AI Provider Trust Registry evidence verified as of 2026-07-05

Registry / Azure OpenAI Service

Azure OpenAI Service

developer: OpenAI platform: Microsoft Azure category: cloud distribution

OpenAI GPT models served by Microsoft as "Models sold by Azure" within Microsoft Foundry (formerly Azure OpenAI Service / Azure AI Foundry). Microsoft hosts the models in its own Azure environment; customer data does not flow to OpenAI-operated services, and vendor-trust and data-handling commitments are Microsoft's/Azure's.

Watch-outs 2

The cells where this offering is not a clean public yes. This is what to check before you sign.

Vendor trust
SOC 2 Type II Is a SOC 2 Type II report available for this offering?
Yes, sales-gated confidence: high · verified 2026-07-05

Two-level rule: this is Azure's (the serving platform's) SOC 2 Type 2 attestation, not OpenAI's. Microsoft publicly documents the Azure SOC 2 Type 2 attestation; the report itself is gated behind Service Trust Portal sign-in (Microsoft account with services agreement). Service-level confirmation that Azure OpenAI / Microsoft Foundry is in audit scope is in the report's scope appendix and the "Microsoft Azure Compliance Offerings" STP document (also gated), so scope inclusion was not independently re-verified from a public page.

tier: self_serve · route: trust_center_nda · default: enabled ·

report_cadence: semi-annual (audit periods end 31-Mar and 30-Sep, rolling 12-month window) · report_location: Service Trust Portal SOC reports section

source

ISO 27001 Is there an ISO/IEC 27001 certification covering this offering?
Yes, public confidence: high · verified 2026-07-05

Azure's (platform) certification. The Azure ISO/IEC 27001:2022 certificate covers Azure, Dynamics 365, Power Platform, and select Microsoft 365 services; certificate and audit documents are distributed via the Service Trust Portal. Exact in-scope service list for Azure OpenAI / Microsoft Foundry lives in the certificate scope statement (STP). [human 2026-07-05] Dismissed: Azure OpenAI covered under broad Azure ISO 27001 cert; service-level scope lives in gated appendix.

tier: self_serve · route: public · default: enabled ·

standard_version: ISO/IEC 27001:2022 · certificate_location: Service Trust Portal ISO reports section

source

ISO 42001 Is there an ISO/IEC 42001 (AI management system) certification?
Yes, public confidence: high · verified 2026-07-05

Microsoft holds ISO/IEC 42001:2023 certification with "Microsoft Foundry" (the service that hosts Azure OpenAI models, per Microsoft's 2025 Azure blog announcement covering "Azure AI Foundry Models") on the public in-scope list. This is Microsoft's AIMS certification as deployer/platform, not an OpenAI certification. Certificates/audit reports are on the Service Trust Portal.

tier: self_serve · route: public · default: enabled ·

certificate_location: Service Trust Portal ISO reports section · in_scope_service_name: Microsoft Foundry

source · archived copy

Trust center Is there a maintained trust center / compliance portal?
Yes, public confidence: high · verified 2026-07-05

Microsoft maintains both a public Trust Center (https://www.microsoft.com/trust-center) and the Service Trust Portal for audit artifacts (SOC, ISO, etc.). Portal browsing is public; report downloads require Microsoft-account sign-in and acceptance of terms. Azure OpenAI is covered as part of Azure/Microsoft Foundry rather than having a dedicated product trust center.

tier: self_serve · route: public · default: enabled ·

source

Data handling
HIPAA BAA Will they sign a HIPAA Business Associate Agreement covering this offering?
Yes, public confidence: high · verified 2026-07-05

Microsoft's HIPAA BAA is included by default in customer agreements: the DPA states "execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement", no separate signature required. BAA applies to in-scope Azure services; the service-level scope list (confirming Azure OpenAI / Microsoft Foundry) is in the gated STP "Microsoft Azure Compliance Offerings" appendix, so confirm scope inclusion before relying on it for PHI workloads.

tier: self_serve · route: public · default: enabled ·

mechanism: BAA incorporated by default via Microsoft Product Terms + DPA

source

GDPR DPA Is there a public DPA with SCCs and a published subprocessor list?
Yes, public confidence: high · verified 2026-07-05

The Microsoft Products and Services DPA is publicly downloadable (most recent version May 2026) and, per Microsoft's EU Model Clauses compliance page, Microsoft "makes the EU Model Clauses available to customers as described in the ... Data Protection Addendum (DPA)" with Azure in scope. The Azure OpenAI data-privacy page states the DPA governs data processing for Models sold by Azure. Microsoft also publishes an online-services subprocessor list, but that list was not re-verified in this pass (see review flag).

tier: self_serve · route: public · default: enabled ·

scc_mechanism: EU Standard Contractual Clauses made available via the DPA

source

No-training default Is there a public commitment not to train on customer API data by default?
Yes, public confidence: high · verified 2026-07-05

Microsoft's public commitment (data-privacy page, verified 2026-07-05): prompts, completions, embeddings, and training data "are NOT available to OpenAI", "are NOT used by providers of Models sold by Azure to improve their models", and "are NOT used to train any generative AI foundation models without your permission or instruction". Models are stateless; fine-tuned models are exclusive to the customer. Original URL learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy now canonicalizes to the Foundry responsible-ai path.

tier: self_serve · route: public · default: enabled ·

not_available_to_openai: True · not_used_to_train_foundation_models: True

source · archived copy

Retention / ZDR Is retention documented, and is zero-data-retention available?
Yes, sales-gated confidence: high · verified 2026-07-05

Retention is documented: standard inference is stateless, but flagged prompts/completions may be stored in a per-geography abuse-monitoring data store for human review; stateful features (Responses/Assistants APIs, stored completions, files) persist data until customer deletion. The ZDR-equivalent is "modified abuse monitoring": customers meeting Limited Access eligibility criteria (in practice managed/enterprise customers) apply via a Microsoft form; once approved, prompt/completion storage and human review are turned off (automated in-flight review still runs, without storage). CAUTION: the widely cited 30-day abuse-monitoring retention figure no longer appears on the current data-privacy or abuse-monitoring pages as fetched 2026-07-05; only Microsoft Q&A answers state it, so no retention_days fact is recorded.

tier: enterprise_only · route: sales_contract · default: requires_approval ·

verification: ContentLogging=false visible in Azure portal / CLI once approved · zdr_equivalent: modified abuse monitoring (approved customers) - no storage, no human review · inference_storage: models are stateless; no prompt/completion storage in the model · abuse_monitoring_store: prompts/completions may be stored for human review, in-geography, logically separated per customer

source · archived copy

Residency Can data be pinned to a region (especially the EU)?
Yes, public confidence: high · verified 2026-07-05

Residency is deployment-type dependent, hence default:requires_config. Standard deployments keep prompts/responses in the customer-specified geography; "DataZone" EU deployments confine processing to EU member states; "Global" deployments may process anywhere the model is deployed (data at rest, including the abuse-monitoring store, stays in the designated geography). Azure regional services deployed in EU/EFTA regions are additionally in scope for Microsoft's EU Data Boundary commitments (learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-learn). For EEA deployments, abuse-monitoring human reviewers are located in the EEA.

tier: self_serve · route: public · default: requires_config · geography: EU available (EU Data Boundary; DataZone EU deployments)

datazone_eu: processing confined to EU member states · data_at_rest: stored in customer-designated geography for all deployment types · global_deployments: processing may occur in any geography where the model is deployed · standard_deployments: processed within customer-specified Azure geography

source · archived copy

EU AI Act
GPAI Code Is the model developer on the EC's GPAI Code of Practice signatory list?
Yes, public confidence: high · verified 2026-07-05

Layered reality: the GPAI Code of Practice is a provider (model developer) obligation, and the developer here is OpenAI, a full signatory on the EC's list (verified 2026-07-05). Microsoft, the serving platform, is ALSO a full signatory in its own right as a GPAI provider. Neither is a partial signatory (contrast xAI, Safety & Security chapter only). Cell graded on OpenAI per the two-level rule; Microsoft's status recorded as corroborating platform posture.

route: public · geography: EU

platform_signatory: Microsoft (full code) · developer_signatory: OpenAI (full code)

source · archived copy

Art. 53 summary Has the model developer published the Art. 53 training-data summary?
Yes, public confidence: medium · verified 2026-07-05

EU AI Act Art 53(1)(d) is a developer obligation, graded on OpenAI, not Microsoft. OpenAI's official EU AI Act help-center article states that "in accordance with its obligations under Article 53(1)(d) of the AI Act, OpenAI publishes summaries about the content used for training" (per the EC's July 2025 template). Confidence medium: help.openai.com and openai.com returned HTTP 403 to automated fetching on 2026-07-05, so the statement was corroborated via search-index snippets and an existing Wayback snapshot rather than a direct page read, and the actual summary document(s) and per-model (GPT) coverage were not inspected.

route: public · geography: EU

source · archived copy

Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.