I understand that using security labels along with local vaults and vaulting rules can theoretically ensure that the required files always remain in the country. I apologise if this was not clear in my original post.

I also believe that if the local vault becomes unavailable for any reason, the files would default to the master vault. This presents one of the challenges that must be addressed for the solution to work reliably, which is the sort of thing I am hoping to learn from anyone who has already implemented this approach.

Any US firearm manufacturing company that works globally has to deal with the same rules.

PetrH

That is correct. I briefly had a system that had replication setup where the replicate site was local to the remote site but all files were also stored locally to the main service in the master vault. That being said, for compliance reasons, I think you will have to contend with data ONLY residing in one country or another. Let's say server is in USA and you are also managing UK and India data. If there is no issue with their data all residing in USA, you would have your normal master vaults and then remote replica vaults for their local data.  Keep in mind there might be shared data like libraries and such. You would not replicate data from UK to India or visa versa for example, or USA only data out to those other sites. This would be normal use case. 

But if you had a situation where data in India could not be replicated to USA, then I think you need to setup a Master vault that was remote to India. Performance would not be ideal. I think in that case, you can still have a local replica vault but data would transit back to USA except not stored there but instead resouted back to India. Correct me if I have this setup wrong. Security labels would help enforce rules in case of accidental movement of data in context to wrong area.