Databricks Security and Compliance at Summit 2026: The Unglamorous Layer That Decides Adoption

TL;DR

• Identity, the strongest item: Automatic Identity Management (AIM) for Microsoft Entra ID is GA on AWS and GCP (Azure already had it). AIM for Okta is in Public Preview on AWS and GCP.
• Network isolation, mixed maturity: Context-Based Ingress policies are in Public Preview; Private Link for Lakebase is GA on AWS and Public Preview on Azure; the Private Network Gateway is Private Preview on Azure only.
• Compliance, broader but read the dates: HITRUST across the three clouds, ISMAP in Japan, expanded AWS GovCloud, and more. FedRAMP High on Azure Commercial is expected later this summer, not yet delivered.
• The Panther deal: Databricks agreed to acquire Panther, an AI-era SIEM alternative, to push the "security lakehouse." It is announced intent, not a closed deal.
• Why it matters: this layer is the prerequisite for everything else at Summit. Identity, network isolation, and compliance are what move agentic AI from "blocked by risk" to "approved."

Why the boring layer is the important one

Every exciting announcement at Summit 2026, agents, Genie, CustomerLake, assumes one thing: that your security and risk team will let you turn it on. In our delivery work, that approval is where ambitious data and AI programmes most often stall. Not because the technology cannot do it, but because identity, network isolation, and compliance were treated as a footnote instead of a design input. This set of announcements is the answer, and it is the part of the Summit 2026 announcement set we would read first if your enterprise is regulated. It is the difference between a platform your risk team approves and one they block.

Identity: Automatic Identity Management

The clearest win is identity, and it is the item closest to "just use it."

Automatic Identity Management (AIM) for Microsoft Entra ID is now generally available on AWS and GCP. It was already available on Azure Databricks, so this GA effectively extends the seamless onboarding experience to all three major clouds. AIM removes the manual work of provisioning users, groups, and service principals, which is exactly the kind of toil that, done by hand, becomes a source of access-control drift and audit findings.

AIM for Okta is now in Public Preview on AWS and GCP (not Azure). If your enterprise standardises on Okta rather than Entra ID, this is the one to pilot rather than depend on yet.

For the many European enterprises standardised on Microsoft identity, the Entra ID GA is the genuinely useful one: less manual provisioning, less drift, cleaner audits.

Network isolation: the controls that let regulated teams say yes

This is the cluster of announcements that makes regulated adoption viable, and it is also where the maturity varies most, so precision matters.

• Context-Based Ingress policies (Public Preview, across AWS, Azure, and Google Cloud). Zero-trust access policies based on network source, identity, and access scope. The point is that you can expose a specific surface, Genie, a dashboard, a Databricks App, the AI Gateway, while keeping the workspace itself network-protected. That selective exposure is precisely what a risk team wants instead of an all-or-nothing door.
• Private Link for Lakebase (GA on AWS, Public Preview on Azure). Inbound Private Link now supports Lakebase (and Zerobus and additional account-level resources), so high-throughput operational and AI workloads keep network isolation. GA on AWS; on Azure treat it as preview.
• Private Network Gateway (Private Preview, Azure only). A single secure connection between Databricks and your private networks for serverless workloads. This is the least-mature item in the set, plan around it as a roadmap signal, not a control you can build on today.
• Inbound Private Link for account-level resources (including Genie and the account console) is in Beta as of late June 2026.

The honest summary: the direction is strong, network-isolated access to specific AI surfaces, but only some of it is GA. If your architecture depends on one of these, check its exact state for your cloud before you design around it.

Compliance: broader, but read the dates

Databricks expanded its compliance coverage, and here the dates matter as much as the names.

• HITRUST coverage across AWS, Azure, and Google Cloud.
• ISMAP (the Japanese government framework) achieved, on Azure and AWS.
• AWS GovCloud expanded to include Databricks Apps, Model Serving, AI Search, Predictive Optimization, and Genie.
• Saudi Arabia (on GCP) frameworks planned for later in June.
• Azure serverless compliance now matches the classic-compute certifications, with similar AWS serverless coverage planned for summer 2026.

One important correction to anyone summarising this set: FedRAMP High on Azure Commercial is expected later this summer, not delivered. If a vendor or article tells you Databricks "is FedRAMP High" today on that surface, that is ahead of the announcement. Treat it as roadmap.

The Panther deal: a "security lakehouse" signal

Databricks also announced it has agreed to acquire Panther, a cloud-native, detection-as-code platform often described as an AI-era alternative to legacy SIEM. Two things to keep straight.

First, this is announced intent, not a closed deal, it is subject to customary closing conditions including regulatory clearances, and the price was not disclosed. So it shapes strategy, but it is not a capability you can buy today.

Second, the strategy it signals is the interesting part. Panther brings detection-as-code, a large library of pre-built integrations, and agentic workflows for automating security-operations triage and investigation. Databricks frames it as advancing a "security lakehouse", unifying security, IT, and business data in one governed lakehouse rather than a separate SIEM silo. As CEO Ali Ghodsi put it, "Legacy SIEM was never designed for AI." For enterprises drowning in disconnected security tooling, the idea of security data living in the same governed platform as everything else is a genuinely strategic move. It also fits the through-line of the whole Summit 2026 announcement set: one governed platform, now reaching into security too.

The European angle, stated honestly

Here is where we have to be careful, because it is easy to over-claim. The official security and compliance announcement does not name EU-specific certifications or new European data-residency capabilities. The named frameworks target the US, Japan, Saudi Arabia, and the cross-cloud HITRUST. So we are not going to tell you Databricks "announced EU compliance," because it did not.

What it did ship is the set of primitives that make regulated European adoption viable: identity automation that holds up to audit (AIM for Entra ID), and network-isolation controls that let you expose AI surfaces like Genie while keeping the workspace protected (Context-Based Ingress, Private Link for Lakebase). For a European risk team, those are the building blocks. The residency and sovereignty design still has to be done deliberately, in the architecture, by you and your partner. The platform gives you better tools to do it with; it does not do it for you.

How to use this layer well

• Lead with identity. If you are on Entra ID, AIM's GA on AWS and GCP is low-risk and high-value, adopt it to kill manual provisioning and the drift it causes.
• Map controls to maturity. GA items (AIM for Entra ID, Private Link for Lakebase on AWS) you can build on. Preview items (Context-Based Ingress, AIM for Okta, Private Link for Lakebase on Azure) you pilot. Private Preview items (Private Network Gateway) you plan around.
• Use selective exposure. Context-Based Ingress is the right pattern for letting business users reach Genie and dashboards without opening the workspace, design AI-surface access around it.
• Design residency yourself. Do not assume a certification covers your jurisdiction. Confirm region, controller/processor model, and residency for your specific regulated workload.
• Sequence security before agents. Get identity, network isolation, and compliance in place before you scale agentic AI, not after, because the agents inherit whatever posture they land on.

The Cosmos Thrace perspective

This is the layer most teams underestimate, and it is exactly where we spend our time. We are a Databricks Silver Partner, and the part of an engagement that decides whether a regulated enterprise can actually adopt the platform, identity, network isolation, residency, and audit, is the part we design in from the start rather than retrofit. We have delivered dozens of data platform implementations across Europe, many on Databricks, with more than $50M saved for clients in 2025, a 100% client retention rate, and 106 million data points moved daily.

Our honest read on the Summit 2026 security set: the identity GA is the standout, the network-isolation controls point the right way even where they are still in preview, and the Panther deal is a strategic signal worth watching rather than a tool to deploy. Above all, this is the layer that decides whether the rest of the Summit is real for you. Governance and security are not a tax on the exciting work. For a regulated business, they are the thing that lets the exciting work happen at all, the same point we made about running agents safely in our Unity AI Gateway breakdown.

Sources

Databricks blog: What's new in Databricks platform security and compliance at Data + AI Summit 2026

Databricks newsroom: Databricks agrees to acquire Panther, further establishing security