CA-C-002442
Mistral AI — Mistral AI Additional Product Terms
Entity
Date detected
May 29, 2026
Effective date
May 28, 2026
Severity
Direction
Negative
Affected users
all users api users business users
Taxonomy
Data collection expansion
Changes
7 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Get same-day alerts when Mistral AI changes We email you the diff and what it means, the day it happens.
Get same-day alerts →

Get the weekly digest

Every policy change across 844 tracked documents, once a week. No account needed.

Event Summary

Mistral AI updated its Additional Product Terms on May 29, 2026, shifting from 'Customer' to 'you' language throughout the Third-Party Service integration section. More substantively, the terms now authorize Mistral AI to execute a broader set of actions on data sent to third-party services, expanding from simple access and retrieval to include execute, transmit, modify, delete, invoke, and otherwise act upon necessary data. The updated language also places explicit responsibility on users for actions they request through the product, including compliance with third-party terms.

MEDIUM

Consumer Impact

The updated terms authorize Mistral AI to perform a broader range of actions on data sent to third-party services, moving beyond simple access and retrieval to include execute, transmit, modify, delete, invoke, and otherwise act upon necessary data. Users now explicitly bear responsibility for the actions they request through Mistral AI Products and for compliance with third-party terms. If you use third-party service integrations, you should review what specific actions you are requesting and confirm you understand what data handling Mistral AI is authorized to perform on your behalf.

Governance Analysis

The updated terms establish a significantly broader scope of data operations Mistral AI may perform when third-party services are connected, moving from narrowly defined access and retrieval to an expansive 'otherwise act upon' authorization. For organizations processing customer data, this expanded scope may require evaluating compliance with existing data processing agreements and regulatory frameworks that limit permissible data operations.

Available Actions

Review which third-party services you have connected to Mistral AI Products and understand what data flows through those integrations.

If you are an organization processing customer data, evaluate whether the expanded data handling authorization aligns with commitments you have made in privacy notices or customer agreements.

If No Action Is Taken

If you continue using third-party service integrations without review, the expanded data handling authorization will apply to your data as stated in the updated terms.

Organizations that have committed to customers that their data will only be accessed and processed for specific purposes may face compliance gaps if those commitments conflict with Mistral AI's new authorization scope.

Historical Context

Across all monitored documents, Mistral AI has made 2 significant changes.

2 of Mistral AI's significant changes have been classified as negative for consumers.

Key Clauses Affected

Third-Party Service authorization

Expanded from 'access, send, retrieve, process, store' to include 'execute, transmit, modify, delete, invoke, or otherwise act upon' data.

User responsibility for actions

Added explicit requirement that users bear responsibility for actions they request through Input and compliance with third-party terms.

Full clause-by-clause analysis available with Analyst.
These clauses may change again. Get alerted when they do. Get same-day alerts →

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
9d25052c7273b6324e094b8c2eae8dd94b3daea065f51c064702d851e1e37ace
May 11, 2026 10:26 UTC
✓ Verified
Current Version
1afc19bda184db02b35f31576b94b6629a0ed30ddf1cfa444f093d32fc2c6181
May 29, 2026 00:43 UTC
✓ Verified
Change Detected
May 29, 2026 00:43 UTC
Analysis Methodology
Citation Record
Entity: Mistral AI
Document: Mistral AI Additional Product Terms
Record ID: CA-C-002442
Captured: 2026-05-29 00:43:27 UTC
URL: https://conductatlas.com/change/2026-05-29-mistral-ai-mistral-ai-additional-product-terms-2442/
Accessed: July 19, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Impact Summary

1
New obligations
1
Expanded
Consumers and businesses Added

If you request Mistral AI to perform an action through a third-party integration, you are responsible for that action's consequences and for complying with the third-party service's rules.

Data controllers and organizations Expanded

Mistral AI can now perform a broader range of operations on data sent to third-party services beyond simply reading and passing it through.

For legal and compliance teams

Institutional Analysis

Assessment

The revised language materially expands the authorization Mistral AI claims over data movement and manipulation when third-party services are connected. The shift from 'Customer grants permission to access...and send data' to authorization for 'execute, transmit, modify, delete, invoke, or otherwise act upon necessary data' broadens the stated scope of permissible data processing. This affects any organization where customer data flows through Mistral AI to third-party services. Depending on downstream customer agreements and jurisdictional requirements (notably GDPR if EU data is involved), the organization may need to evaluate whether this expanded authorization aligns with its own data processing obligations and customer-facing commitments. The placement of user responsibility for 'actions you request' suggests Mistral AI intends to treat user-initiated requests as operating under user authority, but the precise boundary between Mistral AI's autonomous actions and user-initiated actions is not entirely clear from the updated language.

Full compliance analysis

Regulatory exposure, obligation analysis, escalation trigger, board language, and recommended action.

Analyst $49/mo

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002442.

Full Changes

View complete diff →

Document Context

Version history → Policy drift analysis → Document page →
Document
Mistral AI Additional Product Terms
Entity
Mistral AI
Captured
May 29, 2026
Source URL
https://legal.mistral.ai/terms/additional-terms
More from Mistral AI
Jun 17, 2026 Low
Mistral AI Usage Policy

Mistral AI updated its Usage Policy on June 17, 2026, making three operational changes. The policy now references 'Vibe' instead …

May 29, 2026 Low
Mistral AI Commercial Terms

Mistral AI updated its Commercial Terms on May 29, 2026, replacing references to 'Le Chat Pro' and 'Le Chat Teams' …

May 29, 2026 Medium
Mistral AI Terms of Service

Mistral AI updated its Terms of Service on May 29, 2026, with material changes to how third-party service integrations operate. …

Track Mistral AI policy changes

Get alerted when this policy changes again — including what changed and why it matters.