The AUP prohibits denial-of-service attacks, disruptive activity targeting Databricks or other users' systems, and any attempt to gain unauthorized access to Databricks Services, systems, networks, or data.
This analysis describes what Databricks's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes contractual prohibitions on cyberattack conduct that are also independently governed by applicable computer fraud and cybercrime statutes, reinforcing legal obligations through the AUP framework.
The agreement prohibits any conduct that disrupts Databricks platform operations or attempts unauthorized access to platform systems, with violations constituting a breach of the AUP and potentially the underlying service agreement.
How other platforms handle this
You may not automatedly crawl or query the Services for any purpose or by any means (including, without limitation, screen and database scraping, spiders, robots, crawlers and any other automated activity with the purpose of obtaining information from the Services) unless you have received prior exp...
relate to transactions involving (f) the promotion of hate, violence, racial or other forms of intolerance that is discriminatory or the financial exploitation of a crime... (i) involve offering or receiving payments for the purpose of bribery or corruption.
You must not, and must not allow others to: Facilitate illegal or harmful activity through the End User Services; Cause harm to us or others through the End User Services;
Monitoring
Databricks has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Conduct denial of service attacks or distribute, run, or engage in activity that damages or disrupts the operation of the Databricks Services, networks, systems, servers, or endpoints of Databricks or other users; Attempt to gain unauthorized access to the Databricks Services, its related systems, networks or data.— Excerpt from Databricks's Databricks AI Acceptable Use Policy
1. REGULATORY LANDSCAPE: This provision directly engages with the Computer Fraud and Abuse Act (CFAA), which criminalizes unauthorized access to computer systems and intentional damage to protected computers. Related state computer crime statutes apply in parallel. The Cybersecurity and Infrastructure Security Agency (CISA) provides relevant regulatory context, though it is not a primary enforcement authority for contractual violations. 2. GOVERNANCE EXPOSURE: Low for typical commercial users. This provision reflects standard industry practice in cloud platform AUPs and addresses conduct that is independently unlawful under criminal and civil statutes. The contractual reinforcement creates an additional grounds for service termination. 3. JURISDICTION FLAGS: These prohibitions apply globally. Non-U.S. users are subject to analogous cybercrime statutes in their home jurisdictions in addition to the contractual obligations established here. 4. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers conducting authorized penetration testing or security research on systems that interact with Databricks should confirm that their activities are explicitly authorized by Databricks to avoid inadvertent AUP violations. The AUP does not include a safe harbor for authorized security research. 5. COMPLIANCE CONSIDERATIONS: Security teams should assess whether any automated testing, red team exercises, or third-party security assessments involving Databricks infrastructure require prior written authorization from Databricks to avoid triggering this prohibition.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes contractual prohibitions on cyberattack conduct that are also independently governed by applicable computer fraud and cybercrime statutes, reinforcing legal obligations through the AUP framework.
The agreement prohibits any conduct that disrupts Databricks platform operations or attempts unauthorized access to platform systems, with violations constituting a breach of the AUP and potentially the underlying service agreement.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Databricks.