Registry / Claude via Google Vertex AI
Claude via Google Vertex AI
Anthropic's Claude models served as partner models on Google Cloud Vertex AI (Model Garden). Vendor-trust and data-handling dimensions below describe Google Cloud / Vertex AI as the serving platform; EU AI Act dimensions describe Anthropic as the model developer.
Watch-outs 2
The cells where this offering is not a clean public yes. This is what to check before you sign.
- HIPAA BAA: Partial Claude models on Vertex AI are not confirmed HIPAA-included functionality.
- Art. 53 summary: No public evidence Art. 53(1)(d) summary not published by developer.
Google's services-in-scope page lists both "Vertex AI Platform" and "Generative AI on Vertex AI" as covered by Google Cloud's SOC 1/2/3 reports. SOC 2 Type II reports are downloadable self-serve via Google's Compliance Reports Manager (Google account required, no sales gate); SOC 3 is fully public. Scope is the Google Cloud platform level; the report does not attest Anthropic's own controls.
tier: self_serve · route: public · default: enabled ·
reports: ['SOC 1', 'SOC 2', 'SOC 3'] · services_in_scope: ['Vertex AI Platform', 'Generative AI on Vertex AI']
"Vertex AI Platform" and "Generative AI on Vertex AI" are listed in scope for Google Cloud's ISO/IEC 27001 (plus 27017/27018) certification. Certificates are available via cloud.google.com/security/compliance/iso-27001 and the Compliance Reports Manager.
tier: self_serve · route: public · default: enabled ·
related_certs: ['ISO 27017', 'ISO 27018'] · services_in_scope: ['Vertex AI Platform', 'Generative AI on Vertex AI']
Google has publicized ISO/IEC 42001:2023 certification of its AI management system covering Google Cloud Platform (announced via Google Cloud blog "Google Cloud's commitment to responsible AI is now ISO/IEC certified"). However, ISO 42001 does not appear in the per-service services-in-scope matrix, so explicit coverage of Vertex AI partner models (Claude) within the certificate scope could not be verified publicly; confirm certificate scope via Compliance Reports Manager. Anthropic separately holds its own ISO 42001 for first-party services, but that does not attach to this Vertex offering.
tier: self_serve · route: public · default: enabled ·
certified_scopes_publicized: ['Google Cloud Platform', 'Google Workspace', 'Gemini app']
Google Cloud maintains a public compliance resource center with per-standard pages, a services-in-scope matrix, and the Compliance Reports Manager for self-serve download of audit reports (SOC, ISO) without NDA for most reports.
tier: self_serve · route: public · default: enabled ·
reports_portal: https://cloud.google.com/security/compliance/compliance-reports-manager
Google Cloud offers a self-serve BAA covering its entire infrastructure, and Vertex AI Platform functionality (e.g. Vertex AI Workbench, Agent Engine) appears among HIPAA-included products. However, public evidence that Anthropic Claude partner models specifically are HIPAA-included functionality on Vertex AI was not found; Google documentation cautions that not all Model Garden LLMs support HIPAA. Graded partial pending confirmation that Claude models are on the HIPAA-included functionality list. Human review recommended.
tier: self_serve · route: public · default: requires_config ·
baa_acceptance: self-serve via admin console (support.google.com/cloud/answer/6329727)
Google's Cloud Data Processing Addendum is public, incorporated into the Google Cloud agreement, addresses GDPR/European Data Protection Law (transfer mechanisms including SCCs are handled in the CDPA's appendices), commits to ISO 27001 for audited services, and defines the subprocessor regime (Section 11) with a published subprocessor list. Vertex AI is an audited service under the CDPA via the services-in-scope list.
tier: self_serve · route: public · default: enabled ·
addendum: Cloud Data Processing Addendum (CDPA) · subprocessor_list: https://cloud.google.com/terms/subprocessors
Google Cloud Service Terms Section 17 (Training Restriction) commits that Google will not use customer data to train or fine-tune AI/ML models without customer permission or instruction; the Vertex AI generative AI data governance page states prompts, responses, and adapter training data are not used to train foundation models by default, and that customer prompts/responses are not shared with third parties, including partner-model providers such as Anthropic. Archived snapshot is of the pre-migration cloud.google.com URL for the same page.
tier: self_serve · route: public · default: enabled ·
contractual_basis: Google Cloud Service Terms, Section 17 "Training Restriction"
Retention is documented - by default Vertex AI caches generative AI inputs/outputs for up to 24 hours in the serving data center to reduce latency; customers can disable caching at the project level to achieve zero data retention. Optional request-response logging (e.g. 30-day retention, stored in the customer's project) is off by default. The 24-hour caching documentation is written primarily for Google foundation models; for Claude partner models, Anthropic-style prompt caching is an explicit per-request opt-in, but the project-level ZDR configuration is the documented control. ZDR requires configuration - it is NOT the default (hence default: requires_config).
tier: self_serve · route: public · default: requires_config ·
zdr_mechanism: disable data caching at project level · optional_logging_days: 30 · default_cache_ttl_hours: 24
Vertex AI documents data-at-rest residency by region and a separate ML-processing residency commitment supported only in US and EU locations. Claude models are reachable via regional endpoints (including EU regions), US/EU multi-region endpoints that keep processing within the chosen geography (per Google Cloud's announcement of multi-region endpoints for Claude), and a global endpoint that explicitly does NOT guarantee processing location - customers with residency requirements must choose regional/multi-region endpoints. Confidence medium because the residency page could not be fully retrieved and Claude-specific region lists were corroborated via Google Cloud announcements rather than quoted from the docs page.
tier: self_serve · route: public · default: requires_config · geography: EU available (regional and EU multi-region endpoints)
at_rest: region-pinnable · claude_endpoints: ['regional (incl. EU, e.g. europe-west1)', 'US/EU multi-region', 'global (no residency guarantee)'] · ml_processing_residency: US and EU locations only
Two-level layering - the GPAI Code of Practice is a model-provider obligation, so this cell grades Anthropic (the developer), which appears on the EC signatory list as a full-code signatory (announced July 21, 2025); only xAI is noted as a partial (Safety & Security chapter) signatory. Google, the serving platform here, is separately also a full-code signatory, so both layers of this offering sit under the Code.
route: public · geography: EU
google_signed: full code (all chapters) · anthropic_signed: full code (all chapters)
Developer-level (Anthropic) obligation under Art 53(1)(d). The EC's mandatory template for the public summary of training content was published 2025-07-24. As of 2026-07-05, searches of anthropic.com (including the Transparency Hub, which describes training data only in general terms, e.g. "a proprietary mix of publicly available information") and the web found no Anthropic training-content summary published on the EU template. Models placed on the market before 2025-08-02 have until 2027-08-02; models placed after should have one, so absence of evidence here is notable and worth periodic re-checking. Human review recommended.
geography: EU
deadline_new_models: 2025-08-02 · template_published_by_ec: 2025-07-24 · deadline_pre_existing_models: 2027-08-02
no public source
Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.