British Cyber Code Of Practice For Developing AI

Uploaded on 2025-02-12 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

The British government has lunched its AI Cyber Code of Practice for companies developing AI systems. The voluntary framework outlines 13 principles designed to mitigate risks such as AI-driven cyber attacks, system failures, and data vulnerabilities.

The government  says it will form the basis of a global standard for securing the technology, through the European Telecommunications Standards Institute (ETSI).

The code applies to developers, system operators, and data custodians at organisations that create, deploy, or manage AI systems. AI vendors that only sell models or components fall under other relevant guidelines.

“From securing AI systems against hacking and sabotage, to ensuring they are developed and deployed in a secure way, the Code will help developers build secure, innovative AI products that drive growth,” the Dept for Science, Innovation and Tech published a press release.

“British businesses will benefit from a world-first cyber security standard which will protect AI systems from cyber-attacks, securing the digital economy,” it said.

Recommendations include implementing AI security training programmes, developing recovery plans, carrying out risk assessments, maintaining inventories, and communicating with end-users about how their data is being used.

The Code’s publication comes just a few weeks after the British Government published the AI Opportunities Action Plan which outlines fifty ways it will build out the AI sector and turn the country into a “world leader.” And growing AI talent is a important part of this plan.

The Principles are as Follows:

  • Raise awareness of AI security threats and risks through staff training.
  • Design AI systems for security, functionality and performance.
  • Evaluate/model threats and manage risks related to use of AI.
  • Enable human responsibility for AI systems.
  • Identify, track and protect assets, including interdependencies/connectivity.
  • Secure infrastructure including APIs, models, data, and training and processing pipelines.
  • Secure the software supply chain.
  • Conduct appropriate testing and evaluation.
  • Document data, models and prompts with a clear audit trail of system design and post-deployment maintenance plans.

Improving British Cyber Security  

This Code’s release comes just after the UK’s National Cyber Security Centre told software vendors to remove vulnerabilities, which are serious problems with mitigations that are, for example, cheap and well-documented, and are therefore easy to implement.

Britian has also launched a new International Coalition on Cyber Security Workforces, partnering with Canada, Dubai, Ghana, Japan, and Singapore. The coalition is committed to address the cyber security skills gap. Members of the coalition pledged to align their approaches to cyber security workforce development, adopt common terminology, share best practices and challenges, and maintain an ongoing dialogue.  

As women only make-up 25% of cyber security professionals, improvement in training to produce more female cyber security professionals are clearly needed.  

Cyber Code Matters For Businesses

Recent research shows that 87% of UK businesses aren’t ready fro cyber attacks, with almost all experiencing at least one cyber incident in the last year. Moreover, only 54% of UK IT professionals are confident in their ability to recover their company’s data after an attack.

In December 2024, the head of UK’s  National Cyber Security Centre warned that the UK’s cyber risks are widely underestimated. While the AI Cyber Code of Practice remains voluntary, businesses are encouraged to proactively adopt these security measures to safeguard their AI systems and reduce exposure to cyber threats.

UK Government     |     UK Government     |     UK Government     |     Tech Republic   |   Infosecurity Magazine     |

SC Magazine

Image: Steve Johnson

You Might Also Read: 

The British Government’s AI Action Plan:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Innovate To Attack Microsoft 365 Accounts
Managing Dark Web Exposure In 2025 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

Technology Law Alliance (TLA)

Technology Law Alliance (TLA)

Technology Law Alliance is a specialist IT law firm focussed on the fields of technology, outsourcing and e-commerce.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

Protexxa

Protexxa

Protexxa is a B2B SaaS cybersecurity platform that leverages Artificial Intelligence to rapidly identify, evaluate, predict, and resolve cyber issues for employees.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

Dion Training Solutions

Dion Training Solutions

Dion Training Solutions offer comprehensive training in areas such as project management, cybersecurity, agile methodologies, and IT service management.

Ionize

Ionize

Ionize offers solutions to help you uplift your capability across the full-spectrum of cyber security - assessment, remediation, monitoring, governance and ongoing education.

Invary

Invary

Invary's expert Runtime Integrity solution, powered by NSA-licensed technology, verifies the security and confidentiality of your system.