Free cookie consent management tool by TermsFeed

Security and Compliance

Compliance

AI features are only available for Cloud customers at this time. Self-managed and Appian Government Cloud customers don't have access to these features.

Appian Cloud PCI-DSS customers: Review the feature's compliance to ensure it aligns with your organization's security requirements.

Note:  AI Skills are not highly available at this time, however, they can still be used in a high availability environment. AI Skills won't impact other HA features in your environment. See High Availability for Appian Cloud for more information.

Regional availability

Appian offers a range of AI capabilities with availability varying based on geographical location. The following sections outline which regions are supported.

If your Appian environment isn't in a supported region, you can elect to send your data to a supported region. This doesn't change your environment's region. Contact Appian Support to learn more. Refer to the multi-region architecture diagram to learn more about how data is transmitted in this configuration.

Caution:  Changing your Appian environment's region will make any of these AI skills that exist no longer available in your environment. Multi-region environments and migration between regions are not supported.

However, if Enhanced Business Continuity is enabled for your environment and a failover occurs, AI skill data will be present when you return to your primary region. AI skill data isn't lost permanently in this case.

AI Skills regional availability

Tip:  Unless listed below, AI skills are available in all regions.

The following AI skills are available in select regions:

Region Name Region Document Classification Document Extraction Prompt Builder and generative AI skills
Africa (Cape Town) af-south-1 Not Supported Not Supported Not Supported
Asia Pacific (Tokyo) ap-northeast-1 Not Supported Not Supported Supported
Asia Pacific (Seoul) ap-northeast-2 Supported Supported Not Supported
Asia Pacific (Mumbai) ap-south-1 Supported Supported Supported
Asia Pacific (Singapore) ap-southeast-1 Supported Supported Supported
Asia Pacific (Sydney) ap-southeast-2 Supported Supported Supported
Asia Pacific (Jakarta) ap-southeast-3 Not Supported Not Supported Not Supported
Canada (Central) ca-central-1 Supported Supported Supported
Europe (Frankfurt) eu-central-1 Supported Supported Supported
Europe (Zurich) eu-central-2 Not Supported Not Supported Not Supported
Europe (Stockholm) eu-north-1 Not Supported Not Supported Not Supported
Europe (Milan) eu-south-1 Not Supported Not Supported Not Supported
Europe (Ireland) eu-west-1 Supported Supported Supported
Europe (London) eu-west-2 Supported Supported Supported
Europe (Paris) eu-west-3 Supported Supported Supported
Middle East (UAE) me-central-1 Not Supported Not Supported Not Supported
Middle East (Bahrain) me-south-1 Not Supported Not Supported Not Supported
South America (Sao Paulo) sa-east-1 Not Supported Not Supported Supported
GovCloud (US-East) us-gov-east-1 Supported Supported Not Supported
US East (N. Virginia) us-east-1 Supported Supported Supported
US East (Ohio) us-east-2 Supported Supported Not Supported
US West (N. California) us-west-1 Supported Supported Not Supported
US West (Oregon) us-west-2 Supported Supported Supported

AI Copilot regional availability

The following AI Copilot features are available in select regions:

Feature Supported regions
AI Copilot for reports
  • Europe (Frankfurt) eu-central-1
  • US East (N. Virginia) us-east-1
  • US West (Oregon) us-west-2
Create sample data for record types
  • Europe (Frankfurt) eu-central-1
  • US East (N. Virginia) us-east-1
  • US West (Oregon) us-west-2
Enterprise Copilot
  • Asia Pacific (Mumbai) ap-south-1
  • Asia Pacific (Singapore) ap-southeast-1
  • Asia Pacific (Sydney) ap-southeast-2
  • Asia Pacific (Tokyo) ap-northeast-1
  • Canada (Central) ca-central-1
  • Europe (Frankfurt) eu-central-1
  • Europe (Ireland) eu-west-1
  • Europe (London) eu-west-2
  • Europe (Paris) eu-west-3
  • South America (Sao Paulo) sa-east-1
  • US East (N. Virginia) us-east-1
  • US West (Oregon) us-west-2
Generate test cases for expression rules
  • Europe (Frankfurt) eu-central-1
  • US East (N. Virginia) us-east-1
  • US West (Oregon) us-west-2
Records chat component
  • Europe (Frankfurt) eu-central-1
  • US East (N. Virginia) us-east-1
  • US West (Oregon) us-west-2

Tip:  We are continuously working to expand support across all regions. While the some regions do not currently support AI Copilot features, we are committed to extending our capabilities and look forward to bringing these innovative tools to these regions in the future. Stay tuned for updates as we enhance our global support to better serve you!

Add AI skill endpoints to your network allowlist

To ensure the AI skill is available in your environment, locate your environment's region in the table below and add the corresponding endpoints to your network allow list. Add the endpoints that corresponds to your site's region, even if you send AI skill data to a different supported region.

For PCI-compliant sites, use the endpoints that include -strict in the string.

Designer endpoints support proper rendering of the user interface. S3 endpoints enable storage for the model and related data.

AI skills may not be available in all regions.

Region Name Designer Endpoint S3 Endpoint
Africa (Cape Town) https://ai-skill-designer-af-south-1.appiancloud.com https://appian-custom-ai-customer-af-south-1-customer-bucket.s3.af-south-1.amazonaws.com
Asia Pacific (Tokyo) https://ai-skill-designer-ap-northeast-1.appiancloud.com https://appian-custom-ai-customer-ap-northeast-1-customer-bucket.s3.ap-northeast-1.amazonaws.com
Asia Pacific (Seoul) https://ai-skill-designer-ap-northeast-2.appiancloud.com https://appian-custom-ai-customer-ap-northeast-2-customer-bucket.s3.ap-northeast-2.amazonaws.com
Asia Pacific (Mumbai) https://ai-skill-designer-ap-south-1.appiancloud.com https://appian-custom-ai-customer-ap-south-1-customer-bucket.s3.ap-south-1.amazonaws.com
Asia Pacific (Singapore) https://ai-skill-designer-ap-southeast-1.appiancloud.com https://appian-custom-ai-customer-ap-southeast-1-customer-bucket.s3.ap-southeast-1.amazonaws.com
Asia Pacific (Sydney) https://ai-skill-designer-ap-southeast-2.appiancloud.com https://appian-custom-ai-customer-ap-southeast-2-customer-bucket.s3.ap-southeast-2.amazonaws.com
Asia Pacific (Jakarta) https://ai-skill-designer-ap-southeast-3.appiancloud.com https://appian-custom-ai-customer-ap-southeast-3-customer-bucket.s3.ap-southeast-3.amazonaws.com
Canada (Central) https://ai-skill-designer-ca-central-1.appiancloud.com https://appian-custom-ai-customer-ca-central-1-customer-bucket.s3.ca-central-1.amazonaws.com
Europe (Frankfurt) https://ai-skill-designer-eu-central-1.appiancloud.com https://appian-custom-ai-customer-eu-central-1-customer-bucket.s3.eu-central-1.amazonaws.com
Europe (Zurich) https://ai-skill-designer-eu-central-2.appiancloud.com https://appian-custom-ai-customer-eu-central-2-customer-bucket.s3.eu-central-2.amazonaws.com
Europe (Stockholm) https://ai-skill-designer-eu-north-1.appiancloud.com https://appian-custom-ai-customer-eu-north-1-customer-bucket.s3.eu-north-1.amazonaws.com
Europe (Milan) https://ai-skill-designer-eu-south-1.appiancloud.com https://appian-custom-ai-customer-eu-south-1-customer-bucket.s3.eu-south-1.amazonaws.com
Europe (Ireland) https://ai-skill-designer-eu-west-1.appiancloud.com https://appian-custom-ai-customer-eu-west-1-customer-bucket.s3.eu-west-1.amazonaws.com
Europe (London) https://ai-skill-designer-eu-west-2.appiancloud.com https://appian-custom-ai-customer-eu-west-2-customer-bucket.s3.eu-west-2.amazonaws.com
Europe (Paris) https://ai-skill-designer-eu-west-3.appiancloud.com https://appian-custom-ai-customer-eu-west-3-customer-bucket.s3.eu-west-3.amazonaws.com
Middle East (UAE) https://ai-skill-designer-me-central-1.appiancloud.com https://appian-custom-ai-customer-me-central-1-customer-bucket.s3.me-central-1.amazonaws.com
Middle East (Bahrain) https://ai-skill-designer-me-south-1.appiancloud.com https://appian-custom-ai-customer-me-south-1-customer-bucket.s3.me-south-1.amazonaws.com
South America (São Paulo) https://ai-skill-designer-sa-east-1.appiancloud.com https://appian-custom-ai-customer-sa-east-1-customer-bucket.s3.sa-east-1.amazonaws.com
GovCloud (US-East) https://ai-skill-designer-us-gov-east-1.appiancloud.us https://cai-gov-customer-us-gov-east-1-customer-bucket.s3-fips.us-gov-east-1.amazonaws.com
GovCloud (US-West) https://ai-skill-designer-us-gov-west-1.appiancloud.us https://cai-gov-customer-us-gov-west-1-customer-bucket.s3-fips.us-gov-west-1.amazonaws.com
US East (N. Virginia) standard site:
https://ai-skill-designer-us-east-1.appiancloud.com

PCI-compliant site:
https://ai-skill-designer-strict-us-east-1.appiancloud.com
https://appian-custom-ai-customer-us-east-1-customer-bucket.s3.us-east-1.amazonaws.com
US East (Ohio) https://ai-skill-designer-us-east-2.appiancloud.com https://appian-custom-ai-customer-us-east-2-customer-bucket.s3.us-east-2.amazonaws.com
US West (N. California) https://ai-skill-designer-us-west-1.appiancloud.com https://appian-custom-ai-customer-us-west-1-customer-bucket.s3.us-west-1.amazonaws.com
US West (Oregon) https://ai-skill-designer-us-west-2.appiancloud.com https://appian-custom-ai-customer-us-west-2-customer-bucket.s3.us-west-2.amazonaws.com

Note that these endpoints are only used for publicly accessible environments. They do not apply to environments accessed over VPN, PrivateLink, or Dual Access.

AI service architecture

This section applies to AI Skills and AI Copilot features except generate an interface from PDF.

Our AI architecture is designed with private AI as the foundation and upholds those principles. Learn more about private AI features.

Single region architecture

Appian's AI architecture utilizes a single AWS region to provide a secure and scalable AI as a service solution. These capabilities are in-line with the architecture of Appian Cloud deployments, which also use AWS as the provider.

Multi-region architecture

If a customer site is not located in a region that supports a feature, customers can elect to send their data to a supported region.

Note:  The email classification AI skill uses neither of these services (Amazon Bedrock or Amazon Textract).

Foundational principles

Foundational principles of our AI architecture apply to single- and multi-region implementations.

Multi-tenant AI service: Appian's multi-tenant AI service is shared among multiple customers in a given region and has multiple layers of control to restrict data access to respective customer sites. The service has site-level controls to restrict data access and encryption/decryption permissions, whether that distinction is a separate customer site or a separate site within a single customer's environment. This shared service approach allows for economies of scale.

Data transit and retention:

  • All of your data stays within the Appian Cloud environment.
  • All data in-transit is encrypted using TLS.
  • Communication between Appian and the AI service uses asymmetric signing where each customer site has a unique key used to verify its identity.
  • Communication between the AI service, Amazon Bedrock, and Amazon Textract uses AWS Signature V4 authentication to verify the identity of the requesting service.
  • Bedrock and Textract are stateless, so no information is retained.

Learn more about Amazon Bedrock and Amazon Textract.

Document classification and extraction

The document classification and document extraction AI skills use Amazon Textract to recognize the content within the documents.

When the ML model is called during training, testing, or process execution, the associated documents are uploaded to an S3 bucket. The documents are kept in the same region as the customer site.

Additionally, the bucket is:

  • Encrypted using keys specific to each customer site
  • Segmented for each customer site
  • Not accessible by application developers or users

Note:  If the documents to be classified or extracted contain protected data, then this protected data would be required in order to leverage extraction and classification features. Customers can use other mechanisms to redact protected data that is considered as proprietary, sensitive, or confidential, and data containing PII/PHI in accordance with their organization's policies prior to using these AI skills.

All data used for a model both at training and execution is retained until the AI skill is deleted. The model package is deleted when the AI skill object is deleted.

When a user submits a reconciliation task after document extraction, the updated key-value pair mappings are entirely stored within the application on the customer's site.

Learn how document extraction works in Appian.

Records chat

Users can only chat with records they have access to. Record-level security is the responsibility of the customer to develop and maintain. No records data is retained in either the AI service or Bedrock due to their stateless nature.

Feedback