Unorma

United Kingdom · Voluntary code

UK AI Code, secure

The United Kingdom's code of practice for AI cyber security and governance. Voluntary — and the clearest signal of AI maturity in the UK market.

Status
Published — voluntary code
Focus
Secure AI design, deployment & operation
Trajectory
Feeding into global standards work
Controls in Unorma
17

What it is

The UK AI Cyber Security Code of Practice, in plain language.

The UK has taken a principles-based path to AI regulation, and its AI Cyber Security Code of Practice is the concrete core of it: seventeen controls covering secure design, secure deployment, and secure operation of AI systems — from supply chain integrity to incident response.

The code is voluntary, but it's the benchmark UK buyers, insurers and regulators reach for — and it's feeding into international standards work. For anyone selling AI into the UK, alignment is the difference between a smooth security review and a stalled one.

Who it applies to

  • AI vendors in the UK market

    UK enterprise and public-sector buyers use the code as their AI security yardstick in procurement.

  • UK organizations deploying AI

    The code gives security teams a recognized structure for assessing the AI they buy and build.

  • Companies with EU + UK exposure

    Pair it with the EU AI Act; Unorma's cross-framework mappings prevent double work.

Requirements

What UK AI Code actually asks of you.

17 controls in Unorma — each with plain-language guidance, action steps and the evidence you need.

  • Secure design

    Threat modelling and security requirements from the first design decision.

  • Supply chain security

    Models, data and components from third parties verified and tracked.

  • Secure deployment

    Hardened infrastructure, access control and protected model assets.

  • Secure operation

    Monitoring, anomaly detection and maintenance across the AI's life.

  • Incident response

    AI-specific incident playbooks, tested and documented.

  • End-of-life

    Safe decommissioning of models and data when systems retire.

UK AI Code in Unorma

From regulation text to audit-ready, in one platform.

  • All 17 controls with guidance

    Each control explained in plain language with action steps and the evidence a reviewer expects.

  • Security evidence, organized

    Pen test reports, access reviews and monitoring logs — linked to the exact controls they satisfy.

  • Incident management built in

    Unorma's incident module gives you the documented response process the code requires.

  • Cross-framework leverage

    Security work done for the UK code counts toward EU AI Act Art. 15 and NIST controls automatically.

Track UK AI Code readiness from day one.

14-day free trial · No credit card · All 17 controls included

Start free trial

Cross-framework intelligence

Evidence for UK AI Code counts elsewhere too.

~100 cross-framework mappings mean work done once counts toward multiple frameworks automatically.