← Blog

Strategy

AI deployment for SMEs: Bedrock vs Azure vs Fable scored

A rubric for sub-€25M Dutch firms picking between Bedrock, Azure Foundry, and Fable, scored on token cost, AVG defensibility, and procurement politics.

Jacob Molkenboer· Founder · A Brand New Company· 8 Jun 2025· 6 min
Three brass apothecary weights on ivory paper, one tied with a green ribbon, beside a folded cream index card.

A finance director in Eindhoven called us last month with three vendor decks open on her screen. One was AWS pitching the Anthropic family on Bedrock. One was AWS again pitching the Fable line behind a VPC endpoint. One was Microsoft pitching Azure Foundry, with the existing enterprise agreement tucked into the appendix. Procurement wanted a memo by Friday. The CTO wanted an answer that would not embarrass them in two years.

This post is the rubric we walked them through. It is not a benchmark. It is the method we use when a Dutch B2B services firm under €25M revenue lands on the same decision: where to run an AI feature that will process between 30 and 50 million tokens a month, with an AVG audit cycle coming up.

The three paths in plain Dutch

The decks look interchangeable. The platforms are not.

Anthropic models on AWS Bedrock. Served from eu-central-1 (Frankfurt), eu-north-1 (Stockholm), or eu-west-3 (Paris). Model versions trail the vendor's direct API by a week or two. AWS signs the data processing agreement. Training opt-out is the default at this point, but worth re-confirming in the console before you sign.

Fable on AWS through a VPC endpoint. Same vendor family, different distribution path. PrivateLink keeps traffic off the public internet, which is the only reason most CISOs ask for it. Throughput ceilings are higher than Bedrock's on-demand quota. Billing is harder to scope because cross-AZ data charges sneak in late.

Microsoft Azure Foundry. A different model lineage inside Microsoft's tenancy. EU data residency commitments are written into the standard contract. Deprecation cadence is set by Microsoft, not the model vendor, and they have historically retired models faster than AWS has.

The token math at 38M per month

This is where most posts would publish a table of list prices. We will not. List prices shift every quarter, and at this volume the line items that matter are not the headline rates.

Assume a typical RAG split of 27M input tokens and 11M output tokens. On a mid-tier model, all three platforms land in the same band: roughly €250 to €600 per month at list. The spread between them collapses below 15% once you factor in:

  • Prompt caching, which discounts repeated context by 50% to 90% on every provider that supports it.
  • Provisioned throughput, which only pays off above ~80M tokens per month. Below that, on-demand is cheaper.
  • Cross-region data transfer, which Azure tends to bury in the bill and Bedrock surfaces as a separate line.

The honest answer is that cost is rarely the deciding factor at this volume. The number you give procurement should be the all-in monthly figure with caching enabled, not the input/output rate that fits in a slide footer.

Warning

If your vendor presented per-1M-token rates without the cached-input rate, the quote is incomplete. For most RAG workloads the cached rate is the real price.

AVG defensibility, audit by audit

This is where the choice actually gets made. Your auditor will ask three questions in some order:

  1. Where does the data sit at rest, in transit, and inside the model context window?
  2. Who has access to it, under what legal basis, and for how long?
  3. Can you produce a signed DPA that covers AI processing specifically, not just generic cloud?

All three platforms can answer yes. None of them answer yes by default. The audit risk is almost never the platform. It is the configuration: whether your default region is eu-central-1, whether the training opt-out is set across every account in the org, whether your DPA actually mentions inference, whether logs are encrypted with a key you control.

Schrems II is still alive. AWS and Microsoft both signed onto the EU-US Data Privacy Framework, which gives you legal cover for transfers, but a careful auditor will still ask for a Transfer Impact Assessment. Have one ready. Two pages is enough.

The single most common audit finding we see at this size of firm: prompts containing personal data are being logged to CloudWatch or Azure Monitor without retention limits, while the retention policy in the privacy statement says 30 days. Fix that on day one. Read the Autoriteit Persoonsgegevens guidance on AI before the auditor does.

Who explains the model-version pin

This is the question procurement asks last and you should answer first. AI models get deprecated. The model your agent uses today will be retired in 12 to 24 months. The committee wants to know what happens then.

The substantive answer has three parts:

  • Bedrock publishes a public deprecation calendar with, typically, 6 months of notice. You re-pin a model ID in your infrastructure-as-code.
  • Fable-style VPC deployments follow the same calendar but with tighter coupling to the vendor's own release notes. The migration is usually a one-line change.
  • Azure Foundry sets its own retirement schedule. It has, in past cases, moved faster than AWS. You re-pin against a different family if the lineage is retired.

The political answer is more important. Someone on your team has to read the deprecation notice when it arrives, plan the migration, and explain to a non-technical board why the agent that ran on Model X now runs on Model Y. If that person exists, all three platforms are fine. If they do not, the platform with the longest runway and the strongest professional-services relationship wins by default.

The open-source argument matters here too. Recent Hacker News discussion about why open source AI must win is not a tangent: a self-hosted Llama-class model on your own GPUs solves the version-pin question by handing the schedule to your own ops team. It also creates new problems (eval pipelines, GPU ops, a separate audit trail) that we will write about separately.

The rubric, in one screen

We score five axes from 1 to 5, weighted by the firm. The numbers matter less than the conversation each axis forces.

axes:
  - name: cost_at_actual_volume      # all-in, caching on, not list
    weight: 1
  - name: avg_audit_defensibility    # DPA, residency, opt-out, logs
    weight: 3
  - name: operational_burden         # who maintains the version pin
    weight: 2
  - name: procurement_frictionless   # existing contract, sole-source memo
    weight: 2
  - name: model_fit                  # does the model actually do the job
    weight: 3

decision_rule: |
  Pick the highest weighted sum, then sanity-check against the
  auditor question and the "who explains it" question.

Three sanity checks before you sign anything:

  • If your AVG score is below 4 on any platform, fix the configuration before signing, not after.
  • If your procurement score is your highest, ask whether you are picking the platform or picking the easy memo.
  • If your model-fit score is below 3, no other number matters. The agent will not work.

What we did for the Eindhoven firm

They ended up on Bedrock in Frankfurt, not because it scored highest on cost (it did not) but because their AWS account manager put the deprecation policy in writing within 24 hours, and the existing AWS contract removed a four-week procurement step. We helped them write the Transfer Impact Assessment and pin the model version in Terraform. When we build AI agents for firms at this scale, the thing we run into is almost never the model. It is the paperwork that decides which model you are allowed to use.

Start with the auditor question. Score your three options against it on a single page. Take that page to procurement before you take it to engineering.

Key takeaway

At this scale, cost is not the deciding factor. AVG audit defensibility and whoever holds the deprecation pen win the procurement vote.

FAQ

Does Bedrock or Azure Foundry give better AVG defensibility?

Both give equivalent defensibility once configured correctly. The audit risk lives in your configuration (region, opt-out, DPA scope, log retention), not the platform name.

Is per-token cost the right way to compare these platforms?

Not at 38M tokens a month. Cached input rates and cross-region transfer charges drive the real bill. Use the all-in monthly figure with caching enabled, not the headline rate.

How long do we have before our pinned model gets deprecated?

Plan for 12 to 24 months. AWS Bedrock publishes lifecycle notices with around 6 months of warning. Azure has retired model versions on shorter timelines in the past.

Should a sub-€25M Dutch firm consider self-hosting an open model instead?

Sometimes. Self-hosting removes the deprecation question but adds GPU ops, eval pipelines, and a new audit trail. Worth scoring as a fourth column when your ops team has the capacity.

ai agentsstrategyarchitectureoperationssecuritybusiness

Building something?

Start a project