New Managed Regions
Cloudflare has expanded its Regional Services offering by adding four new pre-defined regions:
- Turkey
- United Arab Emirates (UAE)
- IRAP (Australian compliance framework)
- ISMAP (Japanese compliance framework)
This brings the total number of Cloudflare Managed Regions to 35, giving customers more out-of-the-box options for meeting data residency requirements.
Custom Regions: Define Your Own Boundaries
Beyond the expanded managed regions, Cloudflare is introducing Custom Regions—allowing enterprises to define their own geographical boundaries for data processing. Instead of selecting from Cloudflare's predefined list, customers can specify exactly which countries (or combinations of countries) should process their data.
Custom Regions are built on flexible expressions. The most common approach uses ISO country codes:
- Single country:
country_code == "TR"(Turkey) - Multiple countries:
country_code in ["DE", "FR", "NL"](Germany, France, Netherlands) - Exclude countries:
!(country_code in ["US", "CA", "MX"])(everything except North America)
How It Works
The underlying architecture remains unchanged. Cloudflare still:
- Ingests traffic globally and applies L3/L4 DDoS mitigation at the closest data center
- Routes traffic across Cloudflare's private backbone to your designated region
- Performs TLS termination and Layer 7 processing only within your defined boundaries
- Securely forwards requests to your origin
The key difference: you now control the region definition.
Early Use Cases
Early-access customers have used Custom Regions for:
- AI/LLM inference – Keep prompts and responses within specific countries for performance and compliance
- Targeted marketing – Serve campaigns optimized for unique country combinations
- Government operations – Align regions with contractual compliance obligations
- Corporate governance – Mirror internal business units (EMEA, MENA, APAC) for better organizational alignment