AIUC-1
Changelog

AIUC-1 changelog

AIUC-1 is updated formally each quarter to ensure that the standard evolves as technology, risk, and regulation evolves.

The most recent version of AIUC-1 was released on July 15, 2026.

The next version of AIUC-1 will be released on October 15, 2026.

July 15, 2026 release

For this update, focus has been on expanding coding agent requirements, developing public facing guidance for auditors and organizations pursuing AIUC-1, and further clarifications to existing requirements. This quarter’s refresh updates 8 requirements and 41 controls.

Overview of key updates

AIUC-1 for coding agents: Secrets management, secure defaults in code, execution-level safeguards broadened to coding agents

Technical guidance for auditors: Public documentation on AIUC-1 audit scoping and annual re-certification

Clarifications to existing requirements: Clearer rules for which controls apply to which agent types, and removal of duplicative controls

Detailed changelog

Date

Q3 2026

AIUC-1 Requirement and Control

A008: Prevent leakage of credentials and secrets

Category
New addition
Change Notes

Added new mandatory requirement for code-generating agents covering detection and prevention of secrets leakage in AI system inputs, outputs, logs, and credential storage, with five new controls (A008.1-A008.5)

Date

Q3 2026

AIUC-1 Requirement and Control

B010: Promote secure patterns in generated code

Category
New addition
Change Notes

Added new mandatory requirement for code-generating agents to promote secure patterns and prevent known vulnerabilities in generated code, with six new controls (B010.1-B010.6)

Date

Q3 2026

AIUC-1 Requirement and Control

A003: Limit AI agent data access

Category
Revision
Change Notes

Retired the supplemental control on alerting for auth failures; agent identity management and agent access and permissions management renumbered to A003.2 and A003.3

Date

Q3 2026

AIUC-1 Requirement and Control

A003.1 Config: Data access scoping

Category
Clarification
Change Notes

Clarified the control to cover data access rather than data collection

Date

Q3 2026

AIUC-1 Requirement and Control

A004.1 Documentation: User guidance on confidential information

Category
Clarification
Change Notes

Recategorized the evidence from Technical Implementation to Operational Practices

Date

Q3 2026

AIUC-1 Requirement and Control

A005: Prevent cross-customer data exposure

Category
Revision
Change Notes

Broadened the requirement to cover cross-customer data exposure generally, not only when combining customer data from multiple sources

Date

Q3 2026

AIUC-1 Requirement and Control

A005.2 Config: Customer data isolation controls

Category
Clarification
Change Notes

Generalized typical evidence to logical isolation appropriate to the architecture rather than specific app-ID patterns

Date

Q3 2026

AIUC-1 Requirement and Control

A006: Prevent PII leakage

Category
Revision
Change Notes

Retired the core control requiring authentication and authorization for PII access; DLP system integration renumbered to A006.2 as a supplemental control

Date

Q3 2026

AIUC-1 Requirement and Control

A007: Prevent IP violations

Category
Revision
Change Notes

Retagged capability scoping from generation modalities to externally facing agents

Date

Q3 2026

AIUC-1 Requirement and Control

B006.3 Config: Execution-level safeguards

Category
Revision
Change Notes

Extended sandboxed execution safeguards to cover agent-executed code alongside first-party MCP servers

Date

Q3 2026

AIUC-1 Requirement and Control

B008: Protect AI system deployment environment

Category
Revision
Change Notes

Retired the core control on model access controls; remaining controls renumbered B008.1-B008.5 with agentic interface data integrity retagged as supplemental

Date

Q3 2026

AIUC-1 Requirement and Control

B009: Limit output over-exposure

Category
Revision
Change Notes

Extended capability scoping to cover image generation alongside text and voice generation

Date

Q3 2026

AIUC-1 Requirement and Control

C005: Prevent agent-specific high risk outputs

Category
Clarification
Change Notes

Renamed from customer-defined to agent-specific high-risk outputs to reflect that the risk taxonomy is defined per agent

Date

Q3 2026

AIUC-1 Requirement and Control

C006.2 Demonstration: Content handling and labelling for untrusted content

Category
Clarification
Change Notes

Relabelled from warning labels to content handling and labelling for untrusted content

Date

Q3 2026

AIUC-1 Requirement and Control

C008.3 Config: Security tooling

Category
Clarification
Change Notes

Renumbered from C008.4 to C008.3 to close a numbering gap

Date

Q3 2026

AIUC-1 Requirement and Control

E002: AI failure plan for harmful outputs

Category
Revision
Change Notes

Retagged capability scoping from generation modalities to externally facing agents

Date

Q3 2026

AIUC-1 Requirement and Control

E003: AI failure plan for hallucinations

Category
Revision
Change Notes

Retagged capability scoping from generation modalities to externally facing agents

Date

Q3 2026

AIUC-1 Requirement and Control

E003.1 Documentation: AI failure plan for hallucinations

Category
Revision
Change Notes

Refocused the control on customer communication protocols and immediate mitigation steps with designated staff responsibilities

Date

Q3 2026

AIUC-1 Requirement and Control

E005.1 Documentation: Data storage security practices

Category
Revision
Change Notes

Simplified the control to focus on documenting data storage security practices such as cloud vs. on-premises assessments

Date

Q3 2026

AIUC-1 Requirement and Control

E009: Monitor third-party access

Category
Revision
Change Notes

Expanded the requirement to cover monitoring and logging of third-party API connections, sessions, and data access

Date

Q3 2026

AIUC-1 Requirement and Control

E009.2 Config: Anomalous third-party access alerting

Category
Addition
Change Notes

Added new supplemental control for alerting on anomalous third-party access

Date

Q3 2026

AIUC-1 Requirement and Control

E017: Document system transparency policy

Category
Revision
Change Notes

Restructured controls: transparency documentation is now the core control E017.1, transparency report sharing policy retagged supplemental as E017.2, and a new supplemental control E017.3 added covering platform and deployer security responsibilities

Detailed side-by-side comparison

Detailed comparison of previous standards (January 15, 2026 and April 15, 2026) and current standard (July 15, 2026) is available on Github here

Standard history

Version

April 15, 2026

Link to changelog
Version

January 15, 2026

Link to changelog
Version

October 1, 2025

Link to changelog
Version

July 22, 2025

Link to changelog

First launch of the standard

Tenets that guide the standard update

Customer-focused.We prioritize requirements that enterprise customers demand and vendors can pragmatically meet— increasing confidence without adding unnecessary compliance.

AI-focused. We do not cover non-AI risks that are addressed in frameworks or regulations like SOC 2, ISO 27001, or GDPR.

Insurance-enabling. We prioritize risks that lead to direct harms and financial losses.

Adapts to regulation. We update AIUC-1 to make it easier to comply with new regulations.

Adapts to AI progress. We update AIUC-1 to keep up with new capabilities, like reasoning capabilities and new modalities.

Adapts to the threat landscape. We update AIUC-1 in response to real-world incidents.

Continuous improvement. We regularly update the standard based on real-world deployment experience and stakeholder feedback.

Predictability.We review the standard and push updates quarterly— on January 15, April 15, July 15, and October 15 of each year.

Transparency. We keep a public changelog and share our lessons.

Backward compatibility. Existing certifications remain valid during transition periods.

Provide input on AIUC-1

We welcome feedback, ideas, suggestions, and criticism— provide input on AIUC-1.