AWS states it may investigate suspected policy violations and share information with law enforcement if it believes criminal activity has occurred on its platform.
This analysis describes what Amazon's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause establishes that AWS may disclose customer account information and activity data to law enforcement authorities based on its own determination that criminal activity may have occurred, independent of formal legal process being served.
Interpretive note: The document does not specify the procedural threshold or internal process AWS uses before making a law enforcement referral, leaving the practical trigger for such action undefined.
Customers should be aware that AWS retains authority to refer matters to law enforcement and cooperate with investigations based on its own assessment of potential criminal activity, which may result in disclosure of account information, usage data, and content stored on AWS services.
How other platforms handle this
We may disclose your information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements. We may also disclose your information if we believe it...
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
Monitoring
Amazon has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If we become aware of any potential violation of this Policy, we reserve the right to investigate such violation. If, as a result of the investigation, we believe that criminal activity has occurred, we reserve the right to refer the matter to, and to cooperate fully with, appropriate law enforcement authorities.— Excerpt from Amazon's AWS Acceptable Use Policy
(1) REGULATORY LANDSCAPE: This provision engages the Electronic Communications Privacy Act (ECPA) and the Stored Communications Act in the US, which govern law enforcement access to stored electronic communications and data. GDPR Article 6 and Article 10 govern lawful bases for disclosing personal data to law enforcement in EU contexts. The UK Investigatory Powers Act is relevant for UK-based data. AWS's privacy notice and data processing agreements provide additional detail on legal process responses. (2) GOVERNANCE EXPOSURE: Medium. The AUP states a right to cooperate with law enforcement, but the procedural threshold for initiating such cooperation (AWS's internal determination of potential criminal activity) is not defined in the document. Organizations handling sensitive or regulated data on AWS should assess how this interacts with their own notification and disclosure obligations. (3) JURISDICTION FLAGS: EU customers should evaluate whether AWS's law enforcement cooperation practices are consistent with GDPR requirements, including data transfer obligations if law enforcement requests involve cross-border data access. US federal and state law enforcement access frameworks differ; organizations in regulated sectors (financial services, healthcare) may have independent notification obligations triggered by law enforcement inquiries. (4) CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements with AWS and enterprise customer agreements may include additional specificity about law enforcement response procedures and customer notification practices. Legal teams should review these agreements to understand the full scope of AWS's commitments in this area. (5) COMPLIANCE CONSIDERATIONS: Organizations should document their AWS data processing arrangements and assess whether their own privacy policies and regulatory obligations require them to notify users or regulators if AWS refers their account to law enforcement. Healthcare organizations covered by HIPAA and financial institutions under GLBA have specific obligations in this area.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause establishes that AWS may disclose customer account information and activity data to law enforcement authorities based on its own determination that criminal activity may have occurred, independent of formal legal process being served.
Customers should be aware that AWS retains authority to refer matters to law enforcement and cooperate with investigations based on its own assessment of potential criminal activity, which may result in disclosure of account information, usage data, and content stored on AWS services.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amazon.