Loading the catalogue…
Loading the catalogue…
Amazon Bedrock — AWS's managed inference service, accessed via its OpenAI-compatible endpoint from the eu-central-1 (Frankfurt) region. EU cross-Region inference keeps all processing inside EU regions with no data stored in destination regions. US legal entity: CLOUD Act exposure applies despite EU serving residency.
Compliance posture
Routed through Stav's upstream relationship with this operator.
Stav's assessment · serving-side
Amazon Bedrock is operated by Amazon.com Inc., a US-headquartered entity, offering EU/Geo cross-region inference profiles that can keep prompt processing within Europe when explicitly and correctly configured. The composite lands in conditional territory because strong technical and certification posture (ISO 27001/27017/27018/27701, SOC 2 Type II, CSA STAR Level 2) and automatically-incorporated DPA/SCCs are undercut by the dimension Stav weighs most heavily: legal exposure. AWS's own CLOUD Act disclosure confirms the US parent remains compellable to produce data under its custody regardless of EU hosting, and FISA 702 exposure cannot be ruled out due to classified-directive gag provisions — this is the weakest link in the chain. Serving residency is further complicated by Global (non-Geo) cross-region inference profiles that can route requests outside the EU absent customer-enforced IAM/SCP guardrails. Retention practices are comparatively strong, with no default training on prompts and provider-isolated deployment accounts. Stav's operational verdict: routed-only with mandatory EU-Geo/CRIS configuration and a documented Transfer Impact Assessment — sovereign serving cannot be certified while the operating entity remains US-parented and CLOUD Act-reachable.
EU/Geo cross-region inference profiles keep inference within Europe when explicitly selected, but Global cross-region profiles can route prompts to any commercial AWS region absent IAM/SCP controls, creating a non-EEA fallback path.
Certifications & legal documents
The operator is Amazon.com Inc., a US-parented entity subject to CLOUD Act compulsion and potential FISA 702 reach regardless of EU region selection, per AWS's own CLOUD Act disclosure.
Bedrock does not train on customer prompts/outputs by default and isolates each model provider in a separate Model Deployment Account with no cross-provider access, though abuse-detection mechanisms may store data in the destination region during cross-region inference.
Amazon Bedrock carries multiple current, sourced certifications (ISO 27001/27017/27018/27701/22301/20000-1, CSA STAR Level 2, SOC 2 Type II) plus encryption-in-transit/at-rest and PrivateLink isolation.
AWS's Global DPA and EU SCCs (Controller-to-Processor and Processor-to-Processor) are incorporated automatically into the AWS Service Terms without a separate signature, though vendor-sold third-party models on Bedrock carry their own layered EULA/DPA terms.
Risk assessment
AWS (Amazon.com Inc.) is a US-headquartered company and can be compelled under the US CLOUD Act to produce data under its custody or control regardless of where that data is physically stored, including in EU regions; AWS is also potentially in scope as an 'electronic communications service provider' under FISA 702. source ↗
LEGAL_EXPOSUREGlobal cross-Region inference profiles route requests to any supported commercial AWS Region worldwide for throughput/cost optimization; if a customer does not explicitly select a Geo (EU-scoped) or in-Region inference profile, prompts/outputs can be processed outside the EU even when the source Region is in Europe. source ↗
DATA_RESIDENCYWhere Amazon Bedrock's automated abuse-detection mechanism applies, input prompts and output results may be stored in the destination Region during cross-Region inference, contradicting the general 'no storage' posture for a subset of models/flows. source ↗
SERVING_RETENTIONAWS's US-EAST-1 (N. Virginia) region experienced a major ~3-hour outage on October 20, 2025, caused by a DNS/DynamoDB configuration failure that cascaded across 113+ AWS services including Amazon Bedrock; this was the third major US-EAST-1 incident in five years. source ↗
RESILIENCEIndependent status trackers recorded 16 Amazon Bedrock incidents since May 2020, including 2 incidents in a recent 90-day window with a median duration of roughly 65 hours combined across affected components. source ↗
RESILIENCEFor third-party (vendor-sold) models on Bedrock, the model vendor's own EULA/DPA terms and jurisdiction apply on top of AWS's terms, creating a layered sub-processing/contracting chain that customers must review per-model rather than a single uniform AWS commitment. source ↗
SUBPROCESSINGSafeguards
Amazon Bedrock does not use customer prompts/outputs to train underlying models and does not share them with model providers or third parties by default; each model provider gets an isolated, AWS-operated 'Model Deployment Account' with no provider access to logs or customer content. source ↗
Geographic cross-Region inference profiles (e.g., EU CRIS) keep inference processing within a defined geography, and destination-region lists for geographic profiles are immutable, supporting EU data-residency commitments when explicitly configured. source ↗
Amazon Bedrock is in scope for ISO 9001, 27001, 27017, 27018, 27701, 22301, 20000, SOC 1/2/3, CSA STAR Level 2, HIPAA eligibility, and FedRAMP High (GovCloud US-West), and holds ISO/IEC 42001 AI-management certification. source ↗
AWS's Global Data Processing Addendum (DPA) and EU Standard Contractual Clauses (Controller-to-Processor and Processor-to-Processor) are incorporated automatically into the AWS Service Terms for all customers processing personal data, without requiring a separate signature. source ↗
AWS publishes an annual Transparency Report on government data requests and states it has not disclosed enterprise or government content data stored outside the US to the US government since it began tracking in 2020; AWS also commits to redirecting law-enforcement requests to the customer and challenging overbroad orders where legally permitted. source ↗
Data is encrypted in transit and at rest, customers can use customer-managed KMS keys, and AWS PrivateLink enables private VPC connectivity to Bedrock without exposing traffic to the public internet; the underlying Nitro System is designed for zero operator access, validated by an independent audit (NCC Group). source ↗
Privacy-policy issues
US parent entity retains CLOUD Act obligations regardless of EU hosting source ↗
Even where AWS operates dedicated EU legal entities or sovereign-style regions, Amazon.com Inc. as US parent remains subject to CLOUD Act compulsion, and EU customers must independently run a GDPR Transfer Impact Assessment rather than rely on region selection alone.
Global inference profile can route outside EU without explicit opt-out source ↗
If a Bedrock customer or its downstream integrator selects a Global (rather than Geo/EU) cross-Region inference profile, requests can be processed in any commercial AWS Region worldwide, which may be inconsistent with a stated 'EU-hosted' sovereignty posture unless blocked via IAM/SCP controls.
FISA 702 exposure not resolved by data residency or DPF source ↗
Because FISA 702 directives are classified and providers can be gagged from notifying customers, AWS's technical partition and EU hosting do not remove the theoretical exposure of Bedrock-processed data to US foreign-intelligence surveillance requests.