Can an Internet Computer based service limit _where_ it's canisters run and data is persisted?

The motivation behind the question is, that in order to build business and enterprise services on top of the Internet Computer Platform in the near future, one sometimes has to adhere to regulatory governance as to where customer data is stored and processed when operating the service. Is there a mechanism in the platform to constrain on which nodes the service actually will execute and persist?


Such a feature would be consistent with our vision of different kinds of subnets (more secure / cheaper, maybe special features). It’s not on the road map for launch, of course, but I don’t see a problem with adding that feature in due time.