Data Protection and Responsible use of Amazon Bedrock in Switzerland

Security is our top priority. Our customers depend on Amazon Web Services (AWS) for their mission-critical applications and most sensitive data. As technologies evolve, customers continue to face stringent security requirements around data confidentiality and privacy. Importantly with the adoption of generative AI, new security risks emerge. For example a traditional risk “who can access my data?” is now extended to “is my data used to improve the foundation model?”. A traditional threat, like SQL injection, now needs to consider both direct and indirect prompt injections. As technologies and services rapidly innovate, so do our customers’ needs for transparent, clear and attested security commitments around the confidentiality and privacy of their data.

With the Amazon Bedrock serverless experience, customers can quickly get started, easily experiment with foundation models (FM), privately customize FMs with their own data, and seamlessly integrate and deploy them into customer applications using AWS tools and capabilities. Amazon Bedrock is fully managed and enables developers to create generative AI applications that can deliver up-to-date answers based on proprietary knowledge sources and complete tasks for a wide range of use cases.

This blog post outlines technical and organizational measures customers can rely on to use Amazon Bedrock securely in the Europe (Zurich) Region.

Data Privacy

Control over Data

As a customer, you maintain full control over your data. You determine where the data is stored and who has access to it. With Amazon Bedrock you choose the AWS Regions (e.g., Europe (Zurich) in Switzerland) in which your content is stored. We will not move or replicate your content outside of your chosen AWS Regions except as agreed with you. You can use AWS PrivateLink (VPC Endpoint) to establish private connectivity from your Amazon VPC directly to the API endpoint of Amazon Bedrock. If you don’t do that, the traffic leaves your VPC at the Internet Gateway in your AWS account and travels through that AWS Region’s network, and routes to the public address of the Amazon Bedrock API endpoint. At no time does that traffic leave the AWS Region where the API call was made and at no time does that traffic leave the AWS network and go out onto the public internet

Data Protection and Security

With Amazon Bedrock, your data stays under your control. You have complete control over your content, including where to store your data, how to secure it, and who can access it. Amazon Bedrock doesn’t store or log your prompts and completions. Amazon Bedrock doesn’t use your prompts and completions to train any models and doesn’t distribute them to third parties. In addition, your data is encrypted in transit and at rest. For more information, please review our Amazon Bedrock detailed data protection chapter and the relevant end user license agreements (EULA) for the models in use. You can find the EULA for each model in the Amazon Bedrock console, under “Model Access”:

Amazon Bedrock is in scope for common compliance standards such as Fedramp Moderate, Service and Organization Control (SOC), International Organization for Standardization (ISO), and Health Insurance Portability and Accountability Act (HIPAA) eligibility. Since August 15, 2023, Amazon Bedrock has been included in the scope of the SOC 1, 2 and 3 (Type 2) reports, allowing customers to gain insights into our security controls, these reports are available via AWS Artifact. We demonstrate compliance through extensive third-party audits of our AWS controls. Amazon Bedrock is one of the AWS services under ISO Compliance for the ISO 9001, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 22301, and ISO 20000 standards. Also, Amazon Bedrock is CSA Security Trust Assurance and Risk (STAR) Level 2 certified, which validates the use of best practices and the security posture of AWS cloud offerings. Customers can use Amazon Bedrock in compliance with the GDPR. For more details check Amazon Bedrock Security and Privacy page.

Legal Compliance and confidentiality

Navigating data protection laws around the world is no simple task. With generative AI on AWS, no additional action is required by our customers in regards to their existing AWS Data Processing Addendums. AWS customers continue to benefit from the AWS Global Data Processing Addendum (Global AWS DPA) which applies globally whenever customers use AWS services to process personal data, regardless of which data protection laws apply to that processing.

The Global AWS DPA sets out AWS’s commitments with respect to processing of personal data uploaded to the AWS services under a customer’s AWS account (customer data), and the Swiss Addendum to this AWS DPA addresses the specific requirements under the Swiss Federal Data Protection Act (FDPA). The Swiss Addendum also includes the Standard Contractual Clauses which will automatically apply whenever a customer uses AWS services to transfer Customer Data subject to the FDPA to countries outside Switzerland not recognised under the FDPA as providing an adequate level of protection for personal data.

The AWS DPA and the Swiss Addendum are both incorporated in the AWS Service Terms (Section 1.14) and apply automatically when customer’s use of the AWS services is subject to the FDPA. For further details on AWS’s alignment to the FDPA, please see this blog post.

Responsible Use

Responsible and ethical use of all technology is key to fostering continued innovation in a secure manner. For AWS, responsible AI encompasses a number of core dimensions including fairness and bias, explainability, privacy and security, robustness, governance and transparency. We are committed to developing generative AI responsibly and providing customers with the tools and guidance needed to build and scale generative AI safely, securely, and responsibly.

One such tool is Guardrails for Amazon Bedrock, which provides additional customizable safeguards on top of the native protections of FMs. This supports rapid yet responsible generative AI development. With Guardrails, customers can build and customize safety, privacy, and truthfulness protections based on your use cases and responsible AI policies in a single solution. It works with all large language models (LLMs) in Amazon Bedrock. Guardrails sit in between the application and the foundation model and detect, block or mask user inputs and FM responses that fall into a configured policy. You can configure the following policies: content filters, denied topics, word filters, sensitive information filters and contextual grounding checks to avoid undesirable and harmful content, remove sensitive information for privacy protection, safeguard against prompt attacks, and detect hallucinations in responses. For further details, see this blog post.

Other responsible AI tools and features include:

• Model Evaluation on Amazon Bedrock enables you to compare model outputs, and then choose the model best suited for your use case.
• Watermarking in Amazon Titan Image Generator can increase transparency around AI-generated content by mitigating harmful content generation and reducing the spread of misinformation.
• Security vulnerability scanning, automated abuse detection and code references in Amazon Q Developer.
• AI Service Cards are a form of responsible AI documentation that provide customers with a single place to find information on the intended use cases and limitations, responsible AI design choices, and deployment and performance optimization best practices for our AI services.
• Automated abuse detection mechanisms to identify potential violations of AWS’s Acceptable Use Policy (AUP) and Service Terms, including the Responsible AI Policy or a third-party model provider’s AUP.
• We encouraged and support the White House Voluntary AI commitments, United Nations session on generative AI, and AI Safety Summit in the UK.

For more on the above topics, please refer to the following blog post: Announcing new tools and capabilities to enable responsible AI innovation

Summary

We have built Amazon Bedrock with security, privacy and responsibility in mind. We commit to not storing or using any data that is sent or received from the foundation models. With all services on AWS – including generative AI services – customers manage the privacy controls of their data, control how their content is being used, where their data is stored, who has access to it, and how it is encrypted. With generative AI on AWS, no additional action is required by our customers in regards to their existing AWS Data Processing Addendums as they are integrated in the general service terms and apply automatically for all customers.

“The launch of Swisscom’s ChatBot Builder platform, powered by AWS Bedrock, has been an important enabler for our organization. It allows internal developer teams to rapidly infuse their applications with generative AI capabilities to enhance the experience of employees and customers. The availability of Amazon Bedrock in Switzerland enables its use for additional sensitive cases and other critical business functions that mandate local data processing. The offered flexibility of the large language models has allowed us to build chatbots that can handle a wide range of queries with impressive natural language understanding. Overall, our ChatBot Builder has empowered our teams to digitize and automate first use cases, freeing up our experts to focus on more strategic initiatives. We’re pleased with the results we’ve seen so far and look forward to expanding our use of this platform.”

– Mario Paonessa, Lead Architect for Data, Analytics, & AI, Swisscom

To learn more about our compliance and security programs as well as common privacy and data protection considerations, see AWS Compliance Programs and the dedicated AWS Compliance Center for Switzerland. As always, we value your feedback and questions; reach out to the AWS Compliance team through the Contact Us page.

As you get started with Amazon Bedrock, we encourage our customers to reach out to generative AI and security teams here in Switzerland by contacting your AWS sales representatives.