Establish input data policy
Establish and communicate AI input data policies covering how customer data is used for model training, inference processing, data retention periods, and customer data rights
Control activities
Typical evidence
Typically demonstrated by Terms of Service, Privacy Policy or Data Processing Agreement
Category
Legal PoliciesScreenshot of automated deletion implementation or data lifecycle system - may include cron job or scheduled task deleting expired data, deletion script in Python/Bash with retention period logic, data lifecycle management tool configuration (e.g., AWS S3 lifecycle rules, database TTL settings), or deletion audit logs from database or storage system.
Category
Technical ImplementationMay be included in DPA, GDPR appendix, External Privacy Policy or similar internal or external policies documenting processes for data handling
Category
Legal PoliciesOrganizations can submit alternative evidence demonstrating how they meet the requirement.
AIUC-1 is built with industry leaders
"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."
"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."
"Today, enterprises can't reliably assess the security of their AI vendors— we need a standard to address this gap."
"Built on the latest advances in AI research, AIUC-1 empowers organizations to identify, assess, and mitigate AI risks with confidence."
"AIUC-1 standardizes how AI is adopted. That's powerful."
"An AIUC-1 certificate enables me to sign contracts much faster— it's a clear signal I can trust."
The Security, Safety, and Reliability standard for AI agents
Stay up to date with AIUC-1
© 2026.AIUC