// Trust & Security Report
Samsung Electronics Co., Ltd.
Bixby voice assistant ecosystem: AI voice control platform for Galaxy smartphones, tablets, smartwatches, buds, smart TVs, refrigerators, and other connected devices. Includes Bixby Vision (visual/contextual search) and LLM-based enhancements for smart home and appliance control via SmartThings integration.
Certifications held
0
Maturity
Enterprise
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 10 unconfirmed / not-held certifications
source: samsungknox.comNo public evidence that Bixby holds SOC 2. The SOC 2 Type 2 report listed on samsungknox.com covers Knox enterprise services (Mobile Enrollment, Manage, E-FOTA, Asset Intelligence, Configure, Guard); the Knox certifications page does not mention Bixby, and the Bixby voice service is not in the certified scope.
source: news.samsung.comNo public evidence that Bixby holds ISO 27001. Samsung's ISO/IEC 27001:2022 certificate (issued by BSI) covers the SmartThings connected-living platform; the announcement does not mention Bixby. Bixby integrates with SmartThings for device control but is not itself in the certified scope.
source: news.samsung.comNo public evidence that Bixby holds ISO 27701. Samsung's ISO/IEC 27701:2019 Privacy Information Management certificate covers the VXT, MagicINFO and LYNK Cloud systems, not the Bixby voice service.
source: samsungknox.comNo public evidence that Bixby holds a Common Criteria certification. Knox Common Criteria certifications cover Samsung Galaxy devices/displays and Knox File Encryption (DualDAR) across recent Android versions; the Knox certifications page does not mention Bixby. This is device/OS-layer assurance, not a Bixby service certification.
source: samsungknox.comNo public evidence that Bixby holds a FIPS 140-3 validation. FIPS 140-3 validations apply to Samsung/Knox cryptographic modules listed on the Knox certifications page, not to the Bixby voice service. The originally cited CES 2026 appliance-security article does not substantiate a CryptoCore FIPS 140-3 claim (it references UL Solutions, KISA and TUV Nord assessments instead).
source: samsungknox.comNo public evidence that Bixby holds a FIPS 140-2 validation. FIPS 140-2 validations apply to Samsung/Knox cryptographic modules listed on the Knox certifications page, not to the Bixby voice service.
source: samsungknox.comSamsung has GDPR compliance measures (30-day response times for data requests, export, deletion, and update; Standard Contractual Clauses for data transfers outside EEA) documented on Knox GDPR page and privacy policies, but no independent third-party GDPR certification audit found. Compliance is regulatory obligation, not third-party certified.
No public evidence of HIPAA certification for Samsung Bixby or Samsung Electronics consumer/enterprise services. Samsung does not market Bixby towards healthcare-regulated use cases.
No public evidence of PCI DSS certification for Bixby or Samsung consumer services. PCI DSS applies to payment card processing, not primary scope of Bixby voice assistant.
No public evidence of CSA STAR AI certification for Bixby. Samsung has not publicly announced CSA STAR or ISO/IEC 42001 (AI governance) certifications.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
Processing via Amazon Web Services for Knox/SmartThings; specific regional data residency not specified for Bixby voice processing. Samsung uses Standard Contractual Clauses for data transfers outside EEA.
Bixby trains on customer voice data with opt-in consent. Users can opt into 'audio recording review' for human review (small percentage of recordings selected). Without opt-in, voice recordings are deleted immediately after command processing. With opt-in, recordings retained for 1 month associated with identifier, then anonymized and retained for 1 year total. Users have clear opt-out and opt-in controls in Bixby settings > Privacy settings > Allow audio recording review. Voiceprint review also has separate opt-in control.
// Security controls
Encryption in transit
Voice commands converted to text and encrypted when sent to server; Knox platform provides hardware-based encryption for device-level data
d264isyiyrfhr3.cloudfront.netEncryption at rest
Knox Secure Folder stores sensitive files with local encryption; SmartThings/Knox platform uses hardware-based encryption keys. Bixby privacy notice does not explicitly confirm encryption of stored audio/metadata.
samsung.comHardware security foundation
Samsung Knox security platform is integrated at hardware and OS level on all Galaxy devices; provides defense-grade security with layered protection and regular security updates
samsungknox.comAccess controls
Knox GDPR compliance includes access control policies; Knox Mobile Enrollment secures device enrollment; Knox E-FOTA enables controlled OS and security updates remotely
samsungknox.comIncident response
Samsung commits to GDPR data handling timelines: support data export within 30 days, delete data within 30 days, update data within 30 days. Policy states compliance with applicable data protection laws.
samsungknox.comData retention limits
Audio recordings (without opt-in): deleted immediately after command. Audio recordings (with opt-in for review): retained 1 month with identifier, then anonymized and retained 1 year total.
d264isyiyrfhr3.cloudfront.netUser data transparency
Bixby provides in-device indicators: green dot appears when microphone/camera in use. Knox platform provides visibility into which apps have accessed personal data via Privacy Dashboard.
samsung.com// Products & data scope
data: Voice commands, device usage, app/website interactions, calendar, contacts, location (with consent)
Available on Galaxy S and Galaxy Z series. Supports 12 languages. Can control SmartThings-connected devices.
data: Voice commands, device usage, wearable health/activity data (Galaxy Watch, Buds)
Available on Galaxy Tab and Galaxy Watch/Buds. Requires Galaxy Wearable app connectivity.
data: Voice commands, TV viewing/search history, appliance usage patterns via SmartThings integration
LLM-based Bixby now deployed on Bespoke AI home appliances. Controls smart home via SmartThings.
data: Camera images for contextual search, visual recognition queries
Augmented reality visual search component; separate opt-in consent model.
data: Connected device data, automation rules, user preferences, device state telemetry
ISO 27001:2022 certified. Integrates with Bixby for voice control of connected devices.
// What to watch
- Bixby as a voice assistant product does not have independent ISO 27001 or SOC 2 certification; these certifications apply to Knox platform, SmartThings, and related enterprise products. Bixby's own security/compliance status is less clearly defined than parent platform.
- No dedicated trust center or security compliance portal exists for Bixby specifically. Security information scattered across Knox, SmartThings, and Samsung corporate privacy/sustainability pages.
- Privacy practices for Bixby documented in terms and privacy notice but not independently audited. Common Sense Media privacy report found concerns: not clear if third parties have same security obligations, encryption during storage not explicitly confirmed, data breach notification process not detailed.
- GDPR compliance measures documented (30-day response times, SCCs) but not independently certified. Samsung's stance is regulatory obligation, not third-party audit.
- AI governance certifications (ISO/IEC 42001, CSA STAR AI) not found. Bixby's LLM-based enhancements not covered by published AI governance standards.
- No HIPAA certification found. Samsung does not target regulated healthcare use cases; Bixby not suitable for HIPAA-covered entities.
- Opt-out for audio training is available but requires user action. Default posture requires affirmative opt-in to avoid training, which is privacy-friendly, but users may not be aware of this setting.
- Identity verification confident: Samsung Electronics Co., Ltd. is the correct vendor; no conflation with other companies. However, clear demarcation between Knox (certified) and Bixby (uncertified) is important for procurement.
// At a glance
Pricing model
Free with device purchase; integrated into Samsung Galaxy devices and smart home products
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Samsung Electronics Co., Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
samsung.com