// Trust & Security Report

    Samsung Electronics Co., Ltd. logo

    Samsung Electronics Co., Ltd.

    Bixby voice assistant ecosystem: AI voice control platform for Galaxy smartphones, tablets, smartwatches, buds, smart TVs, refrigerators, and other connected devices. Includes Bixby Vision (visual/contextual search) and LLM-based enhancements for smart home and appliance control via SmartThings integration.

    Certifications held

    0

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 10 unconfirmed / not-held certifications
    SOC 2 Type 2
    NOT CONFIRMED

    No public evidence that Bixby holds SOC 2. The SOC 2 Type 2 report listed on samsungknox.com covers Knox enterprise services (Mobile Enrollment, Manage, E-FOTA, Asset Intelligence, Configure, Guard); the Knox certifications page does not mention Bixby, and the Bixby voice service is not in the certified scope.

    source: samsungknox.com
    ISO 27001
    NOT CONFIRMED

    No public evidence that Bixby holds ISO 27001. Samsung's ISO/IEC 27001:2022 certificate (issued by BSI) covers the SmartThings connected-living platform; the announcement does not mention Bixby. Bixby integrates with SmartThings for device control but is not itself in the certified scope.

    source: news.samsung.com
    ISO 27701
    NOT CONFIRMED

    No public evidence that Bixby holds ISO 27701. Samsung's ISO/IEC 27701:2019 Privacy Information Management certificate covers the VXT, MagicINFO and LYNK Cloud systems, not the Bixby voice service.

    source: news.samsung.com
    Common Criteria (CC)
    NOT CONFIRMED

    No public evidence that Bixby holds a Common Criteria certification. Knox Common Criteria certifications cover Samsung Galaxy devices/displays and Knox File Encryption (DualDAR) across recent Android versions; the Knox certifications page does not mention Bixby. This is device/OS-layer assurance, not a Bixby service certification.

    source: samsungknox.com
    FIPS 140-3
    NOT CONFIRMED

    No public evidence that Bixby holds a FIPS 140-3 validation. FIPS 140-3 validations apply to Samsung/Knox cryptographic modules listed on the Knox certifications page, not to the Bixby voice service. The originally cited CES 2026 appliance-security article does not substantiate a CryptoCore FIPS 140-3 claim (it references UL Solutions, KISA and TUV Nord assessments instead).

    source: samsungknox.com
    FIPS 140-2
    NOT CONFIRMED

    No public evidence that Bixby holds a FIPS 140-2 validation. FIPS 140-2 validations apply to Samsung/Knox cryptographic modules listed on the Knox certifications page, not to the Bixby voice service.

    source: samsungknox.com
    GDPR
    NOT CONFIRMED

    Samsung has GDPR compliance measures (30-day response times for data requests, export, deletion, and update; Standard Contractual Clauses for data transfers outside EEA) documented on Knox GDPR page and privacy policies, but no independent third-party GDPR certification audit found. Compliance is regulatory obligation, not third-party certified.

    source: samsungknox.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA certification for Samsung Bixby or Samsung Electronics consumer/enterprise services. Samsung does not market Bixby towards healthcare-regulated use cases.

    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification for Bixby or Samsung consumer services. PCI DSS applies to payment card processing, not primary scope of Bixby voice assistant.

    CSA STAR AI
    NOT CONFIRMED

    No public evidence of CSA STAR AI certification for Bixby. Samsung has not publicly announced CSA STAR or ISO/IEC 42001 (AI governance) certifications.

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Processing via Amazon Web Services for Knox/SmartThings; specific regional data residency not specified for Bixby voice processing. Samsung uses Standard Contractual Clauses for data transfers outside EEA.

    Bixby trains on customer voice data with opt-in consent. Users can opt into 'audio recording review' for human review (small percentage of recordings selected). Without opt-in, voice recordings are deleted immediately after command processing. With opt-in, recordings retained for 1 month associated with identifier, then anonymized and retained for 1 year total. Users have clear opt-out and opt-in controls in Bixby settings > Privacy settings > Allow audio recording review. Voiceprint review also has separate opt-in control.

    // Security controls

    Encryption in transit

    Voice commands converted to text and encrypted when sent to server; Knox platform provides hardware-based encryption for device-level data

    d264isyiyrfhr3.cloudfront.net

    Encryption at rest

    Knox Secure Folder stores sensitive files with local encryption; SmartThings/Knox platform uses hardware-based encryption keys. Bixby privacy notice does not explicitly confirm encryption of stored audio/metadata.

    samsung.com

    Hardware security foundation

    Samsung Knox security platform is integrated at hardware and OS level on all Galaxy devices; provides defense-grade security with layered protection and regular security updates

    samsungknox.com

    Access controls

    Knox GDPR compliance includes access control policies; Knox Mobile Enrollment secures device enrollment; Knox E-FOTA enables controlled OS and security updates remotely

    samsungknox.com

    Incident response

    Samsung commits to GDPR data handling timelines: support data export within 30 days, delete data within 30 days, update data within 30 days. Policy states compliance with applicable data protection laws.

    samsungknox.com

    Data retention limits

    Audio recordings (without opt-in): deleted immediately after command. Audio recordings (with opt-in for review): retained 1 month with identifier, then anonymized and retained 1 year total.

    d264isyiyrfhr3.cloudfront.net

    User data transparency

    Bixby provides in-device indicators: green dot appears when microphone/camera in use. Knox platform provides visibility into which apps have accessed personal data via Privacy Dashboard.

    samsung.com

    // Products & data scope

    Bixby Voice (Galaxy Smartphones)Voice Assistant

    data: Voice commands, device usage, app/website interactions, calendar, contacts, location (with consent)

    Available on Galaxy S and Galaxy Z series. Supports 12 languages. Can control SmartThings-connected devices.

    Bixby Voice (Galaxy Tablets & Wearables)Voice Assistant

    data: Voice commands, device usage, wearable health/activity data (Galaxy Watch, Buds)

    Available on Galaxy Tab and Galaxy Watch/Buds. Requires Galaxy Wearable app connectivity.

    Bixby Voice (Smart TVs & Refrigerators)Smart Home / IoT Voice Control

    data: Voice commands, TV viewing/search history, appliance usage patterns via SmartThings integration

    LLM-based Bixby now deployed on Bespoke AI home appliances. Controls smart home via SmartThings.

    Bixby VisionVisual Search / Augmented Reality

    data: Camera images for contextual search, visual recognition queries

    Augmented reality visual search component; separate opt-in consent model.

    SmartThings PlatformIoT / Smart Home Platform

    data: Connected device data, automation rules, user preferences, device state telemetry

    ISO 27001:2022 certified. Integrates with Bixby for voice control of connected devices.

    // What to watch

    • Bixby as a voice assistant product does not have independent ISO 27001 or SOC 2 certification; these certifications apply to Knox platform, SmartThings, and related enterprise products. Bixby's own security/compliance status is less clearly defined than parent platform.
    • No dedicated trust center or security compliance portal exists for Bixby specifically. Security information scattered across Knox, SmartThings, and Samsung corporate privacy/sustainability pages.
    • Privacy practices for Bixby documented in terms and privacy notice but not independently audited. Common Sense Media privacy report found concerns: not clear if third parties have same security obligations, encryption during storage not explicitly confirmed, data breach notification process not detailed.
    • GDPR compliance measures documented (30-day response times, SCCs) but not independently certified. Samsung's stance is regulatory obligation, not third-party audit.
    • AI governance certifications (ISO/IEC 42001, CSA STAR AI) not found. Bixby's LLM-based enhancements not covered by published AI governance standards.
    • No HIPAA certification found. Samsung does not target regulated healthcare use cases; Bixby not suitable for HIPAA-covered entities.
    • Opt-out for audio training is available but requires user action. Default posture requires affirmative opt-in to avoid training, which is privacy-friendly, but users may not be aware of this setting.
    • Identity verification confident: Samsung Electronics Co., Ltd. is the correct vendor; no conflation with other companies. However, clear demarcation between Knox (certified) and Bixby (uncertified) is important for procurement.

    // At a glance

    Pricing model

    Free with device purchase; integrated into Samsung Galaxy devices and smart home products

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Samsung Electronics Co., Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    samsung.com

    > Browse all vendor trust reports