosing from a list of pre-defined regions. This flexibility unlocks a new level of control, enabling customers to regionalize AI inference, launch hyper-targeted promotions, and scale government operations.
Our early-access customers have already used Custom Regions to achieve specific goals, such as keeping LLM prompts and responses within a specific set of countries or serving marketing campaigns optimized for a unique combination of countries.
How Regional Services Works
At the core of Regional Services is the enforcement of a simple rule: TLS termination and Layer 7 processing only happen inside the customer’s chosen region. Custom Regions expands this capability by allowing customers to choose their own region definitions.
Regional Services relies on three building blocks: defining region membership, selecting an in-region destination, and enforcing the boundary at the edge. Customers can define region membership using an expression, such as country_code, and our system will evaluate it against data centers’ metadata.
Calculating Optimal In-Region Routing
If a request enters Cloudflare outside the customer’s region, we choose the best in-region destination for that ingress location. Our selection is a two-step process: allowed destinations and best destination for this ingress.
We compute per-ingress rankings centrally and distribute them to the edge via Quicksilver, using signals like network performance, capacity and load, and operational status.
Enforcing the Boundary
When a request arrives at Cloudflare, we follow a process to ensure that it is routed to the correct region. We intersect the ranked list with the region membership set and choose from the top candidates, validating the final choice against live availability.
With Custom Regions, customers can now define their own geographical boundaries for traffic processing, unlocking a new level of control and flexibility. Our mission is to help build a better Internet, and we’re committed to providing customers with the tools they need to operate securely and efficiently.
Try Custom Regions today and discover the power of precision data control.








