Fable 5 for Government and Regulated Teams: The GovCloud Question

When AWS announced Fable 5 on Bedrock on June 10, 2026, the launch post buried the most consequential detail near the bottom: to access the model at all, you must first call the Data Retention API and set provider_data_share. Once you do, your inference data - prompts in, completions out - leaves the AWS boundary and goes to Anthropic. Retention is 30 days. Human review is part of the arrangement.

For teams building on commercial AWS in standard regions, that is a new disclosure to document and a policy conversation to have. For teams operating under FedRAMP, ITAR, CJIS, or similar frameworks, it may be a hard stop.

Last updated: June 10, 2026

What "provider_data_share" Actually Means

AWS's existing Bedrock data boundary promise is that your prompts stay inside AWS infrastructure. That is part of what makes Bedrock attractive to regulated customers versus calling the Anthropic API directly. The provider_data_share mode breaks that promise by design.

From the AWS launch post: "This mode allows Amazon Bedrock to retain and share your inference data with model providers per their requirements. Anthropic requires 30-day inputs and outputs retention, as well as human review."

Two things matter here for compliance teams. First, data is flowing to a third-party processor outside the AWS control plane, which changes your data flow diagrams and your third-party risk inventory. Second, "human review" means Anthropic personnel can, under defined circumstances, access your inference traffic. Even if the risk is operationally low, that assertion has to survive a controls audit.

This is not a Bedrock-wide change. Models that do not require provider_data_share - including Opus 4.8, the Claude 3.x family, and Amazon Nova - continue to work under the existing data boundary. The requirement is specific to Fable 5, Mythos 5, and future models that AWS describes as having "similar or higher capability levels."

The GovCloud Picture as of Today

AWS GovCloud (US-West) and GovCloud (US-East) both support Amazon Bedrock. The GovCloud Bedrock documentation lists the models that currently hold FedRAMP and IL4/IL5 authorization:

• All Amazon Titan models
• Claude Sonnet 4.5
• Claude 3.7 Sonnet
• Claude 3.5 Sonnet v1
• Claude 3 Haiku
• Llama 3 8B and 70B

Fable 5 is not on that list. As of the launch announcement, Fable 5 is available in US East (N. Virginia) and Europe (Stockholm) - commercial regions only. There is no announced timeline for GovCloud availability, and given the provider_data_share architectural requirement, it is not obvious what a GovCloud path would look like without a structural change to how Anthropic processes that data.

The HN thread that surfaced on launch day put it plainly: Fable 5 is not FedRAMP authorized, and it is not clear whether GovCloud's model request process would even permit access to a model whose inference traffic is designed to flow outside the boundary.

The Commercial-AWS-With-ATO Problem

GovCloud is not the only exposure. A meaningful number of government agencies and regulated organizations operate on commercial AWS under existing ATOs (Authorizations to Operate). Those ATOs were issued against a Bedrock that kept data inside AWS. If developers or automated systems in those environments begin calling bedrock-runtime or bedrock-mantle with Fable 5 model IDs, they may be out of scope of their existing authorization without anyone having made a deliberate decision.

This is not hypothetical. The provider_data_share flag is set at the account or engine level via API call - there is no console UI at launch. An engineer experimenting with Fable 5 who sets that flag to unblock the model ID has implicitly changed the data routing for that account. Organizations that have not issued explicit internal guidance are at risk of drift.

The immediate action for any security or compliance team on commercial AWS: confirm whether provider_data_share has been set in any of your accounts, and decide whether to allow it or enforce a policy blocking it.

Options Table

What to Ask Your AWS Account Team

If you are in a regulated environment and want to understand your actual path, these are the productive questions to bring to AWS:

On current authorization status: Is Fable 5 on a roadmap for GovCloud? Is there a FedRAMP authorization process underway, and what is the expected timeline?

On the data sharing mechanics: Is there any mechanism for GovCloud customers to access Fable 5 without provider_data_share, or is that requirement upstream of the AWS/Anthropic commercial arrangement?

On existing ATOs: If my organization already has an ATO covering Bedrock in a commercial region, does enabling provider_data_share require a change request or re-authorization? What AWS documentation supports that determination?

On Mythos 5: The limited preview of Mythos 5 (Fable 5 without the capability limits in cybersecurity and life sciences) has additional vetting requirements. What does the access process look like for vetted government contractors?

These questions do not have public answers today. The value is in getting your account team on record and starting any authorization clock that may be necessary.

What Signals to Watch

The pattern with previous Bedrock model launches suggests GovCloud availability lags commercial availability by months, not years - but that lag has historically applied to models that did not require data to leave the AWS boundary. Fable 5 is a different architectural situation.

Three signals worth tracking:

FedRAMP marketplace listing. The authoritative source for whether Fable 5 has received authorization is the FedRAMP marketplace. A listing there, or Anthropic's own FedRAMP documentation, would indicate the data handling question has been resolved in a way that satisfies the authorization process.

GovCloud model list updates. The AWS GovCloud Bedrock documentation page listing authorized models is updated when new models receive authorization. Watching that page is more reliable than press releases.

Bedrock data retention policy changes. If Anthropic modifies the provider_data_share requirement - for example, by creating a GovCloud-specific data processing arrangement where data stays in GovCloud infrastructure - AWS would update the data retention documentation. That kind of change would be the unlock.

A Note on the Broader Picture

It is worth naming what is actually happening here: Anthropic has built a model that, for safety monitoring purposes, requires some visibility into how the model is being used. That is a deliberate design choice, and the justification is meaningful - detecting patterns of misuse across conversations requires retaining more than the current exchange. The data sharing is the mechanism that makes broad Fable 5 availability possible at all, rather than restricting it to a small vetted group the way Mythos 5 currently is.

That is a reasonable tradeoff for most commercial use cases. It is simply not a tradeoff that existing FedRAMP and GovCloud frameworks have caught up to yet. The market has resolved similar gaps before - cloud service providers, security tools, and data processors have all worked through FedRAMP authorization processes that initially seemed structurally incompatible. This one will likely resolve too. The question for regulated teams right now is whether to wait, to work with what is currently authorized, or to pursue a direct commercial arrangement with Anthropic that does not depend on the Bedrock routing.

FAQ

Is Claude Fable 5 available in AWS GovCloud?

No. As of June 10, 2026, Fable 5 is available only in the US East (N. Virginia) and Europe (Stockholm) commercial Bedrock regions. It does not appear on the list of FedRAMP and IL4/IL5 authorized models in GovCloud. There is no announced availability date for GovCloud.

What models can I use in GovCloud Bedrock right now for high-compliance workloads?

The currently FedRAMP and IL4/IL5 authorized Anthropic models on GovCloud Bedrock are Claude Sonnet 4.5, Claude 3.7 Sonnet, Claude 3.5 Sonnet v1, and Claude 3 Haiku. Amazon Titan models and select Llama 3 models are also authorized. These models operate under the standard GovCloud data boundary without a provider_data_share requirement.

Does setting provider_data_share affect my entire Bedrock account or just Fable 5 calls?

The setting is configured at the account or engine level via the Data Retention API, not per model. This means enabling it grants the data-sharing arrangement broadly, not just for Fable 5 invocations. Organizations on commercial AWS with compliance obligations should audit whether any team has set this flag and evaluate whether it conflicts with existing ATOs or data handling policies.

Can we use the direct Anthropic API instead of Bedrock to avoid the data sharing issue?

Switching to the direct Anthropic API does not eliminate data handling obligations - it changes who holds the contractual relationship. Enterprise customers can negotiate data processing agreements, BAAs, and retention terms directly with Anthropic. For some regulated use cases this may be preferable. It does, however, mean operating outside the AWS control plane, which changes your network architecture and your compliance documentation. There is no current public indication that the direct Anthropic API is FedRAMP authorized.

Sources

• AWS News Blog: Anthropic Claude Fable 5 on AWS
• Amazon Bedrock in AWS GovCloud (US) - AWS Documentation
• Model support by AWS Region in Amazon Bedrock
• HN community discussion via Algolia API