The card discloses that the model is available both via Mistral AI's API and as downloadable open weights, and references mistral.ai/terms as the governing usage policy for both access modes.
This analysis describes what Mistral AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The dual-access structure (API and open weights) creates two distinct contractual and governance relationships: API users are bound by Mistral AI's terms of service and usage policies as enforced through platform controls, while open-weights deployers operate under the Modified MIT License with usage policy obligations that are contractually rather than technically enforced.
Interpretive note: The full text of mistral.ai/terms is not reproduced in the model card; the specific usage policy conditions applicable to API versus open-weights access are not detailed in the card itself, requiring review of that separate document.
Under these terms, organizations accessing the model via API are subject to Mistral AI's platform-enforced usage policies, while those using open weights operate under a license structure where compliance with usage restrictions depends on the deployer's own adherence to the referenced terms rather than technical enforcement by Mistral AI.
Cross-platform context
See how other platforms handle API Access and Usage Policy Reference and similar clauses.
Compare across platforms →Monitoring
Mistral AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Released as open weights under a Modified MIT license.— Excerpt from Mistral AI's Mistral Medium 3.5 Model Card
1. REGULATORY LANDSCAPE: The API access mode subjects users to Mistral AI's data processing terms, which for EU users would engage GDPR's controller-processor framework and require a data processing agreement. The open-weights access mode does not create a direct data processing relationship with Mistral AI but does not relieve deployers of their own GDPR obligations for data processed through deployed applications. The FTC's guidance on AI products and services is relevant to both access modes for US-based users. 2. GOVERNANCE EXPOSURE: Medium. Organizations that have not formally reviewed and accepted the terms at mistral.ai/terms before deploying the model via API may be operating without a clearly documented contractual basis. Compliance teams should confirm that relevant data processing agreements are in place for API-based deployments. 3. JURISDICTION FLAGS: EU deployers using the API must ensure a data processing agreement is in place with Mistral AI that satisfies GDPR Article 28 requirements. Open-weights deployers in the EU bear full controller responsibilities for data processed through their deployed applications without a Mistral AI processing relationship. 4. CONTRACT AND VENDOR IMPLICATIONS: Vendor management teams should categorize Mistral AI as a data processor for API-based deployments and ensure appropriate contractual documentation is in place. Open-weights deployments do not create a vendor relationship with Mistral AI for data processing purposes, which affects vendor risk assessment and audit right structures. 5. COMPLIANCE CONSIDERATIONS: Organizations should: (a) confirm which access mode they are using and identify the applicable contractual framework; (b) for API access, execute any required data processing agreements and review the terms at mistral.ai/terms; (c) for open-weights access, confirm the Modified MIT License terms are met and that no data processing relationship with Mistral AI exists that requires documentation; (d) update vendor registries and data processing records accordingly.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The dual-access structure (API and open weights) creates two distinct contractual and governance relationships: API users are bound by Mistral AI's terms of service and usage policies as enforced through platform controls, while open-weights deployers operate under the Modified MIT License with usage policy obligations that are contractually rather than technically enforced.
Under these terms, organizations accessing the model via API are subject to Mistral AI's platform-enforced usage policies, while those using open weights operate under a license structure where compliance with usage restrictions depends on the deployer's own adherence to the referenced terms rather than technical enforcement by Mistral AI.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Mistral AI.