Certification

AIUC-1 Certification
The world's first AI agent security standard.

Built with 100+ Fortune 500 CISOs  get your AI agents independently certified to unlock enterprise adoption, address adversarial risks, and demonstrate trustworthiness across security, safety, reliability, accountability, data & privacy, and society.

Schedule a Call Learn more

Speak with our experts.







    WHAT IS AIUC-1?

    The world's first independent standard to certify AI agents against six enterprise risk principles — built with 100+ Fortune 500 CISOs.

    AIUC-1 is the AI agent security, safety & reliability standard developed by the Artificial Intelligence Underwriting Company (AIUC) with a consortium of 100+ Fortune 500 CISOs and security leaders. It certifies that an AI agent implements comprehensive technical, operational, and legal controls across six principles: Data & Privacy, Security, Safety, Reliability, Accountability, and Society. Unlike management system certifications, AIUC-1 tests actual agent behaviour through adversarial scenarios derived from real-world incidents, refreshed every quarter. As an accredited AIUC-1 auditor, Zertia collects and assesses evidence, writes the audit report, and submits the certification recommendation to AIUC, which issues the certificate.

    UNLOCK THE BENEFITS OF AIUC-1 CERTIFICATION

    Enterprise Sales

    Unlock enterprise procurement

    Enterprise security and legal teams increasingly require AI agents to demonstrate independently verified safety and security controls before signing contracts. An AIUC-1 certificate replaces lengthy security questionnaires with a credible, third-party signal that accelerates procurement cycles.

    Trust & Risk

    Demonstrate trustworthiness across six risk dimensions

    AIUC-1 certifies conformity across Data & Privacy, Security, Safety, Reliability, Accountability, and Society — the six enterprise risk areas that most concern CISOs, legal teams, and boards when adopting AI agents.

    Security

    Stay current with adversarial AI risk

    AIUC-1 is refreshed every quarter based on real-world AI incidents and the latest security research. Certified organisations submit to quarterly technical re-testing, ensuring the certificate reflects the current threat landscape — not a one-time snapshot from twelve months ago.

    Marketing

    Leverage marketing potential as an AI leader

    AIUC-1-certified companies join a community of enterprise AI leaders who use certification as a powerful commercial signal. The certification is an opportunity to launch a dedicated announcement package to maximise market impact.

    Compliance

    Operationalise leading AI frameworks in a single process

    AIUC-1 operationalises principles from ISO 42001, the EU AI Act, NIST AI RMF, MITRE ATLAS, and OWASP Top 10 simultaneously. One certification engagement maps to multiple compliance requirements, reducing duplication of effort.

    Deliverables

    Get a tangible, auditable deliverable

    Certification includes a comprehensive audit report, access to the AIUC evaluation analysis platform with 3,000+ quarterly eval results, and a certification statement issued by AIUC. Evidence is independently verified, not self-declared.

    Schedule a Call

    ROADMAP TO AIUC-1 CERTIFICATION

    Days 1–5 Phase 1

    Set-up

    Define the AI agent(s) in scope. Provide technical documentation and access to the testing environment. Share existing internal guidelines and policies. Agree on the attack and risk taxonomy to be applied. Zertia and AIUC assess audit readiness.

    Weeks 1–3 Phase 2

    Technical Testing

    AIUC conducts 3,000+ adversarial evaluations across the applicable risk categories, adapted to the agent's specific context. Scenarios cover benign, manipulative, and adversarial inputs. Results are graded on a severity scale (Pass, P4–P0). Multiple test iterations are possible.

    Weeks 3–6 Phase 3

    Audit of Controls

    Zertia reviews evidence across the six AIUC-1 principles: Data & Privacy, Security, Safety, Reliability, Accountability, and Society. Evidence covers technical, operational, and legal controls. Zertia identifies any control gaps, supports the development of missing documentation, and drafts the comprehensive audit report.

    Days 1–5 Phase 4

    Results Review & Certification

    Review of deliverables including the audit report and evaluation analysis dashboard. Q&A on findings with Zertia and AIUC. Remediation actions are possible. Upon AIUC's approval of Zertia's recommendation, the AIUC-1 certificate is issued. Certification includes an announcement package (video, social media, press assets).

    Schedule a Call

    Commitment to Excellence

    We operate as an accredited, independent assurance body, delivering certifications and audits that regulators, investors, and boards trust.

    verified

    Accreditation

    Accredited as Conformity Assessment Body for AI Management Systems by ANAB (United States) and in the process for UKAS (United Kingdom) and ENAC (Spain - EU).

    shield_person

    Credentials

    Our team is qualified by leading international organisations for training and certification in AI, data and privacy governance.

    groups

    Memberships

    Member of IAPP, INCITS, UKAI and signatory to the EU AI Pact.

    Trusted by:

    FREQUENTLY ASKED QUESTIONS

    Everything You Need to Know About AIUC-1 Certification

    What is AIUC-1?

    AIUC-1 is the AI agent security, safety & reliability standard developed by the Artificial Intelligence Underwriting Company (AIUC) with a consortium of 100+ Fortune 500 CISOs. It certifies that an AI agent implements comprehensive technical, operational, and legal controls across six principles: Data & Privacy, Security, Safety, Reliability, Accountability, and Society. The standard is updated quarterly based on real-world AI incidents and the latest security research.

    What is Zertia's role in AIUC-1 certification?

    Zertia acts as an accredited AIUC-1 auditor. This means Zertia collects and assesses the evidence demonstrating conformity with AIUC-1 requirements, writes the comprehensive audit report, and submits the certification recommendation to AIUC. AIUC independently conducts the technical testing and issues the final certificate. The auditor operates independently from the client throughout the process.

    What does AIUC-1 certification cover?

    AIUC-1 covers six principles: Data & Privacy (preventing data leakage, IP theft, and unauthorised use), Security (defending against adversarial attacks, jailbreaks, and prompt injections), Safety (mitigating harmful outputs and protecting brand reputation), Reliability (preventing hallucinations and ensuring AI stays within its intended scope), Accountability (clear governance and oversight), and Society (preventing broader harm and AI misuse).

    How does AIUC-1 relate to ISO 42001, the EU AI Act, and NIST AI RMF?

    AIUC-1 operationalises principles found across ISO 42001, the EU AI Act, NIST AI RMF, MITRE ATLAS, OWASP Top 10, and CSA AICM. While ISO 42001 certifies the management system governing AI, AIUC-1 certifies the AI agent itself through adversarial technical testing and control audits. The two certifications are complementary and organisations can pursue both.

    How long does the certification process take?

    The standard AIUC-1 certification process takes approximately eight weeks: Set-up (3–5 days), Technical Testing (2–3 weeks), Audit of Controls (2–3 weeks), and Results Review & Certification (3–5 days). White-glove engagements are fast-tracked. Timelines may vary depending on the number of agents in scope and the availability of existing documentation.

    What are the ongoing requirements after certification?

    AIUC-1 certification is valid for twelve months. To remain certified, organisations must submit to the next quarterly technical testing window, ensuring the certificate remains current as the AI agent and the threat landscape evolve. The certification statement is updated following each quarterly test.

    What deliverables does the certification process produce?

    Certification includes a comprehensive audit report (approximately 100 pages), access to the AIUC evaluation analysis platform with detailed results from 3,000+ quarterly evaluations, an AIUC-1 Certification Statement issued by AIUC, and a certification announcement package including video, social media, and press assets for co-marketing use.

    Who is AIUC-1 designed for?

    AIUC-1 is designed for organisations building or deploying AI agents that need to demonstrate safety and security to enterprise clients, regulators, investors, or partners. It is particularly relevant for AI providers targeting enterprise sales, platforms deploying agentic automation at scale, and any organisation that needs an independent, credible signal of AI agent trustworthiness.

    Schedule a Call

    Your fast track to compliance starts here

    Our team is ready to support your compliance, cybersecurity, and privacy needs. Complete the contact form or reach out to hello@zertia.ai, and our experts will guide you through the next steps.