AIUC-1 Data & Privacy Protection
Enforce AIUC-1 Domain A requirements — prevent data leakage, PII exposure, IP infringement, and cross-customer data contamination across AI systems.
About This Policy Template
Comprehensive AIUC-1 Domain A compliance pack covering controls A003–A007. Prevents excessive data collection by AI agents, protects trade secrets and intellectual property, enforces strict cross-customer data isolation, detects PII leakage (SSN, email, phone, credit card, passport numbers, and bulk PII exposure), and prevents IP violations including copyright, trademark, and code license infringement. Essential for any organization deploying AI systems that handle sensitive or multi-tenant data.
Policy Rules(14)
Critical Severity
(8)API Key or Credential in AI Output
Detect API keys, secrets, or credentials in AI-generated content (AIUC-1 A004)
Bulk PII Exposure Detection
Detect multiple PII elements that together identify an individual (AIUC-1 A006)
Credit Card Number in AI Output
Detect credit card number patterns in AI output (AIUC-1 A006)
Cross-Customer Data Reference
Detect AI responses referencing data from other customers or tenants (AIUC-1 A005)
Passport or Driver License Number
Detect possible passport or driver license numbers in AI output (AIUC-1 A006)
SSN in AI Output
Detect Social Security Number patterns in AI output (AIUC-1 A006)
Trade Secret Exposure in Output
Detect proprietary information or trade secrets in AI output (AIUC-1 A004)
Unauthorized Scope Access in Agent Session
Detect AI agent actions accessing resources outside authorized scope (AIUC-1 A003)
High Severity
(5)Code License Violation
Detect copyrighted code with license headers in AI output (AIUC-1 A007)
Copyright Violation in AI Output
Detect AI-generated content that reproduces substantial copyrighted material (AIUC-1 A007)
Email Address in AI Output
Detect email addresses in AI output that may indicate PII leakage (AIUC-1 A006)
Excessive Data Collection in Agent Context
Detect AI agent requests or responses that access data beyond task scope (AIUC-1 A003)
Phone Number in AI Output
Detect phone number patterns in AI output (AIUC-1 A006)
Medium Severity
(1)Trademark Usage in AI Output
Detect AI content that misuses trademarks or implies false endorsement (AIUC-1 A007)
Enforcement by Integration
What happens when a violation is detected, based on the enforcement mode and integration type.
| Integration | Block | Approval | Warn | Monitor |
|---|---|---|---|---|
Version Control GitHub, GitLab, Bitbucket | Fail check run / merge request status | Pending check run — held for review | Neutral check run / comment on PR | Pass check run (silent) |
Email — Gmail Gmail | Quarantine label; + violation label (outbound) | Quarantine label — held for review | Add warning label | Log only |
Email — Outlook Outlook | Move to quarantine folder; + flag (outbound) | Move to quarantine — held for review | Flag + categorize | Log only |
Messaging Slack, Teams | Post violation warning in channel | Post 'held for review' warning | Post warning in channel | Log only |
Storage Google Drive, Dropbox, OneDrive | Move file to quarantine folder | Quarantine file — held for review | Log only | Log only |
AI Proxy OpenAI, Anthropic, Gemini, MCP, Agent | Block request (return 403) | Hold request — return review ID | Allow request + audit trail | Log only |
API REST API | Return BLOCK outcome (client decides) | Return APPROVAL_REQUIRED + poll URL | Return WARN outcome | Log only |
Version History
1 version published
Initial release
Ready to Install AIUC-1 Data & Privacy Protection?
Get started with pre-built governance policies in minutes.