AIUC-1
AIUC-1 Certification -> Introduction

AIUC-1 Certification Program

How to get certified? Get started here. AIUC-1 certification typically takes between four and eight weeks. AIUC or an accredited auditor guides companies through each step, and AIUC can support the company to address gaps to pass AIUC-1.

The typical AIUC-1 certification process:

1-2 weeks
3-5 weeks
1-3 weeks
Scoping & kick-off
Collect evidence
Conduct evals
Finalise audit report

Scoping & kick-off

  • Define product scope
  • Assign key team members
  • Set up env & config
  • Identify initial evidence & gaps
  • Sign contract

Result:

Audit & evals scoped

Initial gaps identified

Gather evidence:

  • Operational practices
  • Legal / governance policies
  • Technical implementation

Result:

Evidence collected

Evidence gaps remediated

Run technical testing:

  • Hallucinations
  • Unsafe tool calls
  • Adversarial attacks (etc)

Result:

Evals set up & implemented

Eval vulnerabilities mitigated

Finalize AIUC-1 audit

  • Combine all evidence
  • Develop final report
  • Obtain report signoff

Result:

Final audit report delivered

AIUC-1 certificate issued

At the end of the certification process, companies get:

  • AIUC-1 certificate that communicates trust to enterprise buyers
  • Comprehensive audit report with third-party attestation and eval results
  • AIUC-1 badge for trust center, footer, or relevant sales collateral

Why get AIUC-1 certified?

Organizations developing and deploying AI agents pursue AIUC-1 to:

  1. Improve security, safety and reliability: AIUC-1 combines state-of-the-art technical testing and technical, operational and legal controls that make a difference. For example:
    1. A customer service agent company saw its hallucination rate drop from 11% to <2% by strengthening its groundedness filter with guidance from AIUC.
    2. A product onboarding agent company discovered and patched a PII exposure vulnerability during the certification process.
    3. A customer support agent company saw inappropriate tone & output format outputs reduce from 9% to <2% by strengthening defensive prompting and configuring output moderation
  2. Demonstrate system security to customers, board, regulators and other key stakeholders: The AIUC-1 certificate, audit report and eval results comprehensively covers all enterprise risks and showcase how your organization has mitigated these risks proactively. Collectively, these assets build trust, underscore that AI security is a strategic priority, and help unblock deals.

AIUC-1 operationalizes the top emerging AI frameworks like ISO42001, NIST AI RMF, and the EU AI Act - and avoids duplicating the work of non-AI frameworks like SOC 2, ISO 27001, or GDPR. Read more here.

Who is AIUC-1 certification for?

Organizations should pursue AIUC-1 certification if they are:

  1. Adopting or developing agentic AI systems built on generative models
  2. Applying agentic AI in high-risk use cases, such as customer-facing agents where brand is on the line, agents with access to confidential data, agents handling critical workflows
  3. Looking to build trust and demonstrate AI security to potential enterprise customers, internal executives or board members

Certified AI agents include customer service agents, candidate scoring agents, interviewer agents, internal automation agents, image generation agents, summarization agents, and more. Certified organizations range from seed stage to publicly traded enterprises.

Does an AIUC-1 certificate guarantee security, safety and reliability?

An AIUC-1 certificate demonstrates that an organization has developed and deployed their AI system following industry best practices for AI security, safety and reliability backed by research at the time of certification. This includes demonstrating technical guardrails, operational practices and legal policies. Technical tests are re-run quarterly, and all technical, operational and legal controls are re-audited annually to maintain certification.

The focus on AIUC-1 is enterprise concerns like data leaks, IP infringement, jailbreaks, and other risks holding back enterprise AI adoption. Conversely, AIUC-1 is less focused on e.g. AI companions or AI used for NSFW content generation, as these are not enterprise use cases.

No certification can eliminate all risk from systems, especially those that are probabilistic in nature and fast-evolving. Just like a SOC 2 report or cybersecurity pentest does not guarantee a system is secure from all threats, an AIUC-1 certificate cannot guarantee AI system security, safety and reliability.

Please contact the certified party to receive their AIUC-1 report, containing the:

  1. Scope of their AIUC-1 certification: Typically limited to specific product(s), not the full organization’s products and practices
  2. Version of the standard used: Given the fast-pace of AI, the standard is refreshed quarterly. The full changelog can be found here.
  3. Specific practices they follow to meet AIUC-1: In cases where there is no single ‘best practice’ (e.g. data retention and usage policies), the standard focuses on clear disclosure and enforcement rather than mandating a specific approach

Read more on the FAQ page here.

The Security, Safety, and Reliability standard for AI agents

Stay up to date with AIUC-1

AIUC-1.COM
AIUC-1

© 2026.AIUC

OverviewChangelogConsortium

LEGAL

Privacy PolicyTerms of Service