AWS Bedrock updated its service terms on June 16, 2026 to add new provisions governing metadata sharing with Anthropic for certain AI products and to introduce a new AWS WAF AI traffic monetization feature. The updated terms now explicitly authorize AWS to notify Anthropic of metadata present in requests to Anthropic models, and establish a framework whereby AWS can facilitate payment transactions between users and buyers of content served through AWS services, though AWS states it does not provide regulated financial services and is not a party to the flow of funds. Users who employ these features will have pricing, payment, and configuration information shared with applicable buyers, payment providers, and facilitators under separate terms between the user and those parties.
The updated terms establish new data-sharing mechanisms for users of Anthropic models on Amazon Bedrock. Specifically, AWS now explicitly authorizes notification to Anthropic of metadata present in requests sent to certain Anthropic products (e.g., Claude Code, computer use features), enabling Anthropic to conduct product-level usage attribution. Additionally, the terms introduce AWS WAF AI traffic monetization, which permits AWS to facilitate payment transactions between content publishers and buyers by sharing pricing, payment, and configuration information with payment providers and facilitators; the updated terms clarify that AWS does not provide regulated financial services and is not a party to fund flows, and that users' interactions with payment providers are governed by separate terms between the user and those parties. Users employing these features should review what metadata may be embedded in their requests and understand their own obligations to payment providers.
The updated terms establish explicit authorization for AWS to share request metadata with Anthropic for usage tracking, which modifies the data-processing relationship and may require organizations to update their privacy notices and data-processing agreements if they handle regulated data. The introduction of AWS WAF AI traffic monetization formalizes a new optional payment-facilitation service that involves sharing user configuration and payment information with third parties, requiring organizations to understand their own vendor relationships and liability frameworks.
→ Review your current use of Anthropic models on Bedrock to understand what metadata may be shared and confirm whether metadata includes personal data or sensitive information.
→ If you use Anthropic models and process regulated data, audit your data-processing agreements and privacy notices to confirm metadata sharing with Anthropic is disclosed.
→ If you adopt AWS WAF AI traffic monetization, review and document your vendor agreements with payment providers and confirm your customer terms disclose payment information sharing.
→ If you use Anthropic models on Bedrock and do not update your privacy notices, your customers may not be aware that metadata from their requests is shared with Anthropic for usage attribution.
→ If you enable AWS WAF AI traffic monetization without documenting the data flows, your organization may lack a clear record of which third parties have access to pricing and payment configuration data.
→ If metadata sharing is not disclosed to customers or regulators, your organization may face compliance exposure under GDPR, CCPA, or similar privacy regulations.
This is the 2nd significant Ai Training Rights change AWS Bedrock has made since ConductAtlas began monitoring.
ConductAtlas has recorded 6 material changes to this document over 37 days of monitoring (since May 2026). An additional minor or cosmetic changes were excluded.
3 of AWS Bedrock's significant changes have been classified as negative for consumers.
AWS now explicitly authorizes notification to Anthropic of metadata in requests to Anthropic models for usage attribution; this formalizes a new data-sharing relationship that may require DPA and privacy notice updates.
New optional service enabling AWS to facilitate payment transactions by sharing user pricing and configuration information with buyers, payment providers, and facilitators; AWS disclaims regulated financial services role and party status in fund flows.
Clarifies that WorkSpaces AI Content may be stored outside the user's primary AWS region for service development and improvement; previously implicit, now explicit.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
When you use certain Anthropic products like Claude Code through Bedrock, AWS will tell Anthropic what metadata is in your requests so Anthropic can track how its products are being used.
If you use AWS WAF AI traffic monetization to charge buyers for content, your pricing and payment information will be shared with payment processors and other facilitators under separate terms between you and those parties.
+ 1 more obligation changes. Full breakdown available with Monitor.
Track changes →AWS modified its service terms to formalize metadata sharing with Anthropic for certain model features and introduced a new payment facilitation feature (AWS WAF AI traffic monetization). For organizations using Anthropic models on Bedrock, the metadata-sharing provision may trigger review of data processing terms, especially if data controllers are subject to GDPR or similar privacy regimes, as metadata sharing with a third-party AI provider constitutes a new data-processing relationship. For organizations enabling WAF AI traffic monetization, the terms establish that AWS is not a payment intermediary and that separate vendor terms govern interactions with payment providers and facilitators; compliance teams should assess whether this feature engages PCI DSS, payment regulation, or consumer protection obligations in their jurisdiction. The changes do not appear to impose new mandatory obligations on users; features are optional. However, users who adopt these features should document the data flows and vendor relationships in their compliance frameworks.
GDPR (if EU customers use Anthropic models on Bedrock; metadata sharing constitutes data processing and may trigger DPA/SCC review); CCPA (California customers' metadata may be shared with Anthropic); FTC Act (Section 5 may examine whether metadata sharing is disclosed adequately and whether payment facilitation terms are clear); State money transmitter regulations (if WAF AI traffic monetization is deemed to involve payment transmission; AWS disclaims this role but regulators may scrutinize).
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003011.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorAWS Bedrock updated its Amazon RDS service terms on May 30, 2026, adding new provisions governing Trusted Language Extensions, engine …
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the …
TikTok's data collection extends to device sensors, clipboard content, geolocation, and cross-site tracking. Here is what their Privacy Pol…
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.