A British Initiative To Secure AI System Development

Uploaded on 2025-06-16 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

In a significant step toward safeguarding Artificial Intelligence (AI) systems, the UK has spearheaded the development of new global standards to address emerging cyber security threats in AI. With the growing adoption of AI technologies across industries, ensuring their secure development and deployment is critical to unlocking their societal benefits while mitigating risks.

The National Cyber Security Centre (NCSC) and the Department for Science, Innovation & Technology (DSIT) have collaborated with international partners to establish robust security frameworks, addressing novel vulnerabilities like prompt injection and data poisoning alongside traditional cyber threats.

New Standards for AI Security

The European Telecommunications Standards Institute (ETSI), in partnership with the NCSC, DSIT, and global stakeholders, has published two pivotal documents to enhance AI security:

  • Technical Specification on Securing Artificial Intelligence (SAI): This is the first global standard outlining baseline cyber security requirements for AI models and systems across their entire life cycle. It provides a framework for stakeholders to demonstrate adherence to globally relevant and practical security measures.

  • Accompanying Technical Report: This report offers guidance on implementing the specification’s provisions, including examples mapped to international frameworks, aiding stakeholders in applying the standards effectively.

These documents target a wide range of stakeholders, including developers, vendors, integrators, operators, large enterprises, government departments, small and medium enterprises (SMEs), charities, local authorities, and non-profits. They also serve as a valuable resource for organisations planning to procure AI services.

Key Stages of AI Security

The ETSI specification outlines core security principles organised into five critical stages of the AI system development life cycle:

  • Secure Design: Embedding security considerations from the initial design phase to prevent vulnerabilities.

  • Secure Development: Implementing safeguards during coding and testing to mitigate risks like data poisoning.

  • Secure Deployment: Ensuring systems are deployed with robust protections against threats such as prompt injection.

  • Secure Maintenance: Continuously monitoring and updating systems to address evolving cyber risks.

  • Secure End of Life: Safely decommissioning systems to prevent unauthorised access to sensitive data.

By addressing security at every stage, the standard helps avoid costly redesigns and protects customers and their data from unauthorised access or misuse.

Collaborative Global Effort

The development of these standards followed a global consultation process involving industry leaders, international counterparts, academia, and civil society. The NCSC’s Guidelines for Secure AI System Development and DSIT’s AI Cyber Security Code of Practice, published at the start of 2025, laid the groundwork for this initiative.

The collaboration with ETSI’s Technical Committee on Securing AI (TC SAI) ensured the standards are both comprehensive and practical, reflecting cross-disciplinary expertise.

Next Steps 

The NCSC and DSIT are now working toward establishing a European standard in collaboration with other European and international standards bodies. European standards often gain global adoption, amplifying their impact. Stakeholders across industry, academia, and international partners are encouraged to engage with the SAI committee to further refine and promote these standards.

  • Accessibility: The documents are freely downloadable from the ETSI website, encouraging widespread adoption by developers and the AI supply chain.

  • Call to Action: Organisations are urged to use these standards to build and evaluate AI systems that function securely, remain available, and protect sensitive data.

  • Future Collaboration: Interested parties can join the SAI committee via ETSI’s website to contribute to ongoing efforts.

Conclusion

As AI systems become integral to society, their security is paramount to ensuring they deliver intended benefits without compromising safety or privacy.

The new standards provide a blueprint for stakeholders to create resilient AI systems capable of withstanding evolving cyber threats, fostering trust and innovation in the global AI ecosystem.

NCSC  |   NCSC  |   Gov.UK  |   ETSI  |    ETSI 

Image: Ideogram

You Might Also Read: 

Security First In An AI Era:

If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« The Future For Internet Search Lies In AI
Three Million Records Exposed In Passion.io Data Breach »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

Bugbank

Bugbank

Bugbank (aka Vulnerability Bank) is a leading SaaS platform for internet security services in China.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

CertNexus

CertNexus

CertNexus is a vendor-neutral certification body, providing emerging technology certifications and micro-credentials for business, data, developer, IT, and security professionals.

EVVO LABS

EVVO LABS

EVVO Labs empower your business with the latest IT capabilities to get you ahead of your competitors. We are experts at converging technologies to build your digital transformation.

MIND

MIND

MIND is the first-ever data security platform that puts data loss prevention and insider risk management programs on autopilot, so you can automatically identify, detect and prevent data leaks.

Cyber Eagle

Cyber Eagle

Cyber Eagle is a sovereign-grade cybersecurity firm specializing in autonomous AI-powered defense systems for critical infrastructure protection.

Memgraph

Memgraph

Memgraph, is an in-memory graph database designed for real-time applications such as risk assessment, 360-degree data and network data exploration, and supply chain and network logistics.