SOC 2 is not AI governance: what enterprise buyers now ask beyond it
- SOC 2 remains table stakes; its absence still fails reviews on its own.
- SOC 2 audits the company, not the system — it cannot answer AI behaviour questions by construction.
- AI diligence wants model cards, classification, monitoring, oversight, training-data provenance and AI incident process.
- Extend SOC 2's evidence discipline to the system level; do not run a parallel programme.
- One record answers both layers; two projects contradict themselves at the seam, and reviewers look there first.
What SOC 2 still buys you
SOC 2 remains table stakes, and nothing here diminishes it: organisational security, access control, change management, availability, the evidence that your company runs controlled operations. For an AI vendor it is the foundation layer, and its absence still fails reviews on its own. The error is not holding SOC 2; it is believing it answers the AI questions.
Where it stops
SOC 2 says nothing about the behaviour of your models. Nothing on training data provenance, on evaluations and their results, on drift and how you detect it, on the limitations you know about and disclose, on where a human sits in decisions that affect people, on the risk classification of the system in the buyer's use, or on what happens when the model does something wrong. Those are precisely the questions the AI sections of modern questionnaires ask, and they are the sections a SOC 2 report cannot answer by construction, because it audits the company, not the system.
What buyers ask beyond it
The AI layer of diligence typically wants: a model card or equivalent per system; the classification and its reasoning; how the system is monitored in production and what triggers intervention; where human oversight sits and who holds it; the provenance of training data at the level of categories and rights; and the incident process specific to AI behaviour. None of these duplicates SOC 2 work, and none is answered by it.
How the two fit together
The efficient move is extension, not a second programme. The evidence discipline SOC 2 taught you, controls with owners producing evidence in operation, extends naturally to the system level: the same record that holds your access-control evidence holds your model card, your classification reasoning, and your oversight design. Vendors who run them as one record answer both questionnaire layers from one source; vendors who run them as separate projects contradict themselves at the seam, and the seam is where reviewers look first.
Key terms
- SOC 2
- The AICPA attestation covering organisational controls over security, availability and related trust criteria; foundation layer, not AI answer.
- Model card
- The per-system document capturing purpose, data, evaluation, limitations and intended use; the AI-layer equivalent of a control narrative.
- Drift
- The change in a model's behaviour over time as inputs, data or the world moves; something reviewers ask how you detect, not whether you have heard of.
- Human oversight
- The designed point at which a person can review, override or intervene in a system's output that affects a person.
- System-level diligence
- The layer of enterprise review that asks how a specific AI system behaves, independent of how the company running it is controlled.