Option B best meets all stated requirements by correctly combining PII protection, evaluation before launch, and data residency compliance using Amazon Bedrock Guardrails. Amazon Bedrock guardrails provide native sensitive information filtering that operates inline during model invocation, making them well suited for preventing personal data exposure in customer-facing AI assistants.
The requirement to evaluate how effective the AI assistant is at preventing exposure before release is best addressed by using mask mode during development and testing. Mask mode allows responses to be generated while automatically redacting detected personal information, making it easy for developers and reviewers to see where and how PII would have appeared. This provides concrete validation that the guardrail rules are correctly configured without fully blocking responses, which is ideal for quality assurance and pre-production evaluation.
For production, switching the guardrail to block mode ensures that responses containing personal information are fully prevented from being returned to users. This offers the strongest protection and aligns with compliance expectations for customer account data. Block mode is appropriate once confidence in the guardrail configuration has been established during testing.
The data residency requirement is addressed by deploying a copy of the guardrail in each AWS Region where the application operates. Amazon Bedrock guardrails are Region-specific resources, and using Region-local guardrails ensures that inference, filtering, and enforcement all occur within the same Region as the customer data. This avoids cross-Region processing and helps the company comply with regulatory and contractual data residency policies.
Option A and D incorrectly rely on cross-Region guardrails, which can violate data residency constraints. Option C focuses on topic filtering rather than sensitive information filtering and keeps detect mode enabled in production, which does not actively prevent PII exposure. Therefore, B is the only option that fully satisfies safety, compliance, and evaluation requirements.
