AWS states it may investigate suspected policy violations and share information with law enforcement if it believes criminal activity has occurred on its platform.
This analysis describes what Amazon's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause establishes that AWS may disclose customer account information and activity data to law enforcement authorities based on its own determination that criminal activity may have occurred, independent of formal legal process being served.
Interpretive note: The document does not specify the procedural threshold or internal process AWS uses before making a law enforcement referral, leaving the practical trigger for such action undefined.
Customers should be aware that AWS retains authority to refer matters to law enforcement and cooperate with investigations based on its own assessment of potential criminal activity, which may result in disclosure of account information, usage data, and content stored on AWS services.
How other platforms handle this
We may access, preserve, and share information with regulators, law enforcement, or others if we believe it is reasonably necessary to: detect, prevent, and address fraud and other illegal activity; protect ourselves, you, and others, including as part of investigations; and prevent death or imminen...
To the extent lawfully permissible, you acknowledge, consent and agree that Dun & Bradstreet shall also have the right to access, preserve and disclose your account information and content if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably...
This Privacy Policy explains what Personal Information (as defined below) we collect, why we collect it, how we use and disclose it... [Gemini may share data with] government or law enforcement agencies upon request.
Monitoring
Amazon has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If we become aware of any potential violation of this Policy, we reserve the right to investigate such violation. If, as a result of the investigation, we believe that criminal activity has occurred, we reserve the right to refer the matter to, and to cooperate fully with, appropriate law enforcement authorities.— Excerpt from Amazon's AWS Acceptable Use Policy
(1) REGULATORY LANDSCAPE: This provision engages the Electronic Communications Privacy Act (ECPA) and the Stored Communications Act in the US, which govern law enforcement access to stored electronic communications and data. GDPR Article 6 and Article 10 govern lawful bases for disclosing personal data to law enforcement in EU contexts. The UK Investigatory Powers Act is relevant for UK-based data. AWS's privacy notice and data processing agreements provide additional detail on legal process responses. (2) GOVERNANCE EXPOSURE: Medium. The AUP states a right to cooperate with law enforcement, but the procedural threshold for initiating such cooperation (AWS's internal determination of potential criminal activity) is not defined in the document. Organizations handling sensitive or regulated data on AWS should assess how this interacts with their own notification and disclosure obligations. (3) JURISDICTION FLAGS: EU customers should evaluate whether AWS's law enforcement cooperation practices are consistent with GDPR requirements, including data transfer obligations if law enforcement requests involve cross-border data access. US federal and state law enforcement access frameworks differ; organizations in regulated sectors (financial services, healthcare) may have independent notification obligations triggered by law enforcement inquiries. (4) CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements with AWS and enterprise customer agreements may include additional specificity about law enforcement response procedures and customer notification practices. Legal teams should review these agreements to understand the full scope of AWS's commitments in this area. (5) COMPLIANCE CONSIDERATIONS: Organizations should document their AWS data processing arrangements and assess whether their own privacy policies and regulatory obligations require them to notify users or regulators if AWS refers their account to law enforcement. Healthcare organizations covered by HIPAA and financial institutions under GLBA have specific obligations in this area.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause establishes that AWS may disclose customer account information and activity data to law enforcement authorities based on its own determination that criminal activity may have occurred, independent of formal legal process being served.
Customers should be aware that AWS retains authority to refer matters to law enforcement and cooperate with investigations based on its own assessment of potential criminal activity, which may result in disclosure of account information, usage data, and content stored on AWS services.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amazon.