Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: ICO launches public consultation on codes of practice on cybersecurity in AI and software

On May 15, 2024, the Department for Science, Innovation and Technology (DSIT) launched a public consultation on two voluntary codes of practice, one on artificial intelligence (AI) cybersecurity and another on software cybersecurity. In particular, the codes of practice set out requirements for developers to make their AI and software products resilient against tampering, hacking, and sabotage.

Code of practice on AI cybersecurity

The code of practice for secure AI systems aims to protect end users by embedding security into AI models and systems throughout their lifecycle. It addresses cybersecurity risks to AI and includes technical security recommendations. It also outlines responsibilities for developers, system operators, data controllers, and end users, providing specific security principles to guide secure AI development, deployment, and maintenance.

Code of practice on software security

The code of practice for software security contains 21 provisions across four principles, designed to ensure that software products and services are secure throughout their lifecycle. These provisions are aimed at guiding organizations in implementing secure development practices, maintaining secure environments, managing vulnerabilities, and effectively communicating with customers about security-related issues. Provisions are classified as either 'shall' (required) or 'should' (recommended), with a view to providing a balance between mandatory actions and best practices.

Responses to the code of practice for secure AI systems can be submitted by July 10, 2024, either through an online survey or by email to [email protected]. Responses to the code of practice for software security can be submitted by July 10, 2024, either through an online survey or by email to [email protected].

You can read the press release here, the code of practice for secure AI systems here, its online survey here, the code of practice for software security here, and its online survey here.