AIUC-1 certificate overview

Request a Demo

Article

Rajiv Dattani

Jul 19, 2025

4 min read

AIUC-1 certificate overview

Like ISO 27001, FedRAMP, and CSA STAR, AIUC-1 requires ongoing technical testing and compliance. It must be renewed annually to remain current.

AIUC-1 is the world's first standard for AI agents. It covers data & privacy, security, safety, reliability, accountability and societal risks.

Certified organizations demonstrate they conduct leading technical, operational, and legal activities. Auditors assess compliance through upfront technical testing and review of operational controls (conducted annually), and ongoing technical testing (conducted at least quarterly to keep up with ongoing changes to AI risk & mitigation techniques).

Like ISO 27001, FedRAMP, and CSA STAR, AIUC-1 requires ongoing technical testing and compliance. It must be renewed annually to remain current.

AIUC-1 certificate details & comparison to SOC II

	AIUC-1		SOC 2 (Type II)
	Technical Controls	Operational Controls
Audit output	Audit report with certificate, executive summary, and detailed results of technical testing and operational controls		Attestation report
Display term	12 months		12 months
Test cadence	At least quarterly	Annually	Annually
Forward-looking requirements	Yes. Requires forward-looking policies and testing (e.g. review of logs, adversarial tests)		No. SOC 2 is a backward- looking assessment
Failure to re-certify	Non-compliant. Certificate is stale and must be removed if not renewed		Non-compliant. Logo and SOC 2 claims must be removed if not renewed
Material issues uncovered in testing	Qualified/adverse report. Re-testing must be completed and issues remediated to receive full certificate	Qualified/adverse report. Operational controls must be met, and evidence provided to receive full certificate	Qualified/adverse report. Only unqualified reports allow “SOC 2 compliant” claim