AI Cyber Security Code of Practice
The code of practice and implementation guide sets out measures to address cyber security risks to artificial intelligence (AI) systems.
Documents
Details
Artificial intelligence (AI) is transforming our daily lives. As the technology continues to evolve and be embedded, it is crucial that efforts are taken to protect AI systems from growing cyber security threats.
This Code of Practice sets out baseline cyber security principles to help secure AI systems and the organisations which develop and deploy them. Addressing the cyber risks to AI will protect our citizens and our digital economy while ensuring the many benefits of AI can be realised.
This Code of Practice has been updated following global stakeholder feedback gathered via a call for views which was held in summer 2024.
Please read the press notice for further information.
An overarching theme which arose from responses to the Call for Views was that organisations would benefit from additional guidance that explained how to implement the AI Cyber Security Code of Practice. DSIT commissioned John Sotiropoulos, Senior Security Architect at Kainos and co-lead of the OWASP Top 10 for LLM Applications, to create this implementation guide. Each iteration was reviewed by DSIT and NCSC officials.
Following support for our approach, DSIT, in close collaboration with NCSC, will submit the Code and the implementation guide in the European Telecommunications Standards Institute (ETSI) where it will be used as the basis for a new global standard (TS 104 223) and accompanying implementation guide (TR 104 128). The Government will update the content of the Code and Guide to mirror the future ETSI global standard and guide.
This is part of the government’s wider work to protect and promote the UK online, including securing the next generation of connected technologies.
To support policy in this area the government has published several research reports on AI cyber security, including surveys and literature reviews. Please visit the AI cyber security collection page for further details.