British Cyber Code Of Practice For Developing AI

Uploaded on 2025-02-12 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

The British government has lunched its AI Cyber Code of Practice for companies developing AI systems. The voluntary framework outlines 13 principles designed to mitigate risks such as AI-driven cyber attacks, system failures, and data vulnerabilities.

The government  says it will form the basis of a global standard for securing the technology, through the European Telecommunications Standards Institute (ETSI).

The code applies to developers, system operators, and data custodians at organisations that create, deploy, or manage AI systems. AI vendors that only sell models or components fall under other relevant guidelines.

“From securing AI systems against hacking and sabotage, to ensuring they are developed and deployed in a secure way, the Code will help developers build secure, innovative AI products that drive growth,” the Dept for Science, Innovation and Tech published a press release.

“British businesses will benefit from a world-first cyber security standard which will protect AI systems from cyber-attacks, securing the digital economy,” it said.

Recommendations include implementing AI security training programmes, developing recovery plans, carrying out risk assessments, maintaining inventories, and communicating with end-users about how their data is being used.

The Code’s publication comes just a few weeks after the British Government published the AI Opportunities Action Plan which outlines fifty ways it will build out the AI sector and turn the country into a “world leader.” And growing AI talent is a important part of this plan.

The Principles are as Follows:

  • Raise awareness of AI security threats and risks through staff training.
  • Design AI systems for security, functionality and performance.
  • Evaluate/model threats and manage risks related to use of AI.
  • Enable human responsibility for AI systems.
  • Identify, track and protect assets, including interdependencies/connectivity.
  • Secure infrastructure including APIs, models, data, and training and processing pipelines.
  • Secure the software supply chain.
  • Conduct appropriate testing and evaluation.
  • Document data, models and prompts with a clear audit trail of system design and post-deployment maintenance plans.

Improving British Cyber Security  

This Code’s release comes just after the UK’s National Cyber Security Centre told software vendors to remove vulnerabilities, which are serious problems with mitigations that are, for example, cheap and well-documented, and are therefore easy to implement.

Britian has also launched a new International Coalition on Cyber Security Workforces, partnering with Canada, Dubai, Ghana, Japan, and Singapore. The coalition is committed to address the cyber security skills gap. Members of the coalition pledged to align their approaches to cyber security workforce development, adopt common terminology, share best practices and challenges, and maintain an ongoing dialogue.  

As women only make-up 25% of cyber security professionals, improvement in training to produce more female cyber security professionals are clearly needed.  

Cyber Code Matters For Businesses

Recent research shows that 87% of UK businesses aren’t ready fro cyber attacks, with almost all experiencing at least one cyber incident in the last year. Moreover, only 54% of UK IT professionals are confident in their ability to recover their company’s data after an attack.

In December 2024, the head of UK’s  National Cyber Security Centre warned that the UK’s cyber risks are widely underestimated. While the AI Cyber Code of Practice remains voluntary, businesses are encouraged to proactively adopt these security measures to safeguard their AI systems and reduce exposure to cyber threats.

UK Government     |     UK Government     |     UK Government     |     Tech Republic   |   Infosecurity Magazine     |

SC Magazine

Image: Steve Johnson

You Might Also Read: 

The British Government’s AI Action Plan:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Innovate To Attack Microsoft 365 Accounts
Managing Dark Web Exposure In 2025 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

CERT-AM

CERT-AM

CERT-AM is the national Computer Emergency Response Team for Armenia.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Cyberport

Cyberport

Cyberport is focused on facilitating the growth of major technology trends such as FinTech and cybersecurity as well as the emerging technologies of AI, big data and blockchain.

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC) is an information security company providing website vulnerability scanning and monitoring services.

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

Grove Group

Grove Group

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Filigran

Filigran

Filigran provides threat intelligence, adversary simulation and crisis response open solutions to thousands of cybersecurity and crisis management teams across the world.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

BuddoBot

BuddoBot

BuddoBot has been a pioneering force in cybersecurity and information technology since 2008.

Pulsar Security

Pulsar Security

Pulsar Security is a team of highly skilled, offensive cybersecurity professionals with the industry's most esteemed credentials and advanced real-world experience.

Anthropic

Anthropic

Anthropic is a Public Benefit Corporation, whose purpose is the responsible development and maintenance of advanced AI for the long-term benefit of humanity.

TeamSystem

TeamSystem

TeamSystem is a leading tech company in the market for digital business management solutions for companies and professionals.