axigetik: AIUC-1 Support

AIUC-1 certified organizations demonstrate they conduct leading technical, operational, and legal activities.

AIUC-1 has 51 requirements, with 65 mandatory and 65 optional controls across 6 foundational principles: Data & Privacy, Security, Safety, Reliability, Accountability, Society.

Auditors assess compliance through upfront technical testing and review of operational controls (conducted annually), and ongoing technical testing (conducted at least quarterly to keep up with ongoing changes to AI risk & mitigation techniques).

Like ISO 27001, FedRAMP, and CSA STAR, AIUC-1 requires ongoing technical testing and compliance. It must be renewed annually to remain current.

We can help you:

• determine whether AIUC-1 is relevant to your company and use case in terms of technical scope and business benefits (the business case)
• if AIUC-1 is relevant, identifying the extent to which the policies, processes, systems and oversight you have in place will meet the requirements of AIUC-1, or will need to be implemented or significantly improved prior to a formal audit and certification process (a maturity/gap analysis)
• the sequencing of AIUC-1 audit and certification activities against progression towards other frameworks eg ISO/IEC 42001:2023 and/or CSA STAR for AI (an integrated program)

We take a specific interest in automation and integration of technical aspects of compliance given there is an AIUC-1 requirement for quarterly (not annual) testing and evidence collection.

We can help you by:

• control selection: whether there are obvious gaps around the mandatory controls and confirming how many of the optional controls are likely to be addressed in your organizational context
• control execution: where current technology and processes do not sufficiently address the control requirements, what meaningful options are there to close those gaps
• control integration: where current technology and processes do address control requirements, whether this is done in an integrated and efficient fashion
• control evidence: co-developing technical and operational evidence against the controls in scope

We can help you prepare for the initial audit by ensuring all of the techhnical and operational controls are in place and their accumulated documentation and evidence are sourced and arranged in a fashion which will expedite the external audit process. This includes:

• reviewing evidence of both technical and operational controls status (a form of internal audit)
• ensuring any prior adverse/qualified findings have been addressed (again a form of internal audit)
• draft of the audit scoping document, including assembly/linkage to all supporting evidence across system documentation & governance, agent configuration & capabilities and guardrails and any optional controls which will be scoped in

Note: in February 2026, there is 1 single external organization which is accredited as an AIUC-1 auditor - this will change over time. The impartiality requirements of the audit process are such that that the auditing organization cannot provide preparatory and supporting services.

Specific AWS Services Addressed

Bedrock AgentCore (Runtime, Gateway, Memory, Browser Tool, Code Interpreter, Identity, Observability), open source agent frameworks (eg Strands, LangChain, LangGraph, CrewAI, Autogen, HuggingFace Agents, ruflo), other foundation model providers accessed via Bedrock (eg OpenAI, Google Gemini, Anthropic Claude, Meta Llama, Mistral, Cohere).