They have services literally dedicated to things like health data records.
But you don’t even need to go that sensitive, literally any type of online service might run the risk of handling PII. Which is why CIS, NIST et al have security frameworks that cover things like encryption at rest.
But encryption at rest is not confidential compute. And Confidential compute is pretty new in terms of tech and i would be genuinely suprised if it's already required for some stuff. I am genuinely interested though, if you have any links about it please enlighten me.
But you don’t even need to go that sensitive, literally any type of online service might run the risk of handling PII. Which is why CIS, NIST et al have security frameworks that cover things like encryption at rest.