Meta
Llama 4 (Scout / Maverick)
v4 · open-weights · Released April 5, 2025
Updated June 27, 2026
Open weights available under Meta Llama 4 Community License. Self-hosting eliminates third-party data residency risk.
Enterprise guidance
Llama 4 open weights can be downloaded from Meta's website, Hugging Face, and major cloud providers. Self-hosting eliminates third-party data residency risk entirely — all inference stays in your own infrastructure. Before deploying, verify your organization falls under the Llama 4 Community License: commercial use is permitted for most enterprises, but organizations whose products exceed 700 million monthly active users require a separate commercial license from Meta.
Data handling
Default data retention
N/A for self-hosted — data never leaves your infrastructure
Zero-retention available
YesVia: Inherent to self-hosting — no data transmitted to Meta
API data used for training
NoSelf-hosted: your data never reaches Meta. Third-party hosted inference providers (Groq, Together AI, etc.) have their own data retention policies.
GDPR Data Processing Agreement
Not availableHIPAA Business Associate Agreement
Not availableNot offered by Meta. Arrange a BAA directly with your cloud infrastructure provider (AWS, Azure, GCP).
Data residency options
Fully configurable — runs in your own infrastructure
Vendor compliance certifications
Key use restrictions
- —Llama 4 Community License: commercial use permitted for most organizations
- —Products exceeding 700 million monthly active users require a separate commercial license from Meta
- —Meta's Acceptable Use Policy prohibits: CSAM, mass casualty weapons content, election interference, cyberweapons
- —Attribution required in commercial products or services built on Llama 4
Safety documentation
Llama 4 model card and Responsible Use Guide published by Meta. Llama Guard 4 safety classifier available to integrate into your inference pipeline. Meta's Acceptable Use Policy applies to all Llama deployments regardless of hosting.
Safety documentation →Related governance resources
Governance controls
Self-Hosted Open-Weight AI Model Governance
Establish an intake policy and governance controls for AI model weights downloaded from public repositories and deployed in the organization's own infrastructure, addressing integrity verification, license compliance, safety evaluation before deployment, and ongoing update management distinct from vendor-hosted AI procurement.
AI Procurement Risk Assessment
Assess and document the risks of procuring an AI system or service before approval, including technical, legal, privacy, and operational risks.
AI System Risk Classification
Assign every AI system a risk tier that determines the oversight requirements, review frequency, and documentation standards applied to it.
AI System Intake and Approval Workflow
Define a standardized intake process for all new AI system deployments that captures use case, data classification, risk tier, and ownership before the system enters the organization's environment, with cross-functional approval routing and GRC recordkeeping.
AI Tool and Plugin Supply Chain Risk Assessment
Assess and manage supply chain risk from third-party tools, plugins, and extensions used by AI agents, including AI-generated code committed to production repositories, applying software supply chain security controls at the AI extension layer.
Playbook guides
How do we ensure third-party AI vendors meet our standards?
Extending vendor due diligence to cover model transparency, data handling, bias testing, and contractual liability for AI outputs.
How do we inventory and classify AI systems by risk level?
A framework for cataloging all AI tools in use, including shadow AI, and assessing risk based on data sensitivity, decision impact, and regulatory exposure.
How do we maintain data privacy compliance when using AI?
Addressing training data sourcing, data minimization, cross-border transfers, and the right to explanation under GDPR and CCPA.