British Cyber Code Of Practice For Developing AI

Uploaded on 2025-02-12 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

The British government has lunched its AI Cyber Code of Practice for companies developing AI systems. The voluntary framework outlines 13 principles designed to mitigate risks such as AI-driven cyber attacks, system failures, and data vulnerabilities.

The government  says it will form the basis of a global standard for securing the technology, through the European Telecommunications Standards Institute (ETSI).

The code applies to developers, system operators, and data custodians at organisations that create, deploy, or manage AI systems. AI vendors that only sell models or components fall under other relevant guidelines.

“From securing AI systems against hacking and sabotage, to ensuring they are developed and deployed in a secure way, the Code will help developers build secure, innovative AI products that drive growth,” the Dept for Science, Innovation and Tech published a press release.

“British businesses will benefit from a world-first cyber security standard which will protect AI systems from cyber-attacks, securing the digital economy,” it said.

Recommendations include implementing AI security training programmes, developing recovery plans, carrying out risk assessments, maintaining inventories, and communicating with end-users about how their data is being used.

The Code’s publication comes just a few weeks after the British Government published the AI Opportunities Action Plan which outlines fifty ways it will build out the AI sector and turn the country into a “world leader.” And growing AI talent is a important part of this plan.

The Principles are as Follows:

  • Raise awareness of AI security threats and risks through staff training.
  • Design AI systems for security, functionality and performance.
  • Evaluate/model threats and manage risks related to use of AI.
  • Enable human responsibility for AI systems.
  • Identify, track and protect assets, including interdependencies/connectivity.
  • Secure infrastructure including APIs, models, data, and training and processing pipelines.
  • Secure the software supply chain.
  • Conduct appropriate testing and evaluation.
  • Document data, models and prompts with a clear audit trail of system design and post-deployment maintenance plans.

Improving British Cyber Security  

This Code’s release comes just after the UK’s National Cyber Security Centre told software vendors to remove vulnerabilities, which are serious problems with mitigations that are, for example, cheap and well-documented, and are therefore easy to implement.

Britian has also launched a new International Coalition on Cyber Security Workforces, partnering with Canada, Dubai, Ghana, Japan, and Singapore. The coalition is committed to address the cyber security skills gap. Members of the coalition pledged to align their approaches to cyber security workforce development, adopt common terminology, share best practices and challenges, and maintain an ongoing dialogue.  

As women only make-up 25% of cyber security professionals, improvement in training to produce more female cyber security professionals are clearly needed.  

Cyber Code Matters For Businesses

Recent research shows that 87% of UK businesses aren’t ready fro cyber attacks, with almost all experiencing at least one cyber incident in the last year. Moreover, only 54% of UK IT professionals are confident in their ability to recover their company’s data after an attack.

In December 2024, the head of UK’s  National Cyber Security Centre warned that the UK’s cyber risks are widely underestimated. While the AI Cyber Code of Practice remains voluntary, businesses are encouraged to proactively adopt these security measures to safeguard their AI systems and reduce exposure to cyber threats.

UK Government     |     UK Government     |     UK Government     |     Tech Republic   |   Infosecurity Magazine     |

SC Magazine

Image: Steve Johnson

You Might Also Read: 

The British Government’s AI Action Plan:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Innovate To Attack Microsoft 365 Accounts
Managing Dark Web Exposure In 2025 »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ExaGrid Systems

ExaGrid Systems

ExaGrid provides Tiered Backup Storage with a unique disk-cache Landing Zone, long-term retention repository, and scale-out architecture.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

SecurePay

SecurePay

SecurePay is Australia's premier payment gateway, with a range of secure online payment solutions for online retailers, SMEs and enterprise businesses.

Pradeo

Pradeo

Pradeo Security offers a complete, automatic and seamless protection to mobile devices and applications, aligned with your organization security policy while preserving business agility.

Citalid

Citalid

The Citalid cyber risk management platform combines threat and business intelligence to identify the risks scenarios you face.

Berkeley Varitronic Systems (BVS)

Berkeley Varitronic Systems (BVS)

Berkeley Varitronics Systems is an engineering think tank delivering custom wireless RF engineering products and solutions including cyber security.

Censys

Censys

Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Cyber Readiness Institute (CRI)

Cyber Readiness Institute (CRI)

At the Cyber Readiness Institute, our mission is simple: empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient.

Redcoat AI

Redcoat AI

Redcoat AI provide a comprehensive security platform that continuously evolves with the threats and opportunities presented by AI.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.

DuploCloud

DuploCloud

DuploCloud offers an end-to-end DevOps software platform for dev teams that don’t have dedicated DevOps engineers and augments those that do.