Skip to contentNew: Does ChatGPT recommend your brand? Free 60-second AI visibility check →
AIAI Prompts
By The DDH Team · Digital Dashboard Hub

SOC 2 Type II Certified LLM Providers in 2026: OpenAI, Anthropic, AWS Bedrock, Azure OpenAI, Google Vertex AI, and Cohere — Real Audits, Real Trade-offs

Nine LLM providers, nine different stories about how SOC 2 Type II maps to a production AI workload. OpenAI publishes a Type II via its Trust portal. Anthropic does the same. AWS Bedrock and Azure OpenAI inherit the hyperscaler audit umbrella. Google Vertex AI rides Google Cloud's SOC reports. Cohere, Mistral, Together AI, and Hugging Face all sit in different places on the certification curve. Sources cited inline, June 2026.

By DDH Research Team at Digital Dashboard HubUpdated

Browse all 40+ free prompt tools

If you are buying an LLM in 2026 and your procurement team is asking for SOC 2 Type II, the right answer is almost never 'yes, here is the certificate' — it is 'yes, here is the latest Type II report from our auditor, here is the observation period it covers, here are the Trust Services Criteria included, and here is the NDA you need to sign to download it.' That distinction matters because Type I means a snapshot of controls on one day; Type II means an independent auditor watched those controls operate for at least three months (typically twelve) and signed off on the operating effectiveness. Before you cut a PO, run the seat math through the AI vendor security questionnaire 2026 checklist so you ask for the right artifacts in the right order.

**OpenAI** publishes its SOC 2 Type II via the OpenAI Trust portal at https://trust.openai.com/ with NDA-gated download. **Anthropic** does the same at https://trust.anthropic.com/ with self-serve access after a brief click-through. **AWS Bedrock** inherits the AWS-wide SOC 2 Type II program documented at https://aws.amazon.com/compliance/soc-faqs/, with Bedrock explicitly in scope. **Azure OpenAI** is covered under the Microsoft Azure SOC reports available via Service Trust Portal at https://servicetrust.microsoft.com/. **Google Vertex AI** is in scope of the Google Cloud SOC 2 Type II at https://cloud.google.com/security/compliance/soc-2. **Cohere** publishes its trust posture at https://cohere.com/security. **Mistral** documents its security program at https://mistral.ai/security. **Together AI** runs a trust center at https://trust.together.ai/. **Hugging Face Inference Endpoints** documents enterprise security posture at https://huggingface.co/security. All certification claims, audit firms, and observation periods in this guide were sourced from those pages as of June 2026.

The rest of this guide breaks down what each provider actually publishes, what the SOC 2 Type II observation period covers, how to request the report without burning a week, and which providers are the easiest sell to a Big Four procurement team. You will get a twelve-row decision matrix, a six-section procurement deep-dive, a five-step playbook for passing your own audit using one of these providers as a sub-processor, and answers to the nine questions your CISO will ask before signing. We also map the GDPR and ISO 27001 angles in GDPR-compliant AI tools 2026 and ISO 27001 certified AI providers.

Digital Dashboard Hub

Compliance reviews ask for prompt receipts. DDH's Saved Prompt Library has them — every version, every branch, exportable to JSON. Built by indie operators who hate spreadsheet evidence too.

Start free 14-day trial — AICHAT30 = 30% off Pro for 3 months.

OpenAI, Anthropic, AWS Bedrock, Azure OpenAI, Google Vertex AI, Cohere — SOC 2 Type II posture, June 2026

Feature
OpenAI
Anthropic
AWS Bedrock
Azure OpenAI
Google Vertex AI
Cohere
Most recent SOC 2 Type II dateReport refreshed annually; latest available via https://trust.openai.com/Report refreshed annually; latest via https://trust.anthropic.com/AWS-wide Type II refreshed semi-annually (April + October cycles)Microsoft Azure Type II refreshed annually; latest via Service Trust PortalGoogle Cloud Type II refreshed annually; latest via https://cloud.google.com/security/compliance/soc-2Report refreshed annually; latest available via https://cohere.com/security
Trust Services Criteria coveredSecurity, Availability, Confidentiality (per Trust portal)Security, Availability, Confidentiality (per Trust portal)Security, Availability, Confidentiality, Processing Integrity, Privacy (full TSC, per AWS SOC FAQ)Security, Availability, Confidentiality, Processing Integrity, Privacy (full TSC, per Service Trust Portal)Security, Availability, Confidentiality (Google Cloud baseline)Security, Availability, Confidentiality (per cohere.com/security)
Audit firmBig Four firm listed in the report cover page (access via Trust portal)Listed in report (access via Trust portal)Ernst & Young (per AWS compliance pages)Listed in report (access via Service Trust Portal)Listed in report (Google Cloud compliance hub)Listed in report (NDA-gated via cohere.com/security)
Observation periodTypically 12 monthsTypically 12 months6 months (semi-annual cadence)Typically 12 monthsTypically 12 monthsTypically 12 months
Report distributionTrust portal, NDA click-throughTrust portal, brief click-throughAWS Artifact (signed-in customers, no separate NDA)Service Trust Portal (signed-in M365 / Azure account)Compliance Reports Manager in Google Cloud consoleOn request via security@ + mutual NDA
Type I report also publishedHistorical Type I superseded by Type IIHistorical Type I superseded by Type IIType II only at AWS-wide levelType II only at Azure-wide levelType II only at Google Cloud levelType I previously published; Type II is current artifact
ISO 27001 also heldYes (per https://trust.openai.com/)Yes (per https://trust.anthropic.com/)Yes — ISO 27001, 27017, 27018 (per AWS compliance hub)Yes — ISO 27001, 27017, 27018, 27701 (per Microsoft Trust Center)Yes — ISO 27001, 27017, 27018, 27701 (per cloud.google.com/security/compliance)Yes — ISO 27001 (per cohere.com/security)
HIPAA BAA optionYes on Enterprise / API with HIPAA addendum (per OpenAI Trust portal)Yes on Claude for Work / API (per Anthropic Trust portal)Yes — AWS BAA covers Bedrock as a HIPAA-eligible serviceYes — Microsoft BAA covers Azure OpenAI as a HIPAA-eligible serviceYes — Google Cloud BAA covers Vertex AI as a HIPAA-covered serviceAvailable on enterprise contract; confirm in writing
Sub-processor list URLhttps://openai.com/policies/sub-processor-listhttps://www.anthropic.com/legal/subprocessorshttps://aws.amazon.com/compliance/sub-processors/https://www.microsoft.com/licensing/docs/view/Subprocessor-Listhttps://cloud.google.com/terms/subprocessorshttps://cohere.com/security (request via legal team)
Next audit cycleAnnual refresh; bridge letter typically issued mid-cycleAnnual refresh; bridge letter typically issued mid-cycleSemi-annual (Apr + Oct windows)Annual refresh; rolling bridge lettersAnnual refresh; bridge letters availableAnnual refresh; bridge letter on request
Continuous compliance toolingDrata / Vanta integration via Trust portal API where availableDrata / Vanta evidence sharing supportedAWS Audit Manager + Vanta / Drata native integrationsMicrosoft Purview Compliance Manager + Vanta / Drata integrationsGoogle Cloud Compliance Reports Manager + Vanta / Drata integrationsDrata / Vanta evidence sharing on request
Best fitMid-market and enterprise teams comfortable with NDA-gated reportsTeams that want the fastest self-serve SOC 2 download in the categoryRegulated enterprises already standardized on AWSRegulated enterprises already on Microsoft 365 + AzureRegulated enterprises on Google Workspace + GCPBuyers needing a non-hyperscaler LLM with a clean SOC 2 trail

Sources as of June 2026 — verify before procurement: https://trust.openai.com/, https://trust.anthropic.com/, https://aws.amazon.com/compliance/soc-faqs/, https://servicetrust.microsoft.com/, https://cloud.google.com/security/compliance/soc-2, https://cohere.com/security, https://mistral.ai/security, https://trust.together.ai/, https://huggingface.co/security. Compliance posture changes — confirm the latest report date and TSC coverage in writing before any procurement decision.

What each LLM provider actually publishes (and the marketing copy to ignore)

**OpenAI** runs a full Trust portal at https://trust.openai.com/ that lists SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, ISO 27701, GDPR, and CCPA. The Type II report is gated by an NDA click-through and a corporate email check — most procurement teams can complete the access flow in under thirty minutes. The portal also exposes the sub-processor list at https://openai.com/policies/sub-processor-list and the data processing addendum. The marketing claim to ignore is 'enterprise-grade security' as a standalone phrase; the artifact you want is the dated SOC 2 Type II report with the auditor's opinion letter, not a logo grid.

**Anthropic** publishes the equivalent at https://trust.anthropic.com/, with a similarly fast path to SOC 2 Type II, ISO 27001, and the standard GDPR DPA. Anthropic's Trust portal is generally considered the cleanest self-serve experience among foundation model labs in 2026 — most evaluators report a same-day download for the Type II. The sub-processor list lives at https://www.anthropic.com/legal/subprocessors and is updated when material changes occur. As with OpenAI, the marketing claim to discount is 'safe by design' — what you actually verify is the audit firm's opinion and the observation period stated on the report cover.

**AWS Bedrock** does not have its own SOC 2 — it inherits the AWS-wide SOC 2 Type II program documented at https://aws.amazon.com/compliance/soc-faqs/. Bedrock is explicitly listed as 'in scope' of the AWS SOC reports, which is the important detail. AWS refreshes its SOC reports on a semi-annual cycle (April and October), and the reports are downloadable from AWS Artifact inside your AWS console without a separate NDA. The trade-off is that you are buying into the AWS shared-responsibility model — controls below the hypervisor are inherited, controls above are yours.

**Azure OpenAI Service** sits inside the Microsoft Azure compliance umbrella. SOC reports are accessible via the Service Trust Portal at https://servicetrust.microsoft.com/ with a Microsoft account and the appropriate organizational role. Azure publishes both a SOC 2 Type II and a SOC 3 (the public-facing summary). Coverage spans all five Trust Services Criteria — Security, Availability, Confidentiality, Processing Integrity, and Privacy — which is broader than what most pure-play model labs publish. Azure OpenAI is listed in the in-scope services document.

**Google Vertex AI** rides the Google Cloud SOC 2 Type II at https://cloud.google.com/security/compliance/soc-2. The report is available via the Compliance Reports Manager in the Google Cloud console without a separate NDA workflow. Vertex AI is listed in scope. Google publishes ISO 27001, 27017, 27018, 27701, and the EU Cloud Code of Conduct alongside the SOC reports, which is useful when you need to satisfy multiple parallel security frameworks in one procurement cycle.

**Cohere** publishes its security posture at https://cohere.com/security including SOC 2 Type II and ISO 27001. The report is NDA-gated and typically delivered within a few business days of request. **Mistral** documents controls at https://mistral.ai/security with SOC 2 Type II audited by an EU-based firm and ISO 27001 in progress as of June 2026. **Together AI** runs a trust center at https://trust.together.ai/ with SOC 2 Type II and HIPAA attestations available on request. **Hugging Face** publishes Inference Endpoints security posture at https://huggingface.co/security, with SOC 2 Type II covering the Enterprise Hub and Inference Endpoints products. The marketing copy to discount across all four: 'we take security seriously' as a tagline. The artifact you verify is the dated report and the in-scope service list.

Type I vs Type II, the Trust Services Criteria, and what the observation period actually buys you

SOC 2 Type I is a point-in-time snapshot — an auditor describes the system and tests the design of controls on a single day. SOC 2 Type II adds the part procurement teams actually care about: the auditor tests the operating effectiveness of those controls over a defined observation period, almost always three to twelve months. A Type I report tells you the vendor wrote down the right controls. A Type II report tells you the vendor actually ran them, and that an independent CPA firm watched. Per the AICPA's official SOC framework documented at https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2, Type II is the artifact that maps to a real production trust decision; Type I is a developmental milestone.

The five Trust Services Criteria — Security, Availability, Confidentiality, Processing Integrity, and Privacy — are scoped per audit. Security is mandatory in any SOC 2; the other four are optional and the vendor chooses which to include based on what they sell. For LLM providers, Security plus Availability plus Confidentiality is the practical minimum, because you are paying for an always-on inference endpoint that processes sensitive prompts. Processing Integrity matters more when the output drives an automated decision pipeline (RAG retrieval ordering, function calling). Privacy matters when you process personal data — which, given that customers often paste PII into prompts, is most enterprise LLM deployments.

The hyperscalers — AWS, Azure, Google — typically cover all five Trust Services Criteria in their SOC 2 Type II reports because they have to: their platforms underpin everything from healthcare claims processing to ad measurement. The pure-play model labs (OpenAI, Anthropic, Cohere, Mistral) generally cover Security, Availability, and Confidentiality and add Processing Integrity or Privacy as their enterprise business matures. The right question in vendor diligence is not 'do you have SOC 2 Type II' — it is 'which TSC does your Type II cover, and does it include the criteria that map to my use case.'

Observation period is the underrated detail. A twelve-month observation period is the gold standard; nine months is acceptable; anything below six months is a red flag in 2026 unless the vendor is brand new and explicitly transitioning from Type I. When you read a Type II report, the cover page lists the dates — typically 'for the period October 1, 2024 through September 30, 2025' or similar. If the report you receive is dated 'as of' a single day, you have been handed a Type I and the vendor is hoping you do not notice.

Bridge letters cover the gap between the end of the audit period and today. If a vendor's most recent Type II covers through September 2025 and you are evaluating in June 2026, ask for a bridge letter — a short attestation from management (sometimes co-signed by the auditor) confirming that no material changes to the control environment occurred between the end of the audit period and the date of the letter. Reputable vendors issue bridge letters on request; if the vendor cannot produce one, treat that as a control gap signal, not a paperwork delay.

Continuous compliance platforms — Drata at https://drata.com/ and Vanta at https://www.vanta.com/ are the category leaders — automate the evidence collection that backs SOC 2 audits. Almost every modern LLM provider on this list uses one of them internally. When you are the customer doing your own SOC 2 with one of these providers as a sub-processor, ask whether they will share automated evidence via Drata or Vanta's evidence-exchange APIs. That capability can compress your own audit cycle by weeks.

How to actually request the SOC 2 report from each provider in 2026

**OpenAI** — start at https://trust.openai.com/, click into the SOC 2 Type II resource, click through the NDA, and submit your corporate email. Approval is usually automated within an hour for verified business domains; PDFs of the Type II report, the bridge letter, and the SOC 3 summary are then accessible via the same portal. Plan on thirty minutes total for a procurement analyst who has done this before. If you need the report distributed under your own corporate NDA rather than OpenAI's, escalate through your account executive — this adds 5 to 10 business days.

**Anthropic** — at https://trust.anthropic.com/ the flow is similar but generally faster, with a brief acknowledgment click instead of a longer NDA workflow. The Type II report, ISO 27001 certificate, GDPR DPA, sub-processor list, and security whitepaper are all available in the same hub. Most procurement teams report a same-day end-to-end download. As with OpenAI, custom NDA workflows are possible but add lead time — use Anthropic's standard NDA unless your legal team has a strict reason not to.

**AWS Bedrock** — log into your AWS console, navigate to AWS Artifact, accept the AWS Customer Agreement (or your existing enterprise agreement), and download the AWS SOC 2 Type II report directly. There is no separate NDA because the AWS customer agreement covers confidentiality. The report is several hundred pages; the parts relevant to a Bedrock deployment are the sections labeling Bedrock as in-scope and the underlying compute, storage, and IAM controls. AWS Artifact is documented at https://aws.amazon.com/artifact/.

**Azure OpenAI** — sign into the Service Trust Portal at https://servicetrust.microsoft.com/ with a Microsoft Entra account that has the Service Trust Portal access role. Navigate to SOC reports, filter by Azure, and download the SOC 2 Type II plus the SOC 3 summary. Microsoft's portal also lets you generate a one-page in-scope service matrix that maps Azure OpenAI to specific controls — extremely useful for procurement teams who do not want to read 400 pages of report. Service Trust Portal is documented at https://learn.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal.

**Google Vertex AI** — open the Compliance Reports Manager inside the Google Cloud console under Security & Compliance, locate the Google Cloud SOC 2 Type II, and download. No separate NDA workflow is required. Vertex AI is listed in the in-scope services. Google's compliance hub at https://cloud.google.com/security/compliance is the master index, and the EU-specific Cloud Code of Conduct attestation is downloadable from the same place — useful for EU data residency conversations.

**Cohere, Mistral, Together AI, Hugging Face** — these follow the email-and-NDA pattern. Email the security or trust contact listed on the trust page (security@cohere.com, security@mistral.ai, the trust.together.ai contact form, security@huggingface.co), state that you are evaluating their service for production use, request the latest SOC 2 Type II under mutual NDA, and provide your corporate domain. Typical turnaround is 2 to 5 business days for the report, 5 to 10 business days if you insist on negotiating bespoke NDA terms. For high-volume procurement cycles, agree to the vendor's standard NDA — the time saved is real, and the terms are almost always boilerplate.

Sub-processors, data residency, and the parts of SOC 2 that the report does not answer

SOC 2 is an attestation about the vendor's own control environment. It does not, by itself, tell you which sub-processors that vendor uses, where your data sits geographically, or whether the vendor trains models on your prompts. Those questions live in the data processing addendum, the sub-processor list, and the published data usage policy — three separate documents you need to read alongside the Type II report. The combined picture is what your CISO actually evaluates.

**OpenAI** publishes its sub-processor list at https://openai.com/policies/sub-processor-list, including Microsoft Azure as the primary infrastructure provider, plus auxiliary processors for analytics, support, and observability. The data processing addendum confirms that API and Enterprise data are not used to train OpenAI models by default — confirm the latest text at https://openai.com/policies/data-processing-addendum before signing. Data residency: US is default; EU residency is available on Enterprise contracts as of June 2026.

**Anthropic** publishes its sub-processor list at https://www.anthropic.com/legal/subprocessors. Primary infrastructure runs on AWS and Google Cloud. The Claude for Work commercial DPA explicitly states that customer prompts and completions are not used to train Claude models — verify current language at https://www.anthropic.com/legal. Data residency: US default; EU residency available on enterprise tiers; further regional expansion is on the public roadmap.

**AWS Bedrock, Azure OpenAI, Google Vertex AI** are different — when you use a hyperscaler's managed LLM service, the hyperscaler is both the LLM provider and the cloud infrastructure provider, which collapses the sub-processor chain. For AWS Bedrock, the sub-processor list at https://aws.amazon.com/compliance/sub-processors/ applies. Azure's list lives at https://www.microsoft.com/licensing/docs/view/Subprocessor-List. Google's at https://cloud.google.com/terms/subprocessors. Data residency is configurable by region in the console; for regulated workloads, pin the model endpoint to a specific region and document it in your data flow diagram.

**Cohere, Mistral, Together AI, Hugging Face** each publish sub-processor lists on request or via their trust pages. Mistral's EU origin and EU-based data centers make it a notable option for buyers who need to keep inference physically in the EU under contract — confirm at https://mistral.ai/security. Hugging Face Inference Endpoints supports deployment into specific AWS or Azure regions you choose, which gives you per-workload control over residency — documented at https://huggingface.co/docs/inference-endpoints.

The practical rule for sub-processor management in 2026: get the list, set up a quarterly review with your DPO or privacy counsel, and subscribe to the vendor's sub-processor change notification (most vendors publish a mailing list or RSS feed for changes). When a new sub-processor is added, you typically have 30 days to object under standard EU DPA terms. If your procurement team treats SOC 2 as a one-and-done check rather than the start of an ongoing sub-processor monitoring relationship, you will fail your own audit eighteen months later when the regulator asks how you knew Vendor X added Subprocessor Y.

Continuous compliance with Drata and Vanta, and what that means for your LLM vendor

Drata at https://drata.com/ and Vanta at https://www.vanta.com/ dominate the continuous compliance category in 2026. Both platforms automate evidence collection across cloud accounts, identity providers, code repositories, ticketing systems, and HR systems, then map that evidence to SOC 2, ISO 27001, HIPAA, PCI, and GDPR control frameworks. The result is that SOC 2 audits are no longer manual evidence scrambles every twelve months — they are quarterly check-ins against a continuously updated control library.

Every major LLM provider on this list uses one of those platforms internally, which is why their audit cycles are predictable and their bridge letters are quick to produce. More importantly, both Drata and Vanta have built vendor risk management modules that let you ingest a vendor's SOC 2 report (and the bridge letter, and the sub-processor list) directly into your own compliance dashboard. If you are running Drata or Vanta yourself, ask your account team whether your LLM vendor is already integrated — for OpenAI, Anthropic, AWS, Azure, Google, and Cohere, the answer is almost always yes as of June 2026.

What that integration buys you operationally: when your LLM vendor refreshes their SOC 2 Type II report, your VRM tool automatically pulls the new artifact, flags any changes in scope, and updates your vendor risk score without a human in the loop. When the vendor adds a sub-processor, you get a notification. When the bridge letter date expires, you get a follow-up. This is the difference between a security program that survives a regulator visit and one that does not.

If you are not yet running Drata or Vanta, the entry point in 2026 is roughly $20,000 to $40,000 per year for a small-to-mid-market deployment, with the price scaling on number of integrations and number of frameworks. Compare that against the loaded cost of one full-time compliance engineer (typically $150,000 to $200,000) and the math is straightforward for most companies above 50 employees. For solo founders and 5-person startups, manual evidence collection plus a service like Sprinto or Secureframe at the lower end of the price band is more proportional.

There is a second-order effect worth flagging: when your LLM vendor publishes via Drata or Vanta's trust-exchange API, you can short-circuit your security questionnaire. Instead of sending the vendor a 300-question Excel and waiting six weeks, you grant their trust portal access to your VRM tool and the questions auto-populate against the vendor's machine-readable evidence. For high-volume procurement teams evaluating five LLM providers in parallel, this can compress evaluation from quarters to weeks. Verify the integration is live for your specific vendor before relying on it — coverage is growing fast but not universal.

The honest caveat: continuous compliance tools do not replace human judgment on edge cases. If your LLM workload involves PHI, biometrics, financial transaction data, or anything else that triggers sector-specific regulation, the automated evidence is necessary but not sufficient. Get counsel involved, get the BAA or equivalent written agreement, and document your residual risk in your own risk register. The tooling speeds the paperwork; it does not absolve the underwriting decision.

The opinionated 2026 pick: which SOC 2 posture to buy for which workload

If you are a regulated enterprise already running on AWS, the right LLM provider is **Bedrock**. The SOC 2 inheritance from the AWS-wide audit is the simplest procurement story available, the HIPAA BAA is already in your master agreement, and you avoid adding a new vendor relationship entirely. The trade-off is model choice — Bedrock hosts Claude, Llama, Mistral, Cohere, Amazon Nova, and others, but you do not get GPT-5 there. If GPT-5 is non-negotiable for your workload, you need Azure OpenAI or direct OpenAI. Verify current Bedrock model availability at https://aws.amazon.com/bedrock/.

If you are a Microsoft 365 shop with a Microsoft enterprise agreement already in place, **Azure OpenAI** is the procurement path of least resistance. The Service Trust Portal access, the unified BAA, the consistent identity model via Microsoft Entra, and the ability to pin GPT-5 to a specific Azure region are all material advantages for regulated enterprises. The trade-off is that Azure OpenAI lags direct OpenAI by weeks to months on the newest model releases — if you need GPT-5 the week it ships, direct OpenAI is faster.

If your workload is heavy on Google Workspace, Looker, and BigQuery, **Google Vertex AI** is the obvious choice. Vertex AI hosts Gemini, Claude, Llama, and a growing list of partner models. The SOC 2 inheritance from Google Cloud is clean, the BAA covers Vertex AI, and Compliance Reports Manager makes the audit artifacts easy to pull. The trade-off is the same hyperscaler-lag problem — partner model availability sometimes trails the model lab's direct API.

If you want a foundation model lab directly and need the cleanest enterprise procurement story among the labs, **Anthropic** is the call in 2026. The self-serve Trust portal is the fastest in the category, the Claude for Work DPA is straightforward, and the no-training-on-customer-data commitment is unambiguous. **OpenAI** is the close second, with a slightly heavier NDA workflow but a deeper enterprise sales motion if you need bespoke contract terms. If GPT-5 is the model you need, OpenAI direct is the answer.

If you are buying for an EU regulated workload and you want a non-US LLM provider with an EU SOC 2 audit and EU data residency by default, **Mistral** is the answer. The EU origin, EU-based infrastructure, and EU-audited SOC 2 program combine into a procurement story that is materially easier with German data protection authorities, French CNIL, and Italian Garante than any US-origin vendor. Verify the latest at https://mistral.ai/security and confirm the specific datacenter regions in your contract.

If your workload is genuinely sensitive — PHI, sealed financial transactions, classified material — none of these SaaS LLM options is the right answer. Self-hosted Llama, Mistral, or Mixtral on hardware you control, in a network you control, with audit logs you generate, is the only architecture that satisfies the strictest regulator conversations. SOC 2 from your LLM vendor is a starting point for most enterprise workloads in 2026, but the highest-trust workloads still require running the model on-prem or in a sovereign cloud you control. Map the HIPAA-compliant AI tools for healthcare guide for the healthcare-specific decision tree.

How to pass your own SOC 2 audit using one of these LLM providers as a sub-processor

  1. 1

    Step 1: Request the latest SOC 2 Type II, bridge letter, and sub-processor list

    Before you write the first line of code, request three artifacts from each LLM vendor you are evaluating: the most recent SOC 2 Type II report, a current bridge letter covering the gap from the report's end date to today, and the sub-processor list with last-updated date. For OpenAI use https://trust.openai.com/, for Anthropic use https://trust.anthropic.com/, for AWS use AWS Artifact, for Azure use the Service Trust Portal, for Google use Compliance Reports Manager, for Cohere use https://cohere.com/security. Store the artifacts in your VRM tool with the date received, the auditor name, the observation period, and the TSC coverage tagged as searchable metadata. Set a recurring 90-day reminder to re-pull. If a vendor cannot produce a bridge letter, treat that as a control gap signal and escalate.

  2. 2

    Step 2: Map the LLM vendor's controls to your in-scope controls

    Open your own SOC 2 control matrix and map each LLM-vendor-managed control to the matching row in your matrix. For inherited controls — physical security, hypervisor isolation, hyperscaler-managed encryption at rest — record the inheritance and cite the vendor's report. For shared controls — IAM, network segmentation, application logging — document the boundary clearly: which controls the vendor runs and which controls you run. The most common audit failure in 2026 is not that the LLM vendor lacks SOC 2 — it is that the customer fails to document the shared-responsibility boundary clearly enough for their own auditor to follow. Use the AWS, Azure, or Google shared responsibility model document as a template if you are on a hyperscaler-hosted LLM.

  3. 3

    Step 3: Document the data flow with classification at every hop

    Draw the data flow diagram from end-user input through your application, into the LLM API, into any RAG retrieval store, and back. At every hop, label the data classification — public, internal, confidential, PII, PHI, or other regulated categories. For each PII or PHI hop, document the legal basis (consent, contract, legitimate interest, BAA coverage). This diagram is the single most useful artifact in your own SOC 2 audit because it forces clarity on what the LLM sees, what it stores in logs, what training the vendor commits not to do, and what happens to the data on the way back. Refresh the diagram every time the architecture changes, not every twelve months — auditors notice when the diagram is stale.

  4. 4

    Step 4: Configure logging, retention, and exception monitoring on the LLM endpoint

    SOC 2 requires evidence that your controls actually run. For your LLM workload, this means logging every API call with the request hash, the response hash, the user identifier, the timestamp, and the model name; retaining those logs per your policy (typically one year minimum); and monitoring for anomalies — unusual prompt volumes, jailbreak attempts, output containing potential PII leakage. Use the vendor's native logging where available (OpenAI usage logs, Anthropic audit logs, AWS CloudTrail for Bedrock, Azure Monitor for Azure OpenAI, Cloud Logging for Vertex AI). Pipe everything into your SIEM. If you cannot show your auditor twelve months of LLM API logs with anomaly review evidence, you do not have an operating control — you have a written policy.

  5. 5

    Step 5: Schedule the recurring vendor review with a hard date

    Put a recurring calendar invite on your compliance lead's calendar for every 90 days: pull the latest SOC 2 report or bridge letter from each LLM vendor, re-check the sub-processor list against your approved list, re-validate the data residency commitment in writing, and document the review in your VRM tool. Tie the calendar invite to a Jira or Linear ticket that requires evidence upload to close. The auditors who are doing real work in 2026 are not asking 'do you have SOC 2 from your vendor' — they are asking 'show me the last four quarterly reviews you ran against that vendor and the resulting risk-register entries.' If you can produce those four reviews with timestamps, you will pass. If you cannot, the SOC 2 logo on the vendor's website will not save you.

Digital Dashboard Hub

Compliance asks: what prompt was running on what model on what date? DDH's Saved Prompt Library answers — exportable, versioned, no scramble.

Try DDH's AI Prompt Builder — free 14 days, no card. AICHAT30 = 30% off Pro.

Related across AI Prompts Hub

Continue your research on adjacent topics — calculators, rate limits, head-to-head comparisons, and guides.

Related prompt tools

GDPR-compliant AI tools in 2026ISO 27001 certified AI providersHIPAA-compliant AI tools for healthcareAI vendor security questionnaire 2026

Frequently Asked Questions

What is the difference between SOC 2 Type I and SOC 2 Type II for an LLM vendor?

Type I is a point-in-time snapshot: the auditor describes the system and tests the design of controls on a single day. Type II tests the operating effectiveness of those controls over an observation period, typically three to twelve months. Type II is the artifact procurement teams actually want, because it confirms the vendor not only wrote the right controls but ran them while an independent CPA firm watched. As of June 2026, every credible enterprise LLM vendor — OpenAI per https://trust.openai.com/, Anthropic per https://trust.anthropic.com/, AWS Bedrock per https://aws.amazon.com/compliance/soc-faqs/, Azure OpenAI, Google Vertex AI, and Cohere — publishes a SOC 2 Type II. A Type I-only report from a vendor pitching themselves as enterprise-ready in 2026 is a yellow flag worth escalating.

Which Trust Services Criteria should I require in a SOC 2 Type II for an LLM provider?

At minimum: Security, Availability, and Confidentiality. Security is mandatory in any SOC 2 audit. Availability matters because you are buying a production inference endpoint. Confidentiality matters because customer prompts often contain proprietary or sensitive data. Add Processing Integrity if your workload uses the LLM in an automated decision pipeline (RAG ordering, function calling, agentic workflows). Add Privacy if you process personal data, which most enterprise LLM deployments do because users paste PII into prompts whether the policy allows it or not. The hyperscalers (AWS, Azure, Google) cover all five TSC in their reports; the pure-play labs (OpenAI, Anthropic, Cohere) typically cover three. Verify the cover page of the report you receive — the TSC list is stated explicitly.

How do I actually request the OpenAI SOC 2 Type II report?

Go to https://trust.openai.com/, locate the SOC 2 Type II resource, complete the NDA click-through using a verified corporate email, and submit. Approval is typically automated within an hour for business domains. The PDF — typically 200 to 400 pages — is then downloadable from the same portal, along with the SOC 3 summary, ISO 27001 certificate, sub-processor list, and data processing addendum. If your legal team requires the report distributed under your own corporate NDA rather than OpenAI's standard, route the request through your OpenAI account executive; this adds 5 to 10 business days. For the vast majority of procurement workflows, OpenAI's standard NDA is acceptable boilerplate and switching adds delay without adding protection.

Does AWS Bedrock have its own SOC 2 or does it inherit from AWS?

Bedrock inherits the AWS-wide SOC 2 Type II program documented at https://aws.amazon.com/compliance/soc-faqs/ and is explicitly listed in the in-scope services document. AWS refreshes its SOC reports on a semi-annual cycle (typically April and October), and the reports are downloadable from AWS Artifact inside your AWS console without a separate NDA workflow. The audit firm has historically been Ernst & Young. The trade-off of the inheritance model is that you are buying the AWS shared responsibility model — controls below the hypervisor are inherited from AWS, controls above the hypervisor (IAM configuration, key management policies, model selection, prompt logging) are yours. Document the boundary explicitly in your own audit working papers.

Is Azure OpenAI's SOC 2 inherited from Azure or separate?

Azure OpenAI is in scope of the Microsoft Azure SOC 2 Type II report, accessible via the Service Trust Portal at https://servicetrust.microsoft.com/. Microsoft publishes both SOC 2 Type II and SOC 3 (the public-facing summary) covering all five Trust Services Criteria. Azure OpenAI is listed in the in-scope services matrix. The integration with Microsoft Purview Compliance Manager lets you generate a tailored compliance assessment for Azure OpenAI specifically, mapping controls to your own framework. The practical advantage of Azure OpenAI for compliance-heavy buyers is the single Microsoft enterprise agreement covering Azure infrastructure, Microsoft 365, Entra identity, and Azure OpenAI under one BAA and one SOC 2 — fewer vendor relationships, fewer paperwork cycles.

How long is the SOC 2 Type II observation period and what is a bridge letter?

The standard observation period for a mature SOC 2 Type II is twelve months. Nine months is acceptable for vendors transitioning from Type I to Type II. Anything below six months is a red flag unless explicitly documented as a Type II first-issuance. The cover page of the report states the period — for example 'October 1, 2024 through September 30, 2025.' A bridge letter is a short attestation from management (sometimes co-signed by the auditor) confirming that no material changes occurred to the control environment between the end of the audit period and the date of the letter. Reputable vendors issue bridge letters on request within a few business days. If a vendor cannot produce a bridge letter when their last Type II is more than three months old, treat that as a control gap and escalate.

How do continuous compliance platforms like Drata and Vanta change LLM vendor diligence?

Drata at https://drata.com/ and Vanta at https://www.vanta.com/ automate evidence collection for SOC 2, ISO 27001, HIPAA, and other frameworks. Every major LLM provider on this list uses one of those platforms internally, which is why their audit cycles are predictable and their bridge letters are fast. If you run Drata or Vanta on your side, you can ingest a vendor's machine-readable trust evidence directly into your vendor risk module, compressing the security questionnaire cycle from six weeks to under a week. Coverage in 2026 includes OpenAI, Anthropic, AWS, Azure, Google Cloud, and Cohere as standard integrations. Verify with your account team whether your specific vendor and your specific framework combination is supported before relying on the integration.

Do OpenAI, Anthropic, and the hyperscaler LLMs train on my customer data?

Not by default for enterprise and API use. OpenAI's API and Enterprise data are not used to train OpenAI models per the data processing addendum at https://openai.com/policies/data-processing-addendum. Anthropic's Claude for Work and API commercial DPA explicitly excludes customer prompts and completions from training data per https://www.anthropic.com/legal. AWS Bedrock, Azure OpenAI, and Google Vertex AI all contractually exclude customer inputs from model training in their managed LLM service terms — verify the specific language at https://aws.amazon.com/bedrock/, https://learn.microsoft.com/azure/ai-services/openai/, and https://cloud.google.com/vertex-ai. Free-tier consumer products (ChatGPT Free, Claude.ai Free, Gemini consumer) often have different defaults. Always read the data policy for the specific tier you are actually buying.

What is the cheapest credible compliant LLM stack for a regulated SMB in 2026?

For a regulated SMB without existing hyperscaler commitments, the cheapest credible compliant stack in 2026 is Anthropic's Claude API direct with the Claude for Work DPA, paired with continuous compliance tooling like Sprinto or Vanta at the entry tier. Anthropic's self-serve SOC 2 download at https://trust.anthropic.com/ is the lowest-friction enterprise procurement experience in the category, and Claude's per-token pricing is competitive for low-to-mid volume workloads. For SMBs already on AWS or Azure, Bedrock or Azure OpenAI win on the simpler procurement story even if per-token pricing is slightly higher. Avoid OpenAI's ChatGPT Free or Claude.ai Free consumer tiers for any regulated workload — the data policies differ from the API tiers and the SOC 2 scope does not always cover consumer products the same way.

You now know which LLM providers actually publish a usable SOC 2 Type II. Now make every prompt your AI tools run actually hit.

AI Prompt Generator builds production-ready system prompts that work across ChatGPT, Claude, Gemini, Bedrock, Azure OpenAI, Vertex AI, and every other compliant LLM in this article — so your security review, compliance documentation, and audit evidence get sharper data, not generic AI fluff. Stop tweaking prompts by hand and start shipping prompts that drive measurable lift. 14-day free trial, no credit card required.

Browse all prompt tools →