// Trust & Security Report

    Microsoft logo

    Microsoft

    Semantic Kernel SDK

    Certifications held

    7

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO/IEC 27001:2022
    HELD

    Currently, both Azure Public and Azure Germany are audited once a year for ISO/IEC 27001 compliance by a third-party accredited certification body, providing independent validation that security controls are in place and operating effectively. Microsoft 365 - ISO 27001:2022 Certificate (2024-2027).

    Verify on learn.microsoft.com
    SOC 2 Type 2
    HELD

    The Azure SOC 2 Type 2 attestation report shows Microsoft online services in scope: Azure, Azure DevOps, Microsoft Dynamics 365, Microsoft Defender XDR, Office 365, Power Apps, Power Automate, Power BI, Copilot Studios, and others.

    Verify on learn.microsoft.com
    FedRAMP High
    HELD

    Microsoft Azure and Microsoft Azure Government received a Provisional Authority to Operate from the FedRAMP Joint Authorization Board.

    Verify on learn.microsoft.com
    HIPAA BAA
    HELD

    Microsoft offers its covered entity and business associate customers a Business Associate Agreement that covers in-scope Microsoft services. The Microsoft HIPAA Business Associate Agreement is available through the Microsoft Online Services Data Protection Addendum by default.

    Verify on learn.microsoft.com
    ISO/IEC 27018
    HELD

    Office 365 - ISO 27001, 27017, 27018, 27701 Statement of Applicability (2024) is available via the Service Trust Portal.

    Verify on learn.microsoft.com
    CSA STAR
    HELD

    Microsoft Azure maintains the CSA STAR Certification and CSA STAR Attestation.

    Verify on learn.microsoft.com
    GDPR DPA
    HELD

    Microsoft published the updated Products and Services Data Protection Addendum (May 2026). Prompts, completions, embeddings, and training data are not used to train any generative AI foundation models without customer permission or instruction.

    Verify on microsoft.com
    > Show 1 unconfirmed / not-held certifications
    SOC 2 Type 2 (SDK-specific)
    NOT CONFIRMED

    Semantic Kernel is an open-source MIT-licensed SDK package. As a client-side library, it is not itself a cloud service and therefore does not independently carry SOC 2 certification. Applicable certs are held by Microsoft Azure, which the SDK may connect to.

    source: github.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Configurable. The SDK is self-hosted; when connected to Azure services, customers can specify data region and benefit from the EU Data Boundary commitments.

    Microsoft's Data Protection Addendum (updated May 2026) explicitly commits that prompts, completions, embeddings, and training data submitted through Azure AI services are not used to train foundation LLMs without customer permission. The Semantic Kernel SDK itself does not independently collect or process data - it is a client-side orchestration library. Data handling depends on which backend AI service the developer connects (e.g., Azure OpenAI, OpenAI API direct, Hugging Face). When connected to Azure OpenAI, Microsoft's no-training commitment applies.

    // Security controls

    Vulnerability Disclosure Policy

    Coordinated Vulnerability Disclosure (CVD). Vulnerabilities must be reported to the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/create-report, not via public GitHub issues. 24-hour response SLA stated.

    learn.microsoft.com

    Bug Bounty Program

    Microsoft MSRC Bug Bounty (own portal, not HackerOne or Bugcrowd). Awards range from $750 to $15,000 USD. Semantic Kernel is NOT listed as in-scope for Microsoft's Open Source Bounty Program specifically, but security reports are accepted at the MSRC portal and may qualify under general Microsoft bounty guidelines.

    microsoft.com

    Penetration Testing

    Microsoft conducts annual third-party audits (SOC 2, ISO 27001) of its Azure cloud services. The SDK itself, as open-source, is subject to community and Microsoft internal security review. A critical RCE vulnerability in the Python SDK was discovered and patched in version 1.39.4 (May 2026), demonstrating active security response.

    microsoft.com

    Security Architecture

    SDK provides hooks and filters for responsible AI, telemetry support, and observability. Documentation emphasizes Zero Trust principles and enterprise-grade security via the Secure Future Initiative.

    learn.microsoft.com

    Open Source License

    MIT License - fully open source. Source code auditable at https://github.com/microsoft/semantic-kernel.

    github.com

    // Products & data scope

    Semantic Kernel SDK (C# / .NET)AI Orchestration SDK

    data: SDK runs in developer's own environment. No data is transmitted to Microsoft unless Azure AI services are configured as backend. When using Azure OpenAI backend: Azure's SOC2, ISO27001, HIPAA, FedRAMP, and DPA apply. When using OpenAI API direct: OpenAI's terms apply. The SDK itself is stateless with respect to user data.

    Primary implementation. Available as NuGet package. Used by Fortune 500 companies per Microsoft docs.

    Semantic Kernel SDK (Python)AI Orchestration SDK

    data: Same as C# variant. Available via PyPI. A critical RCE vulnerability (prompt injection to host-level RCE) was found and patched in v1.39.4 (May 2026). Ensure updated version is deployed.

    Python variant had a critical security patch in May 2026. Enterprise users must verify they are on v1.39.4 or later.

    Semantic Kernel SDK (Java)AI Orchestration SDK

    data: Same as C# variant. Available via Maven.

    Java implementation; generally lags C#/Python in feature releases.

    // What to watch

    • CRITICAL: A remote code execution vulnerability (prompt injection to host-level RCE) was discovered in the Python SDK and patched in v1.39.4 (May 2026). Enterprise users should verify Python SDK version is 1.39.4 or later.
    • ARCHITECTURE NOTE: Semantic Kernel is an open-source SDK, not a SaaS service. Compliance certifications listed (SOC2, ISO27001, etc.) are held by Microsoft for its Azure cloud services and apply when the SDK is connected to Azure backends. They do not independently certify the SDK package itself.
    • Semantic Kernel is excluded from the Microsoft Open Source Bug Bounty Program scope page; security researchers must use MSRC directly.
    • Data compliance depends on which AI backend is configured by the developer. Using non-Azure backends (e.g., OpenAI API direct) brings that provider's terms into scope instead of Microsoft's.

    // At a glance

    Pricing model

    Free and open source (MIT license). Costs arise only from connected AI backend services (e.g., Azure OpenAI API calls, OpenAI credits).

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Microsoft's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    microsoft.com

    > Browse all vendor trust reports