Autodesk’s commitment to data privacy for European customers

In an era defined by digital transformation and global connection, data privacy has emerged as a cornerstone of trust between technology providers and their customers. For European organizations, data residency—the physical location where customer data and information are stored—is not merely a technical detail; it can have operational and legislative compliance impacts.

At Autodesk, we recognize the responsibility that comes with processing data. We also understand the importance of protecting our customers’ intellectual property (IP) and have taken steps to address the data privacy concerns of our European customers.

Dublin, Ireland, serves as Autodesk’s EU corporate headquarters, where our EU Data Protection Officer is based. The Board of Directors for our Ireland headquarters receives quarterly updates from our Chief Trust Officer on issues of security, compliance, and AI governance. This further demonstrates our commitment to European data protection and governance.

Autodesk has legal mechanisms to support the transfer of personal data from the EU, including the use of EU Standard Contractual Clauses (SCCs).

In addition to SCCs, Autodesk maintains Binding Corporate Rules (BCRs) for both controller and processor data transfers. This framework ensures that personal data remains protected under EU-level privacy standards, regardless of where it is processed globally.

Autodesk also upholds full compliance with the General Data Protection Regulation (GDPR), embedding its seven core principles into operational policies and system design:

• Lawfulness, fairness, and transparency

• Purpose limitation

• Data minimization

• Accuracy

• Storage limitation

• Integrity and confidentiality

• Accountability

These principles are actively enforced across Autodesk’s infrastructure and workflows. Customers may also review and sign Autodesk’s Data Protection Agreement, which outlines our responsibilities as a data processor under the GDPR.

As a global organization, Autodesk adheres to data privacy regulations beyond the GDPR. Further information on our global data privacy practices is outlined in the privacy section of our Trust Center, a resource designed to increase trust.

In the realm of AI, Autodesk was one of the first signatories to the EU AI Pact, a voluntary initiative led by the European Commission that seeks voluntary pledges from companies to help drive trustworthy and safe AI development in order to comply with the requirements of EU AI Act.

When it comes to storing project data, Autodesk customers can choose from several different storage locations, including UK, Germany, and Ireland, as their primary storage region for select Autodesk products.

Autodesk’s regional data offerings are designed to provide customers with greater control over where their project data is stored and operate on a secure cloud foundation, incorporating encryption, access controls, and regular audits and assessments. Significant investments have been made in our regional storage offerings, ensuring long-term support and commitment to international customers.

These measures are designed to prevent unauthorized access, mitigate risk proactively, and allow us to be resilient to potential service disruption and responsive to change.

Autodesk understands that the current political climate may raise concerns for some of our customers related to their intellectual property (IP) created and stored within Autodesk products. We are dedicated to protecting project data and IP that customers entrust us with.

Autodesk Cloud Services employs a multi-tenant architecture, and we implement logical segregation of customer data to ensure it is not co-mingled with other entities’ data. Our cloud services enforce tenant isolation via unique customer IDs with which data is labeled and separated.

All data passed between the user’s client and the application is through an encrypted channel while in transit, and all data is encrypted at rest. In addition, Autodesk implements endpoint protection, identity and access management, network and application firewalls, and monitoring tools. Our technical safeguards are in place to maintain confidentiality, integrity, availability, and resilience across our products and our customers’ IP.

We are transparent about every request we receive from government agencies for the disclosure of customer data for law enforcement purposes, as detailed in our yearly Transparency Report. We rigorously review each request for legal validity and notify customers unless legally prohibited.

We understand that for our global customers, and especially those in the EU, data residency and privacy are fundamental pillars of customer trust. Autodesk remains committed to evolving and enhancing our trust programs, investing in secure infrastructure, and aligning with the regulatory policy and operational needs of European customers.

As customer needs evolve, Autodesk will continue to adapt and uphold high standards of data protection. We are proud to be a trusted partner for our EU customers, prioritizing data residency and safeguarding their data privacy every step of the way.

Visit our Trust Center to stay updated.