Unlikely, I'd say. If you fail to upgrade when a new release is made, are they at fault?
You'd need to look towards providers that specifically take on more responsibility like https://compliantkubernetes.com/ (disclaimer: I have worked at Elastisys, the company behind Compliant Kubernetes).
No, although it might reduce your effort needed. AWS offers that responsibility shift under the Fargate ECS/EKS launch types, which might run this underneath.
Operating system maintenance falls under the Customer responsibility side. With using this new OS, would this responsibility shift back to AWS?