Getting started with DLP

View DLP content and rule size limits

DLP recommended size limits for content and rules

Supported editions for this feature: Frontline Standard and Frontline Plus; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, and Education Plus; Enterprise Essentials Plus. Compare your edition

Drive DLP and Chat DLP are also available to Cloud Identity Premium users who also have a Google Workspace license (Enterprise, Business, or Education editions).

You configure data loss prevention (DLP) rules to protect sensitive content. To keep DLP rules working to protect your content, make sure your DLP configuration settings stay within the following recommended size limits. Some of these limits are not enforced, but stay within the limits stated in this article. If you exceed these limits, your DLP rule might not work.

Note: Before scanning content, analyze metadata (for example, source URL, file type, file size, and so on) for all files, regardless of size, to assess whether to terminate the scanning process early.

Google Chat DLP content limits

Content

Limit

Chat message and attachments

Maximum file size is 50 MB

Only the first 10 MB of extracted text is analyzed against DLP rules.

Number of files scanned within a zip file

1,000

Number of items detected per file

10,000

Chrome browser DLP content limits

Content

Limit

File upload, download, print, paste

Maximum file size is 50 MB

Only the first 10 MB of extracted text is analyzed against DLP rules.

Some file types aren't checked for sensitive data or malware, including password-protected files and files larger than 50 MB. Administrators can decide to automatically allow or block those files.

Number of files scanned within a zip file

1,000

Number of items detected per file

10,000

Number of cells in a spreadsheet

50,000

Google Drive DLP content limits

Content

Limit

Drive text content (with markup)

Maximum file size is 50 MB

Only the first 10 MB of extracted text is analyzed against DLP rules.

DLP scans any file's content that it can extract. For native file types, content extraction has no size limit. For non-native file types, DLP supports content extraction for files up to 50 MB.

Number of files scanned within a zip file

1,000

Number of items detected per document or file

10,000

Gmail DLP content limits

Content

Limit

Gmail message (including attachments)

Content filters scan messages and attachments up to 25 MB.

Only the first 10 MB of extracted text is analyzed against DLP rules.

Message contents and attachments are converted to a single file in a scannable format. Gmail scans the converted file. For converted files such as CSV, the cell limit is 50,000. For nested files such as zip, the output is limited to 25 MB.
Content in the destination of URL links isn't scanned.

Files stored in Drive and linked to a message are subject to the DLP rules for Drive. Learn more about DLP for Drive.

Rule alert email recipient limits

Maximum number of email recipients

10 recipients in DLP rule alert center action

If you need to notify more recipients: You can add groups as recipients instead of individual administrators. Learn how to create groups.

Rule size limits

Rule attribute

Limit

Rule count maximum

1,000

You cannot save any rules after exceeding this limit.

Rule description length

500 characters

Individual rule size

1.5 KB

This limit is accrued after you save the rule and it’s compiled by the system. If you reach this limit, you can’t save additional settings for the rule. For example, if you have a very large description or a long list of conditions, you can exceed this limit.

In general, you should not create very large rules. To avoid large rules:

  • Use short rule descriptions.
  • Use word lists where possible.
  • Avoid using long lists of conditions.

All rule configuration settings: The size limit for all DLP rule configuration settings, such as the number of rules and the size of rule descriptions

2 MB

This 2 MB limit is the combined size of all DLP rule configuration settings, after you save them and they’re compiled by the system. Notwithstanding any of the limits above, if you reach this limit, you can’t save additional settings.

Detector size limits

Detector attribute

Limit

Detector count maximum

1,000

Maximum total size of word list

60 KB

Word list phrase component length (continuous sequences containing only letters, only digits, only non-letter characters, or only non-digit characters)

40

Maximum number of words in a word list

950

Size of a regular expression

1,000 characters

Regular expression detector count and word list detector count maximums combined for all rules

Combined limit: 100

  • Word list detectors maximum (used in all rules): 100
  • Regular expression detectors maximum (used in all rules): 100

Note: The number word list and regular expression detectors are combined and together shouldn't exceed 100 detectors. If limits are exceeded, scan performance might be reduced.

Email address detector

40,000 entries

Detector size

Notwithstanding the other limits in this table, an individual detector can't be more than 2 MB.

Related topics

Was this helpful?

How can we improve it?