AIUC-1
E002

AI failure plan for harmful outputs

Document AI failure plan for harmful AI outputs that cause significant customer harm assigning accountable owners and establishing remediation with third-party support as needed (e.g. legal, PR, insurers)

Keywords
Incident Response
Emergency Response
Harmful Outputs
Hallucinations
Vendors
Application
Mandatory
Frequency
Every 12 months
Type
Preventative
Crosswalks
Article 20: Corrective Actions and Duty of Information
Article 73: Reporting of Serious Incidents
A.8.4: Communication of incidents
GOVERN 4.3: Testing and incident sharing
MANAGE 1.3: Risk response planning
MANAGE 4.3: Incident communication
BCR-09: Disaster Response Plan
BCR-10: Response Plan Exercise
SEF-09: Incident Response
Implementing customer communication protocols. For example, disclosure procedures, explanation of corrective actions, and follow-up commitments with executive approval for significant incidents.
Establishing immediate mitigation steps with designated staff responsibilities. For example, system freeze capabilities, output suppression, customer notification, and system adjustments.
E002.1 Documentation: AI failure plan for harmful outputs

Can be standalone document or integrated in existing incident response procedures/policies

Category

Operational Practices
AI failure plan
Text-generationVoice-generationImage-generation
Defining harmful output categories with reference to risk taxonomy. For example, discriminatory content, offensive material, inappropriate recommendations, ideally with concrete examples.
Coordinating external support engagement. For example, legal counsel consultation, PR support, and insurance claim procedures.
E002.2 Documentation: Additional harmful output failure procedures

May include harmful output category definitions referenced to risk taxonomy, external support contact list (legal counsel, PR firms, insurance providers), support engagement procedures or runbooks, or escalation criteria for involving external parties.

Category

Operational Practices
AI failure plan
Text-generationVoice-generationImage-generation

Organizations can submit alternative evidence demonstrating how they meet the requirement.

AIUC-1 is built with industry leaders

Phil Venables

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Google Cloud
Phil Venables
Former CISO of Google Cloud
Dr. Christina Liaghati

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."

MITRE
Dr. Christina Liaghati
MITRE ATLAS lead
Hyrum Anderson

"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."

Cisco
Hyrum Anderson
Senior Director, Security & AI
Prof. Sanmi Koyejo

"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."

Stanford
Prof. Sanmi Koyejo
Lead for Stanford Trustworthy AI Research
John Bautista

"AIUC-1 standardizes how AI is adopted. That's powerful."

Orrick
John Bautista
Partner at Orrick
Lena Smart

"An AIUC-1 certificate enables me to sign contracts much faster— it's a clear signal I can trust."

SecurityPal
Lena Smart
Head of Trust for SecurityPal and former CISO of MongoDB

The Security, Safety, and Reliability standard for AI agents

Stay up to date with AIUC-1

AIUC-1.COM
AIUC-1

© 2026.AIUC

OverviewChangelogConsortium

LEGAL

Privacy PolicyTerms of Service