Get the weekly digest
Every policy change across 844 tracked documents, once a week. No account needed.
Mistral AI updated its Additional Product Terms on May 29, 2026, shifting from 'Customer' to 'you' language throughout the Third-Party Service integration section. More substantively, the terms now authorize Mistral AI to execute a broader set of actions on data sent to third-party services, expanding from simple access and retrieval to include execute, transmit, modify, delete, invoke, and otherwise act upon necessary data. The updated language also places explicit responsibility on users for actions they request through the product, including compliance with third-party terms.
The updated terms authorize Mistral AI to perform a broader range of actions on data sent to third-party services, moving beyond simple access and retrieval to include execute, transmit, modify, delete, invoke, and otherwise act upon necessary data. Users now explicitly bear responsibility for the actions they request through Mistral AI Products and for compliance with third-party terms. If you use third-party service integrations, you should review what specific actions you are requesting and confirm you understand what data handling Mistral AI is authorized to perform on your behalf.
The updated terms establish a significantly broader scope of data operations Mistral AI may perform when third-party services are connected, moving from narrowly defined access and retrieval to an expansive 'otherwise act upon' authorization. For organizations processing customer data, this expanded scope may require evaluating compliance with existing data processing agreements and regulatory frameworks that limit permissible data operations.
→ Review which third-party services you have connected to Mistral AI Products and understand what data flows through those integrations.
→ If you are an organization processing customer data, evaluate whether the expanded data handling authorization aligns with commitments you have made in privacy notices or customer agreements.
→ If you continue using third-party service integrations without review, the expanded data handling authorization will apply to your data as stated in the updated terms.
→ Organizations that have committed to customers that their data will only be accessed and processed for specific purposes may face compliance gaps if those commitments conflict with Mistral AI's new authorization scope.
Across all monitored documents, Mistral AI has made 2 significant changes.
2 of Mistral AI's significant changes have been classified as negative for consumers.
Expanded from 'access, send, retrieve, process, store' to include 'execute, transmit, modify, delete, invoke, or otherwise act upon' data.
Added explicit requirement that users bear responsibility for actions they request through Input and compliance with third-party terms.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
If you request Mistral AI to perform an action through a third-party integration, you are responsible for that action's consequences and for complying with the third-party service's rules.
Mistral AI can now perform a broader range of operations on data sent to third-party services beyond simply reading and passing it through.
The revised language materially expands the authorization Mistral AI claims over data movement and manipulation when third-party services are connected. The shift from 'Customer grants permission to access...and send data' to authorization for 'execute, transmit, modify, delete, invoke, or otherwise act upon necessary data' broadens the stated scope of permissible data processing. This affects any organization where customer data flows through Mistral AI to third-party services. Depending on downstream customer agreements and jurisdictional requirements (notably GDPR if EU data is involved), the organization may need to evaluate whether this expanded authorization aligns with its own data processing obligations and customer-facing commitments. The placement of user responsibility for 'actions you request' suggests Mistral AI intends to treat user-initiated requests as operating under user authority, but the precise boundary between Mistral AI's autonomous actions and user-initiated actions is not entirely clear from the updated language.
Full compliance analysis
Regulatory exposure, obligation analysis, escalation trigger, board language, and recommended action.
Analyst $49/moConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002442.
Mistral AI updated its Usage Policy on June 17, 2026, making three operational changes. The policy now references 'Vibe' instead …
Mistral AI updated its Commercial Terms on May 29, 2026, replacing references to 'Le Chat Pro' and 'Le Chat Teams' …
Mistral AI updated its Terms of Service on May 29, 2026, with material changes to how third-party service integrations operate. …
Get alerted when this policy changes again — including what changed and why it matters.