AWS prohibits using its services in ways that violate US export control laws or economic sanctions, including those administered by OFAC.
This analysis describes what Amazon's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause places the compliance burden for export control and sanctions screening on the customer, meaning organizations using AWS to process, store, or transmit data or technology must independently verify their activities comply with EAR and OFAC requirements.
Customers using AWS services in connection with cross-border technology transfer, foreign nationals, or dealings with sanctioned countries or entities bear responsibility for ensuring their use of AWS infrastructure does not violate US export controls or OFAC sanctions.
How other platforms handle this
To the maximum extent permitted by applicable law, Kit shall not be liable for any indirect, incidental, special, consequential or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting ...
We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technolo...
THE SERVICES ARE PROVIDED 'AS IS' AND 'AS AVAILABLE' WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. GRAMMARLY DOES NOT WARRANT THAT THE SERVICES WILL BE UN...
Monitoring
Amazon has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"You may not use the Services in any manner that would violate applicable export control laws and regulations, including the Export Administration Regulations (EAR) and economic sanctions regulations administered by the U.S. Office of Foreign Assets Control (OFAC).— Excerpt from Amazon's AWS Acceptable Use Policy
(1) REGULATORY LANDSCAPE: This provision explicitly engages the Export Administration Regulations (15 C.F.R. Parts 730-774) administered by the Bureau of Industry and Security (BIS) and OFAC economic sanctions programs. Relevant enforcement authorities include BIS, OFAC, and the Department of Justice. Non-compliance can result in civil and criminal penalties. EU dual-use export controls under Regulation (EU) 2021/821 may also apply for EU-based customers. (2) GOVERNANCE EXPOSURE: High for organizations operating internationally or involving foreign nationals in AWS-hosted activities. Export control compliance for cloud-hosted technology and data transfers is a complex area; the AUP's placement of this obligation on the customer means AWS is not accepting responsibility for screening customer workloads for export control compliance. (3) JURISDICTION FLAGS: US-person obligations under OFAC apply globally to US persons regardless of where AWS infrastructure is located. EU customers must assess EU dual-use export regulations independently. UK customers are subject to the UK Export Control Order and OFAC-equivalent UK financial sanctions regimes. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise agreements with AWS may include additional export control representations and warranties. Organizations providing technology services to foreign entities through AWS infrastructure should conduct export control classification assessments and license determinations. Procurement teams onboarding AWS as a vendor for government or defense-adjacent contracts should include EAR and OFAC compliance verification. (5) COMPLIANCE CONSIDERATIONS: Legal and compliance teams should assess whether their AWS-hosted technology, software, or data falls within EAR-controlled categories. Organizations should implement OFAC screening procedures for customers, users, and counterparties accessing AWS-hosted services. Cross-border data transfer configurations should be reviewed for export control implications, particularly for encryption technology and controlled technical data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause places the compliance burden for export control and sanctions screening on the customer, meaning organizations using AWS to process, store, or transmit data or technology must independently verify their activities comply with EAR and OFAC requirements.
Customers using AWS services in connection with cross-border technology transfer, foreign nationals, or dealings with sanctioned countries or entities bear responsibility for ensuring their use of AWS infrastructure does not violate US export controls or OFAC sanctions.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amazon.