The UK has taken a groundbreaking step by releasing the world’s inaugural global guidelines to fortify AI systems against cyber threats. Developed by the National Cyber Security Centre (NCSC) in the UK and the Cybersecurity and Infrastructure Security Agency (CISA) in the US, these guidelines have gained support from 17 other countries, including all G7 members.
The core objective of these guidelines is to ensure the safe and secure development of AI technology. Encouraging a “secure by design” approach, they advocate integrating cybersecurity from the very start, spanning design, development, deployment, and ongoing operations.
Addressing four critical areas—secure design, secure development, secure deployment, and secure operation and maintenance—the guidelines offer practical recommendations and best practices for each stage. The launch event in London drew over 100 industry, government, and international partners, featuring speakers from Microsoft, the Alan Turing Institute, and cyber agencies from the US, Canada, Germany, and the UK.
NCSC CEO Lindy Cameron emphasized the importance of proactive security in the rapidly evolving landscape of AI development, stating that security should be a fundamental requirement throughout, not an afterthought.
These guidelines build on the UK’s established leadership in AI safety, with the country recently hosting the inaugural international summit on AI safety at Bletchley Park. US Secretary of Homeland Security Alejandro Mayorkas highlighted the significance of cybersecurity in shaping trustworthy and secure AI systems, noting that the guidelines provide a sensible pathway for designing, developing, deploying, and operating AI with cybersecurity at its core.
The 18 countries endorsing the guidelines hail from Europe, Asia-Pacific, Africa, and the Americas. Here’s the complete list of international signatories:
- Australia – Australian Signals Directorate’s Australian Cyber Security Centre (ACSC)
- Canada – Canadian Centre for Cyber Security (CCCS)
- Chile – Chile’s Government CSIRT
- Czechia – Czechia’s National Cyber and Information Security Agency (NUKIB)
- Estonia – Information System Authority of Estonia (RIA) and National Cyber Security Centre of Estonia (NCSC-EE)
- France – French Cybersecurity Agency (ANSSI)
- Germany – Germany’s Federal Office for Information Security (BSI)
- Israel – Israeli National Cyber Directorate (INCD)
- Italy – Italian National Cybersecurity Agency (ACN)
- Japan – Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC; Japan’s Secretariat of Science, Technology and Innovation Policy, Cabinet Office
- New Zealand – New Zealand National Cyber Security Centre
- Nigeria – Nigeria’s National Information Technology Development Agency (NITDA)
- Norway – Norwegian National Cyber Security Centre (NCSC-NO)
- Poland – Poland’s NASK National Research Institute (NASK)
- Republic of Korea – Republic of Korea National Intelligence Service (NIS)
- Singapore – Cyber Security Agency of Singapore (CSA)
- United Kingdom – National Cyber Security Centre (NCSC)
- United States of America – Cybersecurity and Infrastructure Agency (CISA); National Security Agency (NSA; Federal Bureau of Investigations (FBI)
UK Science and Technology Secretary Michelle Donelan positioned the new guidelines as cementing the UK’s role as “an international standard bearer on the safe use of AI.”
“Just weeks after we brought world leaders together at Bletchley Park to reach the first international agreement on safe and responsible AI, we are once again uniting nations and companies in this truly global effort,” adds Donelan.
The guidelines are now published on the NCSC website alongside explanatory blogs. Developer uptake will be key to translating the secure by design vision into real-world improvements in AI security.