AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

Anthropic

Claude Sonnet 5

v5 · frontier · Released June 30, 2026

Use with Caution

Updated July 1, 2026

Claude Sonnet 5 brings Opus-class agentic capabilities to default Free and Pro deployment tiers, triggering immediate governance reassessment requirements. Organizations with existing Claude integrations must audit whether their approved use cases now have access to significantly elevated agentic capability without explicit re-authorization. Key controls CHM-001, CHM-002, AGT-001, AGT-005, and AGT-016 require review before treating Sonnet 5 as an approved production default.

Enterprise guidance

Claude Sonnet 5 is now the default model for Free and Pro plans and delivers capabilities previously requiring Opus-tier access, including advanced agentic task execution. Enterprise compliance teams should: (1) audit all active Anthropic API and Claude-hosted plan integrations to identify deployments now running on Sonnet 5 by default, (2) reassess approved use cases against the elevated capability profile, and (3) update model change management records. Use Claude for Enterprise or AWS Bedrock for HIPAA and zero-retention requirements.

Active Compliance Flags1

new_model_releaseMediumJune 30, 2026

Default deployment tier change grants Free and Pro users Opus-class agentic capability without explicit re-authorization. Enterprise governance programs may have approved prior Sonnet-tier capability only.

Primary source →

Data handling

Default data retention

Transient for API; Claude.ai free tier may use conversations to improve models unless opted out

Zero-retention available

Yes

Via: Claude for Enterprise; AWS Bedrock; Google Cloud Vertex AI

API data used for training

No

Anthropic does not train on API customer data by default.

GDPR Data Processing Agreement

Available

HIPAA Business Associate Agreement

Available

Claude for Enterprise; AWS Bedrock

Data residency options

US (default); EU available via AWS Bedrock eu-west regions

Vendor compliance certifications

SOC 2 Type IIISO 27001HIPAA (Claude for Enterprise / AWS Bedrock)GDPR compliant

Key use restrictions

  • Governance reassessment required before approving Sonnet 5 as enterprise default — elevated agentic capability scope
  • Model version substitution may have occurred silently in existing Free/Pro deployments
  • No CSAM or sexual content involving minors
  • No content facilitating mass casualty weapons (biological, chemical, nuclear, radiological)
  • No cyberweapons intended to cause significant damage to critical systems

Safety documentation

Model card not published
System card published
Red-team report not published

System card referenced in Sonnet 5 release. Full Claude Sonnet 5 model card not yet published at release.

Safety documentation →
← All tracked models