A British Initiative To Secure AI System Development

Uploaded on 2025-06-16 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

In a significant step toward safeguarding Artificial Intelligence (AI) systems, the UK has spearheaded the development of new global standards to address emerging cyber security threats in AI. With the growing adoption of AI technologies across industries, ensuring their secure development and deployment is critical to unlocking their societal benefits while mitigating risks.

The National Cyber Security Centre (NCSC) and the Department for Science, Innovation & Technology (DSIT) have collaborated with international partners to establish robust security frameworks, addressing novel vulnerabilities like prompt injection and data poisoning alongside traditional cyber threats.

New Standards for AI Security

The European Telecommunications Standards Institute (ETSI), in partnership with the NCSC, DSIT, and global stakeholders, has published two pivotal documents to enhance AI security:

  • Technical Specification on Securing Artificial Intelligence (SAI): This is the first global standard outlining baseline cyber security requirements for AI models and systems across their entire life cycle. It provides a framework for stakeholders to demonstrate adherence to globally relevant and practical security measures.

  • Accompanying Technical Report: This report offers guidance on implementing the specification’s provisions, including examples mapped to international frameworks, aiding stakeholders in applying the standards effectively.

These documents target a wide range of stakeholders, including developers, vendors, integrators, operators, large enterprises, government departments, small and medium enterprises (SMEs), charities, local authorities, and non-profits. They also serve as a valuable resource for organisations planning to procure AI services.

Key Stages of AI Security

The ETSI specification outlines core security principles organised into five critical stages of the AI system development life cycle:

  • Secure Design: Embedding security considerations from the initial design phase to prevent vulnerabilities.

  • Secure Development: Implementing safeguards during coding and testing to mitigate risks like data poisoning.

  • Secure Deployment: Ensuring systems are deployed with robust protections against threats such as prompt injection.

  • Secure Maintenance: Continuously monitoring and updating systems to address evolving cyber risks.

  • Secure End of Life: Safely decommissioning systems to prevent unauthorised access to sensitive data.

By addressing security at every stage, the standard helps avoid costly redesigns and protects customers and their data from unauthorised access or misuse.

Collaborative Global Effort

The development of these standards followed a global consultation process involving industry leaders, international counterparts, academia, and civil society. The NCSC’s Guidelines for Secure AI System Development and DSIT’s AI Cyber Security Code of Practice, published at the start of 2025, laid the groundwork for this initiative.

The collaboration with ETSI’s Technical Committee on Securing AI (TC SAI) ensured the standards are both comprehensive and practical, reflecting cross-disciplinary expertise.

Next Steps 

The NCSC and DSIT are now working toward establishing a European standard in collaboration with other European and international standards bodies. European standards often gain global adoption, amplifying their impact. Stakeholders across industry, academia, and international partners are encouraged to engage with the SAI committee to further refine and promote these standards.

  • Accessibility: The documents are freely downloadable from the ETSI website, encouraging widespread adoption by developers and the AI supply chain.

  • Call to Action: Organisations are urged to use these standards to build and evaluate AI systems that function securely, remain available, and protect sensitive data.

  • Future Collaboration: Interested parties can join the SAI committee via ETSI’s website to contribute to ongoing efforts.

Conclusion

As AI systems become integral to society, their security is paramount to ensuring they deliver intended benefits without compromising safety or privacy.

The new standards provide a blueprint for stakeholders to create resilient AI systems capable of withstanding evolving cyber threats, fostering trust and innovation in the global AI ecosystem.

NCSC  |   NCSC  |   Gov.UK  |   ETSI  |    ETSI 

Image: Ideogram

You Might Also Read: 

Security First In An AI Era:

If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Major Cybersecurity Risks In 2025 & How VPNs Help Defend Against Them
Police Shut Down A Criminal Malware Operation »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Energia Ventures

Energia Ventures

Energia Ventures is a three-month intensive accelerator for entrepreneurs with an innovative business in the energy, smart grid, cleantech, and cybersecurity sectors.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

CounterFind

CounterFind

CounterFind is turnkey technology that allows brands to find and remove counterfeit and infringing merchandise from online marketplaces and social media sites.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Integrity

Integrity

Integrity is a PCI QSA and ISO 27001 certified company specialized in Information Security and IT Consulting.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

BreachQuest

BreachQuest

BreachQuest brings together cybersecurity experts with decades of experience identifying security flaws, penetrating networks, and responding to incidents.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.

CloudQuery

CloudQuery

CloudQuery - bringing clarity into cloud infrastructure. The developer-first cloud governance platform for full visibility into security, compliance, and cost.

Tototheo Global

Tototheo Global

Tototheo Global harness the power of connectivity and technology to bridge technological divides, driving progress, security, and sustainability for a seamlessly connected world.