Citation-Ready Battle Card
When your risk committee asks, “Can we use frontier AI without losing control of our data?”, this is the evidence pack you put on the table.
This definitive artefact maps & compares the actual deployment routes behind enterprise AI inference: AWS Bedrock, Azure Foundry, Google Vertex, and direct model-provider APIs — with every assertion traceable to a primary source, every caveat exposed, and every architectural tradeoff made explicit. The level of clarity expected by enterprise architects, CISOs, DPOs, and legal counsel before critical AI decisions are made.
The trust objection
Read this artefact as an approval-room argument: validate the fear, i.e., will our data train the model, leave the region, or disappear from audit?
The reframing
Do not compare model brands. Compare deployment routes of key hyperscalers serving these models.
The evidence
49 claims · 67 monitored primary sources · exact citation reveals. Every claim opens to the source quote behind it.
The handoff
Route sections, understand the hyperscaler ecosystem, navigate regulatory anchors, and a verification checklist.
Artefacts 01 and 02 render from approved canonical files. The evidence backend checks source movement and quote position, records human decisions, and promotes only approved repairs back into the public bundle.
Canonical promoted: 5/30/2026 · Public pages remain file-based, not live database-rendered.
- Canonical version
- v0.2
- Canonical sources
- 67
- Human decisions
- 87
- Promoted repairs
- 2
Trust Question
The decision is not only about model capability. It is about whether prompts, completions, logs, routing, and review evidence remain governable for the chosen deployment route.
Do not evaluate frontier AI as a brand-level trust question. Evaluate the inference route, the control plane around it, and the evidence your review team can inspect.
AWS Bedrock Route
Managed-service boundaries, logging, and residency scope
Present the strongest Bedrock-specific evidence without implying it applies to every route for the same models.
Bedrock gives a familiar hyperscaler control-plane story, but cross-region inference and explicit logging choices still need route-specific review.
Inference venue
Model calls are served through the Amazon Bedrock managed-service route; cross-region inference determines which AWS Regions may process the request.
Data use / training
Bedrock inputs and outputs are not used to train or improve Amazon or third-party base models, and model providers do not access customer prompts or completions.
Network / audit boundary
PrivateLink can keep traffic off the public internet, and CloudTrail captures Bedrock API calls.
Logging / caveats
CloudTrail captures Bedrock API calls, while model invocation logging is customer-enabled and may capture inputs and outputs when switched on.
Microsoft Azure / Foundry Route
Models sold by Azure versus partner-hosted routes
Distinguish models sold directly by Azure from partner or Anthropic-hosted routes.
Azure is strong for Azure-sold models, but Foundry-Claude is architecturally different and should not be treated as a normal Azure-hosted route.
Inference venue
Azure OpenAI model calls use Microsoft's Azure route, while Claude in Microsoft Foundry is Anthropic-hosted and managed.
Azure-sold models
For models sold directly by Azure, prompts and completions are not available to OpenAI or other model providers and are not used to train base models.
Deployment geography
Global, Data Zone, and regional deployment types carry different processing-location behaviour.
Logs / asymmetry
Azure logging and private access can support review, but Foundry-Claude carries a separate processor and hosting posture.
One thing before your download.
Continue into Google Cloud, direct API routes, the regulatory frame, and the architecture-review checklist.
49 canonical claims · 67 primary sources · Refreshed 2026-05-30 · No account required
Google Cloud / Vertex / Gemini Route
Endpoint-specific commitments and Google Cloud controls
Present Google Cloud route evidence while keeping endpoint, feature, and route boundaries explicit.
Vertex/Gemini offers strong Google Cloud controls, but endpoint, feature, and partner-model boundaries decide how far each assurance travels.
Inference venue
Gemini calls are served through Vertex AI / Google Cloud endpoints; partner-model routes need separate review because the provider boundary may differ.
Data use / training
Google Cloud service terms state that Customer Data is not used to train or fine-tune AI/ML models without customer permission or instruction.
Residency / endpoints
Google's ML processing-region commitments are endpoint-specific; use them as inference-location evidence only where the documented endpoint and model match.
Audit / access visibility
Cloud Audit Logs and Access Transparency can support review, but Data Access logs and Access Transparency depend on configuration and eligibility.
Network boundary
Private Service Connect can keep API traffic on Google's internal network, but route-specific model boundaries still matter.
Direct API Comparison
Direct provider routes, retention defaults, and ZDR caveats
Contrast direct model-provider routes without implying direct APIs are categorically unsafe.
Direct provider APIs can be viable, but trust posture depends heavily on each provider's retention, ZDR, DPA, and residency defaults.
Inference venue
Inference is served through each model provider's direct API route rather than through a hyperscaler-managed service perimeter.
Training defaults
OpenAI, Anthropic, Gemini paid services, and Mistral documented plans each define different training and opt-in positions.
Retention / ZDR
Zero Data Retention and storage limits are provider-specific, often requiring approval, configuration, or feature-level exceptions.
DPA / residency
Direct-route legal confidence depends on provider DPAs, paid-service terms, residency behaviour, and route-specific eligibility.
Business/API routes are not consumer routes. ZDR eligibility is not the same as active ZDR. Direct Anthropic API currently carries a direct-API residency caveat in the ledger. OpenAI Compliance Platform logging is not a general API logging guarantee.
Regulatory Frame
Regulatory anchors, not compliance conclusions
Use GDPR, EU AI Act, DORA, and NIST as anchors, not as legal conclusions.
Verification Checklist
Architecture-review handoff
Turn the Battle Card into an architecture-review handoff.
“The strength of this artefact is not that it makes the decision for you. It makes the reviewable parts explicit.”
If this was useful, take the next evidence layer with you.
These artefacts use the same Rekhaa trust logic: turn the concern into a reviewable route, diagram, or matrix your internal team can work with.
Provider Trust Matrix
Compare hyperscaler and model-provider trust controls side by side.
Data Flow Diagram
Show where the inference path crosses application, network, and provider boundaries.
EU AI Act Note
Frame classification and obligations without treating provider route as the whole answer.