Securing the Future: A Board-level Guide to the UK's Voluntary Code of Practice for the Cyber Security of AI

Key Takeaways

• A Two-Part Government Intervention: The UK Government is taking proactive steps with a voluntary Code of Practice designed to set baseline security requirements for AI. This Code is part of a broader plan to create a global standard through ETSI.
• Tailored for AI's Unique Risks: Unlike traditional software, AI brings its own set of challenges, such as data poisoning, model obfuscation, and indirect prompt injection. The Code addresses these specific risks head-on, ensuring that AI security measures are fit for purpose.
• Comprehensive Coverage Across the AI Lifecycle: The document divides the AI lifecycle into five clear phases—secure design, secure development, secure deployment, secure maintenance, and secure end-of-life. This structured approach makes it easier to embed security at every stage of an AI system’s life.
• 13 Principles to Guide Stakeholders: From raising awareness and designing secure systems to managing risks, securing infrastructure, and ensuring proper data disposal, the Code sets out 13 principles. These are intended to guide developers, system operators, data custodians, and even end-users in implementing robust security practices.
• Clear Definition of Stakeholder Roles: The Code is designed for various players in the AI supply chain. It outlines responsibilities for developers, system operators, data custodians, and end-users, ensuring that security is a shared responsibility throughout the organisation.
• Practical Implementation Guidance: In addition to the principles, an Implementation Guide has been developed. This guide helps organisations translate the Code into actionable steps, aligning AI security with existing software and cyber governance frameworks.
• A Call for Proactive and Continuous Security: The Code emphasises that AI security is not a one-off checkbox but an ongoing process. Regular updates, continuous monitoring, and a culture of vigilance are crucial to adapting to emerging threats in an ever-evolving digital landscape.
• Leadership and Accountability in the Boardroom: Board directors are urged to set the tone at the top. By embedding AI security into the strategic planning and risk management frameworks, leaders can ensure that their organisations are not just compliant but genuinely resilient against cyber threats.
• Future-Proofing Through International Alignment: With an eye on global standards, the Code is designed to eventually become part of an international framework. This forward-thinking approach means that adopting these practices today helps future-proof your organisation against tomorrow’s challenges.

Introduction

Artificial intelligence is transforming the way we do business. But while AI promises enormous benefits, it also introduces a raft of cyber security risks that are as novel as they are potentially disruptive. In response, the UK Government has launched a two-part intervention to tackle these challenges head-on. Central to this initiative is a voluntary Code of Practice for the Cyber Security of AI, designed to form the basis of a global standard through the European Telecommunication Standards Institute (ETSI). This article unpacks the document, examines its scope and structure, and outlines the 13 principles that every board director should know to protect their organisation’s AI-driven future.

The Government’s Two-Part Intervention: Setting a New Standard

The UK Government is not content to let AI risks fester in the shadows. Instead, it is proactively developing a voluntary Code of Practice for the Cyber Security of AI. This document is part of a two-part intervention that seeks to set baseline security requirements and ultimately create a global standard. The intervention is rooted in the understanding that AI is not merely a specialised piece of software; it presents distinct challenges such as data poisoning, model obfuscation, indirect prompt injection, and operational complexities in data management.

This Code was welcomed by 80% of respondents to the Department for Science, Innovation and Technology’s (DSIT) Call for Views. Support for each of its principles ranged between 83% and 90%, underscoring a broad consensus that AI security deserves a dedicated focus. The document builds on previous guidelines-including the NCSC’s Guidelines for Secure AI Development-and aligns with internationally recognised standards, signalling a unified global effort to safeguard AI.

Why a Dedicated Code for AI Cyber Security?

Traditional software security frameworks simply cannot capture the unique risks associated with AI systems. Unlike conventional software, AI often relies on vast datasets, complex models, and continuous learning processes that introduce additional vulnerabilities. For instance, data poisoning can corrupt a model’s training data, leading to unpredictable outcomes, while indirect prompt injection can manipulate the inputs in subtle but dangerous ways. These risks require a bespoke approach to security—one that is embedded in every stage of the AI lifecycle.

The Code of Practice recognises these challenges and offers clear guidance on how to design, develop, deploy, maintain, and eventually decommission AI systems securely. It reinforces the principle that software should be secure by design and provides much-needed clarity for stakeholders across the AI supply chain, ensuring that everyone from developers to system operators, and even data custodians, knows what baseline security measures to implement.

Scope and Intended Audience: Who Should Pay Attention?

The voluntary Code is squarely aimed at AI systems, particularly those incorporating deep neural networks and generative AI. It is important to note that the Code is not intended for academic researchers working on AI purely for experimental purposes. Instead, its scope covers AI systems that will be deployed in real-world settings.

The document identifies several key stakeholder groups:

• Developers: These are the organisations or individuals responsible for creating or adapting AI models. Developers must ensure that their systems meet the prescribed security standards, whether they are proprietary or open-source.
• System Operators: These stakeholders embed and deploy AI models within their infrastructure. Their role extends to managing the operational risks that arise from integrating AI into everyday business processes.
• Data Custodians: They control the data used to train and operate AI systems. Their responsibilities include safeguarding data integrity and ensuring compliance with data protection regulations.
• End-users: Although they might not be directly involved in the development or deployment of AI systems, end-users benefit from robust security measures that protect their data and ensure reliable system performance.
• Affected Entities: This category includes any individuals or systems indirectly impacted by AI-driven decisions.

For board directors, understanding these roles is critical. Not only does it help in assigning responsibilities, but it also ensures that security is managed holistically across the entire AI supply chain. Data protection obligations, as highlighted by the Information Commissioner’s Office (ICO), further complicate the landscape, making clear, auditable security practices indispensable.

The AI Lifecycle: A Phased Approach to Security

One of the strengths of the Code is its structured approach to the AI lifecycle. Recognising that there is no single international definition of the AI lifecycle, the document breaks it down into five phases:

1. Secure Design: Laying the groundwork by embedding security awareness and best practices from the very start.
2. Secure Development: Implementing robust development practices, including asset management, infrastructure security, and thorough documentation.
3. Secure Deployment: Ensuring that AI systems are safely integrated into operational environments, with clear communication protocols for end-users.
4. Secure Maintenance: Maintaining ongoing security through regular updates, patches, and performance monitoring.
5. Secure End of Life: Guaranteeing that data and models are properly disposed of to prevent residual risks when AI systems are decommissioned.

This phased approach not only simplifies implementation for organisations but also provides a clear roadmap for board directors seeking to oversee their organisation’s digital strategy.

The 13 Principles: A Detailed Look at the Code

At the heart of the Code are 13 principles that span the entire lifecycle of AI systems. These principles are grouped according to the phases of secure design, development, deployment, maintenance, and end-of-life. Below is an overview of each principle, along with its strategic implications for board directors.

Secure Design

Principle 1: Raise Awareness of AI Security Threats and Risks

Applies to: System Operators, Developers, and Data Custodians

This principle mandates that organisations incorporate AI-specific security content into their training programmes. Regular updates must be provided to ensure that all staff are aware of emerging threats. Board directors should ensure that their organisation’s training initiatives are not static but evolve alongside the threat landscape. After all, a workforce that is well-informed about the risks can serve as an early warning system against potential breaches.

Principle 2: Design Your AI System for Security as well as Functionality and Performance

Applies to: System Operators and Developers

Here, the Code emphasises that security must be an integral part of AI system design. This involves conducting thorough assessments of business requirements alongside associated security risks. It is not enough to create a system that works; it must work securely. Directors need to ask, “Has due diligence been applied in the design phase, or are we playing fast and loose with our digital assets?”

Principle 3: Evaluate the Threats and Manage the Risks to Your AI System

Applies to: Developers and System Operators

Risk management is a familiar boardroom topic, but AI introduces complexities that demand specialised attention. This principle calls for regular threat modelling that specifically addresses AI risks, such as data poisoning and model inversion. Board directors should ensure that risk assessments are not only carried out but also updated in line with new developments. A well-managed risk strategy can be the difference between a minor incident and a catastrophic breach.

Principle 4: Enable Human Responsibility for AI Systems

Applies to: Developers and System Operators

Despite the allure of automation, human oversight remains critical. This principle underscores the need for systems that allow for human intervention. AI outputs should be explainable and interpretable so that, when things go awry, accountability is clear. Board directors must encourage practices that ensure AI is a tool under human control, not a black box with mysterious outputs.

Secure Development

Principle 5: Identify, Track and Protect Your Assets

Applies to: Developers, System Operators, and Data Custodians

In an age where digital assets are as valuable as physical ones, knowing what you have is half the battle. This principle requires a comprehensive inventory of AI assets, including their interdependencies and connectivity. It is a call for robust asset management practices, from version control to disaster recovery plans tailored for AI-specific attacks. For board directors, this means demanding regular audits and clear accountability for digital assets.

Principle 6: Secure Your Infrastructure

Applies to: Developers and System Operators

Infrastructure forms the backbone of any AI system. This principle focuses on securing access controls, APIs, and data pipelines. Developers must create dedicated environments for model training and tuning, safeguarded by strict technical controls. For the board, this is a reminder that an insecure infrastructure can undermine even the best-designed AI systems.

Principle 7: Secure Your Supply Chain

Applies to: Developers, System Operators, and Data Custodians

AI systems often rely on third-party components. This principle emphasises that supply chain security is not negotiable. Organisations must conduct due diligence on external providers, reassess the security of released models, and communicate updates clearly to end-users. Directors should scrutinise vendor relationships and insist on stringent security standards throughout the supply chain.

Principle 8: Document Your Data, Models and Prompts

Applies to: Developers

Documentation is the unsung hero of security. This principle calls for maintaining detailed audit trails for system design, training data, model configurations, and any changes that affect the system’s underlying workings. Board directors must ensure that documentation practices are robust enough to provide transparency and traceability, reducing the risk of hidden vulnerabilities.

Principle 9: Conduct Appropriate Testing and Evaluation

Applies to: Developers and System Operators

Before an AI system is deployed, it must be rigorously tested for security vulnerabilities. This principle mandates independent security testing and thorough evaluation of model outputs. For board directors, it is essential to foster an environment where testing is not viewed as a bureaucratic exercise but as a vital step in mitigating risk.

Secure Deployment

Principle 10: Communication and Processes Associated with End-users and Affected Entities

Applies to: System Operators

Deployment is where the rubber meets the road. This principle requires organisations to clearly communicate with end-users about how their data is used and the limitations of the AI system. It also mandates processes for supporting users in the event of a security incident. Board directors should ensure that the user interface is not only functional but also secure, with clear channels for communication and rapid response.

Secure Maintenance

Principle 11: Maintain Regular Security Updates, Patches and Mitigations

Applies to: Developers and System Operators

AI systems must be kept up-to-date to fend off emerging threats. This principle requires a proactive approach to security updates and patches, treating major AI system updates as essentially new product versions that require fresh rounds of testing. For board directors, this underscores the importance of ongoing investment in security—one-off measures simply will not do in a dynamic threat environment.

Principle 12: Monitor Your System’s Behaviour

Applies to: Developers and System Operators

Continuous monitoring is vital to detect anomalies, security breaches, or changes in system behaviour that may indicate underlying issues. This principle calls for detailed logging of system and user actions and the use of analytical tools to track performance over time. From a board perspective, regular monitoring reports should be a standing agenda item, ensuring that security remains an ongoing priority.

Secure End of Life

Principle 13: Ensure Proper Data and Model Disposal

Applies to: Developers and System Operators

When it comes time to decommission an AI system, security does not simply end. This principle mandates that data, models, and related configurations are securely disposed of to prevent any residual vulnerabilities from being exploited. Board directors must ensure that decommissioning processes are as robust as those used during deployment, safeguarding the organisation even at the end of an asset’s lifecycle.

Implementation: A Roadmap for Board Directors

While the principles are clear, the real challenge lies in implementation. Following feedback from stakeholders, the UK Government has developed an Implementation Guide to help organisations adhere to these requirements. The guide, which draws on a broad review of international standards and best practices, is intended as an addendum to the existing Software Code of Practice. It provides actionable steps, from conducting a comprehensive audit of existing AI systems to developing disaster recovery plans tailored to AI-specific threats.

For board directors, the Implementation Guide is a valuable resource. It offers a clear roadmap to integrate these principles into your organisation’s existing risk management framework. Here are a few steps to consider:

1. Audit and Inventory: Ensure that your organisation maintains an up-to-date inventory of all AI-related assets. This is not just about keeping records—it is about understanding interdependencies and vulnerabilities that could impact your broader security posture.
2. Training and Awareness: Invest in regular, role-specific training programmes that keep staff informed about the latest AI security threats. A well-trained workforce is your first line of defence.
3. Vendor and Supply Chain Management: Establish stringent criteria for selecting third-party providers. Regularly reassess your supply chain security, and demand transparency and compliance from your vendors.
4. Robust Documentation: Encourage your technical teams to document every stage of the AI lifecycle. Comprehensive documentation ensures that any security incident can be traced and addressed swiftly.
5. Continuous Monitoring and Testing: Adopt advanced monitoring tools to track system behaviour and implement regular security testing. Use independent testers where possible to validate the effectiveness of your security measures.
6. Regular Updates and Patching: Allocate resources for ongoing system maintenance. Treat major updates as opportunities to re-evaluate and reinforce your security framework.

A Forward-Thinking and Sceptical Approach

Innovation is exciting, but it must be tempered with caution. Board directors should maintain a healthy scepticism about new AI projects. Are the security measures robust enough? Has due diligence been performed at every stage-from design to decommissioning? In a fast-paced digital world, complacency is the enemy of progress. The Code of Practice challenges organisations to view AI security not as a one-off exercise but as an ongoing commitment to excellence.

A forward-thinking approach means anticipating future threats. Cyber criminals are constantly evolving their techniques, and what is secure today may not be secure tomorrow. Therefore, the principles outlined in the Code must be seen as part of an iterative process, one that involves continuous monitoring, regular updates, and a willingness to adapt. For board directors, this means fostering a culture of agility and accountability where innovation and security go hand in hand.

The Wider Context: International Standards and Global Cooperation

While the Code of Practice is a UK initiative, its implications extend far beyond national borders. The government’s intention to integrate the Code into an ETSI global standard underscores the importance of international cooperation in the realm of AI security. In an interconnected world, cyber threats do not respect borders. By aligning with international standards, the UK is positioning itself as a leader in AI security, setting a benchmark for others to follow.

For board directors, this global perspective is essential. It means that your organisation’s security practices may soon be judged against international benchmarks. Embracing the Code of Practice now not only protects your organisation but also ensures that you are ahead of regulatory and market trends. In a sense, it is an investment in future-proofing your business.

Concluding Thoughts: Leading with Vision and Vigilance

The UK Government’s voluntary Code of Practice for the Cyber Security of AI represents a significant step forward in addressing the unique challenges posed by AI. With its clear structure and comprehensive set of 13 principles, the Code provides a robust framework for integrating security into every phase of the AI lifecycle. For board directors, it is not merely a technical document but a strategic tool that can help safeguard your organisation’s digital future.

As you consider your organisation’s approach to AI, ask yourself: Are we doing enough to anticipate and mitigate the risks? Are our security measures embedded in our design and development processes, or are they an afterthought? The answers to these questions will determine whether your organisation can innovate safely or if it will fall victim to the very threats it seeks to overcome.

The key takeaway is this: while AI presents tremendous opportunities, it also comes with substantial risks that require a proactive and integrated approach to cyber security. By championing the principles outlined in the Code of Practice and investing in its recommended implementation strategies, board directors can lead their organisations into a secure and prosperous future.

For a comprehensive understanding, board directors are encouraged to review the full document and the accompanying Implementation Guide available on the UK Government website. In doing so, you not only ensure compliance with emerging global standards but also demonstrate a commitment to protecting your organisation’s most valuable digital assets.

In a world where technology evolves at breakneck speed, a secure AI strategy is not a luxury - it is an imperative. So, set the tone at the top, challenge your teams to do better, and remember: in the race toward digital transformation, the only way to stay ahead is to secure every step along the way.

Reference: UK Government. (2024). Code of Practice for the Cyber Security of AI. Available at: https://www.gov.uk/government/publications/ai-cyber-security-code-of-practice/code-of-practice-for-the-cyber-security-of-ai