Loading the catalogue…
Loading the catalogue…
Compliance posture
Stav's assessment · serving-side
Anthropic is a US-incorporated operator whose first-party Claude API and claude.ai serve customer traffic from the US by default, with no dedicated EEA processing region of its own — genuine EU data residency is only achievable by routing through a third-party hyperscaler's EU region (AWS Bedrock or Google Vertex AI), and even then the underlying processor remains a US-headquartered cloud subject to CLOUD Act reach. This drags down the two sovereignty-weighted dimensions, serving residency and legal exposure, both of which score in the high-risk range, and is the primary reason the composite lands in elevated-risk territory despite otherwise strong showings. Security posture is the clear strength, anchored by current ISO 27001, ISO 42001, dual SOC 2 reports, and HIPAA-ready configuration, and contractual posture is similarly solid with SCC/UK Addendum-backed DPA terms, audit rights, and proactive subprocessor disclosure. Serving retention is workable — commercial/API tiers default to no-training with an optional Zero Data Retention mode — but is tempered by a safety-classifier retention carve-out and a consumer/commercial contract split that creates a shadow-AI governance gap enterprises must police. Given the absence of any Anthropic-controlled EEA serving footprint and unresolved CLOUD Act exposure even under EU-region routing, Stav's verdict is routed-only: sovereign EEA serving is not available directly from Anthropic and customers must architect around it via hyperscaler EU regions or seek a derogation for regulated workloads.
The first-party Claude API and claude.ai have no dedicated EU-only processing region and store data in the US by default; genuine EEA residency requires routing through a third-party hyperscaler's EU region instead of Anthropic's own infrastructure.
Anthropic is US-incorporated with confirmed CLOUD Act exposure, and even EU-region deployments run through AWS or Google Cloud — both US-headquartered hyperscalers — so choosing an EU endpoint does not eliminate US lawful-access reach.
Commercial/API terms prohibit training on customer data by default and offer an optional Zero Data Retention mode, though safety-classifier data can still be retained up to two-to-seven years and consumer-tier accounts default to training-on with 5-year retention.
Anthropic holds multiple current, sourced certifications (ISO 27001:2022, ISO/IEC 42001:2023, SOC 2 Type I/II, HIPAA-ready configuration) plus a public HackerOne bug bounty program, with no unresolved breach history noted.
Risk assessment
Anthropic's first-party Claude API and claude.ai offer no dedicated EU-only processing region; by default customer traffic may be routed to servers in the US, Europe, Asia, or Australia, and data is stored in the US regardless of where inference is routed. source ↗
DATA_RESIDENCYGenuine EU data residency for Claude is only available by deploying through AWS Bedrock EU regions (Frankfurt/Ireland/Paris/Stockholm) or Google Cloud Vertex AI EU regions, shifting the primary processor contract away from Anthropic's own DPA to the hyperscaler's. source ↗
DATA_RESIDENCYAnthropic models deployed inside Microsoft 365 Copilot, Researcher, Copilot Studio and Power Platform are currently excluded from Microsoft's EU Data Boundary and any in-country processing commitments, even where Microsoft enables Anthropic models on by default for commercial-cloud tenants. source ↗
DATA_RESIDENCYAnthropic is a US-incorporated entity; even EU-region deployments run through AWS or Google Cloud, both US-headquartered hyperscalers, meaning CLOUD Act reach is not eliminated by choosing an EU-region endpoint.
Safeguards
Anthropic's Commercial Terms of Service explicitly prohibit training on customer inputs/outputs for Claude for Work, Enterprise, API, Bedrock and Vertex AI usage, by default and without exception. source ↗
A Zero Data Retention (ZDR) arrangement is available for qualifying commercial API/Enterprise customers, under which customer data is not stored at rest beyond what's needed to screen for abuse. source ↗
The published DPA incorporates GDPR SCCs (Module Two/Three) and the UK Addendum, grants customer audit rights (including third-party auditors), commits to 48-hour breach notification, and requires 15-day advance notice with an objection right before onboarding new subprocessors. source ↗
Anthropic publishes a subprocessor list at trust.anthropic.com/subprocessors and proactively announces changes (e.g., Brave Search, Palantir, AWS GovCloud additions), which industry commentary flagged as good practice. source ↗
Privacy-policy issues
No native EU data residency on first-party API/claude.ai source ↗
Data is stored in the US by default for the direct Anthropic API and claude.ai; EU-only processing requires routing through a third-party hyperscaler (AWS Bedrock or Google Vertex AI) EU region instead.
Consumer vs. commercial contract conflation risk source ↗
Employees signing up for personal Claude Free/Pro/Max accounts fall under Consumer Terms (training-on-by-default, 5-year retention) rather than the enterprise's Commercial Terms/DPA, creating a governance blind spot for shadow AI usage.
Safety-flagged content retention carve-out source ↗
Content flagged for Usage Policy violations can be retained for up to two years and associated classifier scores for up to seven years, an exception that persists even under Zero Data Retention agreements.
EU Data Boundary exclusion inside Microsoft integrations
Certifications & legal documents
Endpoints served · 10
The published DPA incorporates GDPR SCCs and the UK Addendum, grants audit rights, commits to 48-hour breach notification, and provides 15-day advance subprocessor-change notice with objection rights.
Anthropic's subprocessor list was updated in March 2026 to add Palantir and AWS GovCloud (ITAR-compliant) alongside a GCP FR-High Assured Workload/Vertex AI subprocessor that is explicitly not ITAR-compliant, a distinction customers in regulated or government-adjacent sectors must actively track. source ↗
SUBPROCESSINGEven under a Zero Data Retention (ZDR) arrangement, Anthropic still retains trust-and-safety classifier results, and content flagged for potential Usage Policy violations may be retained for up to two years with classifier scores kept up to seven years. source ↗
SERVING_RETENTIONEnterprise data-handling guarantees (no training, DPA coverage) apply only under Anthropic's Commercial Terms (Claude for Work/Enterprise/API); employees using personal Free/Pro/Max ('consumer') accounts fall under separate Consumer Terms with default training-on and 5-year retention, creating a 'shadow AI' governance gap enterprises must actively police. source ↗
GOVERNANCEIndependent legal commentary characterized Anthropic's August–September 2025 consumer opt-in UI (large 'Accept' button paired with a small pre-set 'On' training toggle) as a potential GDPR dark pattern; no confirmed regulatory action had been reported as of early 2026, and this applies to consumer tiers rather than commercial/API contracts. source ↗
GOVERNANCEAnthropic operates a public bug bounty program on HackerOne (launched May 2026, evolving from a 2024 VDP) covering Claude.ai, the API, Claude Code, official clients, internal infrastructure, SDKs and MCP integrations, with CVSS-based rewards. source ↗
Claude is deployable across all three major hyperscalers (AWS Bedrock, Google Cloud Vertex AI, Microsoft Azure Foundry), reducing single-vendor dependency for customers architecting redundancy. source ↗
Claude Status (status.claude.com) publishes real-time and historical uptime and incident data with subscription options for email/SMS/Slack/webhook incident notifications. source ↗
When Claude is used via Microsoft 365 Copilot/Copilot Studio/Power Platform, processing is excluded from Microsoft's EU Data Boundary and in-country processing commitments, which may not be obvious to EU tenant admins given the default-on toggle in some regions.