ElevenLabs compliance: GDPR, AI Act, DPA, training, transfers

TL;DR. Voice samples are biometric data under UK and EU GDPR (Article 9). Enterprise tier: training off by default, Zero Retention Mode available, EU/US/India data residency. Non-Enterprise tiers (free / Creator / Pro / Scale): training default-ON unless opted out — and the opt-out applies prospectively only, so audio already submitted may already be in training datasets. Zero Retention Mode applies to Text-to-Speech, Speech-to-Text, and ElevenAgents APIs — voice cloning is not enumerated as ZRM-eligible, so cloned voice models persist. AI Act Article 52 transparency obligations apply to all AI-generated audio in EU contexts.

DPO action: use Enterprise tier for any EU or biometric processing; document explicit consent for any cloned voices; implement Article 52 disclosures even for benign use cases.

What the tool does

ElevenLabs makes AI voice synthesis and voice cloning. Buyers commonly evaluate one of three products:

1. ElevenLabs platform (free / Creator / Pro / Scale) — consumer / SMB tiers for individual creators and small teams. Voice synthesis from text, voice cloning from short audio samples, dubbing
2. ElevenLabs API — programmatic access to text-to-speech, speech-to-speech, and the Agents Platform for voice agents
3. ElevenLabs Enterprise — admin controls, custom DPA, BAA availability, data residency, Zero Retention Mode

Voice cloning specifically has its own compliance posture and is not covered by the same defaults as text-to-speech. Treat voice cloning as a separate evaluation item in any DPIA.

Data processed

• Source text (which can include any personal data the user types)
• Audio samples for voice cloning (almost always personal data — biometric in most readings)
• Audio output (the synthesised speech itself)
• For Speech-to-Speech: the source audio of the input speaker
• For the Agents Platform: full conversation transcripts and audio
• Account / billing data

Special-category likelihood: Very high. A voice sample is biometric data under UK and EU GDPR readings — Article 9 special-category processing. Even text input often contains personal data the speaker would not want synthesised. Voice cloning of any identifiable person without their explicit consent raises both a GDPR concern (lawful basis) and an emerging AI Act concern (Article 52 transparency, Article 5 prohibited practices in deceptive contexts).

Default geographic processing: US-centric. Enterprise tier offers data residency in US, EU, India per ElevenLabs documentation. Non-Enterprise tiers do not have data residency selection.

DPA availability

ElevenLabs publishes a DPA.

• URL: https://elevenlabs.io/dpa
• The DPA applies when ElevenLabs processes customer personal data as a processor on behalf of customers acting as controllers
• Auto-incorporated into Enterprise terms; non-Enterprise customers should confirm DPA coverage applies to their tier before processing personal data through the service
• Custom DPA negotiation is available on Enterprise

Subprocessor list

ElevenLabs maintains a subprocessor list — check the trust center or DPA appendix for the current location at review time.

Notable subprocessors (typical):

• AWS or Google Cloud — primary infrastructure
• Various analytics, support, and email tooling
• Underlying AI model providers — ElevenLabs has historically used proprietary models, but Agent Platform features may invoke third-party LLMs (e.g. for conversation logic) — verify per use case

If the subprocessor list is not findable at review time, flag as red — for a vendor processing biometric data, opacity on subprocessing is unacceptable.

Training-on-customer-data position

Enterprise: Training data use is off by default unless explicitly opted in. Customer audio and text are not used to train ElevenLabs' models in the default Enterprise configuration. Zero Retention Mode is available for Enterprise — input/output not retained beyond the immediate request lifecycle.

Non-Enterprise tiers (free / Creator / Pro / Scale): Audio may be used to improve ElevenLabs' models unless the user actively opts out. The opt-out toggle applies prospectively only — material already submitted may already be in training datasets. This is the same trap as ChatGPT consumer + claude.ai consumer, but with biometric data, which makes it worse.

Critical scope of Zero Retention Mode: ElevenLabs' compliance documentation enumerates ZRM-eligible (HIPAA-Covered) services as Text-to-Speech API, Speech-to-Text API, and ElevenAgents only. Voice cloning is not enumerated as a ZRM-eligible service, so cloned voice models persist on ElevenLabs servers regardless of ZRM status. The compliance FAQ also carves out a specific exception within ElevenAgents: "Agent configuration data is persisted, meaning it is not covered by Zero Retention Mode and should not contain PHI."

In practice this means voice cloning models, and ElevenAgents agent configuration data, sit outside ZRM by enumeration. Enterprise procurement teams need to capture this explicitly.

Enterprise + ZRM is a defensible posture for text-to-speech and speech-to-text. Voice cloning needs a separate explicit assessment regardless of tier — the data type (biometric) and the persistence of voice models put it outside ZRM's enumerated scope. Non-Enterprise voice cloning is not appropriate for any organisation processing identifiable individuals' voices. — My read

EU / UK transfer position

ElevenLabs is a US company. Transfers from the EU/UK to the US rely on Standard Contractual Clauses (SCCs) under the DPA. For UK transfers the DPA references the UK Addendum issued by the UK Information Commissioner under Section 119A(1) of the UK Data Protection Act 2018 (version B1) — substantively the UK International Data Transfer Addendum, framed via UK ICO/DPA-2018 rather than the "Parliament-laid 2 February 2022" phrasing some other vendors use. Same instrument, different language.

ElevenLabs is certified under the EU-US Data Privacy Framework, the Swiss-U.S. DPF, and the UK Extension to the EU-U.S. DPF — listed as Active across all three on the official dataprivacyframework.gov registry as of 2026-05. Coverage extends to both HR Data and Non-HR Data (same reauthorisation caveat as OpenAI / Anthropic).

EU data residency: Enterprise-only feature. Data is stored in isolated EU environments for Enterprise customers who configure it. Non-Enterprise customers' data is processed in default US infrastructure regardless of their location.

This is the most consequential limitation for EU/UK SME buyers: unless they're on Enterprise (typically £££), there is no EU residency option. A free or Creator tier user in Germany processing voice samples of EU subjects has US-resident processing without contractual safeguards beyond the standard ToS.

Security documentation

Per the trust portal at https://compliance.elevenlabs.io/ (verified 2026-05-02):

• SOC 2 Type 2
• ISO 27001:2022
• ISO/IEC 27017:2015 (cloud-specific information security controls)
• ISO/IEC 27018:2019 (cloud privacy / PII processor controls)
• ISO/IEC 27701:2019 (privacy information management)
• ISO/IEC 42001:2023 (AI management systems — downloadable certificate visible as "42001 - AIMS Certificate - Eleven Labs.pdf")
• PCI DSS 4.0.1 Level 1
• CSA STAR Level 1
• AIUC-1 (AI Use Case certification)
• HIPAA — attestation; BAA available on Enterprise for qualifying healthcare customers
• HDS (Hébergeur de Données de Santé — French health data hosting certification)
• GDPR / UK GDPR — attestation, addressed in the DPA

The cert portfolio is genuinely strong for a vendor at ElevenLabs' size — broader than Perplexity, comparable to the Big Tech LLM peers. The ISO 42001 certification specifically is a meaningful AI Act audit signal. The HDS attestation is unusual and directly relevant for any French / Swiss buyer in regulated health contexts.

ElevenLabs' security posture has matured rapidly through 2025-2026 but is still less battle-tested than Big Tech peers. For a vendor handling biometric data, this matters.

AI Act role + risk classification

• Role: ElevenLabs is a provider of AI systems (TTS, voice cloning, Agents Platform). The Agents Platform may also make ElevenLabs a provider of GPAI-adjacent systems depending on the feature mix.
• Your role as a buyer: deployer with deployer obligations.
• Risk tier:
  • Text-to-speech for narration / accessibility / content production: typically limited risk with transparency obligations (users must be told they're hearing AI-generated audio)
  • Voice cloning of real people: high risk if used for impersonation or in deepfake contexts; prohibited if deceptive in ways that fall under Article 5 prohibited practices
  • Voice agents in customer service, recruitment screening, or other Annex III adjacent flows: high risk under AI Act Annex III obligations

The AI Act treats deepfakes (synthetic audio deceptively presented as a real person) with explicit transparency obligations under Article 52. ElevenLabs' tooling can produce content that triggers these obligations regardless of the buyer's intent.

UK ICO has issued public statements on biometric processing through 2025–2026 and continues to refine guidance — review the ICO's current biometric data guidance alongside any ElevenLabs deployment plan.

DPIA prompts (for your use case)

1. Are you processing biometric data? Voice samples are biometric under most GDPR readings. If yes, you need an Article 9 lawful basis (typically explicit consent) plus a DPIA covering Article 35.
2. Is the cloned voice a real person's voice — and do you have their explicit, informed, written consent? Without consent, cloning likely lacks a lawful basis under GDPR. Copyright in the source recording is a separate question and does not establish consent on the data subject's behalf.
3. Are you on Enterprise with data residency configured to your jurisdiction? Free / Creator / Pro / Scale tiers do not offer EU residency. SME-tier processing of EU voice samples in US infrastructure is a material risk.
4. Have you opted out of training data use if you are not on Enterprise? Default-on training of biometric data is the worst-case scenario.
5. Have you implemented disclosure that synthesised audio is AI-generated, per AI Act Article 52 transparency obligations? Even for benign use cases.
6. Voice cloning specifically: are voice models stored beyond your project lifecycle? ElevenLabs retains voice models even under ZDR — plan for deletion when the project ends.
7. Agents Platform: if used, are conversation transcripts being processed under terms appropriate for the data type? This is a different surface from TTS and may have different defaults.

Unresolved questions / red flags

• Biometric data + non-Enterprise defaults = systemic risk. SMEs using free or Pro tiers to process identifiable people's voices are very likely operating outside their lawful basis.
• Zero Retention Mode is enumerated, not universal. ZRM applies to Text-to-Speech, Speech-to-Text, and ElevenAgents APIs. Voice cloning is not enumerated as ZRM-eligible, so cloned voice models persist. ElevenAgents has its own carve-out: agent configuration data persists outside ZRM. Buyers thinking they have ZRM coverage on voice cloning specifically do not — and should not store PHI in ElevenAgents agent configuration.
• EU data residency is Enterprise-only. Pricing for Enterprise tier is not publicly listed — get a quote before assuming it's affordable for an SME.
• Subprocessor list URL has shifted — flag if not findable at review time.
• AI Act Article 52 transparency obligations apply to all AI-generated audio in EU contexts. Few buyers have implemented this.
• Voice cloning legal landscape is moving fast — UK ICO, EDPB, and national regulators are actively shaping enforcement. A profile dated more than 90 days old should be re-checked.
• Use of cloned voices in advertising or political content may trigger additional sectoral obligations (Ofcom, ASA, Electoral Commission for UK; equivalent EU bodies). Outside the GDPR scope but worth flagging.

Related profiles

This is the only voice-AI profile in the index so far. For text-LLM context that often pairs with voice agents:

• OpenAI — Whisper / Realtime API for speech-related work
• Google Gemini — natively multimodal, including audio

Sources checked

• ElevenLabs DPA: https://elevenlabs.io/dpa — referenced 2026-05-02
• ElevenLabs Data Residency documentation: https://elevenlabs.io/docs/overview/administration/data-residency — referenced 2026-05-02
• ElevenLabs Enterprise: https://elevenlabs.io/enterprise — referenced 2026-05-02
• ElevenLabs Privacy Policy: https://elevenlabs.io/privacy-policy — referenced 2026-05-02
• ICO public guidance on biometric processing
• Independent compliance write-ups (Deepgram audit guide, XS2Content EU-hosted analysis) — referenced for context 2026-05-02

For ongoing AI compliance support, work with Janus DPO-as-a-Service. For other vendors, browse the full index.