What are the institutional and regulatory implications of this document?

1. REGULATORY LANDSCAPE: The AUP engages with U.S. Export Administration Regulations (EAR) and Office of Foreign Assets Control (OFAC) sanctions programs by expressly prohibiting use of Databricks Services in violation of these frameworks. The policy also implicates data protection law, including GDPR and CCPA, through prohibitions on unauthorized data collection, harvesting, and scraping. The AI-specific prohibitions engage with the EU AI Act's prohibited AI practices framework, particularly p…

How does Databricks's Databricks AI Acceptable Use Policy affect users?

The AUP establishes a binding list of prohibited activities applicable to all users and any third parties they permit to access the Databricks Services, meaning customers bear responsibility for ensuring that their end users and integrated systems also comply. The terms authorize Databricks to treat AUP violations as a breach of the applicable service agreement, which may result in suspension or termination of access to the platform. Users who build or deploy AI applications on Databricks are s…

How often is Databricks's Databricks AI Acceptable Use Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Databricks updates this document?

Yes. Monitor subscribers ($19/month) can add Databricks to their watchlist and receive same-day email alerts whenever this document or any other Databricks document changes.

CA-D-000838

Databricks AI Acceptable Use Policy

Databricks

Last change detected May 12, 2026 Acceptable use policy

SHA-256: cc0a676f2ae0fc75aef… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Databricks ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

6 Medium severity

4 Low severity

Summary

This is Databricks' Acceptable Use Policy, which defines what users and their authorized third parties may and may not do when using Databricks' data and AI platform services. The policy prohibits a specific list of activities including generating CSAM, facilitating distributed denial-of-service attacks, circumventing platform security, violating export controls, and building AI applications that deploy deceptive, manipulative, or autonomously acting systems without human oversight. The policy also expressly prohibits using Databricks Services to collect or harvest data from other users without authorization and requires compliance with a separately published set of Databricks AI guidelines.

Technical / Legal Breakdown

This document is Databricks' Acceptable Use Policy (AUP), which governs permissible and prohibited use of the Databricks Services and is incorporated by reference into the applicable agreement between Databricks and its users or customers. The AUP states that users 'shall not, nor permit third parties to, use the Databricks Services' for an enumerated list of prohibited activities, including generating illegal content, facilitating cyberattacks, violating export controls, engaging in unauthorized data collection, and developing or deploying AI systems that violate applicable law or Databricks' AI guidelines. The AUP includes a dedicated AI-specific prohibition section that bars users from using Databricks Services to build AI applications that engage in deception, manipulation, illegal discrimination, privacy violations, or deployment of autonomous AI agents without human oversight, which represents an operationally distinct set of obligations compared to typical cloud platform AUPs that do not address AI governance at this level of specificity. The document engages with export control frameworks including U.S. Export Administration Regulations and OFAC sanctions, anti-fraud and cybercrime statutes, data protection frameworks including GDPR and CCPA, and the emerging EU AI Act regulatory landscape, particularly with respect to prohibited AI use cases. Compliance teams should note that the AUP incorporates Databricks' separate AI guidelines by reference, creating a two-document compliance obligation, and that violation of the AUP may constitute a material breach of the applicable master services or subscription agreement, with potential consequences including service termination.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

Medium — 6 provisions

AI Application Development Prohibitions Compare →

The AUP prohibits users from using Databricks Services to develop AI applications that engage in deception, illegal discrimination, privacy violations, or autonomous operation without human oversight, and requires compliance with Databricks' separately published AI guidelines.

Added May 21, 2026 Common Seen across 173 platforms
Third-Party Use Responsibility Compare →

The AUP makes users contractually responsible for ensuring that third parties they permit to access or use the Databricks Services also comply with all AUP prohibitions.

Added May 21, 2026 Common Seen across 173 platforms
Export Control Compliance Obligation Compare →

The AUP prohibits using Databricks Services in violation of applicable law, with explicit reference to U.S. Export Administration Regulations and OFAC sanctions programs.

Added May 21, 2026 Common Seen across 173 platforms
Unauthorized Data Collection and Scraping Prohibition Compare →

The AUP prohibits users from collecting, harvesting, or obtaining data from the Databricks platform or from other users of the platform without authorization.

Added May 21, 2026 Common Seen across 173 platforms
Intellectual Property and Circumvention Prohibition Compare →

The AUP prohibits infringement or misappropriation of intellectual property rights belonging to Databricks or third parties, and prohibits circumventing or disabling security features of the Databricks Services.

Added May 21, 2026 Common Seen across 173 platforms
Incorporation of Separately Published AI Guidelines Compare →

The AUP incorporates Databricks' separately published AI guidelines by reference, making compliance with those guidelines a condition of permissible use of the Databricks Services.

Added May 21, 2026 Common Seen across 173 platforms

Low — 4 provisions

Cybersecurity and Network Attack Prohibition Compare →

The AUP prohibits denial-of-service attacks, disruptive activity targeting Databricks or other users' systems, and any attempt to gain unauthorized access to Databricks Services, systems, networks, or data.

Added May 21, 2026 Common Seen across 173 platforms
Illegal Content and CSAM Prohibition Compare →

The AUP explicitly prohibits the generation, transmission, or storage of child sexual abuse material or any content that exploits or harms minors using the Databricks Services.

Added May 21, 2026 Common Seen across 173 platforms
Malware and Malicious Code Prohibition Compare →

The AUP prohibits users from transmitting viruses, trojans, worms, malware, ransomware, or other malicious or harmful programs through the Databricks Services.

Added May 21, 2026 Common Seen across 173 platforms
Spam and Unauthorized Communications Prohibition Compare →

The AUP prohibits using Databricks Services to send unsolicited commercial communications or spam, and prohibits sending communications with falsified or deceptive source information including spoofing and phishing.

Added May 21, 2026 Common Seen across 173 platforms