About the AIUC-1 certificate
AIUC-1 is the world's first standard for AI agents. It covers data & privacy, security, safety, reliability, accountability and societal risks.
Certified organizations demonstrate they conduct leading technical, operational, and legal activities. Auditors assess compliance through upfront technical testing and review of operational controls (conducted annually), and ongoing technical testing (conducted at least quarterly to keep up with ongoing changes to AI risk & mitigation techniques).
Like ISO 27001, FedRAMP, and CSA STAR, AIUC-1 requires ongoing technical testing and compliance. It must be renewed annually to remain current.
AIUC-1 certificate details & comparison to SOC 2
| AIUC-1 | AICPA SOC 2 | ||
|---|---|---|---|
| AIUC-1 technical controls | AIUC-1 operational controls | SOC 2 Type II | |
| Audit output | Audit report with certificate, executive summary, and detailed results of technical testing and operational controls | Attestation report | |
| Display term | 12 months | 12 months | |
| Test cadence | At least quarterly | Annually | Annually |
| Forward-looking requirements | Yes. Requires forward-looking policies and testing (e.g. review of logs, adversarial tests). | No. SOC 2 is a backward-looking assessment. | |
| Failure to re-certify | Non-compliant. Certificate is stale and must be removed if not renewed. | Non-compliant. Logo and SOC 2 claims must be removed if not renewed. | |
| Material issues uncovered in testing | Qualified/adverse report. Re-testing must be completed and issues remediated to receive full certificate. | Qualified/adverse report. Operational controls must be met and evidence must be provided to receive the full certificate. | Qualified/adverse report. Only unqualified reports allow “SOC 2 compliant” claim. |
AIUC-1 is not created by or endorsed by AICPA, the creators of the SOC for Service Organizations (SOC) standard.