Restrict agent zones

To comply with laws and regulations in different countries and regions, the Conversational AI Engine supports regional access restrictions. When you enable regional access restrictions, the Conversational AI Engine only accesses Agora servers in the designated region, regardless of the user's location.

For example, if you specify North America as the access region, two users who initiate calls from North America and Singapore have different experiences:

Specified access region	User location	Actual access region	User experience
North America	North America	North America	Normal quality.
North America	Singapore	North America	Quality may be significantly impacted. Cross-regional public internet connections between the designated region and the user's location can result in poor network quality. If all servers in the specified region are unavailable, the service returns an error.

Understand the tech

When regional access restrictions are disabled, the Conversational AI Engine automatically selects the nearest server to deploy the agent based on the IP address of the LLM URL and supports failover:

Intelligent deployment: The system automatically deploys the Conversational AI Engine service in the region that corresponds to the IP address of the configured LLM URL.
Nearest available region: If no server is available in the corresponding region, the system automatically selects the nearest available region.
Failover: When a service becomes unavailable in a region, the system automatically switches to another available region.

caution

When you enable regional access restrictions, the system strictly limits access to the specified region and does not perform cross-regional failover.

Implementation

Configure regional access

To configure region access restrictions, set properties.geofence when you Start a conversational AI agent.

properties.geofence

area stringrequired
Possible values: GLOBAL, NORTH_AMERICA, EUROPE, ASIA, INDIA, JAPAN
The allowed region for server access.
exclude_area stringnullable
Possible values: NORTH_AMERICA, EUROPE, ASIA, INDIA, JAPAN
The excluded region. Only available when area is set to GLOBAL.

Configuration examples

Refer to the following examples to understand geofence configuration:

Restrict access to North America only

_18{ _18 "name": "customer_service", _18 "properties": { _18 "channel": "test_channel", _18 "token": "your_rtc_token", _18 "agent_rtc_uid": "123", _18 "remote_rtc_uids": ["456"], _18 "geofence": { _18 "area": "NORTH_AMERICA" _18 }, _18 "llm": { _18 // ... LLM configuration _18 }, _18 "tts": { _18 // ... TTS configuration _18 } _18 } _18}
Global access but excluding India

_19{ _19 "name": "customer_service", _19 "properties": { _19 "channel": "test_channel", _19 "token": "your_rtc_token", _19 "agent_rtc_uid": "123", _19 "remote_rtc_uids": ["456"], _19 "geofence": { _19 "area": "GLOBAL", _19 "exclude_area": "INDIA" _19 }, _19 "llm": { _19 // ... LLM configuration _19 }, _19 "tts": { _19 // ... TTS configuration _19 } _19 } _19}

Configure RTC regional access

The Conversational AI Engine and Agora RTC services are independent, and their regional access restriction configurations are separate. To implement complete end-to-end regional access restrictions and ensure that the entire call chain with the agent is confined to a specified region, you must also configure RTC regional access restrictions. For more information, see Restrict media zones.

Data residency

In addition to configuring regional access restrictions for the Conversational AI Engine, some LLM, TTS, and ASR vendors offer data residency services in different regions. You can ensure that data is not transferred across regions by configuring the URLs used by the LLM, TTS, and ASR modules.

For example, ElevenLabs supports selecting data processing regions through different URL endpoints. For more information, see the ElevenLabs documentation.

The following example shows how to configure the ElevenLabs TTS service using a URL endpoint for the European region:

{
  "properties": {
    "tts": {
      "vendor": {
        "name": "elevenlabs"
      },
      "url": "wss://api.eu.elevenlabs.io/v1/text-to-speech/{voice_id}/stream-input"
    }
  }
}

Best practices

To ensure that data remains entirely within the designated region, follow these recommendations:

Configure regional restrictions for the Conversational AI Engine: Use the geofence object to restrict server access regions.
Configure RTC regional restrictions: Configure the corresponding regional access restrictions in the RTC SDK.
Select regional AI services: When configuring LLM, TTS, and ASR services, select a provider that supports regional data residency and use the corresponding regional URL endpoint.
Verify the configuration: Before deploying to production, thoroughly test that regional access restrictions work correctly and that data is not transferred across regions.

Considerations

Keep the following in mind when implementing regional access restrictions:

Performance impact: Regional access restrictions may affect user experience. If a user's location is far from the designated region, network latency may increase.
Service availability: When regional access restrictions are enabled and the server in the specified region is unavailable or lacks sufficient resources, the service returns an error and does not automatically switch to another region.
Configuration consistency: Ensure that the regional configurations of the Conversational AI Engine, RTC SDK, and LLM, TTS, and ASR services are consistent to prevent data transfer across regions.
Compliance requirements: Before configuring regional access restrictions, understand the legal and regulatory requirements of the target region to ensure that the configuration complies with local data protection and privacy regulations.