The guidance outlines 10 actions businesses can take when deploying AI solutions to ensure that data is secure throughout the AI lifecycle, encouraging organisations to:
Source reliable data and track data provenance – As much as possible, only use data from authoritative sources and maintain a secure provenance database that is cryptographically signed.
Verify and maintain data integrity –Use checksums and cryptographic hashes during storage and transport.
Employ digital signatures to authenticate trusted data revisions – Datasets should be authenticated against quantum-resistant digital signature standards, with original versions of data cryptographically signed, and revisions signed by the person making the change.
Leverage trusted infrastructure – Use trusted infrastructure to support data integrity, security and transparency.
Classify data and use access controls – These controls should be based on sensitivity and necessary protection measures.
Encrypt data – Ensure encryption at rest, in transit or during processing.
Store data securely – Use certified storage devices that enforce NIST FIPS 140-3 [15] compliance.
Leverage privacy-preserving techniques – This could be through employing data depersonalisation techniques, deploying a differential privacy framework, or decentralising learning techniques, such as federated learning, across local datasets.
Delete data securely –Such as through a cryptographic erase, block erase or data overwrite.
Conduct ongoing data security risk assessments – Evaluate the data security landscape, identify risks, and prioritise actions to minimise security incidents.
Alongside this, the publication focuses on three major areas of data security risks in AI systems:
Data Supply Chain - Third party datasets could contain inaccuracies or be malicious. The guidance, therefore, recommends organisations verify data at the point of ingestion, consider using cryptographic signatures and hashes, and require certifications from data providers.
The guidance also notes the particular risk associated with web-crawled datasets, as such data is “substantially less curated” than other large-scale datasets. In such instances, the authors therefore recommend relying on consensus-based approaches, where data reliability is judged by how frequently it features on other webpages, and effective data curation practices.
Maliciously Modified (Poisoned) Data - Data poisoning denotes malicious attempts to corrupt the training process and produce unreliable model behaviour. There are numerous risks associated with poisoned data, which include the potential for disinformation and statistical bias. To avert this risk, the authors suggest organisations invest in anomaly detection, securing data pipelines and training environments, as well as metadata validation and deduplication.
Data Drift - In other words, gradual changes in the data input could, over time, degrade the performance of the AI system. Suggested methods to combat this include, regularly monitoring the performance of both input and output data, continuously retraining models with up-to-date datasets, and utilising deploying quality control tools.
The document concludes emphasising the “paramount importance” of data security when developing and operating AI systems. To ensure the output of AI system is accurate and reliable, it is crucial to deploy these best practices and risk mitigation strategies.
This publication outlines the growing international consensus around secure-by-design AI development. As the UK continues to position itself as a leader in trustworthy AI, aligning with global best practices on data integrity and security will be essential to unlocking innovation, ensuring consumer trust, and maintaining competitiveness.
* The full list of authors were the US National Security Agency’s Artificial Intelligence Security Center (AISC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), New Zealand’s Government Communications Security Bureau’s National Cyber Security Centre (NCSC-NZ), and the UK’s National Cyber Security Centre (NCSC-UK).
If you have any further questions, please do get in contact with the team:
Daniella Bennett Remington
Policy Manager - Digital Regulation, techUK
Daniella Bennett Remington
Policy Manager - Digital Regulation, techUK
Dani joined techUK in February 2025 as a Policy Manager in the Digital Regulation team.
Prior to this, Dani worked in political monitoring where she was a consultant for Digital, Culture, Media and Sport. In this role, she developed a strong understanding of parliamentary procedure, closely following all of the major developments in the tech centre and working with several key stakeholders and regulators.
She has an undergraduate degree in History from the University of Bristol and an MPhil in Modern European History from the University of Cambridge.
Outside of tech, Dani has a strong interest in addiction policy, particularly towards drugs, having written her dissertation on the topic as well as several subsequent research projects. In her spare time, she enjoys cooking and following all things motoring, whether that be F1, MotoGP or Formula E.
Audre joined techUK in July 2023 as a Policy Manager for Data. Previously, she was a Policy Advisor in the Civil Service, where she worked on the Digital Markets, Competition and Consumers Bill at the Department for Science, Innovation and Technology, and at HM Treasury on designing COVID-19 support schemes and delivering the Financial Services and Markets Bill. Before that, Audre worked at a public relations consultancy, advising public and private sector clients on their communications, public relations, and government affairs strategy.
Prior to this, Audre completed an MSc in Public Policy at the Korea Development Institute and a Bachelor's in International Relations and History from SOAS, University of London. Outside of work, she enjoys spending time outdoors, learning about new cultures through travel and food, and going on adventures.
Jill leads the techUK Cyber Resilience programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.
In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.
Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.
Prior to joining techUK, Raya worked in Business Development for an expert network firm within the institutional investment space. Before this Raya spent a year in industry working for a tech start-up in London as part of their Growth team which included the formation and development of a 'Let's Talk Tech' podcast and involvement in London Tech Week.
Raya has a degree in Politics and International Relations (Bsc Hons) from the University of Bath where she focused primarily on national security and counter-terrorism policies, centreing research on female-led terrorism and specific approaches to justice there.
Outside of work, Raya's interests include baking, spin classes and true-crime Netflix shows!
techUK's Policy and Public Affairs Programme activities
techUK helps our members understand, engage and influence the development of digital and tech policy in the UK and beyond. We support our members to understand some of the most complex and thorny policy questions that confront our sector. Visit the programme page here.
techUK Report - Evolving Digital Regulation for Growth and Innovation
techUK is excited to announce its Pro-Growth Regulation Report, "Evolving Digital Regulation for Growth and Innovation
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Antony Walker is deputy CEO of techUK, which he played a lead role in launching in November 2013.
Antony is a member of the senior leadership team and has overall responsibility for techUK’s policy work. Prior to his appointment in July 2012 Antony was chief executive of the Broadband Stakeholder Group (BSG), the UK’s independent advisory group on broadband policy. Antony was closely involved in the development of broadband policy development in the UK since the BSG was established in 2001 and authored several major reports to government. He also led the development of the UK’s world leading Open Internet Code of Practice that addresses the issue of net neutrality in the UK. Prior to setting up the BSG, Antony spent six years working in Brussels for the American Chamber of Commerce following and writing about telecoms issues and as a consultant working on EU social affairs and environmental issues. Antony is a graduate of Aberdeen University and KU Leuven and is also a Policy Fellow Alumni of the Centre for Science and Policy at Cambridge University.
As Head of Public Affairs, Alice supports techUK’s strategic engagement with Westminster, Whitehall and beyond. She regularly works to engage with ministers, members of the UK’s parliaments and senior civil servants on techUK’s work advocating for the role of technology in the UK’s economy as well as wider society.
Alice joined techUK in 2022. She has experience working at both a political monitoring company, leading on the tech, media and telecoms portfolio there, and also as an account manager in a Westminster-based public affairs agency. She has a degree from the University of Sheffield in Politics and Philosophy.
Edward leads the Digital Economy programme at techUK, which includes our work on online safety, fraud, and regulation for growth initiatives.
He has prior experience working for the Department for Digital, Culture, Media and Sport and has previously worked for a number of public affairs consultancies specialising in research and strategy, working with leading clients in the technology and financial services sectors.
Samiah Anderson is the Head of Digital Regulation at techUK.
With over six years of Government Affairs expertise, Samiah has built a solid reputation as a tech policy specialist, engaging regularly with UK Government Ministers, senior civil servants and UK Parliamentarians.
Before joining techUK, Samiah led several public affairs functions for international tech firms and coalitions at Burson Global (formerly Hill & Knowlton), delivering CEO-level strategic counsel on political, legislative, and regulatory issues in the UK, EU, US, China, India, and Japan. She is adept at mobilising multinational companies and industry associations, focusing on cross-cutting digital regulatory issues such as competition, artificial intelligence, and more.
She holds a BA (Hons) in Politics, Philosophy, and Economics from the University of London, where she founded the New School Economics Society, the Goldsmiths University chapter of Rethinking Economics.
Audre joined techUK in July 2023 as a Policy Manager for Data. Previously, she was a Policy Advisor in the Civil Service, where she worked on the Digital Markets, Competition and Consumers Bill at the Department for Science, Innovation and Technology, and at HM Treasury on designing COVID-19 support schemes and delivering the Financial Services and Markets Bill. Before that, Audre worked at a public relations consultancy, advising public and private sector clients on their communications, public relations, and government affairs strategy.
Prior to this, Audre completed an MSc in Public Policy at the Korea Development Institute and a Bachelor's in International Relations and History from SOAS, University of London. Outside of work, she enjoys spending time outdoors, learning about new cultures through travel and food, and going on adventures.
Mia focuses on shaping a policy environment that fosters the expansion of the UK tech sector while maximising the transformative potential of technology across all industries.
Prior to joining techUK, Mia worked as a Senior Policy Adviser at the Confederation of British Industry (CBI) within the Policy Unit.
Mia holds an MSc in International Development from the University of Manchester and a BA(Hons) in Politics and International Relations from the University of Nottingham.
Archie Breare joined techUK in September 2022 as the Telecoms Programme intern, and moved into the Policy and Public Affairs team in February 2023.
Before starting at techUK, Archie was a student at the University of Cambridge, completing an undergraduate degree in History and a master's degree in Modern British History.
In his spare time, he likes to read, discuss current affairs, and to try and persuade himself to cycle more.
Dani joined techUK in February 2025 as a Policy Manager in the Digital Regulation team.
Prior to this, Dani worked in political monitoring where she was a consultant for Digital, Culture, Media and Sport. In this role, she developed a strong understanding of parliamentary procedure, closely following all of the major developments in the tech centre and working with several key stakeholders and regulators.
She has an undergraduate degree in History from the University of Bristol and an MPhil in Modern European History from the University of Cambridge.
Outside of tech, Dani has a strong interest in addiction policy, particularly towards drugs, having written her dissertation on the topic as well as several subsequent research projects. In her spare time, she enjoys cooking and following all things motoring, whether that be F1, MotoGP or Formula E.
Oliver is a Junior Policy Manager at techUK, working across Public Affairs and Digital Regulation policy. He supports the organisation’s engagement with government and parliament, contributes to shaping techUK’s regulatory agenda, and plays a key role in coordinating political outreach, policy projects, and flagship events.
He joined techUK in November 2023 as a Team Assistant to the Policy and Public Affairs team, before stepping into his current role. He has been closely involved in efforts to ensure the tech sector’s voice is heard in the policymaking process.
Oliver holds a Master’s in Policy Research from the University of Bristol and a BSc in Policy from Swansea University. During his studies, he contributed to mental health research as a Student Research Assistant for the SMaRteN network.
Outside of work, Oliver is a keen debater and remains active in the UK debating community, having previously led the Swansea University Debating Union. He enjoys exploring complex issues from multiple perspectives and values clear, thoughtful communication in policy discussions.
Tess joined techUK as an Policy and Public Affairs Team Assistant in November of 2024. In this role, she supports areas such as administration, member communications and media content.
Before joining the Team, she gained experience working as an Intern in both campaign support for MPs and Councilors during the Local and General Election and working for the Casimir Pulaski Foundation. As well as working for multiple charities on issues such as the climate crisis, educational inequality and Violence Against Women and Girls (VAWG). Tess obtained her Bachelors of Arts in Politics and International Relations from University of Nottingham.
