AI Provider Trust Registry evidence verified as of 2026-07-05

Registry / Llama via AWS Bedrock

Llama via AWS Bedrock

developer: Meta platform: AWS Bedrock category: cloud distribution

Meta's Llama models served through Amazon Bedrock, AWS's managed foundation-model service. Vendor-trust and data-handling posture is AWS's (SOC/ISO scope, AWS BAA, GDPR DPA, Bedrock retention controls); EU AI Act provider obligations (GPAI Code of Practice, Art 53) sit with Meta as the model developer. Meta is absent from the EC's GPAI Code of Practice signatory list, and current-generation Llama models on Bedrock are served in US geography only.

Watch-outs 3

The cells where this offering is not a clean public yes. This is what to check before you sign.

Vendor trust
SOC 2 Type II Is a SOC 2 Type II report available for this offering?
Yes, public confidence: high · verified 2026-07-05

Two-level rule: this grades AWS (the serving platform), not Meta. Amazon Bedrock is listed with a checkmark on AWS's SOC services-in-scope page. The SOC 2 Type II report itself is retrieved self-serve via AWS Artifact (console, click-through confidentiality terms) rather than a public download.

tier: self_serve · route: trust_center_nda · default: enabled ·

scope_note: Amazon Bedrock in scope for SOC 1, 2, 3 (excludes Amazon Bedrock Marketplace)

source · archived copy

ISO 27001 Is there an ISO/IEC 27001 certification covering this offering?
Yes, public confidence: high · verified 2026-07-05

Grades AWS (serving platform). AWS holds ISO/IEC 27001:2022 certification with Amazon Bedrock named on the public ISO-certified services list (also 27017/27018/27701 programs). Certificates downloadable via AWS Artifact.

tier: self_serve · route: trust_center_nda · default: enabled ·

standard: ISO/IEC 27001:2022 · scope_note: Amazon Bedrock listed (excludes Amazon Bedrock Marketplace)

source

ISO 42001 Is there an ISO/IEC 42001 (AI management system) certification?
Yes, public confidence: medium · verified 2026-07-05

Grades AWS (serving platform). AWS holds an accredited ISO/IEC 42001:2023 AI-management-system certification (certifier Schellman, ANAB-accredited); AWS announced (Nov 2024) that the initial scope covered Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe, and reported a clean first surveillance audit (Nov 2025). The FAQ page confirms the certificate exists but the authoritative service-scope list is inside the certificate, accessed via AWS Artifact, hence medium confidence pending a human pull of the certificate. Note this is AWS's platform certification; it says nothing about Meta's own AI-management practices.

tier: self_serve · route: trust_center_nda · default: enabled ·

standard: ISO/IEC 42001:2023 · first_certified: 2024-11

source

Trust center Is there a maintained trust center / compliance portal?
Yes, public confidence: high · verified 2026-07-05

AWS Artifact is the compliance portal: on-demand, self-serve access to auditor-issued reports/certifications and to agreements (e.g. the BAA) from the AWS console, complemented by the public AWS Trust Center (aws.amazon.com/trust-center) and compliance program pages. This grades AWS, not Meta.

tier: self_serve · route: public · default: enabled ·

source

Data handling
HIPAA BAA Will they sign a HIPAA Business Associate Agreement covering this offering?
Yes, public confidence: high · verified 2026-07-05

Amazon Bedrock is on AWS's public HIPAA Eligible Services list, which covers Llama models served through Bedrock. PHI use requires first entering the AWS Business Associate Addendum (accepted self-serve via AWS Artifact agreements). default=requires_config because the BAA must be accepted and workloads confined to eligible services before PHI is in scope.

tier: self_serve · route: public · default: requires_config ·

source · archived copy

GDPR DPA Is there a public DPA with SCCs and a published subprocessor list?
Yes, public confidence: high · verified 2026-07-05

The AWS GDPR Data Processing Addendum is incorporated automatically into the AWS Service Terms for all customers, includes the 2021 EU Standard Contractual Clauses (plus UK and Swiss addenda), and AWS maintains a published sub-processors page referenced from the GDPR Center. Grades AWS's terms for the Bedrock offering, not Meta's.

tier: self_serve · route: public · default: enabled ·

sccs: EC June 2021 SCCs incorporated

source

No-training default Is there a public commitment not to train on customer API data by default?
Yes, public confidence: high · verified 2026-07-05

Bedrock FAQ: "Your content is not used to improve the base models and is not shared with any model providers"; inputs and outputs are not shared with model providers. Architecturally, Bedrock runs each provider's model in an AWS-operated Model Deployment Account that the provider cannot access, so Meta has no access to customer prompts/completions (docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html). No Llama model is documented as requiring the provider_data_share retention mode (that opt-in currently applies to certain Anthropic models only).

tier: self_serve · route: public · default: enabled ·

source · archived copy

Retention / ZDR Is retention documented, and is zero-data-retention available?
Yes, public confidence: medium · verified 2026-07-05

Retention is documented in detail. Bedrock's data-retention page states there is "no data retention change to models released before Claude Fable 5", all Bedrock Llama models predate that, so the prior zero-retention baseline (prompts/completions not stored) continues to apply, and customers can additionally set data_retention_mode: none at account or project scope and enforce it org-wide via SCPs for guaranteed ZDR. The provider_data_share gate applies to certain Anthropic models, not Llama. Confidence medium because Llama models' per-model allowed_modes are not publicly enumerated, and under "default" mode AWS notes it may retain data for safety/abuse-detection purposes; opt-in features (e.g. model invocation logging) also create customer-controlled retention. If cross-region inference is enabled, any retained inputs/outputs are stored in destination regions.

tier: self_serve · route: public · default: enabled ·

zdr_mode: data_retention_mode: none (account or project scope) · scp_enforcement: org-wide ZDR enforceable via bedrock:DataRetentionMode condition key

source · archived copy

Residency Can data be pinned to a region (especially the EU)?
Partial confidence: high · verified 2026-07-05

Platform-level pinning is real: Bedrock stores customer content at rest in the region of use (Bedrock FAQ), and Geo inference profiles never route outside their geography. But value=partial because for Llama specifically, current-generation models (Llama 3.3, Llama 4) are served only in US geography (no EU in-region or EU geo profile on their model cards as of 2026-07-05); EU-geography routing exists only for legacy Llama 3.2 profiles (Frankfurt/Ireland/Paris), which AWS lists as Legacy with a model EOL date of 2026-07-07, i.e. EU-pinned Llama on Bedrock is effectively disappearing. default=requires_config because residency depends on choosing the right region/profile and keeping cross-region inference within the intended geography.

tier: self_serve · route: public · default: requires_config · geography: US geo for current-gen Llama; EU geo only via legacy Llama 3.2 profiles

eu_geo_example: eu.meta.llama3-2-1b-instruct-v1:0 (eu-central-1/eu-west-1/eu-west-3) · us_geo_example: us.meta.llama3-3-70b-instruct-v1:0 (us-east-1/us-east-2/us-west-2) · llama32_lifecycle: Legacy, model EOL date 2026-07-07

source

EU AI Act
GPAI Code Is the model developer on the EC's GPAI Code of Practice signatory list?
No public evidence confidence: high · verified 2026-07-05

Two-level rule: the GPAI Code of Practice is a provider (model developer) obligation, so this cell grades Meta, not AWS. Meta does not appear on the European Commission's signatory list for the GPAI Code of Practice as of 2026-07-05 (list checked directly; signatories include Amazon, Anthropic, Google, Microsoft, OpenAI, Mistral AI, and others; xAI signed the Safety & Security chapter only). Meta publicly stated in July 2025 that it would not sign the Code. Stated neutrally: absence from the signatory list is not itself non-compliance with the AI Act, demonstrating compliance with GPAI obligations through alternative adequate means remains legally possible. Note Amazon's own signature covers Amazon as a GPAI provider and does not substitute for Meta's obligations for Llama.

geography: EU

signatory: Meta, not listed

source · archived copy

Art. 53 summary Has the model developer published the Art. 53 training-data summary?
No public evidence confidence: medium · verified 2026-07-05

Grades Meta (model developer); checked independently of the CoP signatory question, since declining the Code does not imply Art 53 non-publication. No public training-content summary using the EU Commission's Article 53(1)(d) template (adopted 2025-07-24) was found on ai.meta.com or llama.com as of 2026-07-05. Meta's Llama model cards and launch posts do describe training data at category level (e.g. Llama 4 pretrained on "a mix of publicly available, licensed data and information from Meta's products and services, including publicly shared posts from Instagram and Facebook"), which is transparency but not the EU-template summary. Context: the template applies to models placed on the EU market from 2025-08-02; models placed earlier (e.g. Llama 4, April 2025) have until 2027-08-02. Worth a human re-check for a template-based summary published somewhere this research missed, and re-verification for any Llama model placed on the market after 2025-08-02.

geography: EU

no public source

Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.