There are rules about what you can and cannot build with Bedrock; prohibited uses include generating illegal content, harmful content, or content that infringes on other people's rights.
This analysis describes what AWS Bedrock's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision anchors service usage rights to a separate policy framework, meaning the scope of permitted uses is defined by reference to the Acceptable Use Policy rather than stated directly in the service terms. This structure allows AWS to modify content restrictions through policy updates without amending the primary service agreement.
Interpretive note: The scope of terms such as 'harmful' and 'violates third-party rights' in the context of AI-generated content involves interpretive uncertainty given evolving legal standards around AI-generated content copyright and liability.
The updated terms establish new data-sharing mechanisms for users of Anthropic models on Amazon Bedrock. Specifically, AWS now explicitly authorizes notification to Anthropic of metadata present in requests sent to certain Anthropic products (e.g., Claude Code, computer use features), enabling Anthropic to conduct product-level usage attribution. Additionally, the terms introduce AWS WAF AI traffic monetization, which permits AWS to facilitate payment transactions between content publishers and buyers by sharing pricing, payment, and configuration information with payment providers and facilitators; the updated terms clarify that AWS does not provide regulated financial services and is not a party to fund flows, and that users' interactions with payment providers are governed by separate terms between the user and those parties. Users employing these features should review what metadata may be embedded in their requests and understand their own obligations to payment providers.
View change record →The updated terms establish that customers operating Amazon RDS databases on end-of-life software versions are now required to upgrade to supported versions. The agreement authorizes AWS to scan extension code used with Trusted Language Extensions for security and performance purposes, and establishes that extension code constitutes customer content. AWS disclaims responsibility for service failures caused by extensions or end-of-life database software. If a customer does not upgrade before an engine reaches end of life, AWS may snapshot the customer's data and delete the instance or cluster running the unsupported software, after providing prior notice of the engine end-of-life date.
View change record →The updated terms establish new operational requirements for any organization using Amazon Connect Talent to make or inform employment decisions. Customers must now obtain legally adequate privacy notices and consents from job applicants before their data is processed by the service. The terms require customers to review all AI output before making hiring decisions, implement processes for applicants to request information about the AI's role in decisions, and ensure their use of the tool complies with applicable labor, anti-discrimination, disability, data privacy, AI, wiretap, recordkeeping, and biometrics laws. Customers can configure an AI services opt-out policy through AWS Organizations to prevent their data from being used to train or improve AWS AI technologies.
View change record →Customers building AI applications on Bedrock must ensure their use cases and generated content comply with AWS's acceptable use policy; violations could result in service suspension affecting any dependent applications or infrastructure.
How other platforms handle this
You agree not to post, upload, publish, submit or transmit any content that: (i) infringes, misappropriates or violates a third party's patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (ii) violates, or encourages any ...
You may not use our Services for any illegal purpose or in violation of any laws or regulations. You may not use the Services to send money to sanctioned countries or individuals on government watchlists. You may not use the Services for gambling, illegal drugs, weapons, or any other prohibited acti...
Customer agrees to comply with HubSpot's Acceptable Use Policy, which is incorporated into this Agreement by reference. HubSpot may update the Acceptable Use Policy from time to time, and any changes will be effective upon posting to HubSpot's website. Customer's continued use of the Services follow...
Monitoring
AWS Bedrock has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"You must not use Amazon Bedrock in a manner that violates the AWS Acceptable Use Policy. This includes restrictions on using the service to generate content that is illegal, harmful, or that violates third-party rights.— Excerpt from AWS Bedrock's AWS Service Terms
REGULATORY LANDSCAPE: The acceptable use restrictions interact with platform liability frameworks under Section 230 of the Communications Decency Act in the US, though Section 230 protections are less clearly applicable to AI-generated content than to user-generated content. EU Digital Services Act obligations and the EU AI Act's prohibited AI practices provisions (such as bans on certain manipulative AI systems) are also relevant for EU-facing deployments. FTC enforcement of deceptive AI practices and CFPB guidance on AI in financial services create additional compliance touchpoints. GOVERNANCE EXPOSURE: Medium. The acceptable use policy creates broad discretionary enforcement authority for AWS, including account suspension. The scope of terms like 'harmful' and 'violates third-party rights' in the context of AI-generated content involves interpretive complexity, particularly around copyright in AI outputs, which remains an area of active legal development. Customers in content generation, marketing automation, and legal services face the most nuanced exposure. JURISDICTION FLAGS: EU customers must assess whether their Bedrock use cases fall within the EU AI Act's prohibited practices categories, particularly for applications involving biometric data, social scoring, or subliminal manipulation. US customers in regulated advertising and financial services should assess FTC and CFPB guidance on AI-generated consumer communications. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should review the AWS Acceptable Use Policy as a separate document incorporated by reference, as its terms can change and violations can trigger contract termination. SLAs and business continuity planning should account for the possibility of service suspension due to acceptable use determinations. COMPLIANCE CONSIDERATIONS: Legal teams should map planned Bedrock use cases against the current acceptable use policy before deployment. AI governance frameworks should include a review step confirming compliance with AWS's acceptable use restrictions, particularly for use cases involving potentially sensitive content generation, automated decision-making, or customer-facing AI interactions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision anchors service usage rights to a separate policy framework, meaning the scope of permitted uses is defined by reference to the Acceptable Use Policy rather than stated directly in the service terms. This structure allows AWS to modify content restrictions through policy updates without amending the primary service agreement.
Customers building AI applications on Bedrock must ensure their use cases and generated content comply with AWS's acceptable use policy; violations could result in service suspension affecting any dependent applications or infrastructure.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS Bedrock.