United Kingdom · Voluntary code
UK AI Code, secure
The United Kingdom's code of practice for AI cyber security and governance. Voluntary — and the clearest signal of AI maturity in the UK market.
- Status
- Published — voluntary code
- Focus
- Secure AI design, deployment & operation
- Trajectory
- Feeding into global standards work
- Controls in Unorma
- 17
What it is
The UK AI Cyber Security Code of Practice, in plain language.
The UK has taken a principles-based path to AI regulation, and its AI Cyber Security Code of Practice is the concrete core of it: seventeen controls covering secure design, secure deployment, and secure operation of AI systems — from supply chain integrity to incident response.
The code is voluntary, but it's the benchmark UK buyers, insurers and regulators reach for — and it's feeding into international standards work. For anyone selling AI into the UK, alignment is the difference between a smooth security review and a stalled one.
Who it applies to
AI vendors in the UK market
UK enterprise and public-sector buyers use the code as their AI security yardstick in procurement.
UK organizations deploying AI
The code gives security teams a recognized structure for assessing the AI they buy and build.
Companies with EU + UK exposure
Pair it with the EU AI Act; Unorma's cross-framework mappings prevent double work.
Requirements
What UK AI Code actually asks of you.
17 controls in Unorma — each with plain-language guidance, action steps and the evidence you need.
Secure design
Threat modelling and security requirements from the first design decision.
Supply chain security
Models, data and components from third parties verified and tracked.
Secure deployment
Hardened infrastructure, access control and protected model assets.
Secure operation
Monitoring, anomaly detection and maintenance across the AI's life.
Incident response
AI-specific incident playbooks, tested and documented.
End-of-life
Safe decommissioning of models and data when systems retire.
UK AI Code in Unorma
From regulation text to audit-ready, in one platform.
All 17 controls with guidance
Each control explained in plain language with action steps and the evidence a reviewer expects.
Security evidence, organized
Pen test reports, access reviews and monitoring logs — linked to the exact controls they satisfy.
Incident management built in
Unorma's incident module gives you the documented response process the code requires.
Cross-framework leverage
Security work done for the UK code counts toward EU AI Act Art. 15 and NIST controls automatically.
Track UK AI Code readiness from day one.
14-day free trial · No credit card · All 17 controls included
Cross-framework intelligence
Evidence for UK AI Code counts elsewhere too.
~100 cross-framework mappings mean work done once counts toward multiple frameworks automatically.