All answers
Security & compliance Open question — the Lab is working on this

Is there a security/compliance concern with using custom AI models (like open-source models from Hugging Face) to review tax returns, given US regulatory requirements like WISP plans and SOC 2 compliance?

29:01From the May 20 call · OpenAccountants Skills, MCP Servers for QBO, and Token Strategy

One participant raised concern that in the US, tax preparation firms are regulated entities that must have a WISP (Written Information Security Plan) and use software that is SOC 2 Type 2 compliant, because they handle PII (social security numbers, addresses, phone numbers, etc.). A leak of this information could be devastating to a firm. Another participant countered that reviewing a tax return with an LLM is conceptually similar to reviewing the tax code itself, and questioned whether this actually implicates PII in a different way than normal practice. It was noted that regulatory frameworks differ between the US and other jurisdictions (e.g., Europe), and that this is a real consideration when adopting custom or open-source models such as those from Hugging Face for firm use.

The full answer is members-only

Membership is free. Apply and get this answer, the recording, and the rest of the library.

Apply to join

Already a member? Sign in