If AWS causes you harm through a service failure, data loss, or other incident, the maximum amount AWS will pay you is limited to what you paid AWS in the year before the incident. AWS also will not pay for lost profits, lost data, or indirect losses even if they knew these losses were possible.
This analysis describes what AWS's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
For businesses that rely on AWS for critical infrastructure, this cap may be far smaller than actual losses from a serious outage or data incident, leaving the customer to absorb the majority of the financial damage.
Interpretive note: Enforceability of the cap may vary by jurisdiction, particularly in the EU and for cases involving gross negligence or willful misconduct where applicable law may limit contractual liability exclusions.
This clause means that if AWS loses your data or suffers an outage causing your business significant harm, your financial recovery from AWS is limited to twelve months of fees paid, regardless of the actual scale of your losses. Businesses with high-value workloads or sensitive data should assess whether this cap is adequate relative to their risk exposure.
How other platforms handle this
TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER WHATNOT NOR ITS SERVICE PROVIDERS INVOLVED IN CREATING, PRODUCING, OR DELIVERING THE SERVICES WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOST PROFITS, LOST REVENUES, LOST SAVINGS, LOST BUSINESS OPPORT...
In no event will either party's aggregate liability arising out of or related to this Agreement exceed the total fees paid or payable by Customer in the twelve (12) months preceding the claim. In no event will either party be liable for any indirect, incidental, special, consequential, or punitive d...
Except as stated in Section L.3.b, the liability of each party, and its affiliates and licensors, for any damages arising out of or related to these Terms (i) excludes damages that are consequential, incidental, special, indirect, or exemplary damages, including lost profits, business, contracts, re...
Monitoring
AWS has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"IN NO EVENT WILL EITHER PARTY OR THEIR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL OR PUNITIVE DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUES, CUSTOMERS, OPPORTUNITIES, GOODWILL, USE, OR DATA, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, NEITHER PARTY NOR THEIR AFFILIATES WILL BE RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING IN CONNECTION WITH: (A) YOUR INABILITY TO USE THE SERVICES... AWS'S AND ITS AFFILIATES' AGGREGATE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE AMOUNT YOU ACTUALLY PAID US UNDER THIS AGREEMENT IN THE 12 MONTHS PRECEDING THE CLAIM.— Excerpt from AWS's AWS Customer Agreement
REGULATORY LANDSCAPE: Limitation of liability clauses in cloud service agreements are reviewed under general contract law principles and, in the EU, may interact with GDPR Article 82 regarding liability for data processing failures. Where a data breach results from AWS's negligence, GDPR may impose liability obligations on controllers that the contract cannot fully disclaim as between controller and data subjects. The FTC Act is also relevant if the limitation clause is applied in a manner that could be characterized as deceptive in consumer-facing contexts. GOVERNANCE EXPOSURE: High. The twelve-month fee cap creates a significant risk allocation asymmetry for enterprise customers whose data assets or revenue dependency on AWS substantially exceeds fees paid. This structure is broadly consistent with cloud industry practice but its operational impact is material for any customer with mission-critical workloads. JURISDICTION FLAGS: EU and UK courts may scrutinize limitation clauses under unfair contract terms legislation, particularly for consumers or small businesses. In some jurisdictions, excluding liability for gross negligence or willful misconduct may not be enforceable. California's UCL and consumer protection statutes may impose additional constraints on how such clauses operate for California-based customers. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should evaluate whether the twelve-month cap is consistent with the customer's cyber insurance coverage and business continuity requirements. Indemnification and risk allocation negotiations with AWS are possible for enterprise customers under custom agreements. Standard commercial practice in critical infrastructure contracts often includes higher liability caps or carve-outs for data loss events. COMPLIANCE CONSIDERATIONS: Risk management teams should document the gap between the contractual liability cap and the assessed value of data and workloads on AWS. Legal teams should confirm whether applicable law in the customer's jurisdiction limits AWS's ability to enforce this cap in cases of gross negligence or intentional misconduct. Insurance coverage review should specifically address whether cyber policies cover losses exceeding the AWS contractual cap.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
For businesses that rely on AWS for critical infrastructure, this cap may be far smaller than actual losses from a serious outage or data incident, leaving the customer to absorb the majority of the financial damage.
This clause means that if AWS loses your data or suffers an outage causing your business significant harm, your financial recovery from AWS is limited to twelve months of fees paid, regardless of the actual scale of your losses. Businesses with high-value workloads or sensitive data should assess whether this cap is adequate relative to their risk exposure.
ConductAtlas has identified this type of provision across 228 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS.