March 5, 2026 Check Point Software on Wednesday launched a dedicated Canada data region for its CloudGuard Web Application Firewall (WAF), ensuring that all configurations, logs and security inspection data remain entirely within the country. The move targets a growing challenge for Canadian organizations: meeting strict data residency rules without sacrificing modern application and API security.

The launch comes as data sovereignty has become a major policy focus in Canada, with governments and regulators tightening expectations around where sensitive information can be processed and stored. “Canadian organizations increasingly require security solutions that keep sensitive data within national borders without compromising protection quality or performance,” said Robert Falzon, head of engineering for Check Point in Canada.

For organizations in finance, healthcare, government and critical infrastructure, cross-border data exposure can create direct compliance risks. Federal privacy legislation such as the Personal Information Protection and Electronic Documents Act (PIPEDA), along with provincial health and public-sector privacy laws, often require sensitive operational data to remain within Canada.

Many web application firewall (WAF) and web application and API protection (WAAP) services historically processed security telemetry or inspection data outside the country, forcing organizations to weigh security capability against regulatory requirements. Check Point’s new regional deployment is designed to remove that trade-off by keeping all operational security data, including logs, configurations and inspection processing, within Canadian infrastructure.

The platform uses what the company describes as an AI-driven “prevention-first” architecture that aims to block both known and unknown threats without relying on signatures, manual rule tuning or emergency patching. According to Check Point, the system achieved a 99.5 per cent detection rate with near-zero false positives in the independent WAF Comparison Project 2026, which evaluated 14 vendors under real-world conditions. The company also says more than 90 per cent of deployments operate in full prevention mode.

The announcement coincides with Check Point’s presence at the Victoria International Privacy & Security Summit, where the company is presenting its approach to automated application security.