AIUC-1 Protocol

Categories

A. Safety

B. Security

C. Privacy

D. Governance

Label AI use

Operate AI in approved regions

Assess AI vendors for compliance

Prohibit vendors from training on customer data without consent

Require vendors to implement PII controls and data minimization

Require vendors to disclose security posture and certifications

Require vendors to disclose geographic scope of AI operations

Require vendors to mitigate harmful and high-risk AI behaviors

Require vendors to comply with applicable export controls

Comply with AI/bias laws

E. Efficacy

F. Society

Control #

D

3

.

3

Require vendors to disclose security posture and certifications

Ask AI vendors to provide relevant security attestations (e.g. SOC 2, ISO 27001) or document their internal security and privacy practices. Review these at onboarding and periodically.

Evidence

We'll list specific evidence that demonstrates compliance with this control. Typically, this is screenshots, proof of a legal or operational policy, or product demonstrations.

Recommended actions

We'll recommend specific practices and actions for complying with this control.

Provide feedback on this control