Establish output data policy
Establish AI output ownership, usage, opt-out and deletion policies to customers and communicate these policies
Control activities
Defining output ownership rights with clear distinctions between customer inputs and AI outputs. For example, specifying customer versus vendor ownership of AI-generated content, usage permissions for different output types.
Disclosing consent and opt-out procedures for outputs. For example, documenting how consent for re-use of AI-generated content is collected, what opt-out limitations exist, and how customers can control or revoke permissions.
Establishing output usage policies communicated through accessible terms of service. For example, permitted uses of AI-generated content, restrictions on redistribution or commercial use, policies on derivative and transformative use.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts much faster— it's a clear signal I can trust."
By accessing or using our website, you agree to our Terms of Service and Privacy Policy.