British Cyber Code Of Practice For Developing AI

Uploaded on 2025-02-12 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

The British government has lunched its AI Cyber Code of Practice for companies developing AI systems. The voluntary framework outlines 13 principles designed to mitigate risks such as AI-driven cyber attacks, system failures, and data vulnerabilities.

The government  says it will form the basis of a global standard for securing the technology, through the European Telecommunications Standards Institute (ETSI).

The code applies to developers, system operators, and data custodians at organisations that create, deploy, or manage AI systems. AI vendors that only sell models or components fall under other relevant guidelines.

“From securing AI systems against hacking and sabotage, to ensuring they are developed and deployed in a secure way, the Code will help developers build secure, innovative AI products that drive growth,” the Dept for Science, Innovation and Tech published a press release.

“British businesses will benefit from a world-first cyber security standard which will protect AI systems from cyber-attacks, securing the digital economy,” it said.

Recommendations include implementing AI security training programmes, developing recovery plans, carrying out risk assessments, maintaining inventories, and communicating with end-users about how their data is being used.

The Code’s publication comes just a few weeks after the British Government published the AI Opportunities Action Plan which outlines fifty ways it will build out the AI sector and turn the country into a “world leader.” And growing AI talent is a important part of this plan.

The Principles are as Follows:

  • Raise awareness of AI security threats and risks through staff training.
  • Design AI systems for security, functionality and performance.
  • Evaluate/model threats and manage risks related to use of AI.
  • Enable human responsibility for AI systems.
  • Identify, track and protect assets, including interdependencies/connectivity.
  • Secure infrastructure including APIs, models, data, and training and processing pipelines.
  • Secure the software supply chain.
  • Conduct appropriate testing and evaluation.
  • Document data, models and prompts with a clear audit trail of system design and post-deployment maintenance plans.

Improving British Cyber Security  

This Code’s release comes just after the UK’s National Cyber Security Centre told software vendors to remove vulnerabilities, which are serious problems with mitigations that are, for example, cheap and well-documented, and are therefore easy to implement.

Britian has also launched a new International Coalition on Cyber Security Workforces, partnering with Canada, Dubai, Ghana, Japan, and Singapore. The coalition is committed to address the cyber security skills gap. Members of the coalition pledged to align their approaches to cyber security workforce development, adopt common terminology, share best practices and challenges, and maintain an ongoing dialogue.  

As women only make-up 25% of cyber security professionals, improvement in training to produce more female cyber security professionals are clearly needed.  

Cyber Code Matters For Businesses

Recent research shows that 87% of UK businesses aren’t ready fro cyber attacks, with almost all experiencing at least one cyber incident in the last year. Moreover, only 54% of UK IT professionals are confident in their ability to recover their company’s data after an attack.

In December 2024, the head of UK’s  National Cyber Security Centre warned that the UK’s cyber risks are widely underestimated. While the AI Cyber Code of Practice remains voluntary, businesses are encouraged to proactively adopt these security measures to safeguard their AI systems and reduce exposure to cyber threats.

UK Government     |     UK Government     |     UK Government     |     Tech Republic   |   Infosecurity Magazine     |

SC Magazine

Image: Steve Johnson

You Might Also Read: 

The British Government’s AI Action Plan:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Innovate To Attack Microsoft 365 Accounts
Managing Dark Web Exposure In 2025 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

Oak Ridge National Laboratory (ORNL)

Oak Ridge National Laboratory (ORNL)

ORNL conducts basic and applied research and development in key areas of science for energy, advanced materials, supercomputing and national security including cybersecurity.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Sum&Substance (Sumsub)

Sum&Substance (Sumsub)

Sum&Substance is a developer of remote verification solutions. Our technology allows online services around the world to meet regulatory requirements, prevent fraud and enhance customer confidence.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

TXOne Networks

TXOne Networks

TXOne Networks offer cybersecurity solutions to protect your industrial control systems to ensure their reliability and safety from cyberattacks.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

S2W

S2W

S2W is a data intelligence company specialized in cyber threat intelligence, brand/digital abuse, and blockchain.

ETI-NET

ETI-NET

ETI-NET is the worldwide leader in managing critical data for industries that never stop.

Centum Digital

Centum Digital

Centum Digital provide services, products and solutions specialized in communications engineering, control and signal intelligence.