Registry / AWS Bedrock (platform)
AWS Bedrock (platform)
Amazon Bedrock is AWS's managed platform for serving foundation models from multiple providers. This platform-level row covers AWS's own audit scope, contractual terms, and Bedrock-wide data-handling commitments; model-specific behavior (e.g. provider data sharing for certain Anthropic models) is noted where it deviates from the platform default.
Amazon Bedrock is listed in scope for AWS SOC 1/2/3 reports, explicitly "excludes Amazon Bedrock Marketplace". The in-scope listing is public; the SOC 2 Type II report itself is retrieved self-serve via AWS Artifact (requires an AWS account, no sales contact).
tier: self_serve · route: public · default: enabled ·
scope_exclusion: Amazon Bedrock Marketplace
Amazon Bedrock is in scope for AWS's ISO/IEC 27001:2022 certification (again excluding Bedrock Marketplace). AWS also holds ISO 27017/27018/ 27701 and CSA STAR CCM v4.0 across the same services-in-scope list.
tier: self_serve · route: public · default: enabled ·
other_iso: ['27017:2015', '27018:2019', '27701:2019', '22301:2019', '20000-1:2018', '9001:2015'] · scope_exclusion: Amazon Bedrock Marketplace
AWS holds an accredited ISO/IEC 42001:2023 (AI management system) certification. AWS publicly announced Amazon Bedrock among the certified services (with Amazon Q Business, Textract, Transcribe), but the FAQ page itself defers the authoritative service scope to the certificate, which is retrieved via AWS Artifact in the console. Confidence medium because the public compliance page does not itself enumerate Bedrock in scope; the named-service claim comes from AWS's own announcement and the Artifact certificate. Human reviewer with an AWS account should confirm Bedrock on the certificate.
tier: self_serve · route: public · default: enabled ·
first_certified: 2024 · surveillance_audit: 2025 (completed, no findings per AWS)
AWS maintains a public compliance portal (aws.amazon.com/compliance, including per-service in-scope listings) plus AWS Artifact, a self-serve console service for downloading audit reports, certifications, and accepting agreements (including the BAA) without sales involvement.
tier: self_serve · route: public · default: enabled ·
compliance_portal: https://aws.amazon.com/compliance/
Amazon Bedrock is on the AWS HIPAA Eligible Services Reference. Customers must enter into the AWS Business Associate Addendum (self-serve via AWS Artifact) before processing PHI in eligible services. Marked requires_config: the BAA must be accepted and workloads configured per AWS's HIPAA guidance; eligibility is not automatic protection.
tier: self_serve · route: public · default: requires_config ·
The AWS GDPR DPA is incorporated into the AWS Service Terms and applies automatically to all customers; the June 2021 EC SCCs apply automatically to transfers to non-adequate third countries. AWS publishes a subprocessor list (infrastructure entities, service providers, third-party providers, European Sovereign Cloud subprocessors) at the URL in facts.
tier: self_serve · route: public · default: enabled ·
sccs: EC June 2021 SCCs, incorporated in AWS Service Terms · subprocessor_list: https://aws.amazon.com/compliance/sub-processors/
Bedrock FAQ commits that "AWS and the third-party model providers will not use any inputs to or outputs from Amazon Bedrock to train Amazon Nova, Amazon Titan, or any third-party models," and that inputs/outputs are not shared with model providers. The Bedrock user guide additionally documents that model providers have no access to the AWS-operated Model Deployment Accounts, so they cannot see Bedrock logs or customer prompts/completions (https://docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html). Caveat: the separate provider_data_share retention mode (see retention_zdr) shares data with the model provider for trust & safety, not training.
tier: self_serve · route: public · default: enabled ·
Platform default is documented as zero data retention (Bedrock "does not store model inputs or outputs" by default) and zero operator access. Exceptions are model-specific and documented: OpenAI GPT-5.4/5.5 classifier-flagged traffic retained up to 30 days for abuse detection; Anthropic Claude Fable 5 (and Mythos 5) require opt-in provider_data_share, with prompts/completions retained up to 30 days and shared with Anthropic for abuse detection/potential human review. Retention is configurable per account/project via data_retention_mode (none = guaranteed ZDR; retention-requiring models are blocked under it) and enforceable via IAM/SCP condition keys. ZDR access to retention-requiring models is per-account, per-model via the AWS account team (requires_approval for that subset). With cross-region inference, retained data is stored in the destination region.
tier: self_serve · route: public · default: enabled ·
default_model: zero data retention + zero operator access · retention_docs: https://docs.aws.amazon.com/bedrock/latest/userguide/data-retention.html · retention_modes: ['default', 'provider_data_share', 'none', 'inherit'] · exception_retention_days: 30
Bedrock FAQ states customer content processed by Bedrock "is encrypted and stored at rest in the AWS Region where you are using Amazon Bedrock." Bedrock endpoints exist in Frankfurt, Ireland, London, Paris, Zurich, Milan, Spain and Stockholm (not every model/feature is in every region). requires_config: the customer chooses the region, and enabling cross-region inference moves processing/retained data to destination regions, so residency depends on configuration.
tier: self_serve · route: public · default: requires_config · geography: EU available (8 EU/UK/CH regions incl. eu-central-1, eu-west-1, eu-west-3, eu-north-1, eu-south-1, eu-south-2, eu-central-2, eu-west-2)
region_endpoints: https://docs.aws.amazon.com/general/latest/gr/bedrock.html
The GPAI Code of Practice is an obligation of the GPAI model provider, not of a distribution platform, so it does not attach to Bedrock as a platform serving third-party models. For the record: Amazon IS on the EC signatory list, having signed the full Code (no chapter limitation noted, unlike xAI's Safety & Security-only signature), that signature is relevant to Amazon as developer of its own models (e.g. Amazon Nova/Titan rows), and each third-party model's CoP status belongs on its developer's row per the two-level rule.
amazon_signatory: full code (all chapters)
The Art 53(1)(d) public training-data summary is a GPAI provider obligation; AWS Bedrock as a serving platform is not the provider of the third-party models it hosts, so the obligation does not attach to this platform row. Whether Amazon has published an EU-template training-data summary for its own models (Nova/Titan) was not verified here and belongs on the Amazon developer row. Confidence medium reflects that the "not applicable" framing rests on role analysis, not an explicit AWS statement.
Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.