diff --git a/app/templates/views/information-security.html b/app/templates/views/information-security.html
index ea34f83b1..8b0ed4d13 100644
--- a/app/templates/views/information-security.html
+++ b/app/templates/views/information-security.html
@@ -126,8 +126,8 @@ Information security guidelines – GOV.UK Notify
       <p>There are additional rules that apply specifically to links.</p>
 
       <ol class="list list-number">
-        <li>Links must point to a .gov.uk domain – for example, <a href="https://www.gov.uk">https://www.gov.uk</a> or <a href="https://www.armslengthbody.gov.uk">https://www.armslengthbody.gov.uk</a>.</li>
-        <li>Links must show the URL in full – for example <a href="https://www.gov.uk/vehicle-tax">https://www.gov.uk/vehicle-tax</a>, not <a href="https://www.gov.uk/vehicle-tax">Vehicle tax</a>.</li>
+        <li>Links must point to a .gov.uk domain – for example, https://www.gov.uk or https://www.armslengthbody.gov.uk.</li>
+        <li>Links must show the URL in full – for example https://www.gov.uk/vehicle-tax, not gov.uk/vehicle-tax.</li>
         <li>Don’t use redirects or tracking links – disguising the URL makes phishing easier. Just show the URL in full.</li>
         <li>Don’t link directly to a sign-in page – this is a request for personal data. If the user needs to sign in to your service, link to your start page on GOV.UK.</li>
         <li>It’s OK to deep-link into your service, as long as the user doesn’t have to sign in to view the information or take action.</li>