Is the AI vendor you're about to adopt trustworthy? SOC 2, ISO 42001 and what to ask before you sign
Almost every AI tool an SME adopts is a third-party SaaS, often American, and the answer you get to "can we trust you?" is always the same: "we're SOC 2 Type II certified". But SOC 2 isn't a law, it's an AICPA attestation of security hygiene — and on AI it says almost nothing. What Type I and Type II really mean, the five questions to ask the vendor before you sign (does the scope name the AI features or only "the Platform"? is the model provider a declared subprocessor? does your data feed the training?), the three things SOC 2 will never tell you (bias, explainability, hallucinations), why the AI-specific standard to ask for is instead ISO/IEC 42001, and why in Italy SOC 2 replaces nothing of the GDPR and AI Act — it counts only as one piece of the DPIA.
When an SME adopts AI, it almost never builds the model: it adopts a tool — a copilot for sales, an agent platform for support, a content generator. And that tool, in the overwhelming majority of cases, is a third-party SaaS, often American. Before you sign, there's one right question to ask: "can I trust this vendor?". The answer you'll get back, almost every time, is the same: "we're SOC 2 Type II certified". It sounds reassuring. But does it really settle the matter?
The honest answer is no — not on its own. SOC 2 says something useful, but it says far less than the word "certified" implies, and on everything that concerns AI specifically it says almost nothing. It's worth understanding that before you hand a vendor a piece of your process — and your data.
What SOC 2 really is (and what it isn't)
First misunderstanding to clear up: SOC 2 is not a law. It's an attestation issued by an independent auditor under a framework from the AICPA (the American accountants' body), measuring a vendor's controls against five Trust Services Criteria: security (always in scope), availability, processing integrity, confidentiality and privacy. It's a good signal of security hygiene, not a stamp of European compliance.
Second point, the one that separates a real signal from a cosmetic one: SOC 2 comes in two types, and the difference is everything.
- Type I — attests that the controls exist at a given moment. It's a snapshot: on the day of the audit, they were there. On its own, it's a weak signal.
- Type II — attests that those controls actually worked across a window of six to twelve months. It's the film, not the photo: it's the only one of the two that says anything meaningful about how the vendor operates over time.
If a vendor tells you "we have SOC 2" without specifying, the first question is: Type I or Type II?. A Type I waved about as a guarantee is, often, a marketing shortcut. Insist on Type II — and on the report, not just the attestation.
The questions to ask before you sign
A SOC 2 report isn't something you "have" or "don't have": it's something you read. And the part that matters to you — the AI — is almost always buried in the details of the scope. Before you sign, these are the gates the vendor has to clear, not the word "certified":
The three things SOC 2 will never tell you
Here lies the limit that no amount of "Type II" fills. SOC 2 was born for the security and reliability of infrastructure: servers, access, continuity. It was never designed for AI, and indeed as of July 2026 the AICPA has published no SOC 2 criteria specific to artificial intelligence: auditors apply the generic 2017 criteria using the usual information-security judgment (Schellman). Translated: however impeccable the report, there are things about AI it will never tell you.
- Model bias — if the answers discriminate, SOC 2 doesn't measure it.
- Explainability — why the model decided the way it did stays outside the scope.
- Hallucination risk and information integrity — that the model invents things with confidence isn't a control a security audit catches.
"SOC 2 Type II compliant" is not proof of AI security, nor of governance maturity: that's an entirely different terrain. Confusing the two is the most expensive mistake of this phase — because it makes you feel covered exactly where you aren't.
The right standard to ask for is another one: ISO/IEC 42001
If the question is "does this vendor govern AI in a mature way?", the standard to name isn't SOC 2, but ISO/IEC 42001:2023, published in December 2023: the first certifiable standard for an AI management system. Where SOC 2 looks at the infrastructure, ISO 42001 looks at the AI as such — an AI policy and management accountability, an inventory of AI systems with risk classification, impact assessments, governance of training data, controls across the whole model lifecycle, bias management and handling of non-conformities.
The right way to hold them together is to think of them as two distinct layers, not as alternatives (BARR Advisory): SOC 2 is the security floor, ISO 42001 is the AI-governance storey above it. The best practice is to have both; if a vendor shows you only SOC 2 and talks about "responsible AI", the next question comes naturally: and on ISO 42001, where are you?.
Beware the shortcuts: "SOC for AI"
An idea doing the rounds online is a "SOC for AI", a supposed AI-specific framework. It's worth knowing so you don't fall for it: there's no record of it being published by the AICPA — its official page on SOC services doesn't list it, and the sources that mention it trace back to authorless content with no link to a primary source. Treat it as an unconfirmed rumour, not a requirement to demand or to boast about. In this area, where the rules are still taking shape, the prudent move is to ask for the standards that really exist — not the ones with the most reassuring name.
In Italy, SOC 2 replaces nothing
A point too many sales pitches leave vague: in Italy and in Europe, SOC 2 has no force of law. It's not a European requirement and it replaces nothing of what the GDPR and the EU AI Act ask of you (Comp AI). A vendor with an excellent SOC 2 may still not be enough, if your use of that tool calls for a data protection impact assessment.
So where does it actually matter? As one input, among many, into the vendor risk assessment step of your DPIA: when the tool is an American SaaS, SOC 2 is useful evidence on the security of processing (in the logic of Article 32 of the GDPR). But it stays subordinate to the GDPR and AI Act analysis, it doesn't replace it. That's exactly the place we give it in our compliance overlay: vendor diligence is one piece of the governance block that accompanies every use case, never a substitute for the analysis that counts.
What to do now, in practice
You don't need to become an auditor. For an SME choosing an AI tool, reasonable diligence is short and concrete:
- Insist on Type II, and the report. A Type I attestation waved about as a guarantee is a weak signal; ask for the Type II report and read it, don't stop at the declaration.
- Check that the scope names the AI. If the perimeter only talks about "the Platform" and not the AI/agent features, the report doesn't cover the very part you care about.
- Ask for the list of subprocessors and the fate of your data. Which model provider sits behind it, whether your data feeds the training, and with what guarantees — set down in writing in the contract.
- Ask for ISO 42001, not just SOC 2. If the vendor sells "responsible AI", the standard that proves it is that one — or at least a path towards it.
- Bring it all into the DPIA, where SOC 2 counts as one of the elements of processing security, not as the final verdict.
Even before assessing a single vendor, though, it helps to know which process you want to automate and with which controls around it: it's from there that what to ask the vendor follows. Our AI-readiness assessment helps you line up the right processes and the controls to insist on; if you're right at the point of choosing between building and buying, the article on buying or building frames the decision upstream, and the controls that make a use case defensible complete the picture downstream.
We've turned the first step into a free, self-serve assessment: a few questions and a pointer on where to start, with which controls — and which questions for the vendor — around the first workflow. Take the AI-readiness assessment — then, if it makes sense, let's talk.
This article is for guidance only and does not constitute legal advice or a compliance assessment. SOC 2 is an AICPA attestation (not a European law) on the 2017 Trust Services Criteria; the Type I / Type II distinction, the absence — as of July 2026 — of AI-specific SOC 2 criteria from the AICPA, and the role of ISO/IEC 42001:2023 as a certifiable AI management standard reflect industry sources current to that date and should be reverified against the text in force. For your company's concrete obligations refer to the GDPR, the text of the EU AI Act, the guidance of the Garante and qualified legal support.
Keep reading
More deep-dives on AI adoption in an SME.
From theory to your business. We graft AI in.
Want to know which department to start from in your company? The free assessment gives you a first answer in two minutes — then, if it makes sense, we talk.