AI Provider Trust Registry evidence verified as of 2026-07-05

Registry / Llama via Azure AI

Llama via Azure AI

developer: Meta platform: Microsoft Azure (Azure AI Foundry / Models-as-a-Service) category: cloud distribution

Meta's Llama models served as third-party serverless (Models-as-a-Service / standard) deployments on Microsoft Azure AI Foundry. Microsoft hosts the model on Microsoft-managed infrastructure and acts as data processor; Meta remains the model developer and the GPAI provider for EU AI Act purposes.

Watch-outs 4

The cells where this offering is not a clean public yes. This is what to check before you sign.

Vendor trust
SOC 2 Type II Is a SOC 2 Type II report available for this offering?
Yes, public confidence: medium · verified 2026-07-05

Two-level rule: this cell grades the serving platform (Microsoft Azure), not Meta. Azure holds an Azure-wide SOC 2 Type 2 attestation; reports are gated behind Service Trust Portal sign-in. Microsoft's model-catalog data privacy doc states serverless API (MaaS) deployments are "subject to Azure data, privacy, and security commitments" and the hosting is managed by the Azure Machine Learning service, but the per-service audit-scope list lives in a gated STP document, and public docs do not enumerate third-party MaaS model offerings (e.g. Llama) in the SOC 2 report scope. Confidence medium for that scope nuance.

tier: self_serve · route: trust_center_nda ·

report_access: Service Trust Portal (sign-in required) · report_cadence: semi-annual, rolling 12-month audit window

source · archived copy

ISO 27001 Is there an ISO/IEC 27001 certification covering this offering?
Yes, public confidence: medium · verified 2026-07-05

Platform-level (Microsoft Azure) certification covering Azure services in audit scope. Same scope caveat as SOC 2: Microsoft states MaaS serverless deployments are subject to Azure compliance commitments, but the in-scope service enumeration is in the certificate/STP documents, not stated per-third-party-model in public docs.

tier: self_serve · route: trust_center_nda ·

standard: ISO/IEC 27001:2022 · certificate_access: Service Trust Portal ISO reports section

source

ISO 42001 Is there an ISO/IEC 42001 (AI management system) certification?
Yes, public confidence: medium · verified 2026-07-05

Platform-level: Microsoft's ISO/IEC 42001 page lists "Microsoft Foundry" among certified AI services (certificates on Service Trust Portal). The certification covers Microsoft's AI management system for the Foundry service; whether the certified scope statement explicitly covers third-party model catalog offerings such as Llama is not publicly documented, hence medium confidence. Meta itself publishes no ISO 42001 certification for Llama.

tier: self_serve · route: trust_center_nda ·

first_certified: 2025 (Azure AI Foundry Models) · in_scope_service: Microsoft Foundry

source · archived copy

Trust center Is there a maintained trust center / compliance portal?
Yes, public confidence: high · verified 2026-07-05

Microsoft Trust Center (public) plus the Service Trust Portal (servicetrust.microsoft.com; sign-in required for audit reports, certificates, and bridge letters). Maintained and regularly updated; referenced from Azure compliance documentation. This grades the serving platform; Meta has no equivalent compliance portal for Llama.

tier: self_serve · route: public ·

source

Data handling
HIPAA BAA Will they sign a HIPAA Business Associate Agreement covering this offering?
Partial confidence: medium · verified 2026-07-05

Microsoft offers a HIPAA BAA by default to covered entities/business associates via the Product Terms and DPA ("execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement"), no separate signature needed. However, the BAA applies only to "in-scope Azure services", and the in-scope list (Appendices of the Microsoft Azure Compliance Offerings document) is a gated STP PDF; public docs do not explicitly confirm that third-party serverless MaaS model deployments (Llama) are HIPAA-BAA-in-scope. Graded partial for that gap.

tier: self_serve · route: public · default: enabled · geography: US-focused

baa_mechanism: included by default via Microsoft Product Terms / DPA

source

GDPR DPA Is there a public DPA with SCCs and a published subprocessor list?
Yes, public confidence: high · verified 2026-07-05

The Microsoft Products and Services DPA is public, incorporates the EU Standard Contractual Clauses, and applies by default to Azure services; the model-catalog data privacy doc explicitly says the DPA "governs data processing by Azure services" including model catalog deployments. Microsoft publishes a subprocessor list. Microsoft (not Meta) is the data processor for MaaS prompts/outputs.

tier: self_serve · route: public · default: enabled ·

sccs: included in DPA · subprocessor_list: published (Microsoft online services subprocessor list)

source

No-training default Is there a public commitment not to train on customer API data by default?
Yes, public confidence: high · verified 2026-07-05

Explicit public commitment for serverless API (MaaS) deployments: "Microsoft doesn't share these prompts and outputs with the model provider. Also, Microsoft doesn't use these prompts and outputs to train or improve Microsoft models, the model provider's models, or any third party's models." Fine-tuning data likewise not used to train other models. Caveat (not content): Microsoft may share customer contact information and transaction/usage-volume details with the model publisher (Meta) for marketplace purposes.

tier: self_serve · route: public · default: enabled ·

source · archived copy

Retention / ZDR Is retention documented, and is zero-data-retention available?
Yes, public confidence: medium · verified 2026-07-05

For serverless API deployments Microsoft states: "Models are stateless, and they don't store any prompts or outputs", i.e., zero retention of inference content is the documented default, no configuration or approval required. Content filtering (Azure AI Content Safety), when enabled, screens prompts/outputs "in real time". Uploaded fine-tuning data is stored in the customer's datastore until deleted (customer-controlled). Confidence medium because the docs do not spell out ancillary logging (e.g., abuse-monitoring or diagnostic retention) for this deployment mode the way Azure OpenAI docs do.

tier: self_serve · route: public · default: enabled ·

inference_retention: none documented ("models are stateless")

source · archived copy

Residency Can data be pinned to a region (especially the EU)?
Partial confidence: medium · verified 2026-07-05

Commitment is geography-level, not region-level: "Prompts and outputs are processed within the geography specified during deployment, but they might be processed between regions within the geography for operational purposes." Serverless MaaS deployments are regional (customer picks the region at deployment), but Llama serverless availability is limited to a subset of regions. Global-standard deployment types process data in any Azure location (only data at rest stays in the designated geography). Public docs do not explicitly confirm EU Data Boundary applicability to third-party MaaS model inference. Graded partial: region pinning exists but with in-geography cross-region processing and model-dependent region availability.

tier: self_serve · route: public · default: requires_config · geography: limited regions incl. EU (serverless availability varies by model)

source · archived copy

EU AI Act
GPAI Code Is the model developer on the EC's GPAI Code of Practice signatory list?
No public evidence confidence: high · verified 2026-07-05

EU AI Act dimension, assessed against the model developer (Meta), per the two-level rule, since the GPAI Code of Practice is a provider obligation. Meta is absent from the European Commission's GPAI Code of Practice signatory list as checked 2026-07-05 (23 signatories listed; Meta not among them). Absence from the list does not preclude Meta from demonstrating AI Act compliance through alternative adequate means. Note: Microsoft (the serving platform) is itself a signatory, but that does not cover Meta's provider obligations for Llama.

source · archived copy

Art. 53 summary Has the model developer published the Art. 53 training-data summary?
No public evidence confidence: medium · verified 2026-07-05

EU AI Act dimension, assessed against Meta as GPAI provider. As of 2026-07-05, searches found no Meta-published public summary of Llama training content using the EC's Article 53(1)(d) template (template published by the AI Office on 2025-07-24; obligation applies from 2025-08-02, with models placed on the market before that date having until 2027-08-02). Meta's model cards/blogs describe training data only at a high level ("publicly available sources"), which is not the EU template summary. Confidence medium: absence of evidence from public search, not a verified statement of non-publication.

no public source

Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.