AIUC-1: The AI Agent Security, Safety & Reliability Standard
AIUC-1 is the world's first certifiable standard for AI agents, developed by the Artificial Intelligence Underwriting Company. It combines technical testing, operational controls, and legal safeguards across six domains — Data & Privacy, Security, Safety, Reliability, Accountability, and Society — so enterprises can assess and signal trust in AI agent vendors.
Do I Need This?
AIUC-1 directly addresses AI agent security and safety risks. If your organization is deploying or procuring AI agents, this standard provides a structured framework to evaluate vendor controls and reduce your attack surface from agentic AI.
- Assess current AI agent deployments against AIUC-1's six control domains
- Require AIUC-1 certification in AI agent vendor procurement criteria
- Review quarterly technical testing requirements for ongoing assurance
AIUC-1 certification takes 5–10 weeks and provides a structured path to demonstrate AI agent governance. The standard is updated quarterly, so plan for ongoing compliance as requirements evolve.
- Map existing AI governance controls to AIUC-1's 50+ requirements
- Engage Schellman or 360 Advanced for a gap assessment
- Budget for annual certification renewal with quarterly technical testing
AIUC-1 is an industry standard, not a regulatory requirement. However, it is gaining traction as a market expectation for AI agent vendors. Certification strengthens due diligence arguments and may reduce liability exposure from AI agent incidents.
- Evaluate AIUC-1 certification as a contractual requirement for AI agent vendors
- Monitor regulatory developments referencing AIUC-1 as a conformity mechanism
- Review insurance implications of AIUC-1's accountability controls
Key Control Areas
Protects users and enterprises against data and privacy risks through customer data policies, access controls, and safeguards against data leakage, IP exposure, and unauthorized training on user information.
Covers protection against attacks and vulnerabilities in AI agent systems, including threat modeling, pre-deployment testing, and ongoing security monitoring.
Implements safeguards to prevent harmful outputs including distressed outputs, high-risk advice, offensive content, bias, and deception from AI agents.
Ensures consistent and dependable performance of AI agents through testing, monitoring, and fallback mechanisms for production systems.
Documents which AI system changes require formal review or approval, assigns accountable leads, and maintains evidence of approval across the development and deployment lifecycle.
Addresses systemic and societal risks from AI agents, with special focus on preventing cyberattacks, catastrophic misuse, and broader societal harms.
Key Dates & Timeline
Standard launched 2025. Schellman became first accredited auditor February 2026. UiPath achieved certification March 2026. Quarterly standard updates — latest version January 2026, next release April 2026.
Changelog
UiPath achieves certification
First enterprise automation platform to achieve AIUC-1 certification, validating the standard for large-scale agent deployments.
ElevenLabs achieves certification + AI agent insurance
First voice AI company to certify. Also secured first-of-its-kind AI agent insurance policy backed by Lloyd's of London.
Schellman accredited as first auditor
Schellman becomes the first accredited AIUC-1 certification body, enabling third-party assessments.
Q1 2026 quarterly update
Quarterly refresh of AIUC-1 controls incorporating feedback from early certifications and evolving AI agent threat landscape.
AIUC-1 standard launched
First public release of the AI agent security, safety, and reliability standard with 50+ controls across 6 domains.
Framework Crosswalks
AIUC-1 operationalizes ISO 42001 governance principles with testable, agent-specific controls and mandatory third-party testing.
NIST AI RMF provides the conceptual risk framework; AIUC-1 adds certifiable controls and mandatory testing cadence.
SOC 2 + AI covers broad trust services criteria; AIUC-1 adds depth on AI agent-specific risks not covered by traditional SOC 2 scoping.
The EU AI Act sets regulatory requirements; AIUC-1 provides a voluntary certification that demonstrates operational compliance for AI agents.
Adoption Signals
Certified Organizations
Auditors & Assessors
Key Contributors
Regulatory References
Referenced alongside EU AI Act, NIST AI RMF, and ISO 42001 as an emerging trust signal for enterprise AI agent procurement.
Certification Process
AIUC-1 certification combines upfront technical testing and operational control review with ongoing quarterly technical testing. The certificate is valid for 12 months. Organizations must maintain continuous compliance through quarterly assessments.
- 1Scope & readiness assessment
Identify which AI agent systems are in scope and assess current controls against AIUC-1's six domains.
- 2Gap remediation
Implement missing technical, operational, and legal safeguards to meet the 50+ AIUC-1 requirements.
- 3Technical testing
Submit AI agent systems to third-party technical testing covering security, safety, and reliability.
- 4Operational control review
Auditor reviews governance documentation, accountability assignments, and data privacy controls.
- 5Certification issued
Upon passing both technical testing and operational review, the AIUC-1 certificate is issued for 12 months.
- 6Quarterly maintenance
Technical testing repeated at least every three months to maintain certificate validity as AI risks evolve.
Related Frameworks
Frequently Asked Questions
What is AIUC-1?
AIUC-1 is the first certifiable standard specifically designed for AI agents. It requires organizations to implement 50+ technical, operational, and legal safeguards across six risk domains (Data & Privacy, Security, Safety, Reliability, Accountability, Society) and submit their AI to frequent third-party technical testing.
How long does AIUC-1 certification take?
Most organizations earn the AIUC-1 certificate in 5–10 weeks. Companies starting from zero may take longer, while those with an existing AI risk management function can move faster. The certificate is valid for 12 months with quarterly technical testing required to maintain it.
How does AIUC-1 relate to ISO 42001?
AIUC-1 operationalizes many of the governance principles in ISO 42001 with testable, agent-specific controls. ISO 42001 provides a broad AI management system framework, while AIUC-1 focuses specifically on AI agent risks with prescriptive technical testing requirements. They are complementary — organizations often pursue both.
Is AIUC-1 recognized by regulators?
AIUC-1 is an industry standard, not a regulatory requirement. However, it is gaining traction as a trust signal for enterprise procurement and is referenced alongside frameworks like the EU AI Act, NIST AI RMF, and ISO 42001 in AI governance discussions.
Who developed AIUC-1?
AIUC-1 was developed by the Artificial Intelligence Underwriting Company with technical contributors from MITRE, Cisco, Stanford, MIT, Google Cloud, and others. The AIUC-1 Consortium includes executives from Salesforce, JP Morgan, HubSpot, MongoDB, Oracle, Databricks, Cloudflare, and more.
Weekly digest — coming soon
Leave your email to get the first issue when it ships. Free, no account required.
We use your email only for the digest. Privacy policy