If you give other people access to your AWS account, or build products on AWS that your customers use, you are legally responsible for making sure all of them follow AWS's rules — even if you didn't know about their violations.
This clause means that AWS customers operating platforms or services on AWS infrastructure bear full responsibility for their downstream users' compliance with the AUP, exposing them to account termination triggered by third-party conduct they may not be able to fully control or monitor.
How other platforms handle this
AI systems should perform reliably and safely. AI must be tested rigorously before deployment and continued to be monitored after. Systems should behave as intended, be resilient to manipulation, and fail gracefully. When AI systems are used in safety-critical scenarios, special care must be taken.
AI systems should treat all people fairly and avoid affecting similarly situated groups of people in different ways. For example, when AI systems are used in consequential scenarios like medical triage, loan applications, or hiring, they should make recommendations that are consistent for all people...
We are not a licensed medical service provider, and any information provided by us should not be interpreted as medical advice or construed to form a physician-patient relationship. Be sure to talk to your doctor before starting Noom or any health or wellness service, and don't use Noom if you're ha...
Businesses that host multi-tenant applications, SaaS platforms, or resell AWS services can have their own accounts suspended because of what their customers or users do, creating significant vicarious liability and operational risk.
(1) REGULATORY FRAMEWORK: This provision creates vicarious and contributory liability exposure under computer fraud statutes (18 U.S.C. § 1030), CAN-SPAM (15 U.S.C. § 7701), and potentially COPPA (16 C.F.R. Part 312, FTC enforcement) if end-users include minors and prohibited content is involved. Under GDPR, AWS customers acting as data controllers are already responsible for processors and sub-processors, but this AUP clause extends accountability to all forms of platform misuse beyond data processing. The EU DSA (Regulation 2022/2065) imposes due diligence obligations on online platform operators with respect to illegal content uploaded by users, reinforcing this cascading responsibility model. (2)
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.