Registry / SOC 2 Type II
Which AI providers have SOC 2 Type II?
SOC 2 Type II report availability, and how each report is gated, across major AI model offerings. The cell answers: Is a SOC 2 Type II report available for this offering? Statuses below are evidence grades, not endorsements, “no public evidence” means we could not verify it from public sources, not that the answer is no.
Two-level rule: this is Azure's (the serving platform's) SOC 2 Type 2 attestation, not OpenAI's. Microsoft publicly documents the Azure SOC 2 Type 2 attestation; the report itself is gated behind Service Trust Portal sign-in (Microsoft account with services agreement). Service-level confirmation that Azure OpenAI / Microsoft Foundry is in audit scope is in the report's scope appendix and the "Microsoft Azure Compliance Offerings" STP document (also gated), so scope inclusion was not independently re-verified from a public page.
Anthropic's official help-center certifications page publicly states "SOC 2 Type I & Type II" for commercial products "such as Claude for Work and the Anthropic API". The report itself is not a public download; copies are requested via the Trust Portal (trust.anthropic.com), which uses an access-request/NDA flow.
Two-level rule: this grades AWS (the serving platform), not Anthropic. Amazon Bedrock is listed with a checkmark on AWS's SOC services-in-scope page. The SOC 2 Type II report itself is retrieved self-serve via AWS Artifact (console, click-through confidentiality terms) rather than a public download.
Google's services-in-scope page lists both "Vertex AI Platform" and "Generative AI on Vertex AI" as covered by Google Cloud's SOC 1/2/3 reports. SOC 2 Type II reports are downloadable self-serve via Google's Compliance Reports Manager (Google account required, no sales gate); SOC 3 is fully public. Scope is the Google Cloud platform level; the report does not attest Anthropic's own controls.
Google Cloud's services-in-scope page lists "Vertex AI Platform" and "Generative AI on Vertex AI" under SOC 1/2/3. SOC 2 reports are downloadable self-serve via Compliance Reports Manager (Google account sign-in required, no NDA or sales contact). Vertex AI was renamed "Gemini Enterprise Agent Platform" in 2026; newer pages use that name.
Amazon Bedrock is listed in scope for AWS SOC 1/2/3 reports, explicitly "excludes Amazon Bedrock Marketplace". The in-scope listing is public; the SOC 2 Type II report itself is retrieved self-serve via AWS Artifact (requires an AWS account, no sales contact).
Azure undergoes SOC 2 Type II audits and Microsoft's Foundry data-privacy doc states serverless model deployments "are subject to Azure data, privacy, and security commitments." However, the service-level audit scope (Appendices A/B of the Azure Compliance Offerings document) is gated on the Service Trust Portal, and public docs do not explicitly confirm that third-party Foundry model hosting (Mistral serverless / Foundry Models) is inside the audited boundary. Models from partners and community are "Non-Microsoft Products" under the Product Terms. Two-level rule - this cell describes the serving platform (Microsoft Azure), not Mistral AI's own SOC 2.
Platform-level (AWS). The SOC services-in-scope list is public; the SOC 2 Type II report itself is retrieved via AWS Artifact, a self-serve portal with click-through confidentiality terms (no sales gate). Third-party model traffic on Bedrock runs inside AWS's audited boundary.
Two-level rule: this grades AWS (the serving platform), not Meta. Amazon Bedrock is listed with a checkmark on AWS's SOC services-in-scope page. The SOC 2 Type II report itself is retrieved self-serve via AWS Artifact (console, click-through confidentiality terms) rather than a public download.
Two-level rule: this cell grades the serving platform (Microsoft Azure), not Meta. Azure holds an Azure-wide SOC 2 Type 2 attestation; reports are gated behind Service Trust Portal sign-in. Microsoft's model-catalog data privacy doc states serverless API (MaaS) deployments are "subject to Azure data, privacy, and security commitments" and the hosting is managed by the Azure Machine Learning service, but the per-service audit-scope list lives in a gated STP document, and public docs do not enumerate third-party MaaS model offerings (e.g. Llama) in the SOC 2 report scope. Confidence medium for that scope nuance.
xAI's API security FAQ states "We are SOC 2 Type 2 compliant." The report itself is not public: the FAQ directs customers with a signed NDA to the trust center (trust.x.ai) for certification details. Compliance claim is public; the Type II report is NDA-gated.
No SOC 2 Type II report, attestation announcement, or audit-report request channel was found on deepseek.com, in the DeepSeek Open Platform Terms of Service, or in the privacy policy. Web searches for "DeepSeek SOC 2" surface only third-party resellers of DeepSeek models that hold their own SOC 2 reports, which do not cover this first-party offering.
no public source · full cell
Fireworks' security docs state the platform is SOC 2 Type II compliant and that "documentation and audit reports are available in our Trust Center" (trust.fireworks.ai). The report itself is gated behind Trust Center access; the attestation of SOC 2 Type II status is public. This covers the Fireworks serving platform, not DeepSeek the developer.