What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: The AWS Bedrock service terms engage GDPR and CCPA where personal data is submitted as prompts or included in training datasets through fine-tuning features; the customer acts as data controller and AWS as data processor in these configurations, implicating data processing agreement requirements. The EU AI Act creates tiered obligations for customers deploying Bedrock-powered systems in high-risk categories, including requirements for human oversight and transparency d…

How does AWS Bedrock's AWS Service Terms affect users?

The AWS Service Terms for Bedrock establish that customers, not AWS, bear primary responsibility for ensuring their use of foundation model outputs complies with applicable laws, including data protection and sector-specific regulations. The terms authorize AWS to modify which foundation models are available through the Bedrock service, potentially affecting applications built on specific models. You can review the specific model provider terms linked within the Bedrock console to understand an…

How often is AWS Bedrock's AWS Service Terms updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when AWS Bedrock updates this document?

Yes. Watcher subscribers ($9.99/month) can add AWS Bedrock to their watchlist and receive same-day email alerts whenever this document or any other AWS Bedrock document changes.

CA-D-000648

AWS Service Terms

AWS Bedrock

Last change detected May 11, 2026 Terms of service

SHA-256: 4dcabacdcf7c8602807… 3 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at AWS Bedrock ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

3 High severity

7 Medium severity

0 Low severity

Summary

This is the AWS Service Terms document governing your use of Amazon Web Services, including Amazon Bedrock, the platform AWS provides for accessing and building with foundation models and generative AI tools. The terms state that you may not use outputs from Bedrock models to train or improve competing AI models, and that AWS may modify or discontinue model availability with notice, which affects what AI capabilities you can access and how you can use the results. If you use Bedrock to process personal data or operate in regulated industries, the compliance obligations for that data use remain with you as the customer under the AWS shared responsibility model.

Technical / Legal Breakdown

This document constitutes the AWS Service Terms, which govern use of Amazon Web Services offerings including Amazon Bedrock, and operates as a supplement to the AWS Customer Agreement or equivalent enterprise agreement establishing the overarching legal relationship between AWS and the customer. The terms authorize AWS to process customer content submitted to Bedrock services, impose use restrictions including prohibitions on using Bedrock outputs to train competing foundation models, and establish that model providers whose models are accessible through Bedrock may have additional terms governing their specific models. The Bedrock-specific provisions include explicit restrictions on reverse-engineering foundation models, using service outputs to build competing AI model services, or circumventing safety mechanisms built into the models, which are operationally distinct from general-purpose cloud service terms in that they extend restrictions to AI model outputs and derived works, though the practical enforceability of restrictions on model output use may be subject to applicable copyright and fair use frameworks depending on jurisdiction. The document engages the EU AI Act and associated conformity obligations for high-risk AI system deployments, GDPR and CCPA frameworks where personal data is processed through Bedrock inference endpoints, and sector-specific regulations such as HIPAA where customers deploy Bedrock in healthcare contexts, with compliance obligations for sensitive data processing falling primarily on the customer as data controller rather than on AWS.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

1 important change detected

3 versions captured · Last updated: May 2026

May 9, 2026

medium

What changed AWS Bedrock added a new service section for Amazon Bedrock AgentCore Payments, which enables developers to build payment solutions that route transactions between AI agents, third-party wallet providers, and sellers. The updated terms explicitly state that AWS does not provide regulated financial services, does not hold customer funds, and is not responsible for wallets, private keys, or wallet provider services. Developers using this feature are solely responsible for regulatory compliance, transaction monitoring, security safeguards, and any resulting disputes or payment liabilities.

Why this matters This change introduces a new optional service feature rather than modifying existing consumer rights or obligations. AWS explicitly disclaims providing regulated financial services, holding custody of funds, or bearing responsibility for wallet providers or transactions. Developers who elect to use AgentCore Payments must comply with applicable financial regulations, implement their own security safeguards, and accept full liability for transactions and disputes. The terms do not impose obligations on end consumers using AI agents; the obligations fall on developers integrating the service.

View full change record →

High — 3 provisions

Customer Responsibility for Regulatory Compliance

AWS places the responsibility for following laws, including AI regulations and data protection rules, on you as the customer rather than on AWS itself.

Added May 12, 2026 Rare
Acceptable Use and Prohibited Applications Compare →

The terms prohibit using Bedrock to generate illegal content, content that could facilitate weapons development, or content that sexualizes minors, among other harmful categories.

Added May 12, 2026 Standard Seen across 179 platforms
Limitation of Liability for AI Model Outputs Compare →

AWS does not guarantee that Bedrock AI model outputs will be accurate or fit for your specific use, and its financial liability for any resulting damages is capped by the broader AWS customer agreement.

Added May 12, 2026 Standard Seen across 228 platforms

Medium — 7 provisions

Prohibition on Training Competing Models with Bedrock Outputs Compare →

You are not permitted to take the outputs you receive from Amazon Bedrock and use them to build or train an AI model that would compete with Bedrock or other AWS services.

Added May 12, 2026 Standard Seen across 179 platforms
Third-Party Model Provider Supplemental Terms

When you use AI models from companies other than Amazon in Bedrock, you are also agreeing to that external company's own terms of service, not just AWS's terms.

Added May 12, 2026 Rare
AWS Right to Modify or Discontinue Model Availability

AWS can remove or change any AI model available in Bedrock, and applications built on those models may stop working or behave differently when that happens.

Added May 12, 2026 Rare
Prohibition on Circumventing Safety and Content Restrictions Compare →

You are not allowed to try to bypass or disable the safety features and content filters that AWS and model providers have built into Bedrock models.

Added May 12, 2026 Standard Seen across 179 platforms
Data Processing and Customer Content in Bedrock Compare →

AWS states that it will not use the data or content you send to Bedrock models to train Amazon's own AI models unless you have given consent for that use.

Added May 12, 2026 Standard Seen across 189 platforms
Intellectual Property in Fine-Tuned Models and Custom Model Outputs Compare →

If you create a customized AI model using Bedrock's fine-tuning tools, you own that customized model but AWS retains ownership of the underlying base model it was built on.

Added May 12, 2026 Standard Seen across 198 platforms
Termination and Suspension for Policy Violations Compare →

AWS can shut off your access to Bedrock without warning if it determines you have violated the terms, including the acceptable use policy.

Added May 12, 2026 Uncommon Seen across 31 platforms