Customers accessing third-party foundation models through Bedrock are required to comply with each model provider's separately published acceptable use policies, which are incorporated by reference into the AWS Service Terms. These policies are maintained by providers including Anthropic, Meta, and Cohere and may be updated independently.
This analysis describes what AWS Bedrock's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision creates a dynamic compliance obligation that extends beyond the AWS agreement itself; customers must monitor and comply with third-party model provider policies that can be updated outside the AWS contract review cycle. Compliance teams must maintain awareness of each model provider's current terms for all models accessed in production deployments.
Interpretive note: The specific language reproduced here is a characterization based on the known structure of AWS Service Terms Section 50; the source document was truncated before the full Bedrock-specific provisions were visible.
The updated terms establish that customers operating Amazon RDS databases on end-of-life software versions are now required to upgrade to supported versions. The agreement authorizes AWS to scan extension code used with Trusted Language Extensions for security and performance purposes, and establishes that extension code constitutes customer content. AWS disclaims responsibility for service failures caused by extensions or end-of-life database software. If a customer does not upgrade before an engine reaches end of life, AWS may snapshot the customer's data and delete the instance or cluster running the unsupported software, after providing prior notice of the engine end-of-life date.
View change record →The updated terms establish new operational requirements for any organization using Amazon Connect Talent to make or inform employment decisions. Customers must now obtain legally adequate privacy notices and consents from job applicants before their data is processed by the service. The terms require customers to review all AI output before making hiring decisions, implement processes for applicants to request information about the AI's role in decisions, and ensure their use of the tool complies with applicable labor, anti-discrimination, disability, data privacy, AI, wiretap, recordkeeping, and biometrics laws. Customers can configure an AI services opt-out policy through AWS Organizations to prevent their data from being used to train or improve AWS AI technologies.
View change record →The updated terms establish that Reserved Cache Nodes and Amazon DynamoDB Reserved Capacity purchases are noncancellable obligations, and you will owe the full amount charged for the duration of the term you selected, even if the AWS agreement is terminated. For Kiro Free Tier users, the revised policy authorizes AWS to store your inputs for up to 60 days for purposes of detecting agreement violations and improving detection capabilities. You can review your existing reserved capacity commitments and their terms at any time, but the updated language does not provide an opt-out mechanism for this noncancellation obligation.
View change record →This provision formalizes incorporation by reference of third-party model terms directly into Bedrock's service terms, clarifying that violations of third-party terms constitute Bedrock service term violations.
View full change record →Under this clause, customers are contractually bound not only by AWS's own acceptable use policy but also by the separate policies of each foundation model provider whose model is accessed through Bedrock. The agreement incorporates these third-party policies by reference, meaning changes to a model provider's policies automatically become binding contractual obligations.
How other platforms handle this
You agree not to post, upload, publish, submit or transmit any content that: (i) infringes, misappropriates or violates a third party's patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (ii) violates, or encourages any ...
Customer agrees to comply with HubSpot's Acceptable Use Policy, which is incorporated into this Agreement by reference. HubSpot may update the Acceptable Use Policy from time to time, and any changes will be effective upon posting to HubSpot's website. Customer's continued use of the Services follow...
In addition to these Terms, you also agree to: Our Acceptable Use Policy ("AUP"): https://legal.kajabi.com/policies/aup
Monitoring
AWS Bedrock has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"You must comply with all terms and conditions applicable to the third-party models available in Amazon Bedrock, which are incorporated by reference into these Service Terms. These terms are available on the Amazon Bedrock console or in the Amazon Bedrock documentation.— Excerpt from AWS Bedrock's AWS Service Terms
(1) REGULATORY LANDSCAPE: This provision engages the FTC Act insofar as non-compliance with incorporated model provider policies could constitute a deceptive or unfair practice if customer-facing applications violate disclosed usage restrictions. The EU AI Act may require customers to document which model providers' terms govern specific AI system deployments as part of technical documentation obligations. (2) GOVERNANCE EXPOSURE: High. The dynamic nature of third-party policy incorporation means the compliance surface is not fully controlled by the customer or AWS; a model provider updating its acceptable use policy creates an immediate binding obligation on all Bedrock customers using that model without a separate AWS contract amendment. (3) JURISDICTION FLAGS: EU customers face heightened exposure where model provider policy changes affect AI system documentation requirements under the EU AI Act. Customers operating in regulated sectors such as healthcare or financial services must assess whether updated model provider restrictions affect approved use cases. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should establish a monitoring process for model provider policy updates published in the Bedrock console or documentation. Vendor assessments should include review of each model provider's current acceptable use policy as a component of AI supply chain due diligence. The liability allocation for non-compliance with incorporated third-party terms rests with the customer under this provision. (5) COMPLIANCE CONSIDERATIONS: Legal teams should maintain a registry of all foundation models accessed through Bedrock and the current version of each provider's acceptable use policy. A process for reviewing and acknowledging model provider policy updates should be established. Where Bedrock is used in regulated workflows, updated model provider restrictions should be assessed against existing approved use case documentation.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision creates a dynamic compliance obligation that extends beyond the AWS agreement itself; customers must monitor and comply with third-party model provider policies that can be updated outside the AWS contract review cycle. Compliance teams must maintain awareness of each model provider's current terms for all models accessed in production deployments.
Under this clause, customers are contractually bound not only by AWS's own acceptable use policy but also by the separate policies of each foundation model provider whose model is accessed through Bedrock. The agreement incorporates these third-party policies by reference, meaning changes to a model provider's policies automatically become binding contractual obligations.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS Bedrock.