Establish input data policy
Establish and communicate AI input data policies covering how customer data is used for model training, inference processing, data retention periods, and customer data rights
Control activities
Defining input data usage policies. For example, opt-in/opt-out mechanisms, disclosure requirements, boundaries between training and post-deployment data usage.
Implementing data retention and deletion procedures for inputs. For example, defining retention periods for training data, inference logs, and customer-submitted content, plus technical approaches for removal such as selective unlearning.
Documenting and justifying retention periods for different categories of input data.
Documenting processes for customer data subject rights. For example, handling requests for access, portability, or deletion of input data, and maintaining records of which datasets were used to train specific models.
Organizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts much faster— it's a clear signal I can trust."
By accessing or using our website, you agree to our Terms of Service and Privacy Policy.