A newly-launched Innovate UK funding competition is offering a share of £5 million to projects driving the growth of secure and resilient software supply chains through the adoption of the government’s Software Security Code of Practice (SSCoP).
The code of practice is designed to support software vendors and their customers in reducing the likelihood and impact of software supply chain attacks, but also offers new market opportunities for the development of innovative products and services supporting adoption, Innovate UK states.
To be considered, projects should increase adoption, awareness, and implementation of the SSCoP, drive the commercial growth of cyber resilient tech supply chains, increase the baseline level of cyber resilience in UK software supply chains, and support at least two SSCoP themes.
Areas of focuses might include tools or systems to incentivise adoption, engagement and training, metrics and testing using SSCoP to improve understanding of cyber resilience in complex software systems, or the development of sector-specific guidance and tools to help in supplier management.
The total amount requested must be between £250,000 and £750,000, according to Innovate UK, who also estimate the chance of success at around 30 percent based on evidence from similar competitions. Projects should begin by August 2026, and end by 31 January 2028, lasting between 12 and 18 months.
Technical guidance has been published to help developers and vendors understand how best to meet the principles outlined by the SSCoP, advising on implementation, and signposting to relevant frameworks where possible.
A virtual competition briefing is being held on 25 March, 2026, 11:00-12:30, to share more details of the competition with interested parties. The closing date for the competition is 29 April, 2026, 11:00am, with applicants to be notified on the status of their entry on 3 June.
Wider trend: Cyber security
NHS England has shared an open letter to current suppliers across the health and care system, outlining the shared responsibility to strengthen cyber security, and plans for direct supplier engagement. From January 2026, NHS England will be looking to contact suppliers directly to discuss current cyber security controls, requesting supporting information or evidence “where appropriate”, such as in instances where suppliers deliver services deemed to be critical to patient care or operational continuity. “This is not an audit, and it is not a pass or fail exercise,” NHS England explains. “This programme is about identifying risk and working in partnership to agree proportionate remediation activity, that strengthens resilience for everyone.”
The European Telecommunications Standards Institute has announced the launch of a new standard, ETSI EN 304 223, outlining minimum cyber security requirements for AI models and systems as the “first globally applicable European Standard (EN) for AI cyber security”. The new standard is designed specifically for AI systems to protect them from sophisticated cyber attacks, pointing to the need to secure against emerging forms of risk such as data poisoning, model obfuscation, and indirect prompt injection. It outlines 13 principles and requirements across five phases: secure design, secure development, secure deployment, secure maintenance, and secure end of life.
South Yorkshire ICB has launched three digital strategies designed to modernise services, strengthen cyber resilience, and empower its workforce with digital skills to continue to deliver safe and effective care. The ICB’s cyber strategy sets out a series of planned actions across the implementation of a South Yorkshire Cyber Portal, system criticality register, and supplier repository. ICS resourcing will be made available for cyber analytics, and a joint response protocol will be developed and tested to bolster collaboration. Building on convergence across the system, the ICB will also outline a set of ICS security standards to be embedded within organisational policies.
