// Trust & Security Report

    Amazon Web Services, Inc. logo

    Amazon Web Services, Inc.

    Amazon Translate is a first-party AWS managed neural machine translation service (batch and real-time text translation, customization via custom terminology and parallel data), sold as a pay-as-you-go API under the standard AWS Cloud shared responsibility model rather than as an independent SaaS product.

    Certifications held

    8

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 (Type 2)
    HELD

    Amazon Translate ✓ (listed as a currently in-scope service reflected in the current SOC 1, 2, and 3 reports)

    Verify on aws.amazon.com
    SOC 1 / SOC 3
    HELD

    AWS publishes SOC 1 reports quarterly and SOC 2 and 3 reports twice per year... Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available, covering 185 services

    Verify on aws.amazon.com
    ISO/IEC 27001:2022
    HELD

    AWS has certification for compliance with ISO/IEC 27001:2022... Amazon Translate [is listed] among the services in scope for ISO 27001, 27017, and 27018 certification

    Verify on aws.amazon.com
    ISO 27017 (cloud security) / ISO 27018 (PII in cloud)
    HELD

    AWS has certification for compliance with ISO/IEC 27001:2022, 27017:2015, and 27018:2019... covered AWS services that are in scope... can be found on ISO Certified

    Verify on aws.amazon.com
    PCI DSS
    HELD

    Amazon Translate ✓ (checkmark in the PCI DSS column indicates the service is currently in scope and reflected in current compliance reports)

    Verify on aws.amazon.com
    HIPAA (eligible service, BAA required)
    HELD

    The Translate API is now an AWS HIPAA Eligible Service. If you have a Business Associate Addendum (BAA) in place with AWS, you can immediately start using Amazon Translate to translate texts containing protected health information (PHI).

    Verify on aws.amazon.com
    FedRAMP
    HELD

    Third-party auditors assess the security and compliance of Amazon Translate as part of multiple AWS compliance programs. These include PCI, FedRAMP, HIPAA, and others.

    Verify on docs.aws.amazon.com
    CSA STAR
    HELD

    AWS has certification for compliance with... CSA STAR CCM v4.0

    Verify on aws.amazon.com
    > Show 1 unconfirmed / not-held certifications
    ISO/IEC 42001 (AI Management System)
    NOT CONFIRMED

    AWS is the first major cloud service provider to achieve ISO/IEC 42001 accredited certification for AI services, covering Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe. Amazon Translate is not named among the services in scope for this certification.

    source: aws.amazon.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Processed in the AWS Region selected by the customer for the API call; content used for service improvement (when not opted out) may be stored in an AWS Region outside the Region where the service is used, per AWS's AI opt-out documentation.

    By default, AWS may use and store Amazon Translate customer content for service improvement, including model training/development, per the AWS Service Terms (section on AWS AI/ML services). Amazon Translate is explicitly listed as one of the services covered by the AWS Organizations AI services opt-out policy, so customers (via an org admin) can opt out; opting out deletes previously stored improvement-purpose content going forward but AWS's default posture is opt-in-by-default/opt-out-available, which enterprise or regulated buyers should configure explicitly rather than assume.

    // Security controls

    Encryption in transit

    AWS recommends and supports SSL/TLS for all communication with Amazon Translate API endpoints; documented under the service's Encryption in Transit topic.

    docs.aws.amazon.com

    Encryption at rest

    Amazon Translate supports encryption at rest for stored content per AWS's standard encryption-at-rest controls documented for the service.

    docs.aws.amazon.com

    Identity & access control

    Access governed via AWS IAM; AWS recommends MFA, least-privilege IAM roles, and AWS CloudTrail logging of API/user activity for Amazon Translate usage.

    docs.aws.amazon.com

    GDPR posture

    AWS states customers can use all AWS services (including Amazon Translate) to process personal data under GDPR; the AWS DPA incorporates Standard Contractual Clauses (SCCs) adopted by the European Commission for transfers outside the EEA.

    aws.amazon.com

    Compliance report access

    SOC 1/2/3 reports, ISO certificates, and PCI DSS attestations for in-scope services (including Amazon Translate) are available on demand to customers via AWS Artifact.

    aws.amazon.com

    // Products & data scope

    Amazon Translate (Real-time / Batch Translation API)Machine translation API, consumed programmatically by developers/enterprises under an AWS account

    data: Text content submitted for translation, optional custom terminology and parallel data uploads for customization

    Single product line; no separate consumer vs. enterprise tiers as with typical SaaS. Governance/compliance posture (SOC2, ISO, HIPAA, PCI) is inherited from and identical to the parent AWS account's applicable agreements (AWS Customer Agreement, DPA, BAA), not a separate per-tool contract.

    // What to watch

    • AWS uses customer content by default to improve/train Amazon Translate and related ML technologies; opt-out requires an explicit AWS Organizations opt-out policy set by an org admin, not enabled by default -- flag this for privacy-sensitive listings.
    • ISO/IEC 42001 (AI Management System) is held by AWS but its published scope covers Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe only -- Amazon Translate is not named in that scope, so it is graded held=false to avoid an over-claim by association with AWS's broader AI-governance certification.
    • This is a first-party AWS managed service, not an independent company; all certs are AWS's own (verified via AWS's in-scope-services tables specifically naming Amazon Translate), not a host/subprocessor cert being misattributed to a smaller vendor.

    // At a glance

    Pricing model

    Usage-based (per-character billed), pay-as-you-go via AWS Cloud billing; no separate SaaS subscription tiers

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Amazon Web Services, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    aws.amazon.com

    > Browse all vendor trust reports