hope in one hand and do something in the other to see which one fills up faster. hoping is always a strained good idea, but hoping on Azure really strains credulity
Where are they linking to just one? The chart shows three: Palantir, AWS GovCloud, and GCP w/FR-High Assured Workload.
The chart should show ITAR also IMO. Only Palantir and AWS GovCloud would have checkboxes and that’s extremely relevant to defense contractors. (Vertex AI is available within an FR-High assured workload but not ITAR, the only conceivable reason for which would be foreign person access to the US sovereign production environment.)
Worth noting the distinction between subprocessors that handle customer data vs. those that handle operational/business data. The ones in the "Customer Data" category are where the compliance implications are most significant for enterprise customers under GDPR, HIPAA, or similar frameworks.
For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.
Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.
Worth noting the distinction between subprocessors that handle customer data vs. those that handle operational/business data. The ones in the "Customer Data" category are where the compliance implications are most significant for enterprise customers under GDPR, HIPAA, or similar frameworks.
For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.
Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.
That's an h3 not a title. Looks like they probably meant: https://trust.anthropic.com/updates, it's still an entry in an h3 (with "Welcome to the Anthropic Trust Center" as the title), but it is at least the most recent update (canonical would stop this being directly linked)
It’s basically another party that is used as infrastructure by the company you’re using the services of, who has access to your data, but that sub processor doesn’t need to extend its terms down into the eula. So like if you host databases on aws, they are your sub processor.
Notable: Added "Microsoft Azure, which provides cloud infrastructure for all Anthropic products (Worldwide)."
Microsoft 365 Copilot has enabled Claude models, and I imagine they want that running on Azure?
Likely. MS doesn't like using models that are not hosted by them internally (see VSCode Copilot)
Ahh now it is clear why so many outages lately. Solid choice.
When you host a solid model on terrible infrastructure, the infrastructure wins
Hopefully it goes better for them than it has for GitHub.
hope in one hand and do something in the other to see which one fills up faster. hoping is always a strained good idea, but hoping on Azure really strains credulity
If you hope for a hand full of do, you win(doze?)
But increases credibility?
There you go. So when Azure has an outage, so will Anthropic (and Github).
Now expect both of them to have unstable uptime and outages every week.
With respect to my private data, it seems all roads eventually lead to California.
I don’t know what I am looking at there. What is a subprocessor?
so i thought there were multiple fedramp service providers offering hosted claude models. not sure why they are linking to one in particular
Where are they linking to just one? The chart shows three: Palantir, AWS GovCloud, and GCP w/FR-High Assured Workload.
The chart should show ITAR also IMO. Only Palantir and AWS GovCloud would have checkboxes and that’s extremely relevant to defense contractors. (Vertex AI is available within an FR-High assured workload but not ITAR, the only conceivable reason for which would be foreign person access to the US sovereign production environment.)
Worth noting the distinction between subprocessors that handle customer data vs. those that handle operational/business data. The ones in the "Customer Data" category are where the compliance implications are most significant for enterprise customers under GDPR, HIPAA, or similar frameworks.
For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.
Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.
Worth noting the distinction between subprocessors that handle customer data vs. those that handle operational/business data. The ones in the "Customer Data" category are where the compliance implications are most significant for enterprise customers under GDPR, HIPAA, or similar frameworks.
For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.
Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.
Title: Welcome to the Anthropic Trust Center
.. was this a deep link? You might want to repeat in the comments
> Anthropic Subprocessor Changes
> General
> Published March 26, 2026
> We've updated our subprocessor list with three additions
Works for me, gotta scroll down a bit
That's an h3 not a title. Looks like they probably meant: https://trust.anthropic.com/updates, it's still an entry in an h3 (with "Welcome to the Anthropic Trust Center" as the title), but it is at least the most recent update (canonical would stop this being directly linked)
WTF is a "subprocessor"?
They should just be honest and say "data loophole".
It’s basically another party that is used as infrastructure by the company you’re using the services of, who has access to your data, but that sub processor doesn’t need to extend its terms down into the eula. So like if you host databases on aws, they are your sub processor.
It is an important legal concept under the GDPR and other data governance frameworks.