UK sets out new AI code of practice

Designed to secure businesses’ AI systems against threats

The UK government has rolled out a “world-leading” AI cybersecurity code of practice for the digital economy.

Published on 31st January by the Department for Science, Innovation and Technology (DSIT), this latest AI guideline will, the government says, set the tone on how businesses can protect AI systems from cyberattacks.

Officials of the DSIT believe the initiative will lay the groundwork for an international standard under the European Telecommunications Standards Institute (ETSI) framework.

Under the new AI code of practice, there are 13 principles that span the entire AI lifecycle; from secure design and deployment to end-of-life management.

Key measures laid out in the document include training staff to recognise AI-related risks, securing infrastructure like APIs and data pipelines, and ensuring proper disposal of data and models.

The code of practice also defines key responsibilities for developers, system operators and data custodians to secure AI systems against threats like data poisoning, model inversion and membership inference.

“We believe a Code focused specifically on the cyber security of AI is needed because AI has distinct differences to software,” the government said in its announcement.

This new Code, which also features an implementation guide, comes as part of a broader UK plan to keep up with global developments in AI regulation.

However, unlike the EU’s comprehensive AI Act, which was criticised for being overly strict on AI development, the UK is opting for a voluntary approach.

This isn’t the first time the UK government has made announcements about AI guidelines. Last year, it introduced several key AI guides, including the Introduction to AI Assurance in Spring 2024, which it said would enable organisations to build trustworthy systems.

A year before that, the National Cyber Security Centre released Guidelines for secure AI system development.

While the latest AI guideline is voluntary, the government claims 80% of respondents to a public consultation backed its introduction.