Registry / Anthropic API
Anthropic API
Anthropic's first-party Claude API (api.anthropic.com). Anthropic is both model developer and serving platform, so vendor-trust, data-handling, and EU AI Act dimensions all describe Anthropic directly. Commercial terms prohibit training on customer content; ZDR and HIPAA-ready configurations are available but sales-gated.
Watch-outs 4
The cells where this offering is not a clean public yes. This is what to check before you sign.
- HIPAA BAA: Yes, sales-gated BAA only for eligible feature subset; contact sales.
- Retention / ZDR: Yes, sales-gated ZDR unavailable for Claude Fable 5 and Mythos 5 models.
- Residency: Partial EU data residency not supported; US-only region pinning.
- Art. 53 summary: No public evidence Art. 53 training-data summary not published per EU template.
Anthropic's official help-center certifications page publicly states "SOC 2 Type I & Type II" for commercial products "such as Claude for Work and the Anthropic API". The report itself is not a public download; copies are requested via the Trust Portal (trust.anthropic.com), which uses an access-request/NDA flow.
tier: self_serve · route: trust_center_nda · default: enabled ·
scope_note: Commercial products incl. the Anthropic API and Claude for Work; consumer plans (Free/Pro/Max) excluded · attestation: SOC 2 Type I & Type II
Publicly listed on Anthropic's certifications page; certificate copies are obtained via the Trust Portal (trust.anthropic.com).
tier: self_serve · route: trust_center_nda · default: enabled ·
standard: ISO 27001:2022 (Information Security Management) · scope_note: Commercial products incl. the Anthropic API; consumer plans excluded
Anthropic announced accredited ISO/IEC 42001:2023 certification on 2025-01-13, issued by Schellman (accredited by the ANSI National Accreditation Board), and states it is one of the first frontier AI labs to achieve it. The issued certificate is hosted on the Trust Center; also listed on the help-center certifications page.
tier: self_serve · route: trust_center_nda · default: enabled ·
standard: ISO/IEC 42001:2023 (AI Management Systems) · announced: 2025-01-13 · certifier: Schellman Compliance, LLC (ANAB-accredited)
Maintained trust portal at trust.anthropic.com; Anthropic's official pages (help center, API docs) direct readers there for compliance documentation, incl. the HIPAA Implementation Guide at trust.anthropic.com/resources. Portal is JS-rendered; the landing page is public, but document downloads (SOC 2 report etc.) go through an access-request/NDA flow.
tier: self_serve · route: trust_center_nda · default: enabled ·
portal: SafeBase-style Trust Portal · resources_note: Hosts certifications, HIPAA Implementation Guide, and compliance documentation
BAA available for the first-party API: contact Anthropic sales to sign a BAA, then Anthropic provisions a dedicated HIPAA-enabled organization that automatically blocks non-eligible features (400 error). Historically HIPAA required ZDR; HIPAA-ready API access now removes that requirement. Only a feature subset is eligible (Messages API yes; Batch/Files/code execution/web fetch no). Covered Models (Claude Fable 5 / Mythos 5) require 30-day retention and are not usable with ZDR enabled. Also documented at privacy.claude.com article 8114513 ("Business Associate Agreements (BAA) for Commercial Customers").
tier: enterprise_only · route: sales_contract · default: requires_config ·
not_covered: Console/Workbench, consumer plans, Claude Code, Claude Platform on AWS, most beta features · covered_tier: First-party Claude API (HIPAA-enabled organization) and Claude Enterprise
Public DPA incorporated by reference into the Anthropic Commercial Terms of Service (no separate signature flow required). Schedule 3 contains EU SCCs, UK Addendum, and Swiss Addendum; Schedule 4 points to the published subprocessor list.
tier: self_serve · route: public · default: enabled ·
sccs: EU SCCs Modules 2 & 3 incorporated; UK Addendum and Swiss Addendum included · subprocessor_list: https://www.anthropic.com/subprocessors
Commercial Terms (Customer Content section) state Anthropic may not train models on Customer Content from the Services; API docs reiterate retained data "is never used for model training without your express permission". Important distinction: in Aug/Sep 2025 Anthropic changed CONSUMER terms (Claude Free/Pro/Max) to allow training when the user enables the setting, with 5-year retention if enabled (anthropic.com/news/updates-to-our-consumer-terms, decision deadline 2025-10-08). That change covers consumer accounts only; the commercial API default (no training on customer content) is unchanged. This cell records the commercial-API answer.
tier: self_serve · route: public · default: enabled ·
consumer_policy_change: 2025 consumer terms update does NOT apply to API/commercial · commercial_terms_effective: 2025-06-17
Retention is documented per-feature in public API docs: conversation content is not retained by default, feature-specific TTLs are listed, and safety-flagged content may be kept up to 2 years even under ZDR. ZDR is available but sales-gated: "To request a ZDR arrangement, contact the Anthropic sales team", enabled per-organization by the account team (new orgs need separate enablement). Gating nuance: Claude Fable 5 and Mythos 5 are Covered Models requiring 30-day retention and are NOT available under ZDR (requests 400 unless a workspace-level 30-day retention override is configured). Stateful features used under a ZDR org step outside the ZDR arrangement.
tier: enterprise_only · route: sales_contract · default: requires_config ·
zdr_scope: Messages API and Token Counting API; Claude Code via commercial API keys or Claude Enterprise · zdr_excluded_features: Batch API (29-day), Files API, code execution (30-day), Managed Agents, Console/Workbench · safety_flag_retention_years: 2 · covered_models_retention_days: 30
Region pinning exists but is US-only. The inference_geo API parameter ("us" or "global", default global) controls where inference runs, self-serve at 1.1x pricing on Opus/Sonnet 4.6 and later; workspace geo (data at rest + endpoint processing) currently supports only "us". No EU residency option is offered on the first-party API, so this fails the "esp. EU" test; graded partial, not yes.
tier: self_serve · route: public · default: requires_config · geography: US pinning only; no EU residency
inference_geo_values: ['global', 'us'] · workspace_geo_values: ['us'] · us_inference_price_multiplier: 1.1
Anthropic appears on the European Commission's GPAI Code of Practice signatory list. The EC page singles out xAI as having signed only the Safety and Security chapter; no such qualification is listed for Anthropic, implying a full (all-chapters) signature. Anthropic's own announcement: anthropic.com/news/eu-code-practice.
tier: self_serve · route: public · default: enabled · geography: EU
signed: July 2025 · chapters: Full signatory (EC page flags only xAI as a partial, Safety & Security-only signatory)
No public training-content summary using the EC's Article 53(1)(d) template was found on anthropic.com, the Transparency Hub, or the Trust Center as of 2026-07-05. Model/system cards describe training data at a high level (public web data crawled per robots.txt, licensed third-party datasets, user-shared/crowd-worker data) but do not follow the EU template. Since models released after 2025-08-02 trigger the obligation, absence of a findable template summary is notable but may reflect publication in a location not surfaced by search; flagged for human review.
geography: EU
deadline_note: Required for models placed on the EU market on/after 2025-08-02; pre-existing models have until 2027-08-02 · ec_template_published: 2025-07-24
no public source
Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.