What’s new in Databricks Platform security and compliance at Data + AI Summit 2026

What’s new in Databricks Platform security and compliance at Data + AI Summit 2026 | Databricks Blog Skip to main content

Summary

• Securely scale Genie, dashboards, and AI applications with Automatic Identity Management (AIM) for Entra ID now GA on AWS and GCP, AIM for Okta in Public Preview, and new Context-Based Ingress policies.

• Simplify secure connectivity for serverless, operational, and AI workloads with Private Network Gateway and expanded Private Link support for Lakebase and account-level services.

• Expand compliance coverage across AWS, Azure, and Google Cloud with new certifications, regional compliance programs, broader AWS GovCloud support for AI services, and upcoming FedRAMP High support on Azure Commercial.

As organizations scale data and AI, security and compliance teams face the challenge to enable AI innovation without introducing new risk. From  Genie and  Lakebase to serverless analytics and AI-powered applications, enterprises need security models that can scale beyond manual provisioning, static network controls, and siloed compliance programs. At  Data + AI Summit 2026 , we're introducing new security and compliance capabilities designed to make security simpler, more scalable, and more context-aware: Securely scale Genie and AI across the enterprise with Automatic Identity Management (AIM) for Entra ID now GA on AWS and GCP, AIM for Okta in Public Preview, and new Context-Based Ingress policies for governing access to Genie, dashboards, Databricks Apps, and AI experiences. Simplified secure connectivity for serverless and operational workloads with the new Private Network Gateway and expanded Private Link support for Lakebase, enabling secure access to private data sources, APIs, and enterprise applications without complex network architectures. Expanded compliance coverage across every cloud with new serverless certifications, KSA, ISMAP and HITRUST compliance availability, broader AWS GovCloud support for AI and analytics features, and upcoming FedRAMP High support on Azure Commercial.

Securely scale Genie and AI AI is making data accessible to more people than ever before. Business users can now interact with data using natural language, self-service analytics, and AI-powered applications. Organizations need a simpler way to onboard users, govern access, and securely scale these experiences across the enterprise. Automatic Identity Management is now Generally Available for Entra ID on AWS and GCP Today, we're excited to announce the General Availability of AIM for Microsoft Entra ID on AWS and GCP , extending the seamless onboarding experience already available on Azure Databricks. As organizations expand access to Genie, dashboards, and AI applications, identity management can quickly become a bottleneck. Many teams still rely on manual provisioning, SCIM synchronization, or custom scripts to onboard users and keep permissions aligned. Automatic Identity Management (AIM) removes that friction by automatically provisioning and managing users, groups, and service principals using your identity provider as the source of truth. AIM also provides a scalable foundation for governing both human and non-human identities, including the service principals that power AI applications and agents.  We're also expanding support for additional identity providers, with  AIM for Okta on AWS and GCP now available in Public Preview. Context-Based Ingress is now in Public Preview When organizations open data and AI tools to more users, security controls increasingly need to make context-dependent access-control decisions for specific Databricks experiences without exposing the entire platform. Now in Public Preview on AWS, Azure, and Google Cloud, Context-Based Ingress (CBI)  enables administrators to create flexible, zero-trust access policies based on network source, identity, and access scope. Organizations can safely expose Genie, dashboards, Databricks Apps, and AI Gateway endpoints to users on external networks while keeping the broader workspace protected. We're also expanding Inbound Private Link to support account-level resources,  including Genie and the account console, as part of context-based ingress. This will be available in Beta at the end of June 2026. Simplifying secure connectivity for serverless and operational workloads Customers increasingly rely on the simplicity of serverless infrastructure, but require a simple way to connect to their existing and well-architected networks. Introducing Private Network Gateway We are excited to announce Private Network Gateway, a new networking capability that extends the simplicity of serverless to private data sources, APIs, and enterprise applications through a single, secure connection between Databricks and your private network. Instead of managing individual connections for every resource, organizations can use Private Network Gateway to securely connect serverless workloads to private networks at scale while maintaining their existing network architecture and security controls. Private Network Gateway is available in Private Preview on Azure Databricks. Reach out to your account team if you are interested in testing it out! Private connectivity for Lakebase To keep your databases and other data sources private, we're expanding private connectivity support for inbound (frontend) Private Link to Lakebase, Zerobus, and more. This is Generally Available on AWS and in Public Preview on Azure. Customers can maintain network isolation while supporting high-throughput operational and AI workloads. Expanding compliance coverage across every cloud Databricks continues to expand compliance coverage across clouds, deployment models, and regulated industries, helping customers modernize with confidence. Compliance everywhere on Azure Serverless Organizations can now leverage the simplicity and elasticity of serverless while maintaining the same compliance posture available on classic compute. You can find the full list of  available certifications and regions here . Similar compliance coverage for AWS Serverless is planned later this summer. New compliance support in Saudi Arabia for GCP Databricks is adding support for the Kingdom of Saudi Arabia’s National Cybersecurity Authority frameworks — CCC, DCC and ECC — on Google Cloud, helping customers in the Kingdom adopt the Data Platform while aligning with local cybersecurity and residency expectations. The offering release is planned...