ADR-0010: Australian Data Residency for AI Providers¶
Status: Accepted Date: 2026-04-02 Supersedes: None Supplements: ADR-0009 (Laravel AI SDK for Verify AI Engine)
Context¶
The Verify domain processes Australian citizens' identity documents (passports, driver's licences, Medicare cards, birth certificates) and biometric data (selfie photos for face verification). Under the Australian Privacy Act 1988 (APP 8 — Cross-border disclosure of personal information), transferring personal information to overseas recipients requires either individual consent or reasonable certainty that the recipient complies with the APPs. Biometric data is considered highly sensitive under Australian law.
ADR-0009 selected Laravel AI SDK (Prism) as the multi-provider abstraction layer but left the choice of AI provider endpoints open. The direct APIs for Anthropic (US), OpenAI (US), and Google (US) process data outside Australia, creating a compliance risk for identity document verification.
The question: which AI provider endpoints should Verify use to keep all document data within Australian borders?
Decision¶
Use AWS Bedrock (ap-southeast-2, Sydney) as the primary AI provider and Google Vertex AI (australia-southeast1, Sydney) as the fallback provider. All AI inference requests containing document images or extracted PII must be routed through Australian-region endpoints. Direct US-based API endpoints (api.anthropic.com, api.openai.com) are prohibited for Verify domain workloads.
Provider-to-Stage Mapping¶
| Stage | Primary (Bedrock Sydney) | Fallback (Vertex Sydney) | Rationale |
|---|---|---|---|
| Classification | Claude Haiku | Gemini Flash-Lite | Budget tier, simple task |
| Extraction | Claude Sonnet | Gemini Flash | Mid-tier, accuracy matters |
| Validation | No AI call | No AI call | Deterministic rules |
| Face Verification | Claude Sonnet | Manual review (no fallback) | Accuracy critical; fail-safe to human |
| Cross-Reference | Claude Sonnet | Gemini Flash | Mid-tier, cross-doc reasoning |
Authentication¶
| Provider | Auth Method | Credential Source |
|---|---|---|
| Bedrock | IAM instance profile on EC2 | No API keys — uses EC2 metadata service |
| Vertex AI | Service account JSON key | Bitwarden Secrets Manager |
Why Not Azure OpenAI?¶
Azure OpenAI (Australia East, Melbourne) was considered as a third fallback. Excluded for now because: - Two Australian-region providers (Bedrock + Vertex) already cover the primary models (Claude + Gemini) - Adding a third set of credentials and provider config increases operational overhead for marginal benefit - Can be added later if needed — Prism supports Azure OpenAI, so it's a config change
Alternatives Considered¶
| Option | Score | Why Not |
|---|---|---|
| Bedrock (primary) + Vertex (fallback) | Selected | Both have Sydney regions. Different failure domains. Covers Claude + Gemini. Already on AWS. |
| Direct Anthropic API + DPA | Rejected | Anthropic processes in US. A Data Processing Agreement doesn't change where data is processed — it governs how it's handled. Data still leaves Australia. |
| Direct APIs with consent per candidate | Rejected | Consent collection at scale is operationally complex, revocable, and creates ongoing compliance burden. Not practical for automated document verification. |
| Bedrock only (no fallback) | Rejected | Single point of failure. AWS outage in ap-southeast-2 would halt all document verification. |
| Self-hosted models (Ollama/vLLM) | Rejected | Vision-capable open models lag significantly behind Claude/Gemini on document extraction accuracy. Operational burden of GPU infrastructure for a 2-person team is prohibitive. Viable future option if model quality improves. |
| Azure OpenAI (primary) | Rejected | GPT-4o's document extraction quality is behind Claude Sonnet for Australian documents (based on prototype testing). Could serve as a third fallback. |
Relationship to AR-01 (No AWS Lock-in)¶
AR-01 excludes proprietary AWS compute and data services: Lambda, DynamoDB, SQS, SNS, Cognito, Aurora, ECS, Fargate. These are excluded because they have no portable equivalents — code written for DynamoDB cannot run on another database without a rewrite.
Bedrock is architecturally different. It is a proxy to standard foundation models (Claude, Gemini, Llama). The application code never calls Bedrock directly — it calls Prism, which abstracts the provider. Switching from Bedrock to direct Anthropic API is a configuration change in config/ai.php:
// Bedrock (current)
'anthropic' => [
'driver' => 'bedrock',
'region' => 'ap-southeast-2',
],
// Direct API (alternative)
'anthropic' => [
'driver' => 'anthropic',
'api_key' => env('ANTHROPIC_API_KEY'),
],
No application code changes. No model changes. No prompt changes. The abstraction layer (Prism) handles the protocol differences.
Therefore: Bedrock is compliant with AR-01's intent (no lock-in) because the Prism abstraction layer makes it swappable via config. AR-01 is updated to explicitly note this exception.
Consequences¶
Positive: - All document images, biometric data, and extracted PII stay within Australia - Compliant with Privacy Act 1988 APP 8 without requiring per-candidate consent - Bedrock IAM auth eliminates API key management for the primary provider - Two independent failure domains (AWS + GCP) for genuine resilience - On-demand Bedrock pricing is identical to direct Anthropic API (no markup) - Prism abstraction means zero lock-in — provider swap is a config change - Already running on AWS EC2 in ap-southeast-2 — no new infrastructure needed
Negative: - Regional Bedrock endpoints carry a ~10% premium over global endpoints - Must manage two cloud provider credentials (IAM + GCP service account) - Model availability in ap-southeast-2 may lag US regions (typically days, not weeks) - Face verification has no automatic fallback — fails to manual review if Bedrock is unavailable
Tipping points for re-evaluation: - Anthropic or Google offer direct API endpoints in Australia — could eliminate the need for Bedrock/Vertex as intermediaries - A provider we need is unavailable in ap-southeast-2 — may need to add Azure OpenAI as a third provider - Self-hosted vision models reach parity with Claude/Gemini — could eliminate cloud dependency entirely - Regional pricing premium exceeds 20% — would need cost-benefit reassessment
Compliance Logging¶
Every AI inference call in the Verify pipeline must log:
- provider: e.g., bedrock, vertex
- region: e.g., ap-southeast-2, australia-southeast1
- model_id: e.g., anthropic.claude-sonnet-4-6-20250514-v1:0
- timestamp: UTC
- stage: e.g., classification, extraction
- token_usage: input/output token counts
This audit trail proves data residency compliance for any future review or incident.
Validation¶
Extend the ADR-0009 validation spike to include: 1. Prism → Bedrock auth chain (IAM instance profile from EC2) 2. Prism → Vertex AI auth chain (service account JSON) 3. Structured output consistency: same prompt → Bedrock Claude vs Vertex Gemini 4. Per-stage latency benchmarks: EC2 Sydney → Bedrock Sydney, EC2 Sydney → Vertex Sydney 5. Face verification quality comparison: Claude Sonnet (Bedrock) vs Gemini Pro (Vertex) 6. Confirm model availability in ap-southeast-2 for all required model tiers