What does SOC 2 actually require?
SOC 2 sets out governance, risk-assessment, and documentation requirements for the AI systems in its scope. See the framework brief for the full obligation list.
What is SOC 2?
SOC 2 is an AICPA auditing standard for service organizations, evaluating controls relevant to security, availability, processing integrity, confidentiality, and privacy. While not
Last updated April 24, 2026 · Every fact traceable to a public source
SOC 2 is an AICPA auditing standard for service organizations, evaluating controls relevant to security, availability, processing integrity, confidentiality, and privacy. While not AI-specific, SOC 2 Type II reports are table stakes for B2B SaaS vendors — including AI governance platforms — and are frequently mapped to AI-specific risk frameworks.
Who is in scope of SOC 2?
SOC 2 is active in United States (AICPA). Scope attaches based on jurisdiction and the role a company plays in the AI supply chain. See /frameworks/soc2 for the full scope note and source links.
Which vendors help with SOC 2 compliance?
In our directory, the following vendors reference SOC 2 in their compliance coverage: Scrut Automation, Braintrust, WhyLabs, Drata, Giskard. Each profile links to the public source for the claim.
Related
Keep reading
Editorial independence
This FAQ is editorial. No vendor can pay to be included, highlighted, or ranked in answers. Paid listing tiers affect profile depth only — never rankings or commentary. Read our methodology for details.