AIUC-1 Protocol

Categories

A. Safety

B. Security

C. Privacy

D. Governance

Label AI use

Operate AI in approved regions

Assess AI vendors for compliance

Maintain a data flow map for AI vendors

Require AI vendors to disclose security posture and certifications

Prohibit AI vendor training on customer data without explicit authorization

Include AI vendor obligations in customer contracts

Comply with bias laws

E. Efficacy

F. Society

Control #

D

3

.

3

Prohibit AI vendor training on customer data without explicit authorization

Vendors may not use customer data for model training or fine-tuning unless you, as the data controller, have explicitly authorized it. This authorization must align with customer contracts and be documented in your agreement with the vendor.

Evidence

We'll list specific evidence that demonstrates compliance with this control. Typically, this is screenshots, proof of a legal or operational policy, or product demonstrations.

Recommended actions

We'll recommend specific practices and actions for complying with this control.

Provide feedback on this control