AWS prohibits using its services to send spam, harvest contact information without consent, or send emails that violate anti-spam laws such as CAN-SPAM.
This analysis describes what Amazon's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause establishes operational boundaries for email and messaging use on the platform by incorporating statutory anti-spam requirements and restricting harvesting practices, which affects the scope of permitted communications activities.
Customers using AWS services such as Amazon SES or EC2 for email campaigns must comply with CAN-SPAM and equivalent international anti-spam laws, or face service suspension under the AUP in addition to potential regulatory action.
How other platforms handle this
Don't claim to be human when directly and sincerely asked, use AI to deceive people about its fundamental nature, or impersonate real people or organizations in misleading ways.
You may not use Runway's tools to build or support systems designed for mass surveillance, tracking of individuals without their consent, or the unlawful monitoring of protected groups or activities.
Do not generate images for political campaigns or to try to influence the outcome of an election. Do not generate images to spread misinformation or disinformation.
Monitoring
Amazon has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"You may not use the Services to distribute, publish, send, or facilitate the sending of unsolicited mass email or other messages, promotions, advertising, or solicitations (spam); harvest or otherwise collect email addresses or other personal contact information from the Internet without the recipient's knowledge and consent; or send email messages in violation of the CAN-SPAM Act or any other applicable anti-spam law.— Excerpt from Amazon's AWS Acceptable Use Policy
(1) REGULATORY LANDSCAPE: This provision explicitly references the CAN-SPAM Act (15 U.S.C. 7701 et seq.) and equivalent international anti-spam laws. Relevant enforcement authorities include the FTC (CAN-SPAM primary US enforcer), the UK Information Commissioner's Office (PECR), and EU national data protection authorities under the ePrivacy Directive. GDPR also applies to the collection and processing of personal contact information in EU contexts. (2) GOVERNANCE EXPOSURE: Medium. Organizations using AWS for bulk email, marketing automation, or contact data collection must maintain documented consent mechanisms and suppression list management to comply with both the AUP and applicable law. Non-compliance creates dual exposure: AUP enforcement by AWS and regulatory action by applicable authorities. (3) JURISDICTION FLAGS: EU customers must comply with GDPR and the ePrivacy Directive in addition to the AUP's anti-spam requirements. CASL applies in Canada. Australian customers are subject to the Spam Act 2003. The AUP's reference to 'any other applicable anti-spam law' means the effective compliance scope is jurisdiction-dependent. (4) CONTRACT AND VENDOR IMPLICATIONS: Organizations using AWS SES or other AWS messaging services for client campaigns should ensure client agreements include representations about list consent and legal compliance, as AUP liability runs to the AWS account holder. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should audit email list acquisition methods for documented consent, implement unsubscribe and suppression list management, and review sending practices against CAN-SPAM and applicable international requirements. AWS account holders should ensure downstream email service users (e.g., clients, sub-accounts) are contractually bound to equivalent standards.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause establishes operational boundaries for email and messaging use on the platform by incorporating statutory anti-spam requirements and restricting harvesting practices, which affects the scope of permitted communications activities.
Customers using AWS services such as Amazon SES or EC2 for email campaigns must comply with CAN-SPAM and equivalent international anti-spam laws, or face service suspension under the AUP in addition to potential regulatory action.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amazon.