British Cyber Code Of Practice For Developing AI

Uploaded on 2025-02-12 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

The British government has lunched its AI Cyber Code of Practice for companies developing AI systems. The voluntary framework outlines 13 principles designed to mitigate risks such as AI-driven cyber attacks, system failures, and data vulnerabilities.

The government  says it will form the basis of a global standard for securing the technology, through the European Telecommunications Standards Institute (ETSI).

The code applies to developers, system operators, and data custodians at organisations that create, deploy, or manage AI systems. AI vendors that only sell models or components fall under other relevant guidelines.

“From securing AI systems against hacking and sabotage, to ensuring they are developed and deployed in a secure way, the Code will help developers build secure, innovative AI products that drive growth,” the Dept for Science, Innovation and Tech published a press release.

“British businesses will benefit from a world-first cyber security standard which will protect AI systems from cyber-attacks, securing the digital economy,” it said.

Recommendations include implementing AI security training programmes, developing recovery plans, carrying out risk assessments, maintaining inventories, and communicating with end-users about how their data is being used.

The Code’s publication comes just a few weeks after the British Government published the AI Opportunities Action Plan which outlines fifty ways it will build out the AI sector and turn the country into a “world leader.” And growing AI talent is a important part of this plan.

The Principles are as Follows:

  • Raise awareness of AI security threats and risks through staff training.
  • Design AI systems for security, functionality and performance.
  • Evaluate/model threats and manage risks related to use of AI.
  • Enable human responsibility for AI systems.
  • Identify, track and protect assets, including interdependencies/connectivity.
  • Secure infrastructure including APIs, models, data, and training and processing pipelines.
  • Secure the software supply chain.
  • Conduct appropriate testing and evaluation.
  • Document data, models and prompts with a clear audit trail of system design and post-deployment maintenance plans.

Improving British Cyber Security  

This Code’s release comes just after the UK’s National Cyber Security Centre told software vendors to remove vulnerabilities, which are serious problems with mitigations that are, for example, cheap and well-documented, and are therefore easy to implement.

Britian has also launched a new International Coalition on Cyber Security Workforces, partnering with Canada, Dubai, Ghana, Japan, and Singapore. The coalition is committed to address the cyber security skills gap. Members of the coalition pledged to align their approaches to cyber security workforce development, adopt common terminology, share best practices and challenges, and maintain an ongoing dialogue.  

As women only make-up 25% of cyber security professionals, improvement in training to produce more female cyber security professionals are clearly needed.  

Cyber Code Matters For Businesses

Recent research shows that 87% of UK businesses aren’t ready fro cyber attacks, with almost all experiencing at least one cyber incident in the last year. Moreover, only 54% of UK IT professionals are confident in their ability to recover their company’s data after an attack.

In December 2024, the head of UK’s  National Cyber Security Centre warned that the UK’s cyber risks are widely underestimated. While the AI Cyber Code of Practice remains voluntary, businesses are encouraged to proactively adopt these security measures to safeguard their AI systems and reduce exposure to cyber threats.

UK Government     |     UK Government     |     UK Government     |     Tech Republic   |   Infosecurity Magazine     |

SC Magazine

Image: Steve Johnson

You Might Also Read: 

The British Government’s AI Action Plan:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Innovate To Attack Microsoft 365 Accounts
Managing Dark Web Exposure In 2025 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

Micro Focus

Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver trusted and proven mission-critical software that keeps the digital world running.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Echoworx

Echoworx

Echoworx primary and exclusive focus is providing organizations with secure email services.

National Digital Exploitation Centre (NDEC) - United Kingdom

National Digital Exploitation Centre (NDEC) - United Kingdom

NDEC is a project to create a centre of cyber and digital development and education for the UK. It will offer training in digital practices, cyber security and research.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

Grypho5

Grypho5

Grypho5 offers managed packages to protect where threat actors strike most. We defend your infrastructure dynamically, leaving you to focus on other priorities.