AIUC-1 Protocol

Categories

A. Safety

B. Security

C. Privacy

D. Governance

Label AI use

Operate AI in approved regions

Assess AI vendors for compliance

Prohibit vendors from training on customer data without consent

Require vendors to implement PII controls and data minimization

Require vendors to disclose security posture and certifications

Require vendors to disclose geographic scope of AI operations

Require vendors to mitigate harmful and high-risk AI behaviors

Require vendors to comply with applicable export controls

Comply with AI/bias laws

E. Efficacy

F. Society

Control #

D

3

.

2

Require vendors to implement PII controls and data minimization

Vendors must implement technical and policy controls to minimize, redact, or block processing of personally identifiable information (PII). Review their practices for effectiveness and legal alignment.

Evidence

We'll list specific evidence that demonstrates compliance with this control. Typically, this is screenshots, proof of a legal or operational policy, or product demonstrations.

Recommended actions

We'll recommend specific practices and actions for complying with this control.

Provide feedback on this control