United Kingdom: Department for Science, Innovation and Technology published Software Security Code of Practice

On 7 May 2025, the UK Department for Science, Innovation and Technology (DSIT) published the voluntary Software Security Code of Practice. The Code was developed in partnership with the National Cyber Security Centre (NCSC), the Canadian Centre for Cyber Security, and a group of technical, industry, and academic experts. It sets out 14 principles to establish a consistent baseline of software security and resilience across the market. The principles are grouped under 4 themes, namely secure design and development, build environment security, secure deployment and maintenance, and communication with customers. The Code applies to organisations that develop or sell proprietary software or software services in a business-to-business context. Furthermore, the DSIT has published a self-assessment template and is developing a certification scheme.