Gemini Enterprise / Agentspace (Google)
One-liner — Google’s enterprise AI front door: a governed chat + enterprise-search + agent platform that grounds Gemini models on your company’s data (Workspace, Drive, plus third-party connectors) while honoring source permissions, with the data-residency, no-training and audit controls a regulated buyer expects from Google Cloud.
Categories — enterprise-ai-assistant (primary), entitlement-aware-rag
Naming / rebrand (2025-10-09): Google folded Google Agentspace into Gemini Enterprise (announced around the “Gemini at Work”/Google Cloud event). The Agentspace URL now redirects to Gemini Enterprise; existing Agentspace customers continue uninterrupted, but Agentspace is closed to new subscriptions from 2025-12-31. “Agentspace” survives as the underlying agent-platform/orchestration tech (“Gemini Enterprise Agent Platform” in the docs). Sold as Gemini Enterprise Standard and Gemini Enterprise Plus, with NotebookLM Enterprise as a related SKU. Distinguish from Gemini for Google Workspace (the assistant embedded in Gmail/Docs/Meet) and the consumer Gemini app — governance behavior differs by surface (see Vault note below).
What it does
Three jobs in one product:
- Enterprise assistant — a Gemini-powered chat UI employees actually use, with ready-made agents (Deep Research, NotebookLM, coding agents).
- Entitlement-aware enterprise search / RAG — connectors ingest content and its ACLs from sources (Google Drive/Workspace plus third-party systems like SharePoint, Jira, ServiceNow, Confluence), so answers are grounded only on documents the querying user is actually allowed to see.
- Agent platform — build, deploy and run agents (the former Agentspace), with a no-code agent builder and support for custom/partner agents.
For a hedge fund the draw is that it sits natively on top of Google Workspace if that’s your stack, and inherits Google Cloud’s compliance and data-governance posture.
Where it sits in the stack
UX layer — the enterprise-ai-assistant people interact with — riding on a entitlement-aware-rag retrieval layer. It pulls from google-drive / Workspace and other content-sources. Its main risk job is controlling access to sensitive data — retrieval is permission-filtered so the model never grounds on data the user can’t see. It does not by itself screen untrusted input or control outbound data flows; pair it with ai-runtime-security / ai-access-governance for those. Trust zone: handles green/yellow-zone enterprise data under enterprise controls.
Deployment & architecture
- SaaS on Google Cloud. No inline proxy/agent to deploy; consumed as a managed app + APIs.
- Connectors & data stores convert each source into a standardized Document (content + metadata + ACLs) held in data stores; retrieval is filtered by the user’s identity at query time.
- Identity: Google Identity is required for Workspace connectors (Drive, Gmail, Chat, Calendar), which delegate ACL decisions to the native Workspace platform. For third-party sources you can use Workforce Identity Federation to authenticate via external IdPs (Entra ID, Okta, Ping) over OIDC/SAML 2.0 — syncless. ACL enforcement uses either Pure ACLs (email-based identities) or Identity Mapping (usernames/legacy/external IDs).
- Admin & audit: managed via Google Cloud / Workspace admin consoles. Cloud Audit Logs (immutable) for the Cloud product; Gemini audit logs in Workspace are exposed via the Reporting API (Admin SDK) and surface in the security/audit investigation tools.
- Security controls: VPC Service Controls, CMEK via Cloud KMS (US/EU multi-region APIs only), Access Transparency (not in the
globalregion).
Positioning & differentiators
- Native to Google Workspace. If your firm runs on Gmail/Drive, the entitlement-aware grounding is largely “free” because it reuses Workspace permissions — analogous to microsoft-365-copilot on M365 + microsoft-graph. The cross-cloud parallel is glean (best-of-breed connectors/search) and openai-chatgpt-enterprise / anthropic-claude-enterprise (model-led assistants with thinner native connector graphs).
- Agent platform inheritance. Carries Agentspace’s agent builder/orchestration, which positions it more as a build-and-run agent platform than a pure chatbot.
- Cloud-grade governance. Data residency zones, no-training commitments, broad certifications, Vault/eDiscovery integration — see below.
Data governance posture (the part a hedge-fund CTO cares about)
- No training on your data. “Gemini doesn’t use your prompts or its responses as data to train its models.” On the Gemini Enterprise Agent Platform, “Google won’t use your data to train or fine-tune any AI/ML models without your prior permission or instruction” (incl. GA and pre-GA models). Prompts handled under the Cloud Data Processing Addendum (CDPA), encrypted in transit.
- Data residency (DRZ). At-rest residency in multi-regions
usandeu, plus in-countryca(Canada) andin(India) (GA with allowlist). ML processing (training/prediction/tuning) stays in theusoreumulti-region matching the regional API used. Caveat: “Grounding with Google Search” and “dynamic facets” run only in theglobalregion, where DRZ/CMEK/Access Transparency don’t apply — so residency holds only if you avoid those features. - Encryption: CMEK via Cloud KMS (US/EU multi-region APIs only; not in in-country or
globalregions). - Certifications (Gemini Enterprise Standard/Plus + NotebookLM Enterprise): SOC 1/2/3, ISO/IEC 27001, 27017, 27018, 27701, PCI DSS, BSI C5:2020, HIPAA, FedRAMP; ISO/IEC 42001 (AI management system) awarded May 2025 to Gemini for Google Cloud / Vertex AI Agents / Code Assist. (Confirm exact FedRAMP level and per-SKU scope on Google Cloud’s compliance pages before relying on it.) GDPR addressed via the CDPA/DPA.
- Vault / eDiscovery / retention (comms surveillance angle). Google Vault supports the Gemini app for search/export of prompts & responses (since 2025-02), and as of 2026-06 supports retention rules and litigation holds for the Gemini app (Vault holds take precedence over admin/user settings). Important caveat: this covers the standalone Gemini app; “Gemini in Workspace” features embedded in other apps (e.g., “Help me write” in Gmail/Docs) are not retained the same way — a gap to probe if you need full comms-surveillance capture (comms-surveillance).
Ownership, funding & M&A
Public. Gemini Enterprise is a product of Google LLC, part of Alphabet Inc. (NASDAQ: GOOGL/GOOG). The prior stub incorrectly marked it independent; corrected to public, confidence high. No standalone funding/valuation (it’s a line of business, not a separate entity). The only “M&A-like” event here is internal: the Agentspace → Gemini Enterprise product consolidation (2025-10-09), not an acquisition.
CTO / hedge-fund lens
- Day-1 for the assistant/RAG slot if you’re a Google Workspace shop — the entitlement-aware grounding reuses permissions you already manage, which is the hard part of safe RAG. If you’re on Microsoft, microsoft-365-copilot is the natural default and this becomes a comparison candidate rather than the obvious pick.
- Governance fit is strong: no-training, residency zones, CMEK, broad certs incl. ISO 42001, and Vault-based eDiscovery/holds map well onto regulated/asset-manager requirements. ISO 42001 + model documentation can feed an SR 11-7 / model-risk file, though Gemini Enterprise is an assistant, not a model-risk governance tool (ai-governance-platform).
- Watch-outs: (1) residency only holds if you avoid
global-only features like Google Search grounding; (2) Vault capture gaps for embedded “Gemini in Workspace” actions vs the standalone app — material for MNPI/comms surveillance; (3) you still need ai-runtime-security / ai-access-governance for prompt-injection and shadow-AI — this product governs its own data access, not all AI traffic. - Fit: mid-to-large regulated shops already on Google Workspace/Cloud. A small Microsoft-centric fund gets less value.
Competitors / alternatives
microsoft-365-copilot · openai-chatgpt-enterprise · anthropic-claude-enterprise · glean · amazon-q-business · perplexity-enterprise. On the retrieval/entitlement axis specifically: glean, microsoft-graph, knostic.
Open questions / to verify
- Exact FedRAMP level (High vs Moderate) and which controls/certs attach to Gemini Enterprise Standard vs Plus vs NotebookLM Enterprise specifically (vs Gemini for Google Cloud broadly).
- Full list of GA third-party connectors and which support real-time ACL sync vs periodic.
- Whether SCIM provisioning is first-class for Gemini Enterprise user/license management (Workspace/Cloud Identity SCIM exists; confirm scope for this SKU).
- Precise boundary of Vault capture across all “Gemini in Workspace” surfaces — what is and isn’t discoverable/retainable.
- Founding/launch date of the Agentspace product line (initial preview vs GA).
Sources
- Gemini Enterprise app — Best of Google AI for Business — fetched 2026-06-28 — supports: product framing, editions (Standard/Plus), residency/audit/CMEK marketing; confidence: med (vendor marketing).
- Google folds Agentspace into Gemini Enterprise (The Register) — fetched 2026-06-28 — supports: rebrand date 2025-10-09; confidence: med.
- How Gemini for Google Cloud uses your data (data governance) — fetched 2026-06-28 — supports: “doesn’t use your prompts or responses to train its models,” CDPA, encryption-in-transit; confidence: high (primary).
- Data residency — Gemini Enterprise & NotebookLM Enterprise — fetched 2026-06-28 — supports: DRZ us/eu + ca/in, MLP region binding, CMEK/global caveats; confidence: high (primary).
- Gemini Enterprise Agent Platform — zero data retention — fetched 2026-06-28 — supports: no train/fine-tune without permission, GA + pre-GA models; confidence: high (primary).
- Compliance certifications and security controls — Gemini Enterprise — fetched 2026-06-28 — supports: SOC/ISO/PCI/C5/HIPAA/FedRAMP, VPC-SC, CMEK, Access Transparency; confidence: high (primary).
- Configure access controls for custom data sources (identity/ACLs) — fetched 2026-06-28 — supports: ACL filtering, Pure ACLs vs Identity Mapping, IdP/workforce pools; confidence: high (primary).
- Introduction to connectors and data stores — fetched 2026-06-28 — supports: connectors ingest content+ACLs, WIF with Entra/Okta/Ping via OIDC/SAML; confidence: high (primary).
- Google Vault now supports retention rules and litigation holds for Gemini app — fetched 2026-06-28 — supports: Vault holds/retention for Gemini app (2026-06), precedence; confidence: high (primary).
- Gemini audit logs via Reporting API / investigation tools — fetched 2026-06-28 — supports: Gemini audit logging in Workspace; confidence: high (primary).
- ISO/IEC 42001 for Gemini / Vertex AI Agents / Code Assist (compliance offerings) — fetched 2026-06-28 — supports: ISO 42001 AI management cert (May 2025); confidence: med.
History
- [2026-06-28] Stub created from seed registry.
- [2026-06-28] Researched; corrected ownership independent→public (Google LLC / Alphabet, NASDAQ: GOOGL), high confidence; noted Agentspace→Gemini Enterprise rebrand (2025-10-09, Agentspace closed to new subs 2025-12-31); added entitlement-aware-rag as secondary category. Established: no-training/ZDR commitments, data residency zones (us/eu + ca/in) with global-feature caveats, CMEK/VPC-SC/Access Transparency, certs (SOC/ISO 27001-27701/PCI/C5/HIPAA/FedRAMP + ISO 42001 May-2025), ACL-honoring search (Pure ACLs vs Identity Mapping; WIF with Entra/Okta/Ping), and Google Vault eDiscovery/retention/holds for the Gemini app (2026-06) with the embedded-”Gemini in Workspace” capture gap. No HARD contradiction.