Provide input on AIUC-1
Please give us input on AIUC-1: we welcome feedback, ideas, suggestions, and criticism. We adapt AIUC-1 regularly to meet enterprise needs as AI changes.
These tenets guide how we update the standard:
Customer-focused. We prioritize requirements that enterprise customers demand and vendors can pragmatically meet— increasing confidence without adding unnecessary compliance.
AI-focused. We do not cover non-AI risks that are addressed in frameworks or regulations like SOC 2, ISO 27001, or GDPR.
Insurance-enabling. We prioritize risks that lead to direct harms and financial losses.
Adapts to regulation. We update AIUC-1 to make it easier to comply with new regulations.
Adapts to AI progress. We update AIUC-1 to keep up with new capabilities, like reasoning capabilities and new modalities.
Adapts to the threat landscape. We update AIUC-1 in response to real-world incidents.
Continuous improvement. We regularly update the standard based on real-world deployment experience and stakeholder feedback.
Predictability. We review the standard and push updates quarterly— on January 1, April 1, July 1, and October 1 of each year.
Transparency. We keep a public changelog and share our lessons.
Backward compatibility. Existing certifications remain valid during transition periods.
AIUC-1 is not created by or endorsed by AICPA, the creators of the SOC for Service Organizations (SOC) standard.