I am reviewing the security architecture for our upcoming bot deployment. Our Genesys Cloud Org is strictly hosted in the Frankfurt region (eu-central-1) to comply with strict German data residency laws.
We want to integrate an Amazon Lex V2 bot. However, it appears Lex V2 is not fully available in AWS Frankfurt, and the integration guide suggests pointing the ARN to the AWS Ireland region (eu-west-1). If we route the Genesys Bot Connector from our Frankfurt GC tenant to an Ireland AWS Lex endpoint, does this violate the Genesys Cloud data residency guarantee? Specifically, where is the audio stream processed, and where are the transient text transcripts stored during the interaction?
I design disaster recovery architectures and have had to map this out for audits.
Genesys Cloud’s data residency guarantee applies only to data at rest within the core Genesys platform (like your call recordings in the Frankfurt S3 bucket and your PostgreSQL databases). When you configure a third-party Bot Connector, you are explicitly authorizing the audio stream (via RTP) and the resulting transcripts to leave the Genesys boundary. If you point the ARN to Ireland, the processing and transient storage happen in Ireland. It is your responsibility to ensure that AWS Ireland complies with your company’s interpretation of the GDPR.
We had a similar concern during our migration.
One thing to mitigate the risk is to ensure you configure the Lex Bot settings on the AWS side to not save the audio or text for model training. By default, AWS Lex might log utterances to CloudWatch or S3 for intent refinement. If you disable logging in AWS, the data is only processed in memory in Ireland and then immediately discarded. It’s still a cross-border transfer (which GDPR generally allows within the EU), but you avoid creating a permanent data footprint outside of Germany.