PUBLISHED DATE: 3 December 2025
The integration of AI into OT presents both opportunities and risks to critical infrastructure owners and operators. While AI can enhance efficiency, productivity, and decision-making, it also introduces new challenges that require careful management to support the safety, security, and reliability of OT systems.
This guidance—co-authored by the NCSC and partner agencies—provides critical infrastructure owners and operators with practical information for integrating AI into OT environments. This guidance outlines four key principles critical infrastructure owners and operators can follow to leverage the benefits of AI in OT systems while reducing risk:
Principles
Understand AI.
Understand the unique risks and potential impacts of AI integration into OT environments, the importance of educating personnel on these risks, and the secure AI development lifecycle.
Consider AI Use in the OT Domain.
Assess the specific business case for AI use in OT environments and manage OT data security risks, the role of vendors, and the immediate and long-term challenges of AI integration.
Establish AI Governance and Assurance Frameworks.
Implement robust governance mechanisms, integrate AI into existing security frameworks, continuously test and evaluate AI models, and consider regulatory compliance.
Embed Safety and Security Practices into AI and AI-Enabled OT Systems.
Implement oversight mechanisms to ensure the safe operation and cybersecurity of AI-enabled OT systems, maintain transparency, and integrate AI into incident response plans.
The authoring agencies encourage critical infrastructure owners and operators to review this guidance and action the principles so they can safely and securely integrate AI into OT systems.
For questions related to this guidance, email info@ncsc.govt.nz.
Download the full guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology [PDF, 1.3 MB]