AIUC-1 Protocol

Categories

A. Safety

B. Security

C. Privacy

Customers own AI outputs

Don't train without consent

Define AI training policy for customer data

Disclose AI training practices and obtain customer consent

Contractually limit training on customer data without consent

Delete training data when customers request deletion

Don't process PII

Implement AI logging policy

D. Governance

E. Efficacy

F. Society

Control #

C

2

.

3

Contractually limit training on customer data without consent

Include terms in your MSA or other customer agreements that restrict the use of customer data for AI training unless consent has been given. These terms must be clear and enforceable.

Evidence

Evidence of AIUC-standard legal snippet (or equivalent) in MSA/DPA, with liability for violation and indemnification

Policy document defining AI training governance, reviewed by all AI-related employees

Recommended actions

We'll recommend specific practices and actions for complying with this control.

Provide feedback on this control