Registry / Llama via Azure AI
Llama via Azure AI
Meta's Llama models served as third-party serverless (Models-as-a-Service / standard) deployments on Microsoft Azure AI Foundry. Microsoft hosts the model on Microsoft-managed infrastructure and acts as data processor; Meta remains the model developer and the GPAI provider for EU AI Act purposes.
Watch-outs 4
The cells where this offering is not a clean public yes. This is what to check before you sign.
- HIPAA BAA: Partial BAA covers only in-scope Azure services; Llama deployments may not be.
- Residency: Partial In-geography cross-region processing may occur; model availability varies by region.
- GPAI Code: No public evidence Developer not on EC GPAI Code of Practice signatory list.
- Art. 53 summary: No public evidence Art. 53 training-data summary not published by developer.
Two-level rule: this cell grades the serving platform (Microsoft Azure), not Meta. Azure holds an Azure-wide SOC 2 Type 2 attestation; reports are gated behind Service Trust Portal sign-in. Microsoft's model-catalog data privacy doc states serverless API (MaaS) deployments are "subject to Azure data, privacy, and security commitments" and the hosting is managed by the Azure Machine Learning service, but the per-service audit-scope list lives in a gated STP document, and public docs do not enumerate third-party MaaS model offerings (e.g. Llama) in the SOC 2 report scope. Confidence medium for that scope nuance.
tier: self_serve · route: trust_center_nda ·
report_access: Service Trust Portal (sign-in required) · report_cadence: semi-annual, rolling 12-month audit window
Platform-level (Microsoft Azure) certification covering Azure services in audit scope. Same scope caveat as SOC 2: Microsoft states MaaS serverless deployments are subject to Azure compliance commitments, but the in-scope service enumeration is in the certificate/STP documents, not stated per-third-party-model in public docs.
tier: self_serve · route: trust_center_nda ·
standard: ISO/IEC 27001:2022 · certificate_access: Service Trust Portal ISO reports section
Platform-level: Microsoft's ISO/IEC 42001 page lists "Microsoft Foundry" among certified AI services (certificates on Service Trust Portal). The certification covers Microsoft's AI management system for the Foundry service; whether the certified scope statement explicitly covers third-party model catalog offerings such as Llama is not publicly documented, hence medium confidence. Meta itself publishes no ISO 42001 certification for Llama.
tier: self_serve · route: trust_center_nda ·
first_certified: 2025 (Azure AI Foundry Models) · in_scope_service: Microsoft Foundry
Microsoft Trust Center (public) plus the Service Trust Portal (servicetrust.microsoft.com; sign-in required for audit reports, certificates, and bridge letters). Maintained and regularly updated; referenced from Azure compliance documentation. This grades the serving platform; Meta has no equivalent compliance portal for Llama.
tier: self_serve · route: public ·
Microsoft offers a HIPAA BAA by default to covered entities/business associates via the Product Terms and DPA ("execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement"), no separate signature needed. However, the BAA applies only to "in-scope Azure services", and the in-scope list (Appendices of the Microsoft Azure Compliance Offerings document) is a gated STP PDF; public docs do not explicitly confirm that third-party serverless MaaS model deployments (Llama) are HIPAA-BAA-in-scope. Graded partial for that gap.
tier: self_serve · route: public · default: enabled · geography: US-focused
baa_mechanism: included by default via Microsoft Product Terms / DPA
The Microsoft Products and Services DPA is public, incorporates the EU Standard Contractual Clauses, and applies by default to Azure services; the model-catalog data privacy doc explicitly says the DPA "governs data processing by Azure services" including model catalog deployments. Microsoft publishes a subprocessor list. Microsoft (not Meta) is the data processor for MaaS prompts/outputs.
tier: self_serve · route: public · default: enabled ·
sccs: included in DPA · subprocessor_list: published (Microsoft online services subprocessor list)
Explicit public commitment for serverless API (MaaS) deployments: "Microsoft doesn't share these prompts and outputs with the model provider. Also, Microsoft doesn't use these prompts and outputs to train or improve Microsoft models, the model provider's models, or any third party's models." Fine-tuning data likewise not used to train other models. Caveat (not content): Microsoft may share customer contact information and transaction/usage-volume details with the model publisher (Meta) for marketplace purposes.
tier: self_serve · route: public · default: enabled ·
For serverless API deployments Microsoft states: "Models are stateless, and they don't store any prompts or outputs", i.e., zero retention of inference content is the documented default, no configuration or approval required. Content filtering (Azure AI Content Safety), when enabled, screens prompts/outputs "in real time". Uploaded fine-tuning data is stored in the customer's datastore until deleted (customer-controlled). Confidence medium because the docs do not spell out ancillary logging (e.g., abuse-monitoring or diagnostic retention) for this deployment mode the way Azure OpenAI docs do.
tier: self_serve · route: public · default: enabled ·
inference_retention: none documented ("models are stateless")
Commitment is geography-level, not region-level: "Prompts and outputs are processed within the geography specified during deployment, but they might be processed between regions within the geography for operational purposes." Serverless MaaS deployments are regional (customer picks the region at deployment), but Llama serverless availability is limited to a subset of regions. Global-standard deployment types process data in any Azure location (only data at rest stays in the designated geography). Public docs do not explicitly confirm EU Data Boundary applicability to third-party MaaS model inference. Graded partial: region pinning exists but with in-geography cross-region processing and model-dependent region availability.
tier: self_serve · route: public · default: requires_config · geography: limited regions incl. EU (serverless availability varies by model)
EU AI Act dimension, assessed against the model developer (Meta), per the two-level rule, since the GPAI Code of Practice is a provider obligation. Meta is absent from the European Commission's GPAI Code of Practice signatory list as checked 2026-07-05 (23 signatories listed; Meta not among them). Absence from the list does not preclude Meta from demonstrating AI Act compliance through alternative adequate means. Note: Microsoft (the serving platform) is itself a signatory, but that does not cover Meta's provider obligations for Llama.
EU AI Act dimension, assessed against Meta as GPAI provider. As of 2026-07-05, searches found no Meta-published public summary of Llama training content using the EC's Article 53(1)(d) template (template published by the AI Office on 2025-07-24; obligation applies from 2025-08-02, with models placed on the market before that date having until 2027-08-02). Meta's model cards/blogs describe training data only at a high level ("publicly available sources"), which is not the EU template summary. Confidence medium: absence of evidence from public search, not a verified statement of non-publication.
no public source
Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.