The AI Cyber Security Code of Practice defines baseline security measures to protect AI systems throughout their lifecycle, from design and development to deployment and operation. Developed jointly by DSIT and NCSC, it promotes secure-by-design development, supply-chain assurance, robust governance, and responsible vulnerability management, aligning the UK’s approach with emerging international standards such as ETSI TS 104 223.
Associated Documents:
- Code of Practice for the Cyber Security of AI (DSIT & NCSC, 2025): sets high-level principles and security expectations for AI developers and operators.
- Implementation Guide – AI Cyber Security Code of Practice: provides detailed technical and organisational measures for applying the Code.