Amazon Nova is Amazon's own family of foundation models for text, image/video understanding, document analysis, agents, tool use, and speech.
Nova is used via Amazon Bedrock APIs, in particular InvokeModel, InvokeModelWithResponseStream, Converse, ConverseStream, and, for Sonic, via bidirectional streaming.
Amazon Nova API
LLM “frontier intelligence” - “industry-leading price-performance”
Location: USA ⓘ For AWS in general, officially documented, among others, is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, U.S.A.
Flex / Priority / Reserved Tiers Bedrock supports different service tiers to manage cost, availability, latency, and throughput.
Batch Inference Asynchronous processing of larger workloads; according to AWS, cheaper than On-Demand for selected models.
Provisioned Throughput Reserved capacity for higher or predictable throughput; required for certain custom or production scenarios.
Fine-Tuning / Custom Models Customization using your own training/validation data; use of individual models typically via provisioned capacity.
Guardrails / Knowledge Bases / Agents / Prompt Routing Additional Bedrock features for security, RAG, agent orchestration, model routing, and governance.
Target audience
Amazon Nova API is aimed at developers, AWS teams, start-ups, agencies, SMEs, enterprise IT, data/AI teams, and organizations that want to integrate generative AI directly into AWS-native applications. Nova is particularly well suited for companies that already use AWS for identity, data storage, logging, security, governance, or application operations.
Outstanding features
Outstanding features include deep Bedrock integration, multiple API access options, multimodality, agent capabilities, guardrails, model customization, and regional operating options. Nova 2 Lite supports up to 1M context, 64K output, Extended Thinking, Web Grounding, Code Interpreter, document understanding, and video analysis. Nova Sonic and Nova 2 Sonic cover real-time voice dialogues via speech-to-speech.
Key application areas
Typical use cases include chatbots, internal knowledge assistants, RAG systems, document QA, contract/PDF analysis, video analysis, UI/workflow automation, agents with tools, coding assistance, customer service, voice assistants, contact center scenarios, classification, summarization, text generation, and AWS-related automations.
Usage & notes
Usage requires an AWS account, Amazon Bedrock Model Access, an API key or AWS credentials, and Bedrock Runtime. For text/chat applications, Converse and ConverseStream are useful; for classic inference, InvokeModel; for speech-to-speech, Sonic uses bidirectional streaming. For GDPR/enterprise setups, region, inference profiles, cross-region behavior, logging, guardrails, IAM, KMS, CloudTrail, CloudWatch, budgets, and data flows should be defined before going live.
| Target audience | Assessment |
|---|---|
| AWS customers / cloud teams | Highly suitable – if AWS is already the standard for infrastructure, IAM, KMS, VPC, monitoring, and governance. |
| Developers / product teams | Highly suitable – for multimodal AI apps with text, image, video, RAG, agent, and automation features. |
| Large enterprises | Highly suitable – because of Bedrock governance, IAM, PrivateLink, KMS, CloudTrail, guardrails, region selection, and compliance frameworks. |
| SMEs with AWS know-how | Suitable – if AWS expertise is already available and there is no desire to operate your own model infrastructure. |
| Regulated industries | Suitable to highly suitable – especially with a clean AWS region setup, Bedrock configuration, DPA, IAM, logging strategy, and cross-region control. |
| Private individuals without cloud experience | Rather unsuitable – Amazon Nova via Bedrock is a developer/cloud API offering, not a simple end-user chatbot. |
Calculate tokens and costs with the KIFOX Tokenizer
Amazon Nova 2 Lite
amazon.nova-2-lite-v1:0 cost-efficient multimodal workloads, 1M context, document analysis, video analysis, agents, RAG, simple automations, Extended Thinking, high volumes
Amazon Nova 2 Sonic
amazon.nova-2-sonic-v1:0 real-time voice assistants, speech-to-speech, voice bots, contact center, natural dialogues, low latency
Amazon Nova Premier
amazon.nova-premier-v1:0 complex multimodal tasks, reasoning, agents, model distillation, large documents, video analysis, code/UI workflows
Amazon Nova Pro
amazon.nova-pro-v1:0 balanced all-rounder, good balance of quality/cost/latency, RAG, chatbots, agents, documents, images, video
Amazon Nova Lite
amazon.nova-lite-v1:0 affordable multimodal applications, document analysis, visual Q&A, video inputs, high request volumes
Amazon Nova Micro
amazon.nova-micro-v1:0 very fast text tasks, low latency, classification, simple chatbots, routing, summaries, cost-sensitive workloads
Amazon Nova Sonic
amazon.nova-sonic-v1:0 real-time voice, speech-to-speech, multilingual voice dialogues, voice agents; for new projects, Nova 2 Sonic should generally be considered instead
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ⚠️ |
| DPA / AVV | ✅ |
| No training on customer data | ✅ |
| Open source / transparency path | ❓ |
On-premises / local hosting: indirect / not available
The website does not mention a true on-premises/local deployment of Amazon Nova on the customer’s own hardware. The only documentation states that customers can establish private connectivity between a customized Nova instance and on-premises networks via AWS PrivateLink; this is not a local deployment of the model.
Private Cloud / Data Center: Partially
Documented features include in-region processing, EU-geographic routing, VPC/PrivateLink connectivity, as well as encryption and IAM/KMS controls. This points to a highly controllable cloud environment, but not to a dedicated, customer-owned private cloud instance of Nova in the strict sense.
EU SaaS / Managed: Partially
Amazon Nova is available as a managed service via Amazon Bedrock, and Bedrock documents in-region and EU-geographic data residency options. However, no blanket “EU-only” standard is described for all Nova uses; EU-compliant data residency depends on the specific region and routing selection.
Hybrid: Partially
The website documents private connectivity between customized Amazon Nova and on-premises networks via AWS PrivateLink. This enables hybrid architectures in which internal systems are connected, even if the model itself runs as an AWS service.
T&C / DPA: Covered
AWS documents a “GDPR-compliant AWS Data Processing Addendum (AWS DPA),” which automatically applies to customers and is integrated into the AWS Service Terms. Additionally, AWS refers to SCCs and supplementary addenda for data transfers.
No training: covered
The website explicitly states that AWS does not use inputs or outputs from Amazon Bedrock to train Amazon Bedrock models, including Amazon Nova. Furthermore, Bedrock documents “Zero Data Retention” as a configurable option; however, by default, retention periods may be relevant for abuse detection depending on the model, which is why the specific configuration remains important.
Open Source / Transparency Path: Indirect / Not Available
The website does not mention an open-source model, disclosed core components, or an explicit open-source/self-hosting path for Amazon Nova. On the contrary, it is documented that Nova weights are proprietary.
Data Processing
Amazon Nova is operated as an AWS/Bedrock-based managed service. According to the documentation, requests can be processed strictly within a single AWS region or remain within an EU geography. According to the Bedrock documentation, model providers do not have access to the model deployment accounts operated by AWS, nor to logs, prompts, or completions. According to the documentation, data is encrypted in transit and at rest; KMS can be used. It is also documented for Amazon Bedrock that, by default, inputs and outputs are not used to train Bedrock models and that zero data retention is configurable, with model- or security-related exceptions for retention documented separately.
Conclusion
For a tool directory focused on the EU/EEA, Amazon Nova cannot be generally considered fully GDPR-compliant in the sense of “out of the box in every case,” but there is substantial evidence on the AWS platform for conditional GDPR-compliant use: DPA, SCCs, EU/region-based control, encryption, and a clear “no training” policy. It is crucial that customers select the correct Bedrock region or EU geography and do not use global or otherwise transfer-intensive operating modes. According to the documentation found, on-premises and open-source sovereignty are not available for Nova.
Sources
- https://docs.aws.amazon.com/nova/latest/userguide/what-is-nova.html
- https://docs.aws.amazon.com/nova/latest/userguide/responsible-use.html
- https://docs.aws.amazon.com/bedrock/latest/userguide/models-region-compatibility.html
- https://docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html
- https://docs.aws.amazon.com/bedrock/latest/userguide/data-encryption.html
- https://docs.aws.amazon.com/bedrock/latest/userguide/abuse-detection.html
- https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/aws-data-processing-addendum-dpa.html
- https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/in-detail.html
- https://docs.aws.amazon.com/nova/latest/userguide/nova-model-training-job.html
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ⚠️ |
| DPA / AVV | ✅ |
| No training on customer data | ✅ |
| Open source / transparency path | ❓ |
On-premises / local hosting: indirect / not available
The website does not mention a true on-premises/local deployment of Amazon Nova on the customer’s own hardware. The only documentation states that customers can establish private connectivity between a customized Nova instance and on-premises networks via AWS PrivateLink; this is not a local deployment of the model.
Private Cloud / Data Center: Partially
Documented features include in-region processing, EU-geographic routing, VPC/PrivateLink connectivity, as well as encryption and IAM/KMS controls. This points to a highly controllable cloud environment, but not to a dedicated, customer-owned private cloud instance of Nova in the strict sense.
EU SaaS / Managed: Partially
Amazon Nova is available as a managed service via Amazon Bedrock, and Bedrock documents in-region and EU-geographic data residency options. However, no blanket “EU-only” standard is described for all Nova uses; EU-compliant data residency depends on the specific region and routing selection.
Hybrid: Partially
The website documents private connectivity between customized Amazon Nova and on-premises networks via AWS PrivateLink. This enables hybrid architectures in which internal systems are connected, even if the model itself runs as an AWS service.
T&C / DPA: Covered
AWS documents a “GDPR-compliant AWS Data Processing Addendum (AWS DPA),” which automatically applies to customers and is integrated into the AWS Service Terms. Additionally, AWS refers to SCCs and supplementary addenda for data transfers.
No training: covered
The website explicitly states that AWS does not use inputs or outputs from Amazon Bedrock to train Amazon Bedrock models, including Amazon Nova. Furthermore, Bedrock documents “Zero Data Retention” as a configurable option; however, by default, retention periods may be relevant for abuse detection depending on the model, which is why the specific configuration remains important.
Open Source / Transparency Path: Indirect / Not Available
The website does not mention an open-source model, disclosed core components, or an explicit open-source/self-hosting path for Amazon Nova. On the contrary, it is documented that Nova weights are proprietary.
Data Processing
Amazon Nova is operated as an AWS/Bedrock-based managed service. According to the documentation, requests can be processed strictly within a single AWS region or remain within an EU geography. According to the Bedrock documentation, model providers do not have access to the model deployment accounts operated by AWS, nor to logs, prompts, or completions. According to the documentation, data is encrypted in transit and at rest; KMS can be used. It is also documented for Amazon Bedrock that, by default, inputs and outputs are not used to train Bedrock models and that zero data retention is configurable, with model- or security-related exceptions for retention documented separately.
Conclusion
For a tool directory focused on the EU/EEA, Amazon Nova cannot be generally considered fully GDPR-compliant in the sense of “out of the box in every case,” but there is substantial evidence on the AWS platform for conditional GDPR-compliant use: DPA, SCCs, EU/region-based control, encryption, and a clear “no training” policy. It is crucial that customers select the correct Bedrock region or EU geography and do not use global or otherwise transfer-intensive operating modes. According to the documentation found, on-premises and open-source sovereignty are not available for Nova.
Sources
- https://docs.aws.amazon.com/nova/latest/userguide/what-is-nova.html
- https://docs.aws.amazon.com/nova/latest/userguide/responsible-use.html
- https://docs.aws.amazon.com/bedrock/latest/userguide/models-region-compatibility.html
- https://docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html
- https://docs.aws.amazon.com/bedrock/latest/userguide/data-encryption.html
- https://docs.aws.amazon.com/bedrock/latest/userguide/abuse-detection.html
- https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/aws-data-processing-addendum-dpa.html
- https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/in-detail.html
- https://docs.aws.amazon.com/nova/latest/userguide/nova-model-training-job.html
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Strong AWS integration. | • No self-hosting of the Nova model weights. |
| • No training with customer data according to AWS. | • No open-source/open-weights path. |
| • EU regions or EU geo-inference available for several Nova models. | • Prices depend heavily on the model, region, service tier, and token consumption. |
| • Good model tiering from inexpensive/fast to powerful. | • Some models are only available in certain regions. |
| • Multimodal models for text, images, video, documents, and code. | • Nova Canvas and Nova Reel are Nova models, but not LLMs. |
| • Strong enterprise controls via AWS IAM, VPC/PrivateLink-like architecture, CloudTrail, CloudWatch, KMS, and Bedrock Guardrails. | • For GDPR projects, region, cross-region inference, logging, guardrails, retention, and the AWS contract must be configured properly. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
The documentation on the AWS website outlines several components for GDPR-compliant use in the EU/EEA context: AWS references a GDPR-compliant DPA, refers to SCCs for international transfers, describes Bedrock/Nova as capable of being supported in a GDPR-compliant manner, and documents in-region and EU-specific processing options. At the same time, the documentation found does not allow for the inference of a comprehensive, automatic “EU-only” default configuration for all Nova scenarios; compliance depends on the specific region selected, the chosen Bedrock routing, and the customer’s configuration. Therefore, from an EU/EEA perspective, its use can only be considered GDPR-compliant under certain conditions.
Positive
Positive aspects include an AWS Data Processing Addendum, which, according to AWS, is GDPR-compliant and applies automatically; SCCs or additional safeguards for transfers; the option for processing in an EU region; references to EU-based data residency with Bedrock routing; encryption at rest and in transit, customer-managed key management, and the statement that inputs/outputs via Amazon Bedrock are not used to train Amazon Bedrock models, including Amazon Nova.
Negative
A negative or limiting aspect is that the documentation for Amazon Nova itself does not guarantee a blanket EU/EEA-only operating mode as the standard for all usage scenarios. In addition to in-region routing, Bedrock offers geo- and global routing; for GDPR-sensitive cases, the customer must therefore actively select the appropriate option. The website does not specify an explicit Nova-specific server location for all functions, a Nova-specific list of subprocessors, an explicit self-hosting/on-premises deployment of Nova, or a clear statement regarding open-source components.
Server Location
The website documents for Amazon Bedrock that in-region processing remains strictly within the selected region and that geo-routing can occur within a geographic area such as the EU. For Amazon Nova, the Bedrock regional table lists at least one EU region as available, namely 'eu-north-1 (Stockholm)' for Nova 2 Sonic. A general, central server location for Amazon Nova is not specified on the website.