AI services opt-out policies - AWS Organizations

AI services opt-out policies

AWS artificial intelligence (AI) services, such as Amazon Rekognition, Amazon CodeWhisperer, Amazon Transcribe, and Contact Lens for Amazon Connect, might store and use customer content processed by those services for the development and continuous improvement of other AWS services. As an AWS customer, you can opt out of having your content stored or used for service improvements.

Instead of configuring this setting individually for each AWS account that your organization uses, you can configure an organization policy that enforces your setting choice on all accounts that are members of the organization. You can choose to opt out of content storage and use for an individual AI service, or for all of the covered services at once. You can query the effective policy applicable to each account to see the effects of your setting choices.


AWS artificial intelligence (AI) services might need to store your content to provide the services, even if you opt out from AWS using your data for service improvements. For more information, see the documentation for the AI service that you're using.

Considerations when using AI services opt-out policies

Opting out applies to all AWS Regions excluding AWS GovCloud (US)

When you specify an opt in or opt out preference for a service, that setting is global and applied to all AWS Regions excluding the AWS GovCloud (US) Regions. Setting the value from within one AWS Region replicates to all other Regions.

Opting out deletes all of the associated historical content

When you opt out of content use by an AWS AI service, that service deletes all of the associated historical content that was shared with AWS before you set the option. This deletion should be limited to data stored that is not required to provide service functions.

Getting started with AI services opt-out policies

Follow these steps to get started using Artificial Intelligence (AI) services opt-out policies.

For all of these steps, you sign in as an AWS Identity and Access Management (IAM) user, assume an IAM role, or sign in as the root user (not recommended) in the organization's management account.