Follow us

The implementation period for the UK Department for Science, Innovation & Technology ("DSIT")'s voluntary Code of Practice for app store operators, app developers and platform operators (the "Code") ends in June 2024, following a nine-month extension. The Code, first published in December 2022 and further amended on 13 October 2023 (see announcement here), encourages the implementation of the following eight principles (by app store operators, app developers and/or platform developers as indicated by the Code in respect of each principle):

  1. ensure only apps meeting the Code's baseline security and privacy requirements are allowed on the app store;
  2. ensure app adhere to such baseline security and privacy requirements;
  3. implement a vulnerability disclosure process;
  4. keep apps updated to protect users;
  5. provide important security and privacy information to users in an accessible way;
  6. private security and privacy guidance to developers;
  7. provide clear feedback to developers; and
  8. ensure appropriate steps are taken when personal data breach arises.

Following implementation, the Code will also be reviewed and updated (as required) at least every two years to reflect new technological developments. App operators and developers may also wish to consider the Annexes to the Code which highlight: (a) legal obligations from UK data protection law relevant to the Code; and (b) an overview by the ICO of how stakeholders may refer any security/privacy concerns in apps.

Related categories

Key contacts

Claire Wiseman photo

Claire Wiseman

Professional Support Lawyer, London

Claire Wiseman
James Balfour photo

James Balfour

Senior Associate, London

James Balfour
Rachel Kane photo

Rachel Kane

Senior Associate, London

Rachel Kane
Sara Lee photo

Sara Lee

Associate, London

Sara Lee
Claire Wiseman James Balfour Rachel Kane Sara Lee