When you use AI models from companies other than Amazon in Bedrock, you are also agreeing to that external company's own terms of service, not just AWS's terms.
This analysis describes what AWS Bedrock's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Customers using third-party foundation models through Bedrock are bound by an additional, separate layer of terms from the model provider, which may impose different restrictions on output use, data handling, or permitted applications that are not visible within the primary AWS Service Terms.
This change introduces a new optional service feature rather than modifying existing consumer rights or obligations. AWS explicitly disclaims providing regulated financial services, holding custody o…
Accessing third-party models such as Anthropic Claude, Meta Llama, or Cohere models through Bedrock automatically binds the customer to that model provider's terms, which may include restrictions on use cases, output sharing, or data submission that differ from AWS's own terms.
Cross-platform context
See how other platforms handle Third-Party Model Provider Supplemental Terms and similar clauses.
Compare across platforms →Monitoring
AWS Bedrock has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Third-party models available through Amazon Bedrock are provided pursuant to the relevant third-party model provider's terms. By using those models, you agree to the applicable model provider terms.— Excerpt from AWS Bedrock's AWS Service Terms
(1) REGULATORY LANDSCAPE: The incorporation by reference of third-party model provider terms creates a layered contractual structure that compliance teams must track separately for each model provider used. Where third-party model providers process customer data as part of inference, GDPR data processing chain obligations may require that sub-processor agreements exist between AWS and those providers, and that customers are informed of the sub-processor identity. (2) GOVERNANCE EXPOSURE: Medium. The practical compliance burden is high because each third-party model provider may have materially different terms governing permitted use cases, output restrictions, and data retention, requiring separate review for each model used in production. (3) JURISDICTION FLAGS: EU customers have heightened exposure under GDPR sub-processor notification and consent requirements where third-party model providers constitute sub-processors of personal data. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should establish a registry of all third-party foundation models used in Bedrock deployments and obtain and review the applicable model provider terms for each, treating each as a separate vendor relationship with independent contractual obligations. (5) COMPLIANCE CONSIDERATIONS: Legal teams should verify whether AWS's data processing agreements and sub-processor disclosures cover the specific third-party model providers in use, and whether additional data transfer mechanisms are required for cross-border personal data flows to non-AWS model provider infrastructure.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Customers using third-party foundation models through Bedrock are bound by an additional, separate layer of terms from the model provider, which may impose different restrictions on output use, data handling, or permitted applications that are not visible within the primary AWS Service Terms.
Accessing third-party models such as Anthropic Claude, Meta Llama, or Cohere models through Bedrock automatically binds the customer to that model provider's terms, which may include restrictions on use cases, output sharing, or data submission that differ from AWS's own terms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS Bedrock.