AWS Bedrock added a new service section for Amazon Bedrock AgentCore Payments, which enables developers to build payment solutions that route transactions between AI agents, third-party wallet providers, and sellers. The updated terms explicitly state that AWS does not provide regulated financial services, does not hold customer funds, and is not responsible for wallets, private keys, or wallet provider services. Developers using this feature are solely responsible for regulatory compliance, transaction monitoring, security safeguards, and any resulting disputes or payment liabilities.
This change introduces a new optional service feature rather than modifying existing consumer rights or obligations. AWS explicitly disclaims providing regulated financial services, holding custody of funds, or bearing responsibility for wallet providers or transactions. Developers who elect to use AgentCore Payments must comply with applicable financial regulations, implement their own security safeguards, and accept full liability for transactions and disputes. The terms do not impose obligations on end consumers using AI agents; the obligations fall on developers integrating the service.
The updated terms establish a new payment-routing service feature with clear boundaries on AWS liability and responsibility. By explicitly disclaiming regulated financial services status and fund custody, AWS is signaling the operational model for this feature: developers retain full liability for regulatory compliance, transaction security, and customer disputes. Organizations evaluating or integrating AgentCore Payments need to understand these liability assignments and ensure their own compliance frameworks and customer disclosures align with AWS's stated limitations.
→ If integrating AgentCore Payments, review your own compliance obligations under applicable financial services regulations in your jurisdiction.
→ Verify the regulatory status and terms of each third-party wallet provider you plan to support.
→ Update your customer-facing terms and privacy notices to disclose that AWS does not provide financial services and that wallet providers are third parties under separate agreements.
→ If you integrate AgentCore Payments without reviewing applicable financial services regulations, you may operate in violation of money transmitter licensing requirements in jurisdictions where your customers reside.
→ Without implementing documented security safeguards and human oversight, you bear full liability for transaction failures, unauthorized access to wallets, or loss of customer assets.
→ Failing to disclose the third-party wallet provider model and AWS's lack of fund custody to your customers may expose you to disputes over where customer funds are held and who is responsible for their security.
AWS explicitly disclaims providing regulated financial services, holding custody of funds or assets, and bearing responsibility for third-party wallet providers or their services.
Developers are solely responsible for regulatory compliance, obtaining required licenses, implementing security safeguards, and bearing all liability for transactions, disputes, and payment failures.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
If you build payment solutions with this feature, you are responsible for ensuring your product meets all financial and industry regulations in the jurisdictions where you operate.
You must build security controls into your payment solution and remain responsible for protecting customer wallets and ensuring transaction accuracy.
AWS introduced a new product service section establishing clear liability boundaries for a payment-routing feature. The updated terms disclaim regulated financial services status, custody responsibilities, and third-party liability. Organizations offering payment solutions through AgentCore Payments will assume full responsibility for regulatory compliance (including obtaining necessary licenses), transaction security, and dispute resolution. This may require updates to vendor contracts, DPAs, and internal compliance documentation if the feature is offered as part of a broader service to downstream customers.
FinCEN (if money transmission is triggered), state money transmitter regulations, GDPR (if processing EU customer payment data), CCPA (if processing California customer payment data), PCI DSS (if handling payment card data, though AWS disclaims custody here), and relevant financial services regulations in jurisdictions where the service is offered. The extent of regulatory applicability depends on whether the feature constitutes money transmission or payment facilitation under applicable law, which varies by jurisdiction.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001826.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherGet alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.