AWS Bedrock · AWS Service Terms · View original document ↗

Acceptable Use Policy Restrictions for Bedrock

High severity Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity AWS Bedrock recorded 7 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for AWS Bedrock Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

AWS prohibits using Bedrock to create harmful or illegal content, and you must build safeguards into your own applications to stop your users from creating such content too.

This analysis describes what AWS Bedrock's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision establishes the operational boundary for permissible content generation on the platform and allocates responsibility to the customer for monitoring and controlling content produced by end users of customer-built applications. Compliance requires customers to design application controls that enforce the policy restrictions.

Recent Activity

This document changed recently

Medium Jun 30, 2026

The updated terms establish a formal framework for AWS Bedrock's free exploration services, clarifying the operational boundaries and responsibilities. AWS reserves the right to discontinue these services at any time without prior notice, meaning customers cannot rely on their continuation for production planning. Customers are solely responsible for testing, deploying, and maintaining any code, documents, or AI solutions AWS provides, including determining whether those solutions comply with applicable law. AWS retains the right to develop competing products based on content it creates during these engagements, though this does not override existing non-disclosure agreements. Customers are prohibited from requiring AWS personnel to sign additional terms as a condition of receiving free services, and any such documentation signed by AWS personnel is void.

View change record →
Medium Jun 16, 2026

The updated terms establish new data-sharing mechanisms for users of Anthropic models on Amazon Bedrock. Specifically, AWS now explicitly authorizes notification to Anthropic of metadata present in requests sent to certain Anthropic products (e.g., Claude Code, computer use features), enabling Anthropic to conduct product-level usage attribution. Additionally, the terms introduce AWS WAF AI traffic monetization, which permits AWS to facilitate payment transactions between content publishers and buyers by sharing pricing, payment, and configuration information with payment providers and facilitators; the updated terms clarify that AWS does not provide regulated financial services and is not a party to fund flows, and that users' interactions with payment providers are governed by separate terms between the user and those parties. Users employing these features should review what metadata may be embedded in their requests and understand their own obligations to payment providers.

View change record →
Medium May 30, 2026

The updated terms establish that customers operating Amazon RDS databases on end-of-life software versions are now required to upgrade to supported versions. The agreement authorizes AWS to scan extension code used with Trusted Language Extensions for security and performance purposes, and establishes that extension code constitutes customer content. AWS disclaims responsibility for service failures caused by extensions or end-of-life database software. If a customer does not upgrade before an engine reaches end of life, AWS may snapshot the customer's data and delete the instance or cluster running the unsupported software, after providing prior notice of the engine end-of-life date.

View change record →

Consumer impact (what this means for users)

Businesses must actively implement content moderation and safety controls in Bedrock-powered applications — failure to do so can result in immediate service suspension and potential legal liability for harmful content generated by end users.

How other platforms handle this

Teachable Medium

You agree not to post, upload, publish, submit or transmit any content that: (i) infringes, misappropriates or violates a third party's patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (ii) violates, or encourages any ...

Wise Medium

You may not use our Services for any illegal purpose or in violation of any laws or regulations. You may not use the Services to send money to sanctioned countries or individuals on government watchlists. You may not use the Services for gambling, illegal drugs, weapons, or any other prohibited acti...

HubSpot Medium

Customer agrees to comply with HubSpot's Acceptable Use Policy, which is incorporated into this Agreement by reference. HubSpot may update the Acceptable Use Policy from time to time, and any changes will be effective upon posting to HubSpot's website. Customer's continued use of the Services follow...

See all platforms with this clause type →

Monitoring

AWS Bedrock has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
You may not use Amazon Bedrock to generate content that violates the AWS Acceptable Use Policy, including content that is harmful, abusive, or illegal. You must implement appropriate safeguards to prevent your end users from generating prohibited content through applications built on Amazon Bedrock.

— Excerpt from AWS Bedrock's AWS Service Terms

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY FRAMEWORK: This provision engages FTC Act Section 5 (unfair or deceptive practices), the EU Digital Services Act (DSA, Regulation 2022/2065) for illegal content obligations, EU AI Act Art. 5 (prohibited AI practices including manipulation and exploitation), CSAM-related statutes (18 U.S.C. §2256 et seq. for child sexual abuse material), and the STOP CSAM Act (2023). For financial services applications, FINRA and SEC rules on communications with the public may apply to AI-generated financial content. The FTC, EU Digital Services Coordinators, and DOJ Cyber Division are relevant enforcement authorities.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    FTC Act Section 5 applies to businesses that deploy AI systems without adequate safeguards against consumer harm from harmful or deceptive AI-generated content.
    File a complaint →
  • State AG
    State attorneys general in California, New York, and other states may enforce state-level AI content safety and consumer protection laws applicable to Bedrock-powered applications.
    File a complaint →

Applicable regulations

CFAA
United States Federal

Provision details

Document information
Document
AWS Service Terms
Entity
AWS Bedrock
Document last updated
May 5, 2026
Tracking information
First tracked
May 7, 2026
Last verified
May 7, 2026
Record ID
CA-P-005325
Document ID
CA-D-00648
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
8c96717daae1f374f3c175da7b75c1eeb2b3852949018350a8af38b245c1ef17
Analysis generated
May 7, 2026 18:28 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: AWS Bedrock
Document: AWS Service Terms
Record ID: CA-P-005325
Captured: 2026-05-07 18:28:56 UTC
SHA-256: 8c96717daae1f374…
URL: https://conductatlas.com/platform/aws-bedrock/aws-service-terms/acceptable-use-policy-restrictions-for-bedrock/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does AWS Bedrock's Acceptable Use Policy Restrictions for Bedrock clause do?

This provision establishes the operational boundary for permissible content generation on the platform and allocates responsibility to the customer for monitoring and controlling content produced by end users of customer-built applications. Compliance requires customers to design application controls that enforce the policy restrictions.

How does this clause affect you?

Businesses must actively implement content moderation and safety controls in Bedrock-powered applications — failure to do so can result in immediate service suspension and potential legal liability for harmful content generated by end users.

Is ConductAtlas affiliated with AWS Bedrock?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS Bedrock.