The subprocessor list includes vendors engaged for AI-related processing functions in connection with Zoom's services, meaning customer data may be processed by third-party AI infrastructure or tooling providers as part of Zoom's AI feature delivery.
This analysis describes what Zoom's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The inclusion of AI-function subprocessors is operationally distinct from standard infrastructure or support subprocessors because AI processing may involve additional data categories, model training considerations, and automated decision-making implications that engage specific regulatory frameworks including the EU AI Act and sector-specific AI governance requirements. The document does not specify which customer data categories are processed by AI subprocessors or the nature of the AI processing performed.
Interpretive note: The document does not specify which subprocessors perform AI functions, what data categories they process, or the nature of the AI processing, making it difficult to assess regulatory implications from this document alone.
Customer data may be processed by third-party AI vendors as part of Zoom's AI feature delivery, as disclosed through the subprocessor list. The specific data types processed by AI subprocessors and the nature of automated processing involved are not detailed in this document.
Cross-platform context
See how other platforms handle AI-Function Subprocessor Inclusion and similar clauses.
Compare across platforms →Monitoring
Zoom has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"A subprocessor is a vendor Zoom uses to process data on behalf of our customers.— Excerpt from Zoom's Zoom Sub-Processors
1. REGULATORY LANDSCAPE: AI processing of personal data engages GDPR provisions on automated decision-making and profiling, as well as the EU AI Act, which imposes obligations on providers and deployers of AI systems depending on risk classification. Sector-specific AI governance frameworks may apply in regulated industries. Enforcement authorities include EU supervisory authorities for GDPR-related AI processing and, for high-risk AI systems, national market surveillance authorities under the EU AI Act. 2. GOVERNANCE EXPOSURE: Medium to High depending on the customer's industry and the nature of AI features used. Organizations in regulated sectors such as healthcare, financial services, or human resources should assess whether Zoom's AI subprocessors process special category data or perform processing that constitutes automated decision-making with significant effects under GDPR Article 22. 3. JURISDICTION FLAGS: EU and EEA customers face heightened exposure under both GDPR and the EU AI Act. UK customers should assess AI processing against the UK ICO's AI guidance and the proposed UK AI regulatory framework. US-based customers in regulated sectors should assess applicable federal and state AI governance requirements. 4. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should identify which Zoom AI features are enabled in their deployments and confirm which subprocessors support those features. Data Processing Agreement review should confirm whether AI processing purposes are specifically scoped and whether restrictions on model training using customer data are included. 5. COMPLIANCE CONSIDERATIONS: Organizations should conduct data protection impact assessments for Zoom AI features that process personal data, assess whether any AI processing constitutes high-risk automated decision-making, and confirm that appropriate safeguards and transparency obligations are satisfied under applicable law.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The inclusion of AI-function subprocessors is operationally distinct from standard infrastructure or support subprocessors because AI processing may involve additional data categories, model training considerations, and automated decision-making implications that engage specific regulatory frameworks including the EU AI Act and sector-specific AI governance requirements. The document does not specify which customer data categories are processed by AI subprocessors or the …
Customer data may be processed by third-party AI vendors as part of Zoom's AI feature delivery, as disclosed through the subprocessor list. The specific data types processed by AI subprocessors and the nature of automated processing involved are not detailed in this document.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Zoom.