AIUC-1 Has 51 Requirements. Here's Which Ones You Can Actually Automate.

If you are building AI agents for enterprise customers, AIUC-1 is about to become part of your life. Created by a consortium of 100+ Fortune 500 CISOs with technical contributors from Cisco, MITRE, Stanford, and Anthropic, it is positioning itself as the SOC 2 for AI. Schellman (one of the biggest SOC 2 auditors) is already the first accredited AIUC-1 auditor. ElevenLabs was the first company to get certified. The standard covers 51 requirements across 6 domains. Two were merged in the Q1 2026 update, leaving 49 active requirements. That sounds like a lot. It is. But here is the thing most people miss when they first look at AIUC-1: not all 49 requirements are the same type of work. Some can be enforced through automated technical controls. Others are purely about having the right documents and processes in place. Understanding which is which changes how you approach compliance entirely. Let's break it down. The 6 Domains at a Glance AIUC-1 organizes everything into 6 domains: Domain A