{
  "name": "AI Provider Trust Registry",
  "generated": "2026-07-05",
  "license": "Free to use with attribution and a link back.",
  "disclaimer": "Evidence index, not a legal determination.",
  "dimensions": {
    "soc2_type2": "Is a SOC 2 Type II report available for this offering?",
    "iso_27001": "Is there an ISO/IEC 27001 certification covering this offering?",
    "iso_42001": "Is there an ISO/IEC 42001 (AI management system) certification?",
    "trust_center": "Is there a maintained trust center / compliance portal?",
    "hipaa_baa": "Will they sign a HIPAA Business Associate Agreement covering this offering?",
    "gdpr_dpa": "Is there a public DPA with SCCs and a published subprocessor list?",
    "training_on_customer_data": "Is there a public commitment not to train on customer API data by default?",
    "retention_zdr": "Is retention documented, and is zero-data-retention available?",
    "data_residency": "Can data be pinned to a region (especially the EU)?",
    "gpai_cop": "Is the model developer on the EC's GPAI Code of Practice signatory list?",
    "art53_summary": "Has the model developer published the Art. 53 training-data summary?"
  },
  "offerings": [
    {
      "id": "openai-api",
      "name": "OpenAI API",
      "developer": "OpenAI",
      "platform": "OpenAI",
      "category": "first_party",
      "model_family": "GPT",
      "summary": "OpenAI's first-party API platform for GPT-family models. No training on API business data by default, documented ~30-day abuse-monitoring retention with approval-gated Zero Data Retention, regional data-residency options, and a trust portal (trust.openai.com) covering SOC 2 Type 2 and ISO certifications for the API Platform.\n",
      "sort_order": 0,
      "dimensions": {
        "art53_summary": {
          "value": "unclear",
          "confidence": "low",
          "source": "https://help.openai.com/en/articles/12141645-eu-ai-act",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "OpenAI's Help Center article \"EU AI Act\" states (per search-index snippet): \"In accordance with OpenAI's obligations under Article 53(1)(d) of the AI Act, OpenAI publishes summaries about the content used for training\", but the article returns 403 to automated fetchers, has no Wayback snapshot, and the actual EC-template training-content summary document could not be located on openai.com/cdn.openai.com. Secondary reporting (Aug 2025) questioned whether GPT-5 shipped with the required summary. Needs human verification in a browser.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": "In accordance with our obligations under Article 53(1)(d) of the AI Act, OpenAI publishes summaries about the content used for training of our general-purpose AI models:\n\nGPT-5.5 Public Summary [ ]__Opens PDF__",
          "caveat": "Art. 53 training-data summary publication status is unclear."
        },
        "data_residency": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://developers.openai.com/api/docs/guides/your-data",
          "archived": "http://web.archive.org/web/20260702123801/https://developers.openai.com/api/docs/guides/your-data",
          "verified": "2026-07-05",
          "notes": "Data residency is configured per Project at creation only (existing Projects cannot be migrated). Non-US regions additionally require OpenAI approval for modified abuse-monitoring controls and execution of a Zero Data Retention amendment, so EU residency effectively bundles ZDR and is approval-gated rather than purely self-serve.\n",
          "facts": {
            "regions": [
              "us",
              "eu",
              "uk",
              "ca",
              "jp",
              "kr",
              "sg",
              "in",
              "au",
              "ae"
            ],
            "mechanism": "per-Project region selection at Project creation (regional domain prefixes)",
            "announcement": "https://openai.com/index/introducing-data-residency-in-europe/"
          },
          "availability": {
            "tier": "self_serve",
            "route": "sales_contract",
            "default": "requires_approval",
            "geography": "EU, UK, US, Canada, Japan, South Korea, Singapore, India, Australia, UAE"
          },
          "evidence": "Data residency controls are a project configuration option that allow you to configure the location of infrastructure OpenAI uses to provide services. When data residency is enabled on your account, you can set a region for new projects you create in your account from the available regions listed below. If you select a region that supports regional processing, as specifically identified below, the services will perform inference for your Customer Content in the selected region as well. To use data residency with any region other than the United States, you must be approved for abuse monitoring controls, and execute a Zero Data Retention amendment. Selecting the United Arab Emirates region requires additional approval. Europe (EEA + Switzerland) `eu.api.openai.com` Text, Audio, Voice, Image* | - Storage - Yes - Processing - Yes - Requires MAM or ZDR",
          "caveat": "EU data residency requires OpenAI approval and Zero Data Retention amendment."
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://openai.com/policies/data-processing-addendum/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Public DPA (current version v.010126, PDF verified 2026-07-05) incorporating EU Standard Contractual Clauses for international transfers, with a published sub-processor list and a change-notification sign-up mechanism. DPA must be executed by the customer to apply.\n",
          "facts": {
            "sccs": "EU SCCs (2021/914) Modules 2 (C2P) and 3 (P2SubP)",
            "dpa_pdf": "https://cdn.openai.com/pdf/openai-data-processing-addendum.pdf",
            "dpa_version": "v.010126",
            "subprocessor_list": "https://openai.com/policies/sub-processor-list/"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": "To the extent OpenAI Ireland Limited transfers EEA and Swiss Data to other OpenAI Affiliates or third parties outside the European Economic Area or Switzerland to provide the Services, it will do so on the basis of agreements containing SCCs that ensure appropriate safeguards for the protection of Customer Data are in place or an adequacy decision issued by the European Commission under Article 45 GDPR. Sub-Processor List means the list available at the following address [ https://platform.openai.com/subprocessors(opens in a new window)](https://platform.openai.com/subprocessors). 2.9 Engagement of Sub-processors. Customer hereby provides a general authorization to OpenAI to engage the Sub-Processors listed in the Sub-Processor List to process Customer Data in connection with the Services.",
          "caveat": null
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "OpenAI appears on the European Commission's GPAI Code of Practice signatory list as a full signatory (all chapters); only xAI is listed as a partial (Safety & Security chapter only) signatory. This is a model-developer obligation; OpenAI is both developer and platform here.\n",
          "facts": {
            "chapters": "all (full code)"
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://help.openai.com/en/articles/8660679-how-can-i-get-a-business-associate-agreement-baa-with-openai",
          "archived": "http://web.archive.org/web/20260404102609/https://help.openai.com/en/articles/8660679-how-can-i-get-a-business-associate-agreement-baa-with-openai",
          "verified": "2026-07-05",
          "notes": "BAA for the API is requested via baa@openai.com and reviewed case-by-case; no enterprise agreement is required. Critically, the API BAA covers only endpoints eligible for Zero Data Retention, a signed BAA with calls to non-ZDR-configured endpoints can be out of scope.\n",
          "facts": {
            "scope": "ZDR-eligible endpoints only",
            "contact": "baa@openai.com",
            "healthcare_addendum": "https://cdn.openai.com/osa/healthcare-addendum.pdf",
            "enterprise_agreement_required": false
          },
          "availability": {
            "tier": "self_serve",
            "route": "sales_contract",
            "default": "requires_approval",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "BAA covers only Zero Data Retention endpoints."
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://trust.openai.com",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "ISO/IEC 27001:2022 is publicly listed on the trust portal as covering the API Platform (alongside 27017/27018/27701); certificate documents require a trust-portal account.\n\n[human 2026-07-05] Dismissed: cert is now publicly viewable (availability improved, not weakened).",
          "facts": {
            "related": [
              "ISO/IEC 27017:2015",
              "ISO/IEC 27018:2019",
              "ISO/IEC 27701:2019"
            ],
            "standard": "ISO/IEC 27001:2022"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://openai.com/security-and-privacy/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "ISO/IEC 42001:2023 (AI management system) is publicly listed on the trust portal among certifications applying to the API Platform.\n\n[human 2026-07-05] Dismissed: scrape artifact. OpenAI holds ISO/IEC 42001 (openai.com/security-and-privacy); trust.openai.com JS portal returned an incomplete cert list.",
          "facts": {
            "standard": "ISO/IEC 42001:2023"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://developers.openai.com/api/docs/guides/your-data",
          "archived": "http://web.archive.org/web/20260702123801/https://developers.openai.com/api/docs/guides/your-data",
          "verified": "2026-07-05",
          "notes": "Retention is publicly documented: abuse-monitoring logs kept up to 30 days by default (longer if required by law); application state varies by endpoint (e.g. conversations/threads kept until deleted). Zero Data Retention excludes content from abuse-monitoring logs but is \"subject to prior approval by OpenAI\", it is NOT the default and must be requested, approved, then configured per organization/project.\n",
          "facts": {
            "retention_days": 30,
            "zdr_excluded_models": [
              "dall-e-2",
              "dall-e-3"
            ],
            "zdr_approval_required": true,
            "zdr_eligible_endpoints": [
              "chat completions",
              "responses",
              "images",
              "embeddings",
              "audio transcriptions/translations",
              "speech",
              "moderations",
              "completions",
              "realtime"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "sales_contract",
            "default": "requires_approval",
            "geography": "unspecified"
          },
          "evidence": "Abuse monitoring logs may contain certain customer content, such as prompts and responses, as well as metadata derived from that customer content, such as classifier outputs. By default, abuse monitoring logs are generated for all API feature usage and retained for up to 30 days, unless longer retention is required by law, or is reasonably necessary to protect our services or any third party from harm. Eligible customers may have their customer content excluded from these abuse monitoring logs, subject to the limitations below, by getting approved for the [Zero Data Retention] or [Modified Abuse Monitoring] controls. Currently, these controls are subject to prior approval by OpenAI and acceptance of additional requirements. Approved customers may select between Modified Abuse Monitoring or Zero Data Retention for their API Organization or project.",
          "caveat": "Zero Data Retention requires prior approval and is not default."
        },
        "soc2_type2": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://trust.openai.com",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Trust portal publicly attests a SOC 2 Type 2 report covering Security, Availability, Confidentiality and Privacy TSC for the API Platform. The report itself is gated: \"Customers with active trust.openai.com accounts can access the latest report under 'Documents.'\"\n",
          "facts": {
            "scope": [
              "API Platform",
              "ChatGPT Enterprise",
              "ChatGPT Edu",
              "ChatGPT Team"
            ],
            "criteria": [
              "Security",
              "Availability",
              "Confidentiality",
              "Privacy"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": "Our products are covered in our SOC 2 Type 2 report and have been evaluated by an independent third-party auditor to confirm that our controls align with industry standards for security, confidentiality and privacy and availability. Request access to our SOC 2 Report below to learn more about our security controls and compliance activities. The 2025 SOC2 Report for OpenAI's ChatGPT Business Products and API is now available to customers at trust.openai.com. OpenAI's most recent SOC2 Report covers the period of January 1, 2025 to June 30, 2025 and is now available for viewing on the ChatGPT Business Products and API Trust Portal pages. Customers with active trust.openai.com accounts can access the latest report under 'Documents.'",
          "caveat": "SOC 2 Type II report access requires an active trust.openai.com account."
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://developers.openai.com/api/docs/guides/your-data",
          "archived": "http://web.archive.org/web/20260702123801/https://developers.openai.com/api/docs/guides/your-data",
          "verified": "2026-07-05",
          "notes": "Docs state \"data sent to the OpenAI API is not used to train or improve OpenAI models (unless you explicitly opt in to share data with us)\". No-training is the default; sharing is opt-in only.\n",
          "facts": {
            "opt_in_data_sharing": "available"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": "As of March 1, 2023, data sent to the OpenAI API is not used to train or improve OpenAI models (unless you explicitly opt in to share data with us).",
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://trust.openai.com",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Maintained trust portal at trust.openai.com; overview page is public, most documents (reports, certificates) require registering an account. No Wayback snapshot exists for the portal (JS-heavy page).\n",
          "facts": {
            "certifications_listed": [
              "SOC 2 Type 2",
              "ISO/IEC 27001:2022",
              "ISO/IEC 27017:2015",
              "ISO/IEC 27018:2019",
              "ISO/IEC 27701:2019",
              "ISO/IEC 42001:2023",
              "PCI DSS v4.0.1",
              "CSA STAR",
              "FedRAMP 20x",
              "TX-RAMP"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": "Welcome to our Trust Portal for OpenAI's ChatGPT services, including ChatGPT Enterprise and ChatGPT Edu. OpenAI's ISO/IEC 27001 Certificate is now available at trust.openai.com under \"Documents.\" The 2025 SOC2 Report for OpenAI's ChatGPT Business Products and API is now available to customers at trust.openai.com. Customers with active trust.openai.com accounts can access the latest report under \"Documents.\"",
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "soc2_type2",
          "label": "SOC 2 Type II",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "SOC 2 Type II report access requires an active trust.openai.com account."
        },
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "BAA covers only Zero Data Retention endpoints."
        },
        {
          "key": "retention_zdr",
          "label": "Retention / ZDR",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "Zero Data Retention requires prior approval and is not default."
        },
        {
          "key": "data_residency",
          "label": "Residency",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "EU data residency requires OpenAI approval and Zero Data Retention amendment."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "unclear",
          "value_label": "Unclear",
          "tone": "none",
          "caveat": "Art. 53 training-data summary publication status is unclear."
        }
      ],
      "watchout_count": 5
    },
    {
      "id": "azure-openai",
      "name": "Azure OpenAI Service",
      "developer": "OpenAI",
      "platform": "Microsoft Azure",
      "category": "cloud_distribution",
      "model_family": "GPT",
      "summary": "OpenAI GPT models served by Microsoft as \"Models sold by Azure\" within Microsoft Foundry (formerly Azure OpenAI Service / Azure AI Foundry). Microsoft hosts the models in its own Azure environment; customer data does not flow to OpenAI-operated services, and vendor-trust and data-handling commitments are Microsoft's/Azure's.\n",
      "sort_order": 1,
      "dimensions": {
        "art53_summary": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://help.openai.com/en/articles/12141645-eu-ai-act",
          "archived": "https://web.archive.org/web/20250909165115/https://help.openai.com/en/articles/12141645-eu-ai-act",
          "verified": "2026-07-05",
          "notes": "EU AI Act Art 53(1)(d) is a developer obligation, graded on OpenAI, not Microsoft. OpenAI's official EU AI Act help-center article states that \"in accordance with its obligations under Article 53(1)(d) of the AI Act, OpenAI publishes summaries about the content used for training\" (per the EC's July 2025 template). Confidence medium: help.openai.com and openai.com returned HTTP 403 to automated fetching on 2026-07-05, so the statement was corroborated via search-index snippets and an existing Wayback snapshot rather than a direct page read, and the actual summary document(s) and per-model (GPT) coverage were not inspected.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": null
        },
        "data_residency": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/foundry/responsible-ai/openai/data-privacy",
          "archived": "https://web.archive.org/web/20260701194206/https://learn.microsoft.com/en-us/azure/foundry/responsible-ai/openai/data-privacy",
          "verified": "2026-07-05",
          "notes": "Residency is deployment-type dependent, hence default:requires_config. Standard deployments keep prompts/responses in the customer-specified geography; \"DataZone\" EU deployments confine processing to EU member states; \"Global\" deployments may process anywhere the model is deployed (data at rest, including the abuse-monitoring store, stays in the designated geography). Azure regional services deployed in EU/EFTA regions are additionally in scope for Microsoft's EU Data Boundary commitments (learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-learn). For EEA deployments, abuse-monitoring human reviewers are located in the EEA.\n",
          "facts": {
            "datazone_eu": "processing confined to EU member states",
            "data_at_rest": "stored in customer-designated geography for all deployment types",
            "global_deployments": "processing may occur in any geography where the model is deployed",
            "standard_deployments": "processed within customer-specified Azure geography"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "EU available (EU Data Boundary; DataZone EU deployments)"
          },
          "evidence": null,
          "caveat": null
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "The Microsoft Products and Services DPA is publicly downloadable (most recent version May 2026) and, per Microsoft's EU Model Clauses compliance page, Microsoft \"makes the EU Model Clauses available to customers as described in the ... Data Protection Addendum (DPA)\" with Azure in scope. The Azure OpenAI data-privacy page states the DPA governs data processing for Models sold by Azure. Microsoft also publishes an online-services subprocessor list, but that list was not re-verified in this pass (see review flag).\n",
          "facts": {
            "scc_mechanism": "EU Standard Contractual Clauses made available via the DPA"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "https://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Layered reality: the GPAI Code of Practice is a provider (model developer) obligation, and the developer here is OpenAI, a full signatory on the EC's list (verified 2026-07-05). Microsoft, the serving platform, is ALSO a full signatory in its own right as a GPAI provider. Neither is a partial signatory (contrast xAI, Safety & Security chapter only). Cell graded on OpenAI per the two-level rule; Microsoft's status recorded as corroborating platform posture.\n",
          "facts": {
            "platform_signatory": "Microsoft (full code)",
            "developer_signatory": "OpenAI (full code)"
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-hipaa-us",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Microsoft's HIPAA BAA is included by default in customer agreements: the DPA states \"execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement\", no separate signature required. BAA applies to in-scope Azure services; the service-level scope list (confirming Azure OpenAI / Microsoft Foundry) is in the gated STP \"Microsoft Azure Compliance Offerings\" appendix, so confirm scope inclusion before relying on it for PHI workloads.\n",
          "facts": {
            "mechanism": "BAA incorporated by default via Microsoft Product Terms + DPA"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27001",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Azure's (platform) certification. The Azure ISO/IEC 27001:2022 certificate covers Azure, Dynamics 365, Power Platform, and select Microsoft 365 services; certificate and audit documents are distributed via the Service Trust Portal. Exact in-scope service list for Azure OpenAI / Microsoft Foundry lives in the certificate scope statement (STP).\n\n[human 2026-07-05] Dismissed: Azure OpenAI covered under broad Azure ISO 27001 cert; service-level scope lives in gated appendix.",
          "facts": {
            "standard_version": "ISO/IEC 27001:2022",
            "certificate_location": "Service Trust Portal ISO reports section"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001",
          "archived": "https://web.archive.org/web/20260619065258/https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001",
          "verified": "2026-07-05",
          "notes": "Microsoft holds ISO/IEC 42001:2023 certification with \"Microsoft Foundry\" (the service that hosts Azure OpenAI models, per Microsoft's 2025 Azure blog announcement covering \"Azure AI Foundry Models\") on the public in-scope list. This is Microsoft's AIMS certification as deployer/platform, not an OpenAI certification. Certificates/audit reports are on the Service Trust Portal.\n",
          "facts": {
            "certificate_location": "Service Trust Portal ISO reports section",
            "in_scope_service_name": "Microsoft Foundry"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": "## Microsoft AI services in scope for ISO 42001 certification\n\n- GitHub Copilot\n- Microsoft 365 Copilot\n- Microsoft Copilot Health\n- Microsoft Copilot Studio\n- Microsoft Dragon Copilot\n- Microsoft Dragon Copilot (Radiologist)\n- Microsoft Foundry\n- Microsoft Security Copilot\n\nMicrosoft AI Systems undergo regular independent third-party audits for ISO/IEC 42001 compliance. You can review the Microsoft ISO/IEC 42001 certificates and audit reports on Service Trust Portal for more information.",
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/foundry/openai/concepts/abuse-monitoring",
          "archived": "https://web.archive.org/web/20260524211858/https://learn.microsoft.com/en-us/azure/foundry/openai/concepts/abuse-monitoring",
          "verified": "2026-07-05",
          "notes": "Retention is documented: standard inference is stateless, but flagged prompts/completions may be stored in a per-geography abuse-monitoring data store for human review; stateful features (Responses/Assistants APIs, stored completions, files) persist data until customer deletion. The ZDR-equivalent is \"modified abuse monitoring\": customers meeting Limited Access eligibility criteria (in practice managed/enterprise customers) apply via a Microsoft form; once approved, prompt/completion storage and human review are turned off (automated in-flight review still runs, without storage). CAUTION: the widely cited 30-day abuse-monitoring retention figure no longer appears on the current data-privacy or abuse-monitoring pages as fetched 2026-07-05; only Microsoft Q&A answers state it, so no retention_days fact is recorded.\n",
          "facts": {
            "verification": "ContentLogging=false visible in Azure portal / CLI once approved",
            "zdr_equivalent": "modified abuse monitoring (approved customers) - no storage, no human review",
            "inference_storage": "models are stateless; no prompt/completion storage in the model",
            "abuse_monitoring_store": "prompts/completions may be stored for human review, in-geography, logically separated per customer"
          },
          "availability": {
            "tier": "enterprise_only",
            "route": "sales_contract",
            "default": "requires_approval",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Zero-data-retention requires Limited Access eligibility and manual approval."
        },
        "soc2_type2": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-soc-2",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Two-level rule: this is Azure's (the serving platform's) SOC 2 Type 2 attestation, not OpenAI's. Microsoft publicly documents the Azure SOC 2 Type 2 attestation; the report itself is gated behind Service Trust Portal sign-in (Microsoft account with services agreement). Service-level confirmation that Azure OpenAI / Microsoft Foundry is in audit scope is in the report's scope appendix and the \"Microsoft Azure Compliance Offerings\" STP document (also gated), so scope inclusion was not independently re-verified from a public page.\n",
          "facts": {
            "report_cadence": "semi-annual (audit periods end 31-Mar and 30-Sep, rolling 12-month window)",
            "report_location": "Service Trust Portal SOC reports section"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": "The Azure SOC 2 Type 2 attestation report covers Azure, Dynamics 365, Power Platform, and select Microsoft 365 cloud services. You can access Azure SOC audit reports and bridge letters from the Service Trust Portal (STP) [SOC reports] section.",
          "caveat": "Azure's SOC 2 Type II report is gated by Microsoft account and service agreement."
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/foundry/responsible-ai/openai/data-privacy",
          "archived": "https://web.archive.org/web/20260701194206/https://learn.microsoft.com/en-us/azure/foundry/responsible-ai/openai/data-privacy",
          "verified": "2026-07-05",
          "notes": "Microsoft's public commitment (data-privacy page, verified 2026-07-05): prompts, completions, embeddings, and training data \"are NOT available to OpenAI\", \"are NOT used by providers of Models sold by Azure to improve their models\", and \"are NOT used to train any generative AI foundation models without your permission or instruction\". Models are stateless; fine-tuned models are exclusive to the customer. Original URL learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy now canonicalizes to the Foundry responsible-ai path.\n",
          "facts": {
            "not_available_to_openai": true,
            "not_used_to_train_foundation_models": true
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://servicetrust.microsoft.com/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Microsoft maintains both a public Trust Center (https://www.microsoft.com/trust-center) and the Service Trust Portal for audit artifacts (SOC, ISO, etc.). Portal browsing is public; report downloads require Microsoft-account sign-in and acceptance of terms. Azure OpenAI is covered as part of Azure/Microsoft Foundry rather than having a dedicated product trust center.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "soc2_type2",
          "label": "SOC 2 Type II",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "Azure's SOC 2 Type II report is gated by Microsoft account and service agreement."
        },
        {
          "key": "retention_zdr",
          "label": "Retention / ZDR",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "Zero-data-retention requires Limited Access eligibility and manual approval."
        }
      ],
      "watchout_count": 2
    },
    {
      "id": "anthropic-api",
      "name": "Anthropic API",
      "developer": "Anthropic",
      "platform": "Anthropic",
      "category": "first_party",
      "model_family": "Claude",
      "summary": "Anthropic's first-party Claude API (api.anthropic.com). Anthropic is both model developer and serving platform, so vendor-trust, data-handling, and EU AI Act dimensions all describe Anthropic directly. Commercial terms prohibit training on customer content; ZDR and HIPAA-ready configurations are available but sales-gated.\n",
      "sort_order": 2,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No public training-content summary using the EC's Article 53(1)(d) template was found on anthropic.com, the Transparency Hub, or the Trust Center as of 2026-07-05. Model/system cards describe training data at a high level (public web data crawled per robots.txt, licensed third-party datasets, user-shared/crowd-worker data) but do not follow the EU template. Since models released after 2025-08-02 trigger the obligation, absence of a findable template summary is notable but may reflect publication in a location not surfaced by search; flagged for human review.\n",
          "facts": {
            "deadline_note": "Required for models placed on the EU market on/after 2025-08-02; pre-existing models have until 2027-08-02",
            "ec_template_published": "2025-07-24"
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Art. 53 training-data summary not published per EU template."
        },
        "data_residency": {
          "value": "partial",
          "confidence": "high",
          "source": "https://platform.claude.com/docs/en/manage-claude/data-residency",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Region pinning exists but is US-only. The inference_geo API parameter (\"us\" or \"global\", default global) controls where inference runs, self-serve at 1.1x pricing on Opus/Sonnet 4.6 and later; workspace geo (data at rest + endpoint processing) currently supports only \"us\". No EU residency option is offered on the first-party API, so this fails the \"esp. EU\" test; graded partial, not yes.\n",
          "facts": {
            "inference_geo_values": [
              "global",
              "us"
            ],
            "workspace_geo_values": [
              "us"
            ],
            "us_inference_price_multiplier": 1.1
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "US pinning only; no EU residency"
          },
          "evidence": null,
          "caveat": "EU data residency not supported; US-only region pinning."
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://www.anthropic.com/legal/data-processing-addendum",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Public DPA incorporated by reference into the Anthropic Commercial Terms of Service (no separate signature flow required). Schedule 3 contains EU SCCs, UK Addendum, and Swiss Addendum; Schedule 4 points to the published subprocessor list.\n",
          "facts": {
            "sccs": "EU SCCs Modules 2 & 3 incorporated; UK Addendum and Swiss Addendum included",
            "subprocessor_list": "https://www.anthropic.com/subprocessors"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Anthropic appears on the European Commission's GPAI Code of Practice signatory list. The EC page singles out xAI as having signed only the Safety and Security chapter; no such qualification is listed for Anthropic, implying a full (all-chapters) signature. Anthropic's own announcement: anthropic.com/news/eu-code-practice.\n",
          "facts": {
            "signed": "July 2025",
            "chapters": "Full signatory (EC page flags only xAI as a partial, Safety & Security-only signatory)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://platform.claude.com/docs/en/manage-claude/api-and-data-retention",
          "archived": "http://web.archive.org/web/20260630164733/https://platform.claude.com/docs/en/manage-claude/api-and-data-retention",
          "verified": "2026-07-05",
          "notes": "BAA available for the first-party API: contact Anthropic sales to sign a BAA, then Anthropic provisions a dedicated HIPAA-enabled organization that automatically blocks non-eligible features (400 error). Historically HIPAA required ZDR; HIPAA-ready API access now removes that requirement. Only a feature subset is eligible (Messages API yes; Batch/Files/code execution/web fetch no). Covered Models (Claude Fable 5 / Mythos 5) require 30-day retention and are not usable with ZDR enabled. Also documented at privacy.claude.com article 8114513 (\"Business Associate Agreements (BAA) for Commercial Customers\").\n",
          "facts": {
            "not_covered": "Console/Workbench, consumer plans, Claude Code, Claude Platform on AWS, most beta features",
            "covered_tier": "First-party Claude API (HIPAA-enabled organization) and Claude Enterprise"
          },
          "availability": {
            "tier": "enterprise_only",
            "route": "sales_contract",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "BAA only for eligible feature subset; contact sales."
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://support.claude.com/en/articles/10015870-what-certifications-has-anthropic-obtained",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Publicly listed on Anthropic's certifications page; certificate copies are obtained via the Trust Portal (trust.anthropic.com).\n",
          "facts": {
            "standard": "ISO 27001:2022 (Information Security Management)",
            "scope_note": "Commercial products incl. the Anthropic API; consumer plans excluded"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://www.anthropic.com/news/anthropic-achieves-iso-42001-certification-for-responsible-ai",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Anthropic announced accredited ISO/IEC 42001:2023 certification on 2025-01-13, issued by Schellman (accredited by the ANSI National Accreditation Board), and states it is one of the first frontier AI labs to achieve it. The issued certificate is hosted on the Trust Center; also listed on the help-center certifications page.\n",
          "facts": {
            "standard": "ISO/IEC 42001:2023 (AI Management Systems)",
            "announced": "2025-01-13",
            "certifier": "Schellman Compliance, LLC (ANAB-accredited)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://platform.claude.com/docs/en/manage-claude/api-and-data-retention",
          "archived": "http://web.archive.org/web/20260630164733/https://platform.claude.com/docs/en/manage-claude/api-and-data-retention",
          "verified": "2026-07-05",
          "notes": "Retention is documented per-feature in public API docs: conversation content is not retained by default, feature-specific TTLs are listed, and safety-flagged content may be kept up to 2 years even under ZDR. ZDR is available but sales-gated: \"To request a ZDR arrangement, contact the Anthropic sales team\", enabled per-organization by the account team (new orgs need separate enablement). Gating nuance: Claude Fable 5 and Mythos 5 are Covered Models requiring 30-day retention and are NOT available under ZDR (requests 400 unless a workspace-level 30-day retention override is configured). Stateful features used under a ZDR org step outside the ZDR arrangement.\n",
          "facts": {
            "zdr_scope": "Messages API and Token Counting API; Claude Code via commercial API keys or Claude Enterprise",
            "zdr_excluded_features": "Batch API (29-day), Files API, code execution (30-day), Managed Agents, Console/Workbench",
            "safety_flag_retention_years": 2,
            "covered_models_retention_days": 30
          },
          "availability": {
            "tier": "enterprise_only",
            "route": "sales_contract",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "ZDR unavailable for Claude Fable 5 and Mythos 5 models."
        },
        "soc2_type2": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://support.claude.com/en/articles/10015870-what-certifications-has-anthropic-obtained",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Anthropic's official help-center certifications page publicly states \"SOC 2 Type I & Type II\" for commercial products \"such as Claude for Work and the Anthropic API\". The report itself is not a public download; copies are requested via the Trust Portal (trust.anthropic.com), which uses an access-request/NDA flow.\n",
          "facts": {
            "scope_note": "Commercial products incl. the Anthropic API and Claude for Work; consumer plans (Free/Pro/Max) excluded",
            "attestation": "SOC 2 Type I & Type II"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://www.anthropic.com/legal/commercial-terms",
          "archived": "http://web.archive.org/web/20260703042108/https://www.anthropic.com/legal/commercial-terms",
          "verified": "2026-07-05",
          "notes": "Commercial Terms (Customer Content section) state Anthropic may not train models on Customer Content from the Services; API docs reiterate retained data \"is never used for model training without your express permission\". Important distinction: in Aug/Sep 2025 Anthropic changed CONSUMER terms (Claude Free/Pro/Max) to allow training when the user enables the setting, with 5-year retention if enabled (anthropic.com/news/updates-to-our-consumer-terms, decision deadline 2025-10-08). That change covers consumer accounts only; the commercial API default (no training on customer content) is unchanged. This cell records the commercial-API answer.\n",
          "facts": {
            "consumer_policy_change": "2025 consumer terms update does NOT apply to API/commercial",
            "commercial_terms_effective": "2025-06-17"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://trust.anthropic.com/",
          "archived": "http://web.archive.org/web/20260703174758/https://trust.anthropic.com/",
          "verified": "2026-07-05",
          "notes": "Maintained trust portal at trust.anthropic.com; Anthropic's official pages (help center, API docs) direct readers there for compliance documentation, incl. the HIPAA Implementation Guide at trust.anthropic.com/resources. Portal is JS-rendered; the landing page is public, but document downloads (SOC 2 report etc.) go through an access-request/NDA flow.\n",
          "facts": {
            "portal": "SafeBase-style Trust Portal",
            "resources_note": "Hosts certifications, HIPAA Implementation Guide, and compliance documentation"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "BAA only for eligible feature subset; contact sales."
        },
        {
          "key": "retention_zdr",
          "label": "Retention / ZDR",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "ZDR unavailable for Claude Fable 5 and Mythos 5 models."
        },
        {
          "key": "data_residency",
          "label": "Residency",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "EU data residency not supported; US-only region pinning."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 training-data summary not published per EU template."
        }
      ],
      "watchout_count": 4
    },
    {
      "id": "claude-bedrock",
      "name": "Claude via AWS Bedrock",
      "developer": "Anthropic",
      "platform": "AWS Bedrock",
      "category": "cloud_distribution",
      "model_family": "Claude",
      "summary": "Anthropic's Claude models served through Amazon Bedrock, AWS's managed foundation-model service. Vendor-trust and data-handling posture is AWS's (SOC/ISO scope, AWS BAA, GDPR DPA, Bedrock retention controls); EU AI Act provider obligations (GPAI Code of Practice, Art 53) sit with Anthropic as the model developer.\n",
      "sort_order": 3,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Grades Anthropic (model developer). No public training-content summary using the EU Commission's Article 53(1)(d) template was found on anthropic.com (Transparency Hub, news, policy pages) as of 2026-07-05. Anthropic's system cards do describe training data at category level (\"proprietary mix of publicly available information ... non-public data from third parties, data-labeling services and paid contractors, opted-in Claude user data, internally generated data\"), which is transparency but not the EU-template summary. Context: the obligation applies from 2025-08-02 for newly placed models, with a 2027-08-02 deadline for models placed before that date. Worth a human re-check for a template-based summary published in a location this research missed.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Art. 53 summary not published per EU template."
        },
        "data_residency": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/bedrock/faqs/",
          "archived": "http://web.archive.org/web/20260702232107/https://aws.amazon.com/bedrock/faqs/",
          "verified": "2026-07-05",
          "notes": "Bedrock FAQ: \"Any customer content processed by Amazon Bedrock is encrypted and stored at rest in the AWS Region where you are using Amazon Bedrock.\" Claude is offered in EU regions, so EU pinning is achievable by selecting an EU region and in-region model profiles. default=requires_config because cross-region inference, if enabled, stores retained inputs/outputs in destination regions (per the data-retention and abuse-detection pages), residency holds only if you keep inference in-region or restrict routing to an EU geography.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "EU regions available"
          },
          "evidence": null,
          "caveat": null
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/gdpr-center/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "The AWS GDPR Data Processing Addendum is incorporated automatically into the AWS Service Terms for all customers, includes the 2021 EU Standard Contractual Clauses, and AWS maintains a published sub-processors page referenced from the GDPR Center. Bedrock FAQ states customers can use Bedrock in compliance with GDPR.\n",
          "facts": {
            "sccs": "EC June 2021 SCCs incorporated"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Two-level rule: the GPAI Code of Practice is a provider (model developer) obligation, so this cell grades Anthropic, not AWS. Anthropic is on the EC's signatory list for the full Code (announced its intent at anthropic.com/news/eu-code-practice). Separately, Amazon itself also appears on the EC signatory list in its own capacity (as an Amazon GPAI provider), which does not substitute for Anthropic's obligations for Claude. Only xAI signed a subset (Safety & Security chapter).\n",
          "facts": {
            "chapters": "all (Transparency, Copyright, Safety & Security)",
            "signatory": "Anthropic"
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/hipaa-eligible-services-reference/",
          "archived": "http://web.archive.org/web/20260703162708/https://aws.amazon.com/compliance/hipaa-eligible-services-reference/",
          "verified": "2026-07-05",
          "notes": "Amazon Bedrock is on AWS's public HIPAA Eligible Services list. PHI use requires first entering the AWS Business Associate Addendum (accepted self-serve via AWS Artifact agreements). default=requires_config because the BAA must be accepted and workloads confined to eligible services before PHI is in scope.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/iso-certified/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "AWS holds ISO/IEC 27001:2022 certification with Amazon Bedrock named on the public ISO-certified services list (also 27017/27018/27701 programs). Certificates downloadable via AWS Artifact.\n",
          "facts": {
            "standard": "ISO/IEC 27001:2022",
            "scope_note": "Amazon Bedrock listed (excludes Amazon Bedrock Marketplace)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://aws.amazon.com/compliance/iso-42001-faqs/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "AWS holds an accredited ISO/IEC 42001:2023 AI-management-system certification; AWS announced (Nov 2024) that the initial scope covered Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe, and reported a clean first surveillance audit (Nov 2025). The FAQ page confirms the certificate exists but the authoritative service-scope list is inside the certificate, accessed via AWS Artifact, hence medium confidence pending a human pull of the certificate.\n",
          "facts": {
            "standard": "ISO/IEC 42001:2023",
            "first_certified": "2024-11"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "partial",
          "confidence": "high",
          "source": "https://docs.aws.amazon.com/bedrock/latest/userguide/data-retention.html",
          "archived": "http://web.archive.org/web/20260702094122/https://docs.aws.amazon.com/bedrock/latest/userguide/data-retention.html",
          "verified": "2026-07-05",
          "notes": "Retention is thoroughly documented, hence not a clean \"yes\". Bedrock's baseline is zero data retention and zero operator access, inputs/outputs are not stored by default, and older Claude models keep that behavior. But Claude Fable 5 and Claude Mythos 5 are gated on data_retention_mode=provider_data_share: prompts/completions are retained up to 30 days and shared with Anthropic for abuse detection and potential human review (per abuse-detection page). Customers can enforce org-wide ZDR via SCPs, and eligible customers may request full ZDR on those models through their AWS account team (per-account, per-model approval with the model provider), that approval path is why route=sales_contract and default=requires_config. Availability tier is self_serve for the controls themselves.\n",
          "facts": {
            "zdr_mode": "data_retention_mode: none (account or project scope)",
            "default_model": "ZDR + zero-operator-access for most models by default",
            "provider_share_retention_days": 30
          },
          "availability": {
            "tier": "self_serve",
            "route": "sales_contract",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Claude Fable/Mythos 5 retain data up to 30 days by default."
        },
        "soc2_type2": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/services-in-scope/SOC/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Two-level rule: this grades AWS (the serving platform), not Anthropic. Amazon Bedrock is listed with a checkmark on AWS's SOC services-in-scope page. The SOC 2 Type II report itself is retrieved self-serve via AWS Artifact (console, click-through confidentiality terms) rather than a public download.\n",
          "facts": {
            "scope_note": "Amazon Bedrock in scope for SOC 1, 2, 3 (excludes Amazon Bedrock Marketplace)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/bedrock/faqs/",
          "archived": "http://web.archive.org/web/20260702232107/https://aws.amazon.com/bedrock/faqs/",
          "verified": "2026-07-05",
          "notes": "Bedrock FAQ: \"your content is not used to improve the base models and is not shared with any model providers\"; AWS and third-party model providers \"will not use any inputs to or outputs from Amazon Bedrock to train\" their models. Architecturally, model-provider deployment accounts give Anthropic no access to prompts/completions (docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html). Caveat: the newest Claude models (Fable 5, Mythos 5) require an explicit provider_data_share opt-in that shares retained traffic with Anthropic for trust-and-safety review, a safety-review carve-out, not a training grant; the no-training commitment still applies.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/artifact/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "AWS Artifact is the compliance portal: on-demand, self-serve access to auditor-issued reports/certifications and to agreements (e.g. the BAA) from the AWS console. Public compliance program pages (aws.amazon.com/compliance/) complement it. This grades AWS, not Anthropic.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "retention_zdr",
          "label": "Retention / ZDR",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Claude Fable/Mythos 5 retain data up to 30 days by default."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 summary not published per EU template."
        }
      ],
      "watchout_count": 2
    },
    {
      "id": "claude-vertex",
      "name": "Claude via Google Vertex AI",
      "developer": "Anthropic",
      "platform": "Google Cloud Vertex AI",
      "category": "cloud_distribution",
      "model_family": "Claude",
      "summary": "Anthropic's Claude models served as partner models on Google Cloud Vertex AI (Model Garden). Vendor-trust and data-handling dimensions below describe Google Cloud / Vertex AI as the serving platform; EU AI Act dimensions describe Anthropic as the model developer.\n",
      "sort_order": 4,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Developer-level (Anthropic) obligation under Art 53(1)(d). The EC's mandatory template for the public summary of training content was published 2025-07-24. As of 2026-07-05, searches of anthropic.com (including the Transparency Hub, which describes training data only in general terms, e.g. \"a proprietary mix of publicly available information\") and the web found no Anthropic training-content summary published on the EU template. Models placed on the market before 2025-08-02 have until 2027-08-02; models placed after should have one, so absence of evidence here is notable and worth periodic re-checking. Human review recommended.\n",
          "facts": {
            "deadline_new_models": "2025-08-02",
            "template_published_by_ec": "2025-07-24",
            "deadline_pre_existing_models": "2027-08-02"
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Art. 53(1)(d) summary not published by developer."
        },
        "data_residency": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://docs.cloud.google.com/vertex-ai/generative-ai/docs/learn/data-residency",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Vertex AI documents data-at-rest residency by region and a separate ML-processing residency commitment supported only in US and EU locations. Claude models are reachable via regional endpoints (including EU regions), US/EU multi-region endpoints that keep processing within the chosen geography (per Google Cloud's announcement of multi-region endpoints for Claude), and a global endpoint that explicitly does NOT guarantee processing location - customers with residency requirements must choose regional/multi-region endpoints. Confidence medium because the residency page could not be fully retrieved and Claude-specific region lists were corroborated via Google Cloud announcements rather than quoted from the docs page.\n",
          "facts": {
            "at_rest": "region-pinnable",
            "claude_endpoints": [
              "regional (incl. EU, e.g. europe-west1)",
              "US/EU multi-region",
              "global (no residency guarantee)"
            ],
            "ml_processing_residency": "US and EU locations only"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "EU available (regional and EU multi-region endpoints)"
          },
          "evidence": null,
          "caveat": null
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/terms/data-processing-addendum",
          "archived": "http://web.archive.org/web/20260702222845/https://cloud.google.com/terms/data-processing-addendum",
          "verified": "2026-07-05",
          "notes": "Google's Cloud Data Processing Addendum is public, incorporated into the Google Cloud agreement, addresses GDPR/European Data Protection Law (transfer mechanisms including SCCs are handled in the CDPA's appendices), commits to ISO 27001 for audited services, and defines the subprocessor regime (Section 11) with a published subprocessor list. Vertex AI is an audited service under the CDPA via the services-in-scope list.\n",
          "facts": {
            "addendum": "Cloud Data Processing Addendum (CDPA)",
            "subprocessor_list": "https://cloud.google.com/terms/subprocessors"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Two-level layering - the GPAI Code of Practice is a model-provider obligation, so this cell grades Anthropic (the developer), which appears on the EC signatory list as a full-code signatory (announced July 21, 2025); only xAI is noted as a partial (Safety & Security chapter) signatory. Google, the serving platform here, is separately also a full-code signatory, so both layers of this offering sit under the Code.\n",
          "facts": {
            "google_signed": "full code (all chapters)",
            "anthropic_signed": "full code (all chapters)"
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://cloud.google.com/security/compliance/hipaa",
          "archived": "http://web.archive.org/web/20260702222250/https://cloud.google.com/security/compliance/hipaa",
          "verified": "2026-07-05",
          "notes": "Google Cloud offers a self-serve BAA covering its entire infrastructure, and Vertex AI Platform functionality (e.g. Vertex AI Workbench, Agent Engine) appears among HIPAA-included products. However, public evidence that Anthropic Claude partner models specifically are HIPAA-included functionality on Vertex AI was not found; Google documentation cautions that not all Model Garden LLMs support HIPAA. Graded partial pending confirmation that Claude models are on the HIPAA-included functionality list. Human review recommended.\n",
          "facts": {
            "baa_acceptance": "self-serve via admin console (support.google.com/cloud/answer/6329727)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Claude models on Vertex AI are not confirmed HIPAA-included functionality."
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/security/compliance/services-in-scope",
          "archived": "http://web.archive.org/web/20260702222847/https://cloud.google.com/security/compliance/services-in-scope",
          "verified": "2026-07-05",
          "notes": "\"Vertex AI Platform\" and \"Generative AI on Vertex AI\" are listed in scope for Google Cloud's ISO/IEC 27001 (plus 27017/27018) certification. Certificates are available via cloud.google.com/security/compliance/iso-27001 and the Compliance Reports Manager.\n",
          "facts": {
            "related_certs": [
              "ISO 27017",
              "ISO 27018"
            ],
            "services_in_scope": [
              "Vertex AI Platform",
              "Generative AI on Vertex AI"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://cloud.google.com/security/compliance/iso-42001",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Google has publicized ISO/IEC 42001:2023 certification of its AI management system covering Google Cloud Platform (announced via Google Cloud blog \"Google Cloud's commitment to responsible AI is now ISO/IEC certified\"). However, ISO 42001 does not appear in the per-service services-in-scope matrix, so explicit coverage of Vertex AI partner models (Claude) within the certificate scope could not be verified publicly; confirm certificate scope via Compliance Reports Manager. Anthropic separately holds its own ISO 42001 for first-party services, but that does not attach to this Vertex offering.\n",
          "facts": {
            "certified_scopes_publicized": [
              "Google Cloud Platform",
              "Google Workspace",
              "Gemini app"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://docs.cloud.google.com/vertex-ai/generative-ai/docs/data-governance",
          "archived": "http://web.archive.org/web/20250916131216/https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance",
          "verified": "2026-07-05",
          "notes": "Retention is documented - by default Vertex AI caches generative AI inputs/outputs for up to 24 hours in the serving data center to reduce latency; customers can disable caching at the project level to achieve zero data retention. Optional request-response logging (e.g. 30-day retention, stored in the customer's project) is off by default. The 24-hour caching documentation is written primarily for Google foundation models; for Claude partner models, Anthropic-style prompt caching is an explicit per-request opt-in, but the project-level ZDR configuration is the documented control. ZDR requires configuration - it is NOT the default (hence default: requires_config).\n",
          "facts": {
            "zdr_mechanism": "disable data caching at project level",
            "optional_logging_days": 30,
            "default_cache_ttl_hours": 24
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "soc2_type2": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/security/compliance/services-in-scope",
          "archived": "http://web.archive.org/web/20260702222847/https://cloud.google.com/security/compliance/services-in-scope",
          "verified": "2026-07-05",
          "notes": "Google's services-in-scope page lists both \"Vertex AI Platform\" and \"Generative AI on Vertex AI\" as covered by Google Cloud's SOC 1/2/3 reports. SOC 2 Type II reports are downloadable self-serve via Google's Compliance Reports Manager (Google account required, no sales gate); SOC 3 is fully public. Scope is the Google Cloud platform level; the report does not attest Anthropic's own controls.\n",
          "facts": {
            "reports": [
              "SOC 1",
              "SOC 2",
              "SOC 3"
            ],
            "services_in_scope": [
              "Vertex AI Platform",
              "Generative AI on Vertex AI"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://docs.cloud.google.com/vertex-ai/generative-ai/docs/data-governance",
          "archived": "http://web.archive.org/web/20250916131216/https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance",
          "verified": "2026-07-05",
          "notes": "Google Cloud Service Terms Section 17 (Training Restriction) commits that Google will not use customer data to train or fine-tune AI/ML models without customer permission or instruction; the Vertex AI generative AI data governance page states prompts, responses, and adapter training data are not used to train foundation models by default, and that customer prompts/responses are not shared with third parties, including partner-model providers such as Anthropic. Archived snapshot is of the pre-migration cloud.google.com URL for the same page.\n",
          "facts": {
            "contractual_basis": "Google Cloud Service Terms, Section 17 \"Training Restriction\""
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/security/compliance",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Google Cloud maintains a public compliance resource center with per-standard pages, a services-in-scope matrix, and the Compliance Reports Manager for self-serve download of audit reports (SOC, ISO) without NDA for most reports.\n",
          "facts": {
            "reports_portal": "https://cloud.google.com/security/compliance/compliance-reports-manager"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Claude models on Vertex AI are not confirmed HIPAA-included functionality."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53(1)(d) summary not published by developer."
        }
      ],
      "watchout_count": 2
    },
    {
      "id": "gemini-vertex",
      "name": "Gemini via Vertex AI",
      "developer": "Google",
      "platform": "Google Cloud Vertex AI",
      "category": "first_party",
      "model_family": "Gemini",
      "summary": "Google's Gemini models served through Google Cloud Vertex AI (renamed \"Gemini Enterprise Agent Platform\" in 2026). Inherits Google Cloud's certification portfolio (SOC 1/2/3, ISO 27001/27017/27018, ISO 42001), HIPAA BAA coverage, the Cloud Data Processing Addendum, and documented data-governance controls including a configurable zero-data-retention path.\n",
      "sort_order": 5,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "low",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Could not locate a published Article 53(1)(d) public training-content summary for Gemini using the EU template, despite targeted searches of ai.google, deepmind.google, blog.google, and cloud.google.com (2026-07-05). Google signed the full GPAI Code of Practice (incl. the Transparency chapter) and the obligation has applied since 2025-08-02, so a summary may exist behind a URL not surfaced by search, flagged for human review. Google Cloud's EU AI Act compliance page (cloud.google.com/security/compliance/eu-ai-act) does not link one.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Art. 53 summary not published for Gemini."
        },
        "data_residency": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/vertex-ai/generative-ai/docs/learn/data-residency",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "\"Data stored at rest in the customer selected location remains at rest in that location\" and \"ML processing for Agent Platform services occurs within the specific region or multi-region where the request is made.\" Per-model residency tables cover Gemini models across US/EU multi-regions and many country regions. Endpoints not listed (e.g., some Middle East regions / older models) carry no ML-processing guarantee. Customer must select regional endpoints (requires_config). Cached in-memory data also \"adheres to all Data Residency requirements for the selected location.\"\n",
          "facts": {
            "at_rest": "data stored at rest remains in the customer-selected location",
            "ml_processing": "occurs within the specific region or multi-region where the request is made",
            "example_eu_regions": [
              "eu multi-region",
              "europe-west1",
              "europe-west2",
              "europe-west3",
              "europe-west4",
              "europe-west9"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "US and EU multi-regions plus country regions incl. Germany, France, Netherlands, UK, and APAC regions"
          },
          "evidence": null,
          "caveat": null
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/terms/data-processing-addendum",
          "archived": "http://web.archive.org/web/20260702222845/https://cloud.google.com/terms/data-processing-addendum",
          "verified": "2026-07-05",
          "notes": "Cloud Data Processing Addendum is public, incorporated into Google Cloud Platform agreements (covers Vertex AI), positions Google as processor, includes SCC mechanisms via Appendix 3 (Specific Privacy Laws), subprocessor terms in Section 11, and commits to maintaining ISO 27001 certificates and SOC 2/3 reports for audited services. A public subprocessor list is maintained at cloud.google.com/terms/subprocessors (verified reachable 2026-07-05).\n",
          "facts": {
            "subprocessor_list": "https://cloud.google.com/terms/subprocessors"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Google appears on the European Commission's GPAI Code of Practice signatory list with no caveat, i.e., signed all three chapters (unlike xAI, which signed Safety & Security only). CoP signature is a developer-level (Google) commitment covering its GPAI models incl. Gemini.\n",
          "facts": {
            "chapters": [
              "Transparency",
              "Copyright",
              "Safety and Security"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/security/compliance/hipaa",
          "archived": "http://web.archive.org/web/20260702222250/https://cloud.google.com/security/compliance/hipaa",
          "verified": "2026-07-05",
          "notes": "\"Google will enter into Business Associate Agreements with customers as necessary under HIPAA.\" The BAA-covered-products list includes \"Gemini Enterprise Agent Platform\" and \"Generative AI on Gemini Enterprise Agent Platform\" (the renamed Vertex AI; the old \"Vertex AI\" name no longer appears). BAA is executed self-serve via account settings (support.google.com/cloud/answer/6329727). requires_config: customer must execute the BAA and restrict use to covered products.\n",
          "facts": {
            "covered_products": [
              "Gemini Enterprise Agent Platform",
              "Generative AI on Gemini Enterprise Agent Platform"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/security/compliance/services-in-scope",
          "archived": "http://web.archive.org/web/20260702222847/https://cloud.google.com/security/compliance/services-in-scope",
          "verified": "2026-07-05",
          "notes": "\"Vertex AI Platform\" and \"Generative AI on Vertex AI\" are in scope for ISO/IEC 27001 (plus 27017/27018 for most Vertex services). Certificates available via Compliance Reports Manager.\n",
          "facts": {
            "standards": [
              "ISO/IEC 27001",
              "ISO/IEC 27017",
              "ISO/IEC 27018"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/security/compliance/iso-42001",
          "archived": "http://web.archive.org/web/20260619065258/https://cloud.google.com/security/compliance/iso-42001",
          "verified": "2026-07-05",
          "notes": "Google Cloud Platform, Google Workspace, and Gemini (App) are certified ISO/IEC 42001:2023. The page's products-in-scope list explicitly includes \"Gemini Enterprise Agent Platform\" and \"Generative AI on Gemini Enterprise Agent Platform\" (i.e., Vertex AI under its 2026 name). Certificate verifiable at iafcertsearch.org.\n",
          "facts": {
            "in_scope_products": [
              "Gemini Enterprise Agent Platform",
              "Generative AI on Gemini Enterprise Agent Platform",
              "Gemini App",
              "Gemini Enterprise"
            ],
            "certificate_registry": "https://www.iafcertsearch.org"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://docs.cloud.google.com/gemini-enterprise-agent-platform/resources/zero-data-retention",
          "archived": "http://web.archive.org/web/20250916131216/https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance",
          "verified": "2026-07-05",
          "notes": "Retention is documented in detail and zero data retention is achievable, but requires configuration: (1) Gemini models cache inputs/ outputs in-memory (not at-rest) with a 24-hour TTL by default, disableable at the project level; (2) abuse-monitoring prompt logging applies to customers on standard GCP ToS, a ZDR exception can be requested (not applicable on invoiced billing per Google's docs); (3) request-response logging is disabled by default; (4) Grounding with Google Search/Maps stores prompts and outputs for 30 days and cannot be disabled, Google recommends Web Grounding for Enterprise for ZDR; (5) some Advanced AI features (Advanced AI Safety Addendum) may preclude ZDR.\n",
          "facts": {
            "cache_disable_scope": "project-level",
            "inmemory_cache_ttl_hours": 24,
            "request_response_logging_default": "disabled",
            "grounding_google_search_retention_days": 30
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "soc2_type2": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/security/compliance/services-in-scope",
          "archived": "http://web.archive.org/web/20260702222847/https://cloud.google.com/security/compliance/services-in-scope",
          "verified": "2026-07-05",
          "notes": "Google Cloud's services-in-scope page lists \"Vertex AI Platform\" and \"Generative AI on Vertex AI\" under SOC 1/2/3. SOC 2 reports are downloadable self-serve via Compliance Reports Manager (Google account sign-in required, no NDA or sales contact). Vertex AI was renamed \"Gemini Enterprise Agent Platform\" in 2026; newer pages use that name.\n",
          "facts": {
            "in_scope_services": [
              "Vertex AI Platform",
              "Generative AI on Vertex AI"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://docs.cloud.google.com/gemini-enterprise-agent-platform/resources/zero-data-retention",
          "archived": "http://web.archive.org/web/20250916131216/https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance",
          "verified": "2026-07-05",
          "notes": "\"As outlined in Section 17 'Training Restriction' in the Service Terms section of Service Specific Terms, Google won't use your data to train or fine-tune any AI/ML models without your prior permission or instruction. This applies to all managed models on Gemini Enterprise Agent Platform, including GA and pre-GA models.\" The old URL cloud.google.com/vertex-ai/generative-ai/docs/data-governance now redirects to this page; the archived snapshot is of the pre-rename URL.\n",
          "facts": {
            "contractual_basis": "Service Specific Terms, Section 17 \"Training Restriction\""
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://cloud.google.com/security/compliance/compliance-reports-manager",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Compliance Reports Manager provides free, on-demand, self-serve downloads of ISO certificates, SOC reports (incl. SOC 2), and self-assessments; requires Google Cloud/Workspace sign-in but no NDA for current reports. Broader compliance hub at cloud.google.com/security/compliance.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 summary not published for Gemini."
        }
      ],
      "watchout_count": 1
    },
    {
      "id": "aws-bedrock",
      "name": "AWS Bedrock (platform)",
      "developer": "(multiple model providers)",
      "platform": "AWS Bedrock",
      "category": "platform",
      "model_family": "multiple",
      "summary": "Amazon Bedrock is AWS's managed platform for serving foundation models from multiple providers. This platform-level row covers AWS's own audit scope, contractual terms, and Bedrock-wide data-handling commitments; model-specific behavior (e.g. provider data sharing for certain Anthropic models) is noted where it deviates from the platform default.\n",
      "sort_order": 6,
      "dimensions": {
        "art53_summary": {
          "value": "not_applicable",
          "confidence": "medium",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "The Art 53(1)(d) public training-data summary is a GPAI provider obligation; AWS Bedrock as a serving platform is not the provider of the third-party models it hosts, so the obligation does not attach to this platform row. Whether Amazon has published an EU-template training-data summary for its own models (Nova/Titan) was not verified here and belongs on the Amazon developer row. Confidence medium reflects that the \"not applicable\" framing rests on role analysis, not an explicit AWS statement.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "data_residency": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/bedrock/faqs/",
          "archived": "http://web.archive.org/web/20260702232107/https://aws.amazon.com/bedrock/faqs/",
          "verified": "2026-07-05",
          "notes": "Bedrock FAQ states customer content processed by Bedrock \"is encrypted and stored at rest in the AWS Region where you are using Amazon Bedrock.\" Bedrock endpoints exist in Frankfurt, Ireland, London, Paris, Zurich, Milan, Spain and Stockholm (not every model/feature is in every region). requires_config: the customer chooses the region, and enabling cross-region inference moves processing/retained data to destination regions, so residency depends on configuration.\n",
          "facts": {
            "region_endpoints": "https://docs.aws.amazon.com/general/latest/gr/bedrock.html"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "EU available (8 EU/UK/CH regions incl. eu-central-1, eu-west-1, eu-west-3, eu-north-1, eu-south-1, eu-south-2, eu-central-2, eu-west-2)"
          },
          "evidence": null,
          "caveat": null
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/gdpr-center/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "The AWS GDPR DPA is incorporated into the AWS Service Terms and applies automatically to all customers; the June 2021 EC SCCs apply automatically to transfers to non-adequate third countries. AWS publishes a subprocessor list (infrastructure entities, service providers, third-party providers, European Sovereign Cloud subprocessors) at the URL in facts.\n",
          "facts": {
            "sccs": "EC June 2021 SCCs, incorporated in AWS Service Terms",
            "subprocessor_list": "https://aws.amazon.com/compliance/sub-processors/"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "not_applicable",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "The GPAI Code of Practice is an obligation of the GPAI model provider, not of a distribution platform, so it does not attach to Bedrock as a platform serving third-party models. For the record: Amazon IS on the EC signatory list, having signed the full Code (no chapter limitation noted, unlike xAI's Safety & Security-only signature), that signature is relevant to Amazon as developer of its own models (e.g. Amazon Nova/Titan rows), and each third-party model's CoP status belongs on its developer's row per the two-level rule.\n",
          "facts": {
            "amazon_signatory": "full code (all chapters)"
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/hipaa-eligible-services-reference/",
          "archived": "http://web.archive.org/web/20260703162708/https://aws.amazon.com/compliance/hipaa-eligible-services-reference/",
          "verified": "2026-07-05",
          "notes": "Amazon Bedrock is on the AWS HIPAA Eligible Services Reference. Customers must enter into the AWS Business Associate Addendum (self-serve via AWS Artifact) before processing PHI in eligible services. Marked requires_config: the BAA must be accepted and workloads configured per AWS's HIPAA guidance; eligibility is not automatic protection.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/iso-certified/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Amazon Bedrock is in scope for AWS's ISO/IEC 27001:2022 certification (again excluding Bedrock Marketplace). AWS also holds ISO 27017/27018/ 27701 and CSA STAR CCM v4.0 across the same services-in-scope list.\n",
          "facts": {
            "other_iso": [
              "27017:2015",
              "27018:2019",
              "27701:2019",
              "22301:2019",
              "20000-1:2018",
              "9001:2015"
            ],
            "scope_exclusion": "Amazon Bedrock Marketplace"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://aws.amazon.com/compliance/iso-42001-faqs/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "AWS holds an accredited ISO/IEC 42001:2023 (AI management system) certification. AWS publicly announced Amazon Bedrock among the certified services (with Amazon Q Business, Textract, Transcribe), but the FAQ page itself defers the authoritative service scope to the certificate, which is retrieved via AWS Artifact in the console. Confidence medium because the public compliance page does not itself enumerate Bedrock in scope; the named-service claim comes from AWS's own announcement and the Artifact certificate. Human reviewer with an AWS account should confirm Bedrock on the certificate.\n",
          "facts": {
            "first_certified": 2024,
            "surveillance_audit": "2025 (completed, no findings per AWS)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://docs.aws.amazon.com/bedrock/latest/userguide/abuse-detection.html",
          "archived": "http://web.archive.org/web/20260702093955/https://docs.aws.amazon.com/bedrock/latest/userguide/abuse-detection.html",
          "verified": "2026-07-05",
          "notes": "Platform default is documented as zero data retention (Bedrock \"does not store model inputs or outputs\" by default) and zero operator access. Exceptions are model-specific and documented: OpenAI GPT-5.4/5.5 classifier-flagged traffic retained up to 30 days for abuse detection; Anthropic Claude Fable 5 (and Mythos 5) require opt-in provider_data_share, with prompts/completions retained up to 30 days and shared with Anthropic for abuse detection/potential human review. Retention is configurable per account/project via data_retention_mode (none = guaranteed ZDR; retention-requiring models are blocked under it) and enforceable via IAM/SCP condition keys. ZDR access to retention-requiring models is per-account, per-model via the AWS account team (requires_approval for that subset). With cross-region inference, retained data is stored in the destination region.\n",
          "facts": {
            "default_model": "zero data retention + zero operator access",
            "retention_docs": "https://docs.aws.amazon.com/bedrock/latest/userguide/data-retention.html",
            "retention_modes": [
              "default",
              "provider_data_share",
              "none",
              "inherit"
            ],
            "exception_retention_days": 30
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "soc2_type2": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/services-in-scope/SOC/",
          "archived": "http://web.archive.org/web/20260703162709/https://aws.amazon.com/compliance/services-in-scope/SOC/",
          "verified": "2026-07-05",
          "notes": "Amazon Bedrock is listed in scope for AWS SOC 1/2/3 reports, explicitly \"excludes Amazon Bedrock Marketplace\". The in-scope listing is public; the SOC 2 Type II report itself is retrieved self-serve via AWS Artifact (requires an AWS account, no sales contact).\n",
          "facts": {
            "scope_exclusion": "Amazon Bedrock Marketplace"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/bedrock/faqs/",
          "archived": "http://web.archive.org/web/20260702232107/https://aws.amazon.com/bedrock/faqs/",
          "verified": "2026-07-05",
          "notes": "Bedrock FAQ commits that \"AWS and the third-party model providers will not use any inputs to or outputs from Amazon Bedrock to train Amazon Nova, Amazon Titan, or any third-party models,\" and that inputs/outputs are not shared with model providers. The Bedrock user guide additionally documents that model providers have no access to the AWS-operated Model Deployment Accounts, so they cannot see Bedrock logs or customer prompts/completions (https://docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html). Caveat: the separate provider_data_share retention mode (see retention_zdr) shares data with the model provider for trust & safety, not training.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/artifact/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "AWS maintains a public compliance portal (aws.amazon.com/compliance, including per-service in-scope listings) plus AWS Artifact, a self-serve console service for downloading audit reports, certifications, and accepting agreements (including the BAA) without sales involvement.\n",
          "facts": {
            "compliance_portal": "https://aws.amazon.com/compliance/"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [],
      "watchout_count": 0
    },
    {
      "id": "mistral-la-plateforme",
      "name": "Mistral La Plateforme",
      "developer": "Mistral AI",
      "platform": "Mistral AI",
      "category": "first_party",
      "model_family": "Mistral",
      "summary": "Mistral AI's first-party API platform (La Plateforme / AI Studio) for serving and fine-tuning Mistral models. French provider with EU hosting by default, a public DPA with SCCs and subprocessor list, SOC 2 Type II / ISO 27001 attestations gated behind its trust center, and full GPAI Code of Practice signatory status.\n",
      "sort_order": 7,
      "dimensions": {
        "art53_summary": {
          "value": "unclear",
          "confidence": "low",
          "source": "https://legal.mistral.ai/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Mistral runs an AI Governance hub with per-model documentation (downloadable zip per model, e.g. Mistral Large 3.0), positioned as its AI Act compliance hub. However, no public web page matching the EC Art 53(1)(d) training-content summary template was directly verifiable, and a help-center article (347390) states Mistral does not disclose its training datasets to protect IP. The template summary may be inside the downloadable model documentation, but this could not be confirmed from page content. Needs human verification of the zip contents.\n",
          "facts": {
            "governance_hub": "https://legal.mistral.ai/ai-governance/models"
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Art. 53 summary not publicly verifiable; IP protection limits disclosure."
        },
        "data_residency": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://help.mistral.ai/en/articles/347629-where-do-you-store-my-data-or-my-organization-s-data",
          "archived": "http://web.archive.org/web/20260624002712/https://help.mistral.ai/en/articles/347629-where-do-you-store-my-data-or-my-organization-s-data",
          "verified": "2026-07-05",
          "notes": "EU hosting is the default (no configuration needed), a genuine differentiator for a first-party API. Caveats: specific EU country/cloud provider not named, and data may be temporarily transferred to non-EU subprocessors (listed in Trust Center) under SCCs; enterprise customers can disable certain features involving non-EU transfers.\n",
          "facts": {
            "us_option": "explicit US API endpoint hosts data in the United States",
            "default_region": "European Union"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "EU default, optional US endpoint"
          },
          "evidence": null,
          "caveat": null
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://legal.mistral.ai/terms/data-processing-addendum",
          "archived": "http://web.archive.org/web/20260626061659/https://legal.mistral.ai/terms/data-processing-addendum",
          "verified": "2026-07-05",
          "notes": "Public DPA covering all \"Mistral AI Products\" (includes La Plateforme API), incorporating EU SCCs and linking a published subprocessor list with email change notifications. French entity, natively subject to GDPR.\n",
          "facts": {
            "sccs": "incorporated (DPA sect. 8.2 references SCC Module 4 for customers in restricted countries)",
            "subprocessor_list": "https://trust.mistral.ai/subprocessors",
            "subprocessor_change_notice": "10-day objection window via subscription",
            "post_termination_deletion_days": 30
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Mistral AI appears on the European Commission's GPAI Code of Practice signatory list with no chapter limitation. Mistral was among the first signatories (July 2025). Developer-level obligation; applies to Mistral as GPAI model provider.\n",
          "facts": {
            "chapters": "all (no qualifying notation, unlike xAI's Safety-and-Security-only entry)"
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No public statement that Mistral will sign a HIPAA BAA covering La Plateforme, and no HIPAA article in the help-center compliance collection. Marketing (mistral.ai/solutions) mentions \"HIPAA-compliant solutions\" for healthcare without specifying deployment mode; this most plausibly refers to on-premise/private-cloud deployments, not the shared API.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No public evidence they sign HIPAA BAA for shared API."
        },
        "iso_27001": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://help.mistral.ai/en/articles/347638-do-you-have-soc-2-or-iso-27001-certification",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Same help-center source claims ISO 27001/27701 compliance; certificate and scope statement gated behind Trust Center document request. Certificate body and scope not publicly visible.\n",
          "facts": {
            "also_claimed": "ISO 27701"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "ISO 27001 scope & certificate require Trust Center access."
        },
        "iso_42001": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No ISO/IEC 42001 claim found on help.mistral.ai, trust.mistral.ai, or mistral.ai as of verification date. Only SOC 2 Type II and ISO 27001/27701 are claimed.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No ISO/IEC 42001 certification evidence found."
        },
        "retention_zdr": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://help.mistral.ai/en/articles/347612-can-i-activate-zero-data-retention-zdr",
          "archived": "http://web.archive.org/web/20260624002713/https://help.mistral.ai/en/articles/347612-can-i-activate-zero-data-retention-zdr",
          "verified": "2026-07-05",
          "notes": "Retention is publicly documented (30 rolling days for stateless API abuse monitoring). ZDR exists but is gated: Scale plan only, request via support with justification, approved at Mistral's discretion, and covers only stateless endpoints, stateful features remain out of ZDR scope even after approval. Approved status is visible in Admin Console Privacy settings.\n",
          "facts": {
            "zdr_plan": "Scale plan only",
            "zdr_scope": "stateless endpoints only (chat/fim completions, embeddings, moderations, classifications, OCR, audio)",
            "zdr_excluded": "stateful products (agents, conversations, libraries, batch, Files API, Le Chat)",
            "retention_basis": "rolling abuse-monitoring window for inputs/outputs (help article 347628)",
            "agents_api_retention": "inputs/outputs kept until account termination",
            "fine_tuning_retention": "kept until customer deletes or terminates account",
            "default_retention_days": 30
          },
          "availability": {
            "tier": "enterprise_only",
            "route": "sales_contract",
            "default": "requires_approval",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "ZDR requires Scale plan, support request, and Mistral approval for stateless endpoints only."
        },
        "soc2_type2": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://help.mistral.ai/en/articles/347638-do-you-have-soc-2-or-iso-27001-certification",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Help center states Mistral \"complies with SOC 2 Type II and ISO 27001/27701 frameworks\"; the report itself is not public and must be requested via the Trust Center (trust.mistral.ai/resources). Exact audit scope/period not publicly stated.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Report requires sales engagement; audit scope/period not public."
        },
        "training_on_customer_data": {
          "value": "partial",
          "confidence": "high",
          "source": "https://help.mistral.ai/en/articles/455207-can-i-opt-out-of-my-input-or-output-data-being-used-for-training",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Not a blanket no-training commitment for the whole platform: paid (Scale) API customers are opted out of training by default, but free-tier API usage is opted IN by default and requires a manual console toggle to opt out. DPA confirms Mistral acts as controller for training unless the customer opted out or uses a product opted out by default.\n",
          "facts": {
            "free_api_tier": "data used to improve services by default; opt-out toggle in Admin Console (Privacy > Anonymous improvement data)",
            "paid_scale_plan": "opted out of training by default"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Free-tier API usage is opted in for training by default."
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://trust.mistral.ai/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Maintained trust center exists (SafeBase-style portal, JS-rendered). Portal is public; compliance documents (SOC 2 report etc.) require an access request. Referenced from the DPA and help center as the canonical source for security posture and subprocessors.\n",
          "facts": {
            "resources": "https://trust.mistral.ai/resources",
            "subprocessor_list": "https://trust.mistral.ai/subprocessors"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "soc2_type2",
          "label": "SOC 2 Type II",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "Report requires sales engagement; audit scope/period not public."
        },
        {
          "key": "iso_27001",
          "label": "ISO 27001",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "ISO 27001 scope & certificate require Trust Center access."
        },
        {
          "key": "iso_42001",
          "label": "ISO 42001",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No ISO/IEC 42001 certification evidence found."
        },
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No public evidence they sign HIPAA BAA for shared API."
        },
        {
          "key": "training_on_customer_data",
          "label": "No-training default",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Free-tier API usage is opted in for training by default."
        },
        {
          "key": "retention_zdr",
          "label": "Retention / ZDR",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "ZDR requires Scale plan, support request, and Mistral approval for stateless endpoints only."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "unclear",
          "value_label": "Unclear",
          "tone": "none",
          "caveat": "Art. 53 summary not publicly verifiable; IP protection limits disclosure."
        }
      ],
      "watchout_count": 7
    },
    {
      "id": "mistral-azure",
      "name": "Mistral via Azure AI",
      "developer": "Mistral AI",
      "platform": "Microsoft Azure",
      "category": "cloud_distribution",
      "model_family": "Mistral",
      "summary": "Mistral AI models served on Microsoft Azure via Azure AI Foundry (Microsoft Foundry) Models. Some Mistral models (e.g. Mistral Large 3, Mistral Document AI) are \"sold directly by Azure\", hosted and operated by Azure under Azure SLAs, while others are offered as serverless Models-as-a-Service from the partners-and-community collection, where the model is a Non-Microsoft Product but Microsoft manages the hosting and acts as data processor.\n",
      "sort_order": 8,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Developer-level cell (Mistral AI, per the two-level rule). No public Article 53(1)(d) training-content summary in the EC template format could be located on Mistral's sites as of 2026-07-05. Mistral's help center still states \"We do not disclose the datasets used to train our models\" (https://help.mistral.ai/en/articles/347390-does-mistral-ai-disclose-its-training-datasets). Some secondary analyses claim Mistral has published a template-aligned disclosure, but no primary artifact was found, so this is graded no_public_evidence rather than conflicting_sources. Needs human re-check as compliance deadlines bite.\n",
          "facts": {
            "checked": "mistral.ai, legal.mistral.ai, help.mistral.ai, EC digital-strategy pages",
            "deadline_context": "mandatory EC template published 2025-07-24; required at market placement for models placed after 2025-08-02, transitional deadline 2027-08-02 for earlier models"
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Art. 53 training-data summary not published by developer."
        },
        "data_residency": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/azure/ai-foundry/foundry-models/concepts/models-sold-directly-by-azure",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Two documented residency levers - (1) serverless API deployments: \"Prompts and outputs are processed within the geography specified during deployment, but they might be processed between regions within the geography\"; (2) Mistral models sold directly by Azure offer \"Data zone standard (US and EU)\" deployments alongside Global standard (which may process data in any Azure location, with data at rest in the designated geography). Graded partial - pinning is geography/data-zone level rather than single-region for these deployment types, and Microsoft's EU Data Boundary commitments are not publicly confirmed to cover third-party (non-Microsoft-product) models.\n",
          "facts": {
            "serverless_commitment": "prompts and outputs processed within the geography specified at deployment, possibly across regions within that geography",
            "mistral_deployment_types": "Global standard (all regions); Data zone standard (US and EU) for e.g. Mistral-Large-3, mistral-document-ai, mistral-medium-3-5"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "EU data zone available"
          },
          "evidence": null,
          "caveat": "Data processed between regions within a geography, not single-region pinned."
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/concept-data-privacy",
          "archived": "http://web.archive.org/web/20251009035136/https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/concept-data-privacy",
          "verified": "2026-07-05",
          "notes": "Microsoft's Foundry data-privacy doc states the Microsoft Products and Services Data Protection Addendum \"governs data processing by Azure services\" including these deployments, and that Microsoft acts as the data processor for prompts/outputs of serverless model deployments. The DPA is public, incorporates SCCs, and Microsoft publishes an online services subprocessor list. Platform terms; Mistral AI's own DPA (legal.mistral.ai) is not what governs this offering.\n",
          "facts": {
            "dpa_url": "https://aka.ms/DPA",
            "processor_role": "Microsoft acts as data processor for prompts and outputs of serverless model deployments"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Two-level rule - this cell describes Mistral AI, the model developer and GPAI provider under the EU AI Act, not Microsoft (the distributor). Mistral AI appears on the European Commission's GPAI Code of Practice signatory list without any chapter limitation. Microsoft has separately signed the Code, but the provider obligation for Mistral models rests with Mistral.\n",
          "facts": {
            "chapters": "all (no selective-signature caveat; contrast xAI, listed as Safety & Security chapter only)",
            "signatory": "Mistral AI"
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-hipaa-us",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Microsoft's HIPAA BAA is automatically part of the Product Terms/DPA for all covered-entity customers, but it applies only to \"in-scope Azure services,\" and the in-scope list is in the gated Azure Compliance Offerings document on the Service Trust Portal. Public documentation does not confirm whether Mistral serverless (MaaS) or Foundry Models deployments are HIPAA in-scope; partners-and-community models are Non-Microsoft Products under the Product Terms, which typically fall outside BAA coverage. Graded partial: BAA is public and default for Azure, coverage of this specific offering is not publicly enumerated.\n",
          "facts": {
            "baa_mechanism": "included by default in Microsoft Product Terms / DPA (\"execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement\")"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "BAA coverage for Mistral serverless/Foundry Models is not publicly enumerated."
        },
        "iso_27001": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27001",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Azure is ISO/IEC 27001 certified (regular independent third-party audits). As with SOC 2, the certificate's statement-of-applicability / in-scope service list is gated on the Service Trust Portal, so explicit coverage of third-party Foundry model deployments (Mistral) is not publicly verifiable. Platform-level cell per the two-level rule.\n",
          "facts": {
            "certificate_access": "Microsoft Service Trust Portal (sign-in required)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Coverage of third-party Foundry model deployments is not publicly verifiable."
        },
        "iso_42001": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001",
          "archived": "http://web.archive.org/web/20260619065258/https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001",
          "verified": "2026-07-05",
          "notes": "Microsoft lists \"Microsoft Foundry\" among services in scope for its ISO/IEC 42001 certification, which covers the platform serving this offering. The certificate and exact scope statement are gated on the Service Trust Portal, and public docs do not state whether the certified AI-management-system scope extends to hosting of third-party (Mistral) models specifically. No public evidence of an ISO 42001 certification held by Mistral AI itself; this cell grades the serving platform.\n",
          "facts": {
            "first_certified": "2025 (announced for Azure AI Foundry Models and Security Copilot, July 2025)",
            "in_scope_service": "Microsoft Foundry"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Scope may not cover third-party models hosted on the platform."
        },
        "retention_zdr": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/concept-data-privacy",
          "archived": "http://web.archive.org/web/20251009035136/https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/concept-data-privacy",
          "verified": "2026-07-05",
          "notes": "For serverless API deployments Microsoft documents that models are stateless and store no prompts or outputs; content filtering, if enabled, is real-time screening. No Azure-OpenAI-style abuse-monitoring retention window is documented for third-party serverless models. Fine-tuning data is stored in the customer's datastore with encryption at rest (optional CMK) and is deletable at any time. Statement covers the serverless/Foundry Models route; managed-compute deployments are customer-managed infrastructure.\n",
          "facts": {
            "content_filtering": "Azure AI Content Safety screens prompts/outputs in real time when enabled",
            "inference_retention": "none documented - 'Models are stateless, and they don't store any prompts or outputs'"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "soc2_type2": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-soc-2",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Azure undergoes SOC 2 Type II audits and Microsoft's Foundry data-privacy doc states serverless model deployments \"are subject to Azure data, privacy, and security commitments.\" However, the service-level audit scope (Appendices A/B of the Azure Compliance Offerings document) is gated on the Service Trust Portal, and public docs do not explicitly confirm that third-party Foundry model hosting (Mistral serverless / Foundry Models) is inside the audited boundary. Models from partners and community are \"Non-Microsoft Products\" under the Product Terms. Two-level rule - this cell describes the serving platform (Microsoft Azure), not Mistral AI's own SOC 2.\n",
          "facts": {
            "report_access": "Microsoft Service Trust Portal (sign-in required)",
            "report_cadence": "semi-annual, with quarterly bridge letters"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "SOC 2 Type II audit scope for Foundry models is not explicitly confirmed."
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/concept-data-privacy",
          "archived": "http://web.archive.org/web/20251009035136/https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/concept-data-privacy",
          "verified": "2026-07-05",
          "notes": "Explicit commitment for serverless deployments - \"Microsoft doesn't share these prompts and outputs with the model provider. Also, Microsoft doesn't use these prompts and outputs to train or improve Microsoft models, the model provider's models, or any third party's models.\" The Foundry Models FAQ repeats this (\"customer data is never shared with model providers\"). Caveat - Microsoft may share customer contact information and transaction/usage-volume details (not content) with the model publisher for marketplace purposes.\n",
          "facts": {
            "fine_tuning_data": "not used to train/retrain/improve any Microsoft or non-Microsoft model except as customer directs",
            "shared_with_model_provider": "no (prompts and outputs are not shared with Mistral)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://www.microsoft.com/trust-center",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Microsoft maintains a public Trust Center; audit reports and certificates are distributed via the Service Trust Portal, which requires sign-in. Platform-level cell; Mistral AI operates its own separate trust/legal pages (legal.mistral.ai) not graded here.\n",
          "facts": {
            "audit_artifacts": "https://servicetrust.microsoft.com/"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "soc2_type2",
          "label": "SOC 2 Type II",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "SOC 2 Type II audit scope for Foundry models is not explicitly confirmed."
        },
        {
          "key": "iso_27001",
          "label": "ISO 27001",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Coverage of third-party Foundry model deployments is not publicly verifiable."
        },
        {
          "key": "iso_42001",
          "label": "ISO 42001",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Scope may not cover third-party models hosted on the platform."
        },
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "BAA coverage for Mistral serverless/Foundry Models is not publicly enumerated."
        },
        {
          "key": "data_residency",
          "label": "Residency",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Data processed between regions within a geography, not single-region pinned."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 training-data summary not published by developer."
        }
      ],
      "watchout_count": 6
    },
    {
      "id": "cohere-api",
      "name": "Cohere API",
      "developer": "Cohere",
      "platform": "Cohere (first-party)",
      "category": "first_party",
      "model_family": "Command",
      "summary": "Cohere's first-party SaaS API platform serving the Command model family (plus Embed/Rerank), hosted on Google Cloud in the US. Cohere holds SOC 2 Type II, ISO 27001 and ISO 42001, and signed the EU GPAI Code of Practice; training on API data is opt-out rather than off by default, and the hosted API offers no EU residency or HIPAA BAA coverage.\n",
      "sort_order": 9,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No public summary of training content using the EU Commission's mandatory Article 53(1)(d) template was found on cohere.com or docs.cohere.com as of 2026-07-05. Model documentation (e.g. the Command A+ page at docs.cohere.com/docs/command-a-plus) carries a general training-data description but does not reference the EU template or Article 53. Models placed on the EU market before 2025-08-02 have a transitional deadline of 2027-08-02, so absence is not necessarily non-compliance.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Art. 53 training-data summary not published per EU Commission template."
        },
        "data_residency": {
          "value": "yes_platform_only",
          "confidence": "medium",
          "source": "https://trustcenter.cohere.com/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No region pinning on the first-party hosted API: the trust center states all infrastructure is on Google Cloud Platform servers in US-Central with no servers outside the US. Cohere's pitched \"deployment flexibility\" (EU or in-region residency) is achieved via private deployments or cloud-partner platforms (Bedrock, Azure, OCI, SageMaker), which are separate offerings - hence yes_platform_only.\n",
          "facts": {
            "hosted_api_region": "GCP US-Central"
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "US-only (hosted API)"
          },
          "evidence": null,
          "caveat": "Region pinning only available via private deployments or cloud-partner platforms."
        },
        "gdpr_dpa": {
          "value": "partial",
          "confidence": "high",
          "source": "https://trustcenter.cohere.com/subprocessors",
          "archived": "http://web.archive.org/web/20260520003425/https://trustcenter.cohere.com/subprocessors",
          "verified": "2026-07-05",
          "notes": "Subprocessor list is public on the trust center (Google Cloud, FullStory, LaunchDarkly, New Relic, Retool, Sentry, Segment, SendGrid, Vercel - all USA). The DPA itself incorporates the 4 June 2021 SCCs and a post-Schrems II transfer impact assessment, but a copy requires a signed NDA (request via trust center / privacy@cohere.com), so the DPA is not public. Partial = published subprocessors + gated DPA.\n",
          "facts": {
            "sccs": "2021-06-04 EU Commission SCCs incorporated",
            "subprocessors_public": true
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "DPA requires NDA; subprocessors listed."
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Cohere appears on the European Commission's GPAI Code of Practice signatory list as a full-code signatory (no chapter limitation, unlike xAI's Safety & Security-only signature). Provider-level obligation of Cohere as model developer; first-party offering so developer = platform.\n",
          "facts": {
            "chapters": "all"
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": "https://trustcenter.cohere.com/subprocessors",
          "archived": "http://web.archive.org/web/20260520003425/https://trustcenter.cohere.com/subprocessors",
          "verified": "2026-07-05",
          "notes": "Documented negative for this offering: the trust center FAQ states Cohere \"may execute a Business Associate Agreement (BAA) for custom model development engagements\" but that the BAA \"does not cover Cohere hosted products and applications such as Cohere's SaaS services\" - i.e. no BAA for the hosted Cohere API. A Nov 2025 cohere.com blog announced BAA availability for healthcare custom-model work (lead only, not cited).\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "BAA only covers custom model development, not hosted SaaS services."
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://trustcenter.cohere.com/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "ISO/IEC 27001 (ISMS) certification listed on the trust center; certificate is requestable there without a stated NDA requirement. Cohere announced achieving ISO 27001 together with ISO 42001 in mid-2025 (company announcement used as lead only).\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://trustcenter.cohere.com/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "ISO/IEC 42001 (AI management system) certification listed on the trust center alongside ISO 27001; AIMS certificate requestable there. One of the earlier model developers to hold 42001.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://cohere.com/enterprise-data-commitments",
          "archived": "http://web.archive.org/web/20260518081810/https://cohere.com/enterprise-data-commitments",
          "verified": "2026-07-05",
          "notes": "Retention is publicly documented: logged prompts and generations are automatically deleted after 30 days (exceptions for legal requirements and flagged misuse). Zero-data-retention exists but is restricted - \"we only allow ZDR for enterprise customers who can make additional commitments about their usage\" - so ZDR is enterprise/sales-gated and not a self-serve configuration.\n",
          "facts": {
            "retention_days": 30
          },
          "availability": {
            "tier": "enterprise_only",
            "route": "sales_contract",
            "default": "requires_approval",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Zero-data-retention is enterprise/sales-gated."
        },
        "soc2_type2": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://trustcenter.cohere.com/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Trust center states Cohere undergoes an annual SOC 2 Type II audit; obtaining the report requires a signed mutual NDA via the trust center. cohere.com/security also states the API platform is SOC 2 Type II compliant.\n",
          "facts": {
            "audit_cadence": "annual"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Report access requires a signed mutual NDA."
        },
        "training_on_customer_data": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://cohere.com/enterprise-data-commitments",
          "archived": "http://web.archive.org/web/20260518081810/https://cohere.com/enterprise-data-commitments",
          "verified": "2026-07-05",
          "notes": "No commitment not to train by default on the SaaS API: Cohere states customers \"can opt out from your prompts and generations being used to train Cohere models\" via dashboard settings, i.e. training use is on unless the customer toggles it off (opt-out, not opt-in). Cohere says it filters/strips common personal information before any training use. For private/cloud-partner deployments Cohere receives no prompts or generations at all. Confidence medium because the default-on state is implied by the opt-out framing rather than stated as \"default\".\n",
          "facts": {
            "opt_out_location": "dashboard Settings > Data Controls"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Training on API data is opt-out by default."
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://trustcenter.cohere.com/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Maintained trust center (trustcenter.cohere.com) listing SOC 2 Type II, ISO 27001, ISO 42001, UK Cyber Essentials, GDPR/CCPA/HIPAA posture, a public subprocessor list, pen-test reports, and NDA-gated document requests (SOC 2 report, DPA).\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "soc2_type2",
          "label": "SOC 2 Type II",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "Report access requires a signed mutual NDA."
        },
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "BAA only covers custom model development, not hosted SaaS services."
        },
        {
          "key": "gdpr_dpa",
          "label": "GDPR DPA",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "DPA requires NDA; subprocessors listed."
        },
        {
          "key": "training_on_customer_data",
          "label": "No-training default",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Training on API data is opt-out by default."
        },
        {
          "key": "retention_zdr",
          "label": "Retention / ZDR",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "Zero-data-retention is enterprise/sales-gated."
        },
        {
          "key": "data_residency",
          "label": "Residency",
          "value": "yes_platform_only",
          "value_label": "Yes, platform-only",
          "tone": "gated",
          "caveat": "Region pinning only available via private deployments or cloud-partner platforms."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 training-data summary not published per EU Commission template."
        }
      ],
      "watchout_count": 7
    },
    {
      "id": "cohere-bedrock",
      "name": "Cohere via AWS Bedrock",
      "developer": "Cohere",
      "platform": "AWS Bedrock",
      "category": "cloud_distribution",
      "model_family": "Command",
      "summary": "Cohere's Command and Embed model families served as third-party foundation models on Amazon Bedrock. Vendor-trust and data-handling dimensions reflect AWS Bedrock (the serving platform); EU AI Act dimensions reflect Cohere as the GPAI model developer.\n",
      "sort_order": 10,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Developer-level dimension: Article 53(1)(d) applies to Cohere as the GPAI provider, not to AWS. No public summary of training content using the EC's mandatory template (published 2025-07-24) was found for Cohere's Command models on cohere.com, docs.cohere.com, or via the EC. Cohere's model documentation (e.g., docs.cohere.com/docs/command-a-plus) contains a narrative training-data disclosure (public, proprietary, vendor, and synthetic sources), but it is not the EU template and does not reference Article 53. Models already on the market before 2025-08-02 benefit from the 2027-08-02 transitional deadline; newer models (post-Aug-2025 releases) should have one, worth human re-check.\n",
          "facts": {
            "transitional_deadline": "models placed on market before 2025-08-02 have until 2027-08-02 to publish"
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Art. 53 summary not published for Cohere Command models."
        },
        "data_residency": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://docs.aws.amazon.com/bedrock/latest/userguide/models-region-compatibility.html",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Platform-level (AWS Bedrock). Bedrock is a regional service, customers pick the region and content is encrypted and stored at rest in-region. Cohere models are available in EU regions, but availability varies by model; verify the specific Command/Embed model's regions on the AWS 'models at a glance' page. Caveat: optional cross-region inference profiles process (and, where retention applies, store) data in other regions within the chosen geography, keep it disabled or EU-scoped for strict residency.\n",
          "facts": {
            "cohere_eu_example": "Cohere Embed v4: on-demand in eu-west-1; EU cross-region inference profile spans eu-central-1/2, eu-north-1, eu-south-1/2, eu-west-1/2/3",
            "at_rest_commitment": "Customer content processed by Amazon Bedrock is encrypted and stored at rest in the AWS Region where you are using Amazon Bedrock (Bedrock FAQ)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "EU available"
          },
          "evidence": null,
          "caveat": null
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/gdpr-center/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Platform-level (AWS). The AWS GDPR DPA is incorporated into the AWS Service Terms and applies automatically, including EC Standard Contractual Clauses; AWS publishes a sub-processors page. No separate signature needed for the standard DPA.\n",
          "facts": {
            "sccs": "EC SCCs (June 2021) incorporated into AWS Service Terms, apply automatically",
            "subprocessor_list": "https://aws.amazon.com/compliance/sub-processors/"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Developer-level dimension (two-level rule): the GPAI Code of Practice is a model-provider obligation, so this cell describes Cohere, not AWS. Cohere is named on the European Commission's signatory list for the GPAI Code of Practice with no chapter limitation. AWS/Amazon is separately a signatory, but for Cohere-on-Bedrock the relevant GPAI provider is Cohere.\n",
          "facts": {
            "chapters": "full code (no chapter restriction noted for Cohere; xAI is the noted Safety & Security-only signatory)"
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "hipaa_baa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/hipaa-eligible-services-reference/",
          "archived": "http://web.archive.org/web/20260703162708/https://aws.amazon.com/compliance/hipaa-eligible-services-reference/",
          "verified": "2026-07-05",
          "notes": "Platform-level (AWS). Amazon Bedrock is on the AWS HIPAA Eligible Services list; customers must execute an AWS Business Associate Addendum before processing PHI (requires_config: the BAA must be accepted and workloads configured per AWS guidance, eligibility is not automatic protection). Covers Cohere model invocations as Bedrock traffic.\n",
          "facts": {
            "baa_mechanism": "AWS BAA accepted self-serve via AWS Artifact"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/iso-certified/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Platform-level (AWS). AWS's ISO certification page lists Amazon Bedrock in scope for the ISO 27001:2022 family; certificates are also available via AWS Artifact.\n",
          "facts": {
            "standards": [
              "ISO/IEC 27001:2022",
              "ISO/IEC 27017:2015",
              "ISO/IEC 27018:2019",
              "ISO/IEC 27701:2019"
            ],
            "scope_note": "Amazon Bedrock in scope (excludes Amazon Bedrock Marketplace)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://aws.amazon.com/compliance/iso-42001-faqs/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Platform-level (AWS). AWS holds accredited ISO/IEC 42001:2023 certification; AWS announcements name Amazon Bedrock among the certified AI services (alongside Amazon Q Business, Textract, Transcribe), and AWS reports a clean first surveillance audit (Nov 2025). However, the public FAQ page does not enumerate in-scope services on-page, the service list is in the certificate, retrieved via AWS Artifact. Confidence medium until the certificate scope is confirmed from Artifact.\n",
          "facts": {
            "certifier": "Schellman Compliance, LLC (ANAB-accredited)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://docs.aws.amazon.com/bedrock/latest/userguide/data-retention.html",
          "archived": "http://web.archive.org/web/20260702094122/https://docs.aws.amazon.com/bedrock/latest/userguide/data-retention.html",
          "verified": "2026-07-05",
          "notes": "Platform-level (AWS Bedrock). Retention is documented and a zero-data- retention mode ('none') is configurable at account or project level via API; under 'default' mode AWS may retain data for abuse detection. requires_config: new accounts default to 'inherit' (model default), so ZDR must be explicitly set. Cohere models' allowed_modes are not publicly enumerated in the docs (only Anthropic examples are shown), confidence medium on Cohere-specific ZDR eligibility; Cohere models are not listed among models requiring provider_data_share.\n",
          "facts": {
            "modes": [
              "default",
              "provider_data_share",
              "none",
              "inherit"
            ],
            "zdr_mode": "data_retention_mode: none, no request/response data written to durable storage by AWS or shared with the model provider",
            "enforcement": "IAM/SCP condition key bedrock:DataRetentionMode can enforce ZDR org-wide"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "soc2_type2": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/services-in-scope/SOC/",
          "archived": "http://web.archive.org/web/20260703162709/https://aws.amazon.com/compliance/services-in-scope/SOC/",
          "verified": "2026-07-05",
          "notes": "Platform-level (AWS). The SOC services-in-scope list is public; the SOC 2 Type II report itself is retrieved via AWS Artifact, a self-serve portal with click-through confidentiality terms (no sales gate). Third-party model traffic on Bedrock runs inside AWS's audited boundary.\n",
          "facts": {
            "scope_note": "Amazon Bedrock in scope for SOC 1, 2, and 3 (excludes Amazon Bedrock Marketplace)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/bedrock/faqs/",
          "archived": "http://web.archive.org/web/20260702232107/https://aws.amazon.com/bedrock/faqs/",
          "verified": "2026-07-05",
          "notes": "Platform-level commitment for this offering: Bedrock states customer content is not used to improve base models and is not shared with model providers (i.e., Cohere never sees prompts/completions). Bedrock's Model Deployment Account design gives providers no access to inference infrastructure or logs. Bedrock's newer data-retention modes include a provider_data_share opt-in required by certain models; Cohere models are not listed among those requiring it, default behavior for Cohere models remains no provider sharing.\n",
          "facts": {
            "commitment": "Inputs and model outputs are not shared with any model providers; content is not used to improve the base models"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Platform-level (AWS). AWS maintains a public compliance portal (compliance programs, services-in-scope matrix, FAQs) plus AWS Artifact for self-serve download of audit reports and certificates. This grades the platform's portal, not Cohere's own trust center.\n",
          "facts": {
            "report_portal": "https://aws.amazon.com/artifact/"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 summary not published for Cohere Command models."
        }
      ],
      "watchout_count": 1
    },
    {
      "id": "llama-bedrock",
      "name": "Llama via AWS Bedrock",
      "developer": "Meta",
      "platform": "AWS Bedrock",
      "category": "cloud_distribution",
      "model_family": "Llama",
      "summary": "Meta's Llama models served through Amazon Bedrock, AWS's managed foundation-model service. Vendor-trust and data-handling posture is AWS's (SOC/ISO scope, AWS BAA, GDPR DPA, Bedrock retention controls); EU AI Act provider obligations (GPAI Code of Practice, Art 53) sit with Meta as the model developer. Meta is absent from the EC's GPAI Code of Practice signatory list, and current-generation Llama models on Bedrock are served in US geography only.\n",
      "sort_order": 11,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Grades Meta (model developer); checked independently of the CoP signatory question, since declining the Code does not imply Art 53 non-publication. No public training-content summary using the EU Commission's Article 53(1)(d) template (adopted 2025-07-24) was found on ai.meta.com or llama.com as of 2026-07-05. Meta's Llama model cards and launch posts do describe training data at category level (e.g. Llama 4 pretrained on \"a mix of publicly available, licensed data and information from Meta's products and services, including publicly shared posts from Instagram and Facebook\"), which is transparency but not the EU-template summary. Context: the template applies to models placed on the EU market from 2025-08-02; models placed earlier (e.g. Llama 4, April 2025) have until 2027-08-02. Worth a human re-check for a template-based summary published somewhere this research missed, and re-verification for any Llama model placed on the market after 2025-08-02.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Art. 53 summary template not published for models placed on EU market before 2025-08-02."
        },
        "data_residency": {
          "value": "partial",
          "confidence": "high",
          "source": "https://docs.aws.amazon.com/bedrock/latest/userguide/model-card-meta-llama-3-2-1b-instruct.html",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Platform-level pinning is real: Bedrock stores customer content at rest in the region of use (Bedrock FAQ), and Geo inference profiles never route outside their geography. But value=partial because for Llama specifically, current-generation models (Llama 3.3, Llama 4) are served only in US geography (no EU in-region or EU geo profile on their model cards as of 2026-07-05); EU-geography routing exists only for legacy Llama 3.2 profiles (Frankfurt/Ireland/Paris), which AWS lists as Legacy with a model EOL date of 2026-07-07, i.e. EU-pinned Llama on Bedrock is effectively disappearing. default=requires_config because residency depends on choosing the right region/profile and keeping cross-region inference within the intended geography.\n",
          "facts": {
            "eu_geo_example": "eu.meta.llama3-2-1b-instruct-v1:0 (eu-central-1/eu-west-1/eu-west-3)",
            "us_geo_example": "us.meta.llama3-3-70b-instruct-v1:0 (us-east-1/us-east-2/us-west-2)",
            "llama32_lifecycle": "Legacy, model EOL date 2026-07-07"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "US geo for current-gen Llama; EU geo only via legacy Llama 3.2 profiles"
          },
          "evidence": null,
          "caveat": "Llama 3.3/4 models are US-only; EU pinning is legacy."
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/gdpr-center/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "The AWS GDPR Data Processing Addendum is incorporated automatically into the AWS Service Terms for all customers, includes the 2021 EU Standard Contractual Clauses (plus UK and Swiss addenda), and AWS maintains a published sub-processors page referenced from the GDPR Center. Grades AWS's terms for the Bedrock offering, not Meta's.\n",
          "facts": {
            "sccs": "EC June 2021 SCCs incorporated"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Two-level rule: the GPAI Code of Practice is a provider (model developer) obligation, so this cell grades Meta, not AWS. Meta does not appear on the European Commission's signatory list for the GPAI Code of Practice as of 2026-07-05 (list checked directly; signatories include Amazon, Anthropic, Google, Microsoft, OpenAI, Mistral AI, and others; xAI signed the Safety & Security chapter only). Meta publicly stated in July 2025 that it would not sign the Code. Stated neutrally: absence from the signatory list is not itself non-compliance with the AI Act, demonstrating compliance with GPAI obligations through alternative adequate means remains legally possible. Note Amazon's own signature covers Amazon as a GPAI provider and does not substitute for Meta's obligations for Llama.\n",
          "facts": {
            "signatory": "Meta, not listed"
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Meta is not on the EC's GPAI Code of Practice signatory list."
        },
        "hipaa_baa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/hipaa-eligible-services-reference/",
          "archived": "http://web.archive.org/web/20260703162708/https://aws.amazon.com/compliance/hipaa-eligible-services-reference/",
          "verified": "2026-07-05",
          "notes": "Amazon Bedrock is on AWS's public HIPAA Eligible Services list, which covers Llama models served through Bedrock. PHI use requires first entering the AWS Business Associate Addendum (accepted self-serve via AWS Artifact agreements). default=requires_config because the BAA must be accepted and workloads confined to eligible services before PHI is in scope.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/iso-certified/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Grades AWS (serving platform). AWS holds ISO/IEC 27001:2022 certification with Amazon Bedrock named on the public ISO-certified services list (also 27017/27018/27701 programs). Certificates downloadable via AWS Artifact.\n",
          "facts": {
            "standard": "ISO/IEC 27001:2022",
            "scope_note": "Amazon Bedrock listed (excludes Amazon Bedrock Marketplace)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://aws.amazon.com/compliance/iso-42001-faqs/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Grades AWS (serving platform). AWS holds an accredited ISO/IEC 42001:2023 AI-management-system certification (certifier Schellman, ANAB-accredited); AWS announced (Nov 2024) that the initial scope covered Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe, and reported a clean first surveillance audit (Nov 2025). The FAQ page confirms the certificate exists but the authoritative service-scope list is inside the certificate, accessed via AWS Artifact, hence medium confidence pending a human pull of the certificate. Note this is AWS's platform certification; it says nothing about Meta's own AI-management practices.\n",
          "facts": {
            "standard": "ISO/IEC 42001:2023",
            "first_certified": "2024-11"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://docs.aws.amazon.com/bedrock/latest/userguide/data-retention.html",
          "archived": "http://web.archive.org/web/20260702094122/https://docs.aws.amazon.com/bedrock/latest/userguide/data-retention.html",
          "verified": "2026-07-05",
          "notes": "Retention is documented in detail. Bedrock's data-retention page states there is \"no data retention change to models released before Claude Fable 5\", all Bedrock Llama models predate that, so the prior zero-retention baseline (prompts/completions not stored) continues to apply, and customers can additionally set data_retention_mode: none at account or project scope and enforce it org-wide via SCPs for guaranteed ZDR. The provider_data_share gate applies to certain Anthropic models, not Llama. Confidence medium because Llama models' per-model allowed_modes are not publicly enumerated, and under \"default\" mode AWS notes it may retain data for safety/abuse-detection purposes; opt-in features (e.g. model invocation logging) also create customer-controlled retention. If cross-region inference is enabled, any retained inputs/outputs are stored in destination regions.\n",
          "facts": {
            "zdr_mode": "data_retention_mode: none (account or project scope)",
            "scp_enforcement": "org-wide ZDR enforceable via bedrock:DataRetentionMode condition key"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "soc2_type2": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/compliance/services-in-scope/SOC/",
          "archived": "http://web.archive.org/web/20260703162709/https://aws.amazon.com/compliance/services-in-scope/SOC/",
          "verified": "2026-07-05",
          "notes": "Two-level rule: this grades AWS (the serving platform), not Meta. Amazon Bedrock is listed with a checkmark on AWS's SOC services-in-scope page. The SOC 2 Type II report itself is retrieved self-serve via AWS Artifact (console, click-through confidentiality terms) rather than a public download.\n",
          "facts": {
            "scope_note": "Amazon Bedrock in scope for SOC 1, 2, 3 (excludes Amazon Bedrock Marketplace)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/bedrock/faqs/",
          "archived": "http://web.archive.org/web/20260702232107/https://aws.amazon.com/bedrock/faqs/",
          "verified": "2026-07-05",
          "notes": "Bedrock FAQ: \"Your content is not used to improve the base models and is not shared with any model providers\"; inputs and outputs are not shared with model providers. Architecturally, Bedrock runs each provider's model in an AWS-operated Model Deployment Account that the provider cannot access, so Meta has no access to customer prompts/completions (docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html). No Llama model is documented as requiring the provider_data_share retention mode (that opt-in currently applies to certain Anthropic models only).\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://aws.amazon.com/artifact/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "AWS Artifact is the compliance portal: on-demand, self-serve access to auditor-issued reports/certifications and to agreements (e.g. the BAA) from the AWS console, complemented by the public AWS Trust Center (aws.amazon.com/trust-center) and compliance program pages. This grades AWS, not Meta.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "data_residency",
          "label": "Residency",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Llama 3.3/4 models are US-only; EU pinning is legacy."
        },
        {
          "key": "gpai_cop",
          "label": "GPAI Code",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Meta is not on the EC's GPAI Code of Practice signatory list."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 summary template not published for models placed on EU market before 2025-08-02."
        }
      ],
      "watchout_count": 3
    },
    {
      "id": "llama-azure",
      "name": "Llama via Azure AI",
      "developer": "Meta",
      "platform": "Microsoft Azure (Azure AI Foundry / Models-as-a-Service)",
      "category": "cloud_distribution",
      "model_family": "Llama",
      "summary": "Meta's Llama models served as third-party serverless (Models-as-a-Service / standard) deployments on Microsoft Azure AI Foundry. Microsoft hosts the model on Microsoft-managed infrastructure and acts as data processor; Meta remains the model developer and the GPAI provider for EU AI Act purposes.\n",
      "sort_order": 12,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "EU AI Act dimension, assessed against Meta as GPAI provider. As of 2026-07-05, searches found no Meta-published public summary of Llama training content using the EC's Article 53(1)(d) template (template published by the AI Office on 2025-07-24; obligation applies from 2025-08-02, with models placed on the market before that date having until 2027-08-02). Meta's model cards/blogs describe training data only at a high level (\"publicly available sources\"), which is not the EU template summary. Confidence medium: absence of evidence from public search, not a verified statement of non-publication.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Art. 53 training-data summary not published by developer."
        },
        "data_residency": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/azure/foundry-classic/how-to/concept-data-privacy",
          "archived": "http://web.archive.org/web/20260601164801/https://learn.microsoft.com/en-us/azure/foundry-classic/how-to/concept-data-privacy",
          "verified": "2026-07-05",
          "notes": "Commitment is geography-level, not region-level: \"Prompts and outputs are processed within the geography specified during deployment, but they might be processed between regions within the geography for operational purposes.\" Serverless MaaS deployments are regional (customer picks the region at deployment), but Llama serverless availability is limited to a subset of regions. Global-standard deployment types process data in any Azure location (only data at rest stays in the designated geography). Public docs do not explicitly confirm EU Data Boundary applicability to third-party MaaS model inference. Graded partial: region pinning exists but with in-geography cross-region processing and model-dependent region availability.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "limited regions incl. EU (serverless availability varies by model)"
          },
          "evidence": null,
          "caveat": "In-geography cross-region processing may occur; model availability varies by region."
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "The Microsoft Products and Services DPA is public, incorporates the EU Standard Contractual Clauses, and applies by default to Azure services; the model-catalog data privacy doc explicitly says the DPA \"governs data processing by Azure services\" including model catalog deployments. Microsoft publishes a subprocessor list. Microsoft (not Meta) is the data processor for MaaS prompts/outputs.\n",
          "facts": {
            "sccs": "included in DPA",
            "subprocessor_list": "published (Microsoft online services subprocessor list)"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "EU AI Act dimension, assessed against the model developer (Meta), per the two-level rule, since the GPAI Code of Practice is a provider obligation. Meta is absent from the European Commission's GPAI Code of Practice signatory list as checked 2026-07-05 (23 signatories listed; Meta not among them). Absence from the list does not preclude Meta from demonstrating AI Act compliance through alternative adequate means. Note: Microsoft (the serving platform) is itself a signatory, but that does not cover Meta's provider obligations for Llama.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Developer not on EC GPAI Code of Practice signatory list."
        },
        "hipaa_baa": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-hipaa-us",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Microsoft offers a HIPAA BAA by default to covered entities/business associates via the Product Terms and DPA (\"execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement\"), no separate signature needed. However, the BAA applies only to \"in-scope Azure services\", and the in-scope list (Appendices of the Microsoft Azure Compliance Offerings document) is a gated STP PDF; public docs do not explicitly confirm that third-party serverless MaaS model deployments (Llama) are HIPAA-BAA-in-scope. Graded partial for that gap.\n",
          "facts": {
            "baa_mechanism": "included by default via Microsoft Product Terms / DPA"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "US-focused"
          },
          "evidence": null,
          "caveat": "BAA covers only in-scope Azure services; Llama deployments may not be."
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-iso-27001",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Platform-level (Microsoft Azure) certification covering Azure services in audit scope. Same scope caveat as SOC 2: Microsoft states MaaS serverless deployments are subject to Azure compliance commitments, but the in-scope service enumeration is in the certificate/STP documents, not stated per-third-party-model in public docs.\n",
          "facts": {
            "standard": "ISO/IEC 27001:2022",
            "certificate_access": "Service Trust Portal ISO reports section"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001",
          "archived": "http://web.archive.org/web/20260619065258/https://learn.microsoft.com/en-us/compliance/regulatory/offering-iso-42001",
          "verified": "2026-07-05",
          "notes": "Platform-level: Microsoft's ISO/IEC 42001 page lists \"Microsoft Foundry\" among certified AI services (certificates on Service Trust Portal). The certification covers Microsoft's AI management system for the Foundry service; whether the certified scope statement explicitly covers third-party model catalog offerings such as Llama is not publicly documented, hence medium confidence. Meta itself publishes no ISO 42001 certification for Llama.\n",
          "facts": {
            "first_certified": "2025 (Azure AI Foundry Models)",
            "in_scope_service": "Microsoft Foundry"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/azure/foundry-classic/how-to/concept-data-privacy",
          "archived": "http://web.archive.org/web/20260601164801/https://learn.microsoft.com/en-us/azure/foundry-classic/how-to/concept-data-privacy",
          "verified": "2026-07-05",
          "notes": "For serverless API deployments Microsoft states: \"Models are stateless, and they don't store any prompts or outputs\", i.e., zero retention of inference content is the documented default, no configuration or approval required. Content filtering (Azure AI Content Safety), when enabled, screens prompts/outputs \"in real time\". Uploaded fine-tuning data is stored in the customer's datastore until deleted (customer-controlled). Confidence medium because the docs do not spell out ancillary logging (e.g., abuse-monitoring or diagnostic retention) for this deployment mode the way Azure OpenAI docs do.\n",
          "facts": {
            "inference_retention": "none documented (\"models are stateless\")"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "soc2_type2": {
          "value": "yes_public",
          "confidence": "medium",
          "source": "https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-soc-2",
          "archived": "http://web.archive.org/web/20260607191700/https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-soc-2",
          "verified": "2026-07-05",
          "notes": "Two-level rule: this cell grades the serving platform (Microsoft Azure), not Meta. Azure holds an Azure-wide SOC 2 Type 2 attestation; reports are gated behind Service Trust Portal sign-in. Microsoft's model-catalog data privacy doc states serverless API (MaaS) deployments are \"subject to Azure data, privacy, and security commitments\" and the hosting is managed by the Azure Machine Learning service, but the per-service audit-scope list lives in a gated STP document, and public docs do not enumerate third-party MaaS model offerings (e.g. Llama) in the SOC 2 report scope. Confidence medium for that scope nuance.\n",
          "facts": {
            "report_access": "Service Trust Portal (sign-in required)",
            "report_cadence": "semi-annual, rolling 12-month audit window"
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://learn.microsoft.com/en-us/azure/foundry-classic/how-to/concept-data-privacy",
          "archived": "http://web.archive.org/web/20260601164801/https://learn.microsoft.com/en-us/azure/foundry-classic/how-to/concept-data-privacy",
          "verified": "2026-07-05",
          "notes": "Explicit public commitment for serverless API (MaaS) deployments: \"Microsoft doesn't share these prompts and outputs with the model provider. Also, Microsoft doesn't use these prompts and outputs to train or improve Microsoft models, the model provider's models, or any third party's models.\" Fine-tuning data likewise not used to train other models. Caveat (not content): Microsoft may share customer contact information and transaction/usage-volume details with the model publisher (Meta) for marketplace purposes.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://www.microsoft.com/en-us/trust-center",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Microsoft Trust Center (public) plus the Service Trust Portal (servicetrust.microsoft.com; sign-in required for audit reports, certificates, and bridge letters). Maintained and regularly updated; referenced from Azure compliance documentation. This grades the serving platform; Meta has no equivalent compliance portal for Llama.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "BAA covers only in-scope Azure services; Llama deployments may not be."
        },
        {
          "key": "data_residency",
          "label": "Residency",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "In-geography cross-region processing may occur; model availability varies by region."
        },
        {
          "key": "gpai_cop",
          "label": "GPAI Code",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Developer not on EC GPAI Code of Practice signatory list."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 training-data summary not published by developer."
        }
      ],
      "watchout_count": 4
    },
    {
      "id": "xai-api",
      "name": "xAI API",
      "developer": "xAI",
      "platform": "xAI (first-party)",
      "category": "first_party",
      "model_family": "Grok",
      "summary": "xAI's first-party API for the Grok model family. Publicly claims SOC 2 Type 2 compliance and a no-training-by-default policy for API data, with a 30-day default retention window and enterprise-only zero-data-retention; formal reports sit behind an NDA-gated trust center, and EU AI Act engagement is limited to the Safety and Security chapter of the GPAI Code of Practice.\n",
      "sort_order": 13,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No public training-data summary using the EC's Article 53(1)(d) template (published July 2025) was found for Grok models as of 2026-07-05. xAI did not sign the Transparency chapter of the GPAI Code of Practice, and in December 2025 sued to invalidate California's Training Data Transparency Act, arguing training-data disclosure reveals trade secrets, consistent with no EU summary being published. Grok model cards (e.g. data.x.ai Grok 4 model card) describe training data only at a high level and do not follow the EU template.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Art. 53(1)(d) summary not published for Grok models."
        },
        "data_residency": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://docs.x.ai/",
          "archived": "http://web.archive.org/web/20260521070843/https://docs.x.ai/developers/regions",
          "verified": "2026-07-05",
          "notes": "Regional endpoints are publicly documented: the default api.x.ai routes to the lowest-latency region, and requests can be pinned to a region via https://<region-name>.api.x.ai (e.g. eu-west-1 for Europe). This is in-region request processing, not a full at-rest residency guarantee: for stricter requirements (data at rest in a specific region) the docs direct customers to sales@x.ai, with possible additional cost. Direct fetch of the docs page was blocked (verified via search-indexed text and Wayback snapshot), hence medium confidence. [source updated 2026-07-05] The dedicated regions doc page (docs.x.ai/developers/regions) now returns 404 after a docs restructure; the eu-west-1.api.x.ai endpoint remains live (confirmed) and the evidence is retained in the archived snapshot. Live source repointed to the docs root pending the relocated page URL.",
          "facts": {
            "eu_endpoint": "https://eu-west-1.api.x.ai"
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "EU endpoint available (eu-west-1)"
          },
          "evidence": null,
          "caveat": "Data is processed in-region, not guaranteed at-rest residency."
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://x.ai/legal/data-processing-addendum",
          "archived": "http://web.archive.org/web/20260627180019/https://x.ai/legal/data-processing-addendum",
          "verified": "2026-07-05",
          "notes": "Public DPA covering Personal Data submitted via the API. Incorporates EU SCCs (Module 2 controller-to-processor / Module 3 processor-to-processor, governed by Irish law) with the UK Addendum and Swiss FADP modifications. A public subprocessor list is maintained at x.ai/legal/subprocessor-list with 15 days' advance notice of changes. Note: x.ai serves HTTP 403 to automated fetchers; content verified via search-indexed page text and a Wayback snapshot exists.\n",
          "facts": {
            "subprocessor_list": "https://x.ai/legal/subprocessor-list",
            "subprocessor_change_notice_days": 15
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "partial",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "xAI appears on the European Commission's GPAI Code of Practice signatory list, but only for the Safety and Security chapter. Per the EC page: \"xAI signed up to the Safety and Security Chapter; this means that it will have to demonstrate compliance with the AI Act's obligations concerning transparency and copyright via alternative adequate means.\" Applies to xAI as model developer (provider obligation).\n",
          "facts": {
            "chapters_signed": [
              "safety_and_security"
            ],
            "chapters_not_signed": [
              "transparency",
              "copyright"
            ]
          },
          "availability": {
            "tier": "n/a",
            "route": "public",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "xAI's signatory status is limited to the Safety and Security chapter."
        },
        "hipaa_baa": {
          "value": "unclear",
          "confidence": "medium",
          "source": "https://docs.x.ai/developers/faq/security",
          "archived": "http://web.archive.org/web/20260610040608/https://docs.x.ai/developers/faq/security",
          "verified": "2026-07-05",
          "notes": "The API security FAQ tells customers to \"complete our BAA Questionnaire\" to inquire about HIPAA compliance and a Business Associate Agreement. A BAA intake process publicly exists, but there is no public commitment that xAI will sign a BAA, no list of HIPAA-eligible services, and no HIPAA configuration documentation. Graded unclear rather than yes: an inquiry path is not evidence of willingness to sign.\n",
          "facts": null,
          "availability": {
            "tier": "enterprise_only",
            "route": "sales_contract",
            "default": "requires_approval",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "BAA signing is not guaranteed; an inquiry path exists."
        },
        "iso_27001": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No ISO/IEC 27001 claim found on x.ai/security, the API security FAQ, or in web searches as of 2026-07-05. The FAQ lists SOC 2 Type 2, GDPR and CCPA but no ISO certifications. Could exist behind the NDA-gated trust center, but there is no public evidence.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No public ISO/IEC 27001 certification evidence."
        },
        "iso_42001": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No ISO/IEC 42001 (AI management system) claim found anywhere in xAI public materials as of 2026-07-05.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No ISO/IEC 42001 certification found in public materials."
        },
        "retention_zdr": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://docs.x.ai/developers/faq/security",
          "archived": "http://web.archive.org/web/20260610040608/https://docs.x.ai/developers/faq/security",
          "verified": "2026-07-05",
          "notes": "Default retention is publicly documented: \"API requests and responses are temporarily stored on our servers for 30 days\" before automatic deletion. \"Zero Data Retention (ZDR) is an enterprise feature that prevents xAI from storing any API request or response data\" and is \"exclusively available to enterprise accounts\", hence yes_sales_gated: retention is documented publicly, but ZDR requires an enterprise relationship and is not on by default.\n",
          "facts": {
            "zdr_tier": "enterprise_only",
            "default_retention_days": 30
          },
          "availability": {
            "tier": "enterprise_only",
            "route": "sales_contract",
            "default": "requires_approval",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "ZDR requires an enterprise account."
        },
        "soc2_type2": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://docs.x.ai/developers/faq/security",
          "archived": "http://web.archive.org/web/20260610040608/https://docs.x.ai/developers/faq/security",
          "verified": "2026-07-05",
          "notes": "xAI's API security FAQ states \"We are SOC 2 Type 2 compliant.\" The report itself is not public: the FAQ directs customers with a signed NDA to the trust center (trust.x.ai) for certification details. Compliance claim is public; the Type II report is NDA-gated.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Report access requires a signed NDA."
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://docs.x.ai/developers/faq/security",
          "archived": "http://web.archive.org/web/20260610040608/https://docs.x.ai/developers/faq/security",
          "verified": "2026-07-05",
          "notes": "API security FAQ: \"xAI never trains on your API inputs or outputs without your explicit permission.\" No-training is the default for API traffic; opt-in is required for training use. (Consumer Grok products have different defaults; this cell covers the API offering only.)\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://trust.x.ai",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "\"xAI Trust Center\" exists at trust.x.ai and is linked from the API security FAQ. The portal exists publicly, but per the FAQ, certification and governance documents require a signed NDA (\"Customers with a signed NDA can refer to our Trust Center\").\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "soc2_type2",
          "label": "SOC 2 Type II",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "Report access requires a signed NDA."
        },
        {
          "key": "iso_27001",
          "label": "ISO 27001",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No public ISO/IEC 27001 certification evidence."
        },
        {
          "key": "iso_42001",
          "label": "ISO 42001",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No ISO/IEC 42001 certification found in public materials."
        },
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "unclear",
          "value_label": "Unclear",
          "tone": "none",
          "caveat": "BAA signing is not guaranteed; an inquiry path exists."
        },
        {
          "key": "retention_zdr",
          "label": "Retention / ZDR",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "ZDR requires an enterprise account."
        },
        {
          "key": "data_residency",
          "label": "Residency",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Data is processed in-region, not guaranteed at-rest residency."
        },
        {
          "key": "gpai_cop",
          "label": "GPAI Code",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "xAI's signatory status is limited to the Safety and Security chapter."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53(1)(d) summary not published for Grok models."
        }
      ],
      "watchout_count": 8
    },
    {
      "id": "deepseek-api",
      "name": "DeepSeek API (first-party)",
      "developer": "DeepSeek",
      "platform": "DeepSeek",
      "category": "first_party",
      "model_family": "DeepSeek",
      "summary": "First-party API access to DeepSeek models via the DeepSeek Open Platform, operated by Hangzhou DeepSeek Artificial Intelligence Co., Ltd. Its privacy policy states personal data is collected, processed and stored in the People's Republic of China, and no public security certifications, trust center, DPA, or EU AI Act Code of Practice signature were found as of 2026-07-05.\n",
      "sort_order": 14,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No Article 53(1)(d) public training-content summary using the EU AI Office template was found on deepseek.com, api-docs.deepseek.com, or in DeepSeek model release materials. Per the EC, models placed on the market before 2 August 2025 must publish the summary by 2 August 2027; technical reports DeepSeek has published for its models are not summaries in the EU template format.\n",
          "facts": {
            "ec_template_reference": "https://digital-strategy.ec.europa.eu/en/news/commission-presents-template-general-purpose-ai-model-providers-summarise-data-used-train-their",
            "ec_template_reference_archived": "http://web.archive.org/web/20260626080157/https://digital-strategy.ec.europa.eu/en/news/commission-presents-template-general-purpose-ai-model-providers-summarise-data-used-train-their"
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Art. 53 training-data summary not published per EU AI Office template."
        },
        "data_residency": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": "https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html",
          "archived": "http://web.archive.org/web/20260702015718/https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html",
          "verified": "2026-07-05",
          "notes": "No region-pinning or EU-residency option exists. The privacy policy (last update Feb 10, 2026) states: \"To provide you with our services, we directly collect, process and store your Personal Data in People's Republic of China.\" It also notes: \"The Personal Data we collect from you may be stored on a server located outside of the country where you live.\" The Italian Garante's 30 January 2025 press release (docweb 10097450) records that DeepSeek's privacy policy showed personal data stored in China.\n",
          "facts": {
            "storage_location": "People's Republic of China",
            "policy_last_update": "2026-02-10",
            "region_pinning_available": false
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "stored in People's Republic of China per policy"
          },
          "evidence": null,
          "caveat": "Data processed and stored in People's Republic of China."
        },
        "gdpr_dpa": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": "https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html",
          "archived": "http://web.archive.org/web/20260702015718/https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html",
          "verified": "2026-07-05",
          "notes": "No public Data Processing Agreement, Standard Contractual Clauses, or subprocessor list was found; the Open Platform Terms of Service (release date April 22, 2026) contain no GDPR/DPA/SCC provisions. The privacy policy (last update Feb 10, 2026) does include an EEA/UK/ Switzerland section with a legal-bases table and names Prighter Group as EU/UK representative. Separately, on 30 January 2025 the Italian DPA (Garante) imposed a limitation on processing of Italian users' data by Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence (Garante press release, docweb 10097450, https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/10097450).\n",
          "facts": {
            "sccs_referenced": false,
            "eu_representative": "Prighter Group (rep_deepseek@prighter.com)",
            "public_dpa_published": false,
            "subprocessor_list_published": false
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No public DPA, SCCs, or subprocessor list; Italian DPA limited processing for Italian users."
        },
        "gpai_cop": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "DeepSeek (Hangzhou DeepSeek Artificial Intelligence) does not appear on the European Commission's GPAI Code of Practice signatory list, in full or for any individual chapter, as of 2026-07-05. The EC page notes the list is continuously updated as signatures are confirmed. This is a model-developer obligation; developer and platform are the same entity for this first-party offering.\n",
          "facts": {
            "on_signatory_list": false
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "EU"
          },
          "evidence": null,
          "caveat": "Developer not on EC GPAI Code of Practice signatory list."
        },
        "hipaa_baa": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Neither the DeepSeek Open Platform Terms of Service nor the privacy policy mentions HIPAA, PHI, or a Business Associate Agreement, and no BAA request channel was found. The Open Platform ToS is governed by the laws of the People's Republic of China (mainland), with disputes heard by courts at the registered office of Hangzhou DeepSeek Artificial Intelligence Co., Ltd.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No BAA offered; governed by PRC law, not US HIPAA."
        },
        "iso_27001": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No ISO/IEC 27001 certificate, certificate number, or certification claim was found on deepseek.com or in DeepSeek's published policies. No accredited-registrar listing for Hangzhou DeepSeek Artificial Intelligence Co., Ltd. was located.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No ISO/IEC 27001 certification found."
        },
        "iso_42001": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No ISO/IEC 42001 (AI management system) certification claim was found in any DeepSeek public material.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No ISO/IEC 42001 certification found in public materials."
        },
        "retention_zdr": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html",
          "archived": "http://web.archive.org/web/20260702015718/https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html",
          "verified": "2026-07-05",
          "notes": "Retention is addressed only in general terms: \"We retain Personal Data for as long as necessary to provide our Services and for the other purposes set out in this Privacy Policy.\" No numeric retention periods are published, and no zero-data-retention option, retention configuration, or enterprise ZDR channel was found in the Open Platform Terms of Service or API documentation. Graded partial because retention is documented (vaguely) but ZDR has no public evidence.\n",
          "facts": {
            "zdr_available": false,
            "retention_period_specified": false
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "ZDR not publicly documented; retention periods vague."
        },
        "soc2_type2": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No SOC 2 Type II report, attestation announcement, or audit-report request channel was found on deepseek.com, in the DeepSeek Open Platform Terms of Service, or in the privacy policy. Web searches for \"DeepSeek SOC 2\" surface only third-party resellers of DeepSeek models that hold their own SOC 2 reports, which do not cover this first-party offering.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No SOC 2 Type II report available for this first-party offering."
        },
        "training_on_customer_data": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": "https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html",
          "archived": "http://web.archive.org/web/20260702015718/https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html",
          "verified": "2026-07-05",
          "notes": "No public commitment NOT to train on customer data by default was found; the privacy policy states the opposite. It lists Prompts/Inputs (\"text input, voice input, prompt, uploaded files, photos, feedback, chat history, or other content that you provide to our model and Services\") as collected data and states they are used \"to improve and develop the Services and to train and improve our technology, such as our machine learning models and algorithms.\" The policy's rights section lists \"the right to opt-out of using your Personal Data for training our models or optimizing our technologies\" for all users (not only the European Region). The Open Platform Terms of Service address customers' use of Inputs/Outputs (including distillation) but do not state whether DeepSeek trains on API data. The privacy policy states it applies to DeepSeek \"apps, websites, software, and related services\" that link to it, excluding downstream applications built by platform developers.\n",
          "facts": {
            "opt_out_documented": true,
            "policy_last_update": "2026-02-10",
            "trains_on_inputs_by_default": true
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "API data may be used for model training unless opted out."
        },
        "trust_center": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "No trust center, security portal, or compliance-documentation page was found on deepseek.com or platform.deepseek.com. Public documentation is limited to legal policies hosted at cdn.deepseek.com/policies/ and API docs at api-docs.deepseek.com.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "No public trust center or compliance documentation available."
        }
      },
      "watchouts": [
        {
          "key": "soc2_type2",
          "label": "SOC 2 Type II",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No SOC 2 Type II report available for this first-party offering."
        },
        {
          "key": "iso_27001",
          "label": "ISO 27001",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No ISO/IEC 27001 certification found."
        },
        {
          "key": "iso_42001",
          "label": "ISO 42001",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No ISO/IEC 42001 certification found in public materials."
        },
        {
          "key": "trust_center",
          "label": "Trust center",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No public trust center or compliance documentation available."
        },
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No BAA offered; governed by PRC law, not US HIPAA."
        },
        {
          "key": "gdpr_dpa",
          "label": "GDPR DPA",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "No public DPA, SCCs, or subprocessor list; Italian DPA limited processing for Italian users."
        },
        {
          "key": "training_on_customer_data",
          "label": "No-training default",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "API data may be used for model training unless opted out."
        },
        {
          "key": "retention_zdr",
          "label": "Retention / ZDR",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "ZDR not publicly documented; retention periods vague."
        },
        {
          "key": "data_residency",
          "label": "Residency",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Data processed and stored in People's Republic of China."
        },
        {
          "key": "gpai_cop",
          "label": "GPAI Code",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Developer not on EC GPAI Code of Practice signatory list."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 training-data summary not published per EU AI Office template."
        }
      ],
      "watchout_count": 11
    },
    {
      "id": "deepseek-fireworks",
      "name": "DeepSeek via Fireworks AI",
      "developer": "DeepSeek",
      "platform": "Fireworks AI",
      "category": "cloud_distribution",
      "model_family": "DeepSeek",
      "summary": "Open-weight DeepSeek models (V3/R1 family, including R1-0528, V3.1 and V3.2) served on Fireworks AI's own inference platform. Fireworks is a US company running on AWS/GCP/Oracle data centers; prompts are processed by Fireworks, not sent to DeepSeek (Hangzhou), which is not a subprocessor. Vendor-trust and data-handling dimensions below describe Fireworks; EU AI Act dimensions describe DeepSeek as the model developer.\n",
      "sort_order": 15,
      "dimensions": {
        "art53_summary": {
          "value": "no_public_evidence",
          "confidence": "medium",
          "source": null,
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Describes DeepSeek as the GPAI provider (not Fireworks). No public training-content summary using the EC's mandatory template (published 24 July 2025) was found for DeepSeek V3/R1. Context: for models placed on the market before 2 August 2025, which covers the V3/R1 family, the EC allows summaries to be published as late as 2 August 2027, so absence today is a transparency gap rather than a proven violation. DeepSeek publishes technical reports on training methodology, but these do not follow the Art 53(1)(d) template.\n",
          "facts": null,
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Art. 53 summary not published by EC template deadline."
        },
        "data_residency": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://docs.fireworks.ai/deployments/regions",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "The core point of this row: Fireworks, a US-based company, serves open-weight DeepSeek models entirely on its own infrastructure (AWS, GCP, Oracle Cloud data centers per its DPA, US, Japan, and EU locations). There is no data path to DeepSeek the company: DeepSeek is not a subprocessor and inference does not call DeepSeek's API; the \"China data path\" of DeepSeek's first-party service does not apply here. Region pinning (including EUROPE: Frankfurt and Iceland) is available for on-demand/dedicated deployments; the region of default serverless inference is not publicly specified, and DPA clause 6.1 permits processing anywhere Fireworks or its sub-processors maintain facilities, hence partial. Enterprise page claims \"full support for data residency\" via sales.\n",
          "facts": {
            "eu_locations": [
              "Frankfurt",
              "Iceland"
            ],
            "regions_multi": [
              "GLOBAL",
              "US",
              "EUROPE",
              "APAC"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "requires_config",
            "geography": "EU region available (Frankfurt, Iceland) for dedicated deployments"
          },
          "evidence": null,
          "caveat": "Serverless inference region not specified; DPA permits processing anywhere."
        },
        "gdpr_dpa": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://fireworks.ai/dpa",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Public DPA (PDF) incorporates the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914, Module Two) plus Swiss addendum provisions, and publishes the authorised sub-processor list as Schedule 4 (cloud infrastructure: AWS in the US and Japan, GCP, Oracle Cloud). Subprocessor changes are notified via the Trust Center. DeepSeek is not a sub-processor. Privacy policy separately confirms SCCs for UK/EEA transfers.\n",
          "facts": {
            "sccs": "EU 2021/914 Module Two",
            "subprocessors_listed": [
              "Amazon Web Services",
              "Google Cloud Platform",
              "Oracle Cloud"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "gpai_cop": {
          "value": "no_public_evidence",
          "confidence": "high",
          "source": "https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "archived": "http://web.archive.org/web/20260630025755/https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai",
          "verified": "2026-07-05",
          "notes": "Per the two-level rule this dimension describes DeepSeek, the model developer, the GPAI Code of Practice is a provider obligation, and for open-weight models the GPAI provider remains DeepSeek, not Fireworks. DeepSeek does not appear on the EC's signatory list (23 signatories as of 2026-07-05; xAI is a partial Safety & Security-only signatory). Absence is a finding, though the Code is voluntary and providers may demonstrate AI Act compliance by alternative means. Nuance: some Art 53 obligations are lightened for open-weight releases meeting Art 53(2) conditions, but signatory status is simply absent here.\n",
          "facts": {
            "signatory_count_at_check": 23
          },
          "availability": {
            "tier": "n/a",
            "route": "n/a",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "Developer not on EC GPAI Code of Practice signatory list."
        },
        "hipaa_baa": {
          "value": "partial",
          "confidence": "medium",
          "source": "https://docs.fireworks.ai/guides/security_compliance/data_security",
          "archived": "http://web.archive.org/web/20260621122650/https://docs.fireworks.ai/guides/security_compliance/data_security",
          "verified": "2026-07-05",
          "notes": "Fireworks publicly states the inference platform is HIPAA compliant (docs and enterprise page), which conventionally implies BAA availability, but no public BAA terms were found and the public DPA contains no BAA or HIPAA language. Treat BAA execution as a sales conversation; confirm whether serverless DeepSeek endpoints are in BAA scope or dedicated deployments are required.\n",
          "facts": null,
          "availability": {
            "tier": "enterprise_only",
            "route": "sales_contract",
            "default": "requires_approval",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "BAA coverage for serverless DeepSeek endpoints requires sales confirmation."
        },
        "iso_27001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://docs.fireworks.ai/guides/security_compliance/data_security",
          "archived": "http://web.archive.org/web/20260621122650/https://docs.fireworks.ai/guides/security_compliance/data_security",
          "verified": "2026-07-05",
          "notes": "Fireworks docs state ISO 27001 certification (plus ISO 27701 privacy extension) with certificate PDFs downloadable from the Trust Center. Platform-level certification (Fireworks, not DeepSeek).\n",
          "facts": {
            "also_certified": [
              "ISO 27701"
            ]
          },
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "iso_42001": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://docs.fireworks.ai/guides/security_compliance/data_security",
          "archived": "http://web.archive.org/web/20260621122650/https://docs.fireworks.ai/guides/security_compliance/data_security",
          "verified": "2026-07-05",
          "notes": "Fireworks docs list ISO 42001 (AI management system) among its certifications, with certificate PDFs available via the Trust Center. Certifies Fireworks' AI management practices as the serving platform; it says nothing about DeepSeek's model development practices.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "retention_zdr": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://docs.fireworks.ai/guides/security_compliance/data_handling",
          "archived": "http://web.archive.org/web/20260626170655/https://docs.fireworks.ai/guides/security_compliance/data_handling",
          "verified": "2026-07-05",
          "notes": "Zero data retention is the documented default for open models: prompt and generation data \"exist only in volatile memory for the duration of the request\" and are not written to persistent storage without explicit opt-in. The public DPA makes this contractual when the service is used in its Zero Data Retention configuration. Exception: the Responses API stores conversation state for 30 days when store=true (that API's default), set store=false for strict ZDR. Confirm your integration path stays within the ZDR configuration.\n",
          "facts": {
            "responses_api_retention_days": 30
          },
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "soc2_type2": {
          "value": "yes_sales_gated",
          "confidence": "high",
          "source": "https://docs.fireworks.ai/guides/security_compliance/data_security",
          "archived": "http://web.archive.org/web/20260621122650/https://docs.fireworks.ai/guides/security_compliance/data_security",
          "verified": "2026-07-05",
          "notes": "Fireworks' security docs state the platform is SOC 2 Type II compliant and that \"documentation and audit reports are available in our Trust Center\" (trust.fireworks.ai). The report itself is gated behind Trust Center access; the attestation of SOC 2 Type II status is public. This covers the Fireworks serving platform, not DeepSeek the developer.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "trust_center_nda",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": "SOC 2 Type II report access requires Trust Center login."
        },
        "training_on_customer_data": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://fireworks.ai/privacy-policy",
          "archived": "http://web.archive.org/web/20260610041739/https://fireworks.ai/privacy-policy",
          "verified": "2026-07-05",
          "notes": "Privacy policy: \"We do not use your prompts, training data, or API inputs to train or improve our AI models without your explicit opt-in.\" The public DPA reinforces this contractually, prohibiting \"using Covered Data to train, fine-tune, or otherwise improve any shared or foundational model.\" Because Fireworks hosts open weights, customer data also cannot reach DeepSeek for training.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "enabled",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        },
        "trust_center": {
          "value": "yes_public",
          "confidence": "high",
          "source": "https://trust.fireworks.ai/",
          "archived": null,
          "verified": "2026-07-05",
          "notes": "Maintained SafeBase-style trust center; hosts certifications, audit reports, and (per the DPA) subprocessor-change notifications customers can subscribe to. Page is JS-rendered; no Wayback snapshot exists as of verification date.\n",
          "facts": null,
          "availability": {
            "tier": "self_serve",
            "route": "public",
            "default": "n/a",
            "geography": "unspecified"
          },
          "evidence": null,
          "caveat": null
        }
      },
      "watchouts": [
        {
          "key": "soc2_type2",
          "label": "SOC 2 Type II",
          "value": "yes_sales_gated",
          "value_label": "Yes, sales-gated",
          "tone": "gated",
          "caveat": "SOC 2 Type II report access requires Trust Center login."
        },
        {
          "key": "hipaa_baa",
          "label": "HIPAA BAA",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "BAA coverage for serverless DeepSeek endpoints requires sales confirmation."
        },
        {
          "key": "data_residency",
          "label": "Residency",
          "value": "partial",
          "value_label": "Partial",
          "tone": "gated",
          "caveat": "Serverless inference region not specified; DPA permits processing anywhere."
        },
        {
          "key": "gpai_cop",
          "label": "GPAI Code",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Developer not on EC GPAI Code of Practice signatory list."
        },
        {
          "key": "art53_summary",
          "label": "Art. 53 summary",
          "value": "no_public_evidence",
          "value_label": "No public evidence",
          "tone": "none",
          "caveat": "Art. 53 summary not published by EC template deadline."
        }
      ],
      "watchout_count": 5
    }
  ]
}