A British Initiative To Secure AI System Development

Uploaded on 2025-06-16 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

In a significant step toward safeguarding Artificial Intelligence (AI) systems, the UK has spearheaded the development of new global standards to address emerging cyber security threats in AI. With the growing adoption of AI technologies across industries, ensuring their secure development and deployment is critical to unlocking their societal benefits while mitigating risks.

The National Cyber Security Centre (NCSC) and the Department for Science, Innovation & Technology (DSIT) have collaborated with international partners to establish robust security frameworks, addressing novel vulnerabilities like prompt injection and data poisoning alongside traditional cyber threats.

New Standards for AI Security

The European Telecommunications Standards Institute (ETSI), in partnership with the NCSC, DSIT, and global stakeholders, has published two pivotal documents to enhance AI security:

  • Technical Specification on Securing Artificial Intelligence (SAI): This is the first global standard outlining baseline cyber security requirements for AI models and systems across their entire life cycle. It provides a framework for stakeholders to demonstrate adherence to globally relevant and practical security measures.

  • Accompanying Technical Report: This report offers guidance on implementing the specification’s provisions, including examples mapped to international frameworks, aiding stakeholders in applying the standards effectively.

These documents target a wide range of stakeholders, including developers, vendors, integrators, operators, large enterprises, government departments, small and medium enterprises (SMEs), charities, local authorities, and non-profits. They also serve as a valuable resource for organisations planning to procure AI services.

Key Stages of AI Security

The ETSI specification outlines core security principles organised into five critical stages of the AI system development life cycle:

  • Secure Design: Embedding security considerations from the initial design phase to prevent vulnerabilities.

  • Secure Development: Implementing safeguards during coding and testing to mitigate risks like data poisoning.

  • Secure Deployment: Ensuring systems are deployed with robust protections against threats such as prompt injection.

  • Secure Maintenance: Continuously monitoring and updating systems to address evolving cyber risks.

  • Secure End of Life: Safely decommissioning systems to prevent unauthorised access to sensitive data.

By addressing security at every stage, the standard helps avoid costly redesigns and protects customers and their data from unauthorised access or misuse.

Collaborative Global Effort

The development of these standards followed a global consultation process involving industry leaders, international counterparts, academia, and civil society. The NCSC’s Guidelines for Secure AI System Development and DSIT’s AI Cyber Security Code of Practice, published at the start of 2025, laid the groundwork for this initiative.

The collaboration with ETSI’s Technical Committee on Securing AI (TC SAI) ensured the standards are both comprehensive and practical, reflecting cross-disciplinary expertise.

Next Steps 

The NCSC and DSIT are now working toward establishing a European standard in collaboration with other European and international standards bodies. European standards often gain global adoption, amplifying their impact. Stakeholders across industry, academia, and international partners are encouraged to engage with the SAI committee to further refine and promote these standards.

  • Accessibility: The documents are freely downloadable from the ETSI website, encouraging widespread adoption by developers and the AI supply chain.

  • Call to Action: Organisations are urged to use these standards to build and evaluate AI systems that function securely, remain available, and protect sensitive data.

  • Future Collaboration: Interested parties can join the SAI committee via ETSI’s website to contribute to ongoing efforts.

Conclusion

As AI systems become integral to society, their security is paramount to ensuring they deliver intended benefits without compromising safety or privacy.

The new standards provide a blueprint for stakeholders to create resilient AI systems capable of withstanding evolving cyber threats, fostering trust and innovation in the global AI ecosystem.

NCSC  |   NCSC  |   Gov.UK  |   ETSI  |    ETSI 

Image: Ideogram

You Might Also Read: 

Security First In An AI Era:

If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« The Future For Internet Search Lies In AI
Three Million Records Exposed In Passion.io Data Breach »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Firebrand Training

Firebrand Training

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

PeCERT

PeCERT

PeCERT is the national Computer Emergency Response Team for Peru.

Signal Sciences

Signal Sciences

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

InterVision

InterVision

InterVision is a leading Strategic Services Provider, assisting businesses in driving value and gaining a competitive edge by helping IT Leaders solve the most crucial challenges they face.

Cysiv

Cysiv

Cysiv SOC-as-a-Service combines all the elements of an advanced, proactive, threat hunting SOC, with a managed security stack for hybrid cloud, network, and endpoint security.

AttackIQ

AttackIQ

AttackIQ delivers continuous validation of your enterprise security program so you can strengthen your security posture and your response capabilities.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Gunnison Consulting Group

Gunnison Consulting Group

Gunnison Consulting Group serves the Federal Government with high quality IT consulting services.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

IMC2 brings together resources to carry out ambitious, innovative and multidisciplinary projects in the field of cybersecurity and cyber resilience.

Seiber

Seiber

Seiber are a UK based Cyber Security company who provide consultancy and training services. Our objective is to stop bad things happening to good people.