Atlassian Rovo & Data Residency: The Strategic Guide for Swiss Companies

Strategy & Compliance: Why "Switzerland" Makes the Difference

Unlike Jira or Confluence, which primarily serve as data storage, Rovo is an intelligent orchestration layer. It aggregates information across silos in the so-called Teamwork Graph.

Data Residency for the Teamwork Graph

The Teamwork Graph stores not only texts but highly sensitive metadata and relationship networks of your projects. Atlassian now allows this index to be specifically pinned in the "Switzerland" region. This means:

• Legal Security: Reduced access by foreign authorities (e.g., via US CLOUD Act).
• Compliance: Fulfillment of local retention regulations and sector-specific guidelines.

ISO 27001 and TISAX

Rovo inherits the security architecture of the Atlassian Cloud. For Swiss suppliers in the automotive industry, it is important that since the infrastructure is already TISAX-compliant audited, Rovo can be seamlessly integrated into existing ISMS frameworks.

Data Protection Impact Assessment (DPIA) according to nFADP

The introduction of Rovo requires an update of your data protection impact assessment in accordance with Art. 22 nFADP. Particular attention is given to the LLM providers (OpenAI, Google Vertex AI, Anthropic) as subprocessors of Atlassian.

Technical Architecture: Where Does Your Data Flow?

A critical point for Swiss enterprise customers is the distinction between storage (Data at Rest) and processing (Data in Transit).

Atlassian-hosted LLMs: The "Safe Space"

While standard AI requests are often sent via encrypted paths to external LLM instances (mostly in the USA), Atlassian offers an exclusive solution for Cloud Enterprise customers: Atlassian-hosted LLMs.

Here, AI processing takes place within Atlassian's own cloud trust boundary (VPC). The data therefore never leaves Atlassian's controlled infrastructure – a game changer for banks and authorities.

Connectors & Third-party Systems

When you connect SharePoint, Google Drive, or Slack, Rovo extracts content and stores the transformed indexes in the Zurich region. Permission synchronization (ACLs) happens in real time, so Rovo only "sees" what the user is manually allowed to open.

Governance: Control Over the Flow of Knowledge

AI is a magnifying glass for existing permission gaps. Before rolling out Rovo, a "Permission Cleanup" phase is essential.

Risk of "Dark Data":

If a user mistakenly has access to HR areas in Confluence, Rovo will present this information in summaries.

Recommended Swiss Governance Matrix:

1. Least Privilege Principle: Audit of all groups.
2. Rovo Studio Restrictions: In Switzerland, a delegated model is often recommended. Allow the creation of agents for specific & trained groups (e.g., "AI Champions") rather than opening it to all users.
3. Audit Logs: Administrators can monitor activities without viewing private chat content – this protects employee privacy and meets participation requirements in the workplace.

Conclusion: Ready for the Digital Colleague?

Atlassian Rovo offers Swiss companies the opportunity to efficiently utilize fragmented knowledge. Thanks to data residency in Zurich and Atlassian-hosted LLMs, the technological hurdles for highly regulated industries have been removed.

However, success depends on preparation: clean data, clear governance, and gradual enablement of your teams are the cornerstones for deploying AI.

Would you like to plan the migration of your Atlassian instance to the Zurich region or need support updating the DPIA for Rovo? As an Atlassian partner, we are happy to assist you in making your cloud infrastructure ready for the AI future. Contact us for an initial consultation!