The terms place full legal responsibility on the customer for all use of Amazon Bedrock and for the content generated by models accessed through the service, including compliance with applicable law and the AWS Acceptable Use Policy. AWS does not assume responsibility for the lawfulness of customer-directed AI outputs.
This analysis describes what AWS Bedrock's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that customers bear the legal compliance burden for AI-generated content and outputs, which is operationally significant for organizations deploying Bedrock in content generation, automated decision-making, or consumer-facing applications where output accuracy, bias, or legality may be contested.
Interpretive note: The full scope of the customer responsibility provision and any carve-outs or limitations requires review of the untruncated document; the interaction with AWS's own indemnification provisions in the Customer Agreement affects the practical risk allocation.
The updated terms establish that customers operating Amazon RDS databases on end-of-life software versions are now required to upgrade to supported versions. The agreement authorizes AWS to scan extension code used with Trusted Language Extensions for security and performance purposes, and establishes that extension code constitutes customer content. AWS disclaims responsibility for service failures caused by extensions or end-of-life database software. If a customer does not upgrade before an engine reaches end of life, AWS may snapshot the customer's data and delete the instance or cluster running the unsupported software, after providing prior notice of the engine end-of-life date.
View change record →The updated terms establish new operational requirements for any organization using Amazon Connect Talent to make or inform employment decisions. Customers must now obtain legally adequate privacy notices and consents from job applicants before their data is processed by the service. The terms require customers to review all AI output before making hiring decisions, implement processes for applicants to request information about the AI's role in decisions, and ensure their use of the tool complies with applicable labor, anti-discrimination, disability, data privacy, AI, wiretap, recordkeeping, and biometrics laws. Customers can configure an AI services opt-out policy through AWS Organizations to prevent their data from being used to train or improve AWS AI technologies.
View change record →The updated terms establish that Reserved Cache Nodes and Amazon DynamoDB Reserved Capacity purchases are noncancellable obligations, and you will owe the full amount charged for the duration of the term you selected, even if the AWS agreement is terminated. For Kiro Free Tier users, the revised policy authorizes AWS to store your inputs for up to 60 days for purposes of detecting agreement violations and improving detection capabilities. You can review your existing reserved capacity commitments and their terms at any time, but the updated language does not provide an opt-out mechanism for this noncancellation obligation.
View change record →Broadened scope from specific focus on 'AI-generated content' and 'end users' to general responsibility for use compliance, while emphasizing AWS Acceptable Use Policy as the applicable standard.
View full change record →Under this clause, customers assume contractual responsibility for ensuring that applications and workflows built on Bedrock produce outputs that comply with applicable law. AWS does not warrant the compliance, accuracy, or legality of model outputs and the agreement places that obligation on the deploying customer.
How other platforms handle this
This policy applies to you and anyone using the Services on your behalf, including your end users. You are responsible for ensuring that your use of the Services, and the use of the Services by others on your behalf, complies with this Policy.
You are solely responsible for your use of the Service and for all Inputs you make available to Pika, whether by uploading them through the Service or otherwise making them accessible to others. You are also solely responsible for any Outputs generated via the Service. You assume all risk associated...
You are solely responsible for ensuring the accuracy and completeness of all information you provide to Gusto in connection with the Services, including employee information, compensation data, and any other data necessary for Gusto to perform payroll processing and tax filing services on your behal...
Monitoring
AWS Bedrock has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"You are responsible for your use of Amazon Bedrock and any content generated through Amazon Bedrock, including ensuring that your use complies with applicable laws and the AWS Acceptable Use Policy.— Excerpt from AWS Bedrock's AWS Service Terms
(1) REGULATORY LANDSCAPE: This provision engages the EU AI Act's operator obligation framework, under which deploying organizations bear responsibilities for high-risk AI system outputs including non-discrimination, transparency, and human oversight requirements. The FTC's enforcement focus on AI-generated deceptive content is relevant where Bedrock outputs are used in consumer communications. In regulated sectors, sector-specific obligations including HIPAA for healthcare and Fair Credit Reporting Act considerations for credit decisioning may require evaluation under this customer responsibility allocation. (2) GOVERNANCE EXPOSURE: High. The broad allocation of legal responsibility to customers for all AI outputs creates significant exposure for organizations deploying Bedrock at scale in automated or consumer-facing workflows, particularly where outputs involve personal data, professional advice, or regulated decisions. (3) JURISDICTION FLAGS: EU customers face the highest regulatory exposure given the EU AI Act's specific operator obligations for high-risk AI systems. California customers should assess whether Bedrock-powered consumer applications trigger CCPA obligations including opt-out rights for automated decision-making. Illinois and other state-level AI regulation frameworks may impose additional disclosure requirements. (4) CONTRACT AND VENDOR IMPLICATIONS: This provision should be reviewed in the context of downstream customer agreements; organizations offering Bedrock-powered services to their own customers may need to assess whether liability for AI output legality can be allocated to end users or whether it remains with the AWS customer. Indemnification provisions in the AWS Customer Agreement should be reviewed alongside this responsibility allocation. (5) COMPLIANCE CONSIDERATIONS: Legal teams should conduct use-case-specific legal reviews for each Bedrock deployment, including content generation, classification, and decision-support workflows. AI governance frameworks should document how human oversight is applied to Bedrock outputs in regulated contexts. Output logging and audit trail capabilities should be assessed to support compliance with this responsibility allocation.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that customers bear the legal compliance burden for AI-generated content and outputs, which is operationally significant for organizations deploying Bedrock in content generation, automated decision-making, or consumer-facing applications where output accuracy, bias, or legality may be contested.
Under this clause, customers assume contractual responsibility for ensuring that applications and workflows built on Bedrock produce outputs that comply with applicable law. AWS does not warrant the compliance, accuracy, or legality of model outputs and the agreement places that obligation on the deploying customer.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS Bedrock.