European consortium launches SHIELD-6G project to develop cybersecurity capabilities for future 6G networks

A consortium of 19 organisations from across Europe has launched SHIELD-6G (Scalable, Hybrid, and Intelligent End-to-End Defense for 6G Networks), a research and innovation project aimed at developing cybersecurity technologies for future 6G communications networks.

The project is coordinated by University College Dublin and brings together universities, research institutes, telecommunications operators, technology companies, and small and medium-sized enterprises from 10 European countries, including Ireland, Spain, Finland, France, the Netherlands, Italy, Greece, Latvia, Estonia, and Türkiye.

According to the consortium, SHIELD-6G will focus on developing a cyber threat intelligence platform designed for future 6G environments. The platform is intended to support the detection, analysis, and response to cyber threats, including previously unknown vulnerabilities and attacks.

The project will explore several technology areas, including AI-based threat detection and response, federated learning for privacy-preserving data processing, digital twin technologies for security testing, and explainable AI approaches intended to improve transparency in cybersecurity operations.

Researchers will evaluate the technologies through use cases in healthcare, smart manufacturing, and maritime communications. These sectors are expected to rely increasingly on advanced connectivity and automated digital systems, creating new cybersecurity requirements.

The initiative is funded through the European Union’s Horizon Europe programme under the Smart Networks and Services Joint Undertaking (SNS JU), which supports research and innovation activities related to future communication networks and services.

According to the project description, SHIELD-6G is expected to contribute to the development of automated network security capabilities, real-time threat detection and mitigation mechanisms, and approaches to compliance and auditing. The consortium also plans to contribute to ongoing discussions on 6G standardisation.

Commenting on the launch, Madhusanka Liyanage of University College Dublin said future communication networks will require security and resilience measures capable of supporting increasingly critical digital services. He said the project aims to develop cybersecurity capabilities that can help protect those services while supporting the broader development of future connectivity infrastructure.

SHIELD-6G is one of several projects funded under the SNS JU programme that aim to advance research on 6G technologies and related cybersecurity challenges as Europe prepares for the next generation of digital communications networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UNESCO-backed initiative promotes AI skills and workforce innovation in East Africa

Nearly 1,000 students from across East Africa participated in the AI4EAC Innovation Challenge, a regional initiative designed to strengthen AI skills while encouraging practical solutions to local challenges.

Supported by UNESCO Campus Africa and several regional and international partners, the programme brought together students from 57 universities across East Africa.

One of the programme’s central themes was employment and workforce development through the Skills2Job Challenge. Participants were tasked with developing AI systems capable of identifying suitable occupations based on an individual’s skills profile.

Using data from UNESCO’s Global Skills Tracker, students developed machine-learning models aimed at improving career guidance, workforce mobility and skills-based hiring.

The winning projects explored different approaches to matching skills with labour market opportunities. Several participants argued that labour markets across Africa continue to place significant emphasis on formal qualifications, often overlooking transferable skills that could support employment across multiple sectors and industries.

UNESCO said the initiative demonstrates growing demand for AI skills across the region while highlighting the ability of young innovators to develop solutions tailored to local economic and social challenges.

The programme forms part of wider efforts to strengthen links between higher education, innovation ecosystems and employment opportunities throughout Africa.

Why does it matter?

The initiative highlights how AI can be applied to address practical development challenges, including the gap between education outcomes and labour market needs. By focusing on skills-based matching rather than formal qualifications alone, AI tools could help improve workforce mobility, career guidance and access to employment opportunities.

The programme also reflects the growing importance of AI capacity development across Africa. As governments, universities and businesses invest in digital transformation, building local AI talent and innovation ecosystems will be essential for ensuring that AI solutions are developed in ways that reflect regional priorities, economic realities and social needs.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK expands AI-powered planning tools across England

The UK Government has announced major progress in its efforts to modernise the planning system through AI, including the nationwide rollout of the Extract tool and continued development of the Augmented Planning Decisions (APD) prototype.

Extract, developed by the Ministry of Housing, Communities and Local Government (MHCLG) and the government’s Incubator for AI (i.AI), is now available to local authorities across England following successful trials. The tool automates the processing of complex planning documents and could save the average council around 255 hours of manual work.

Alongside the rollout, the government is advancing the APD prototype, which is being tested with the London Borough of Barnet, Dorset Council, and the London Borough of Camden. Designed to help planning officers navigate complex local planning policies, the AI-powered system is expected to become available to councils across England from 2027.

The pilot remains experimental, with further testing and evaluation planned before any wider deployment.

Google Cloud, Google DeepMind, and Faculty are supporting the project by providing infrastructure, AI capabilities and technical expertise. Officials said the initiative aims to reduce administrative burdens, improve decision-making efficiency, increase transparency and accelerate planning approvals to support housing development.

Why does it matter? 

The UK’s adoption of AI-powered planning tools reflects a broader trend of governments using AI to modernise public services, improve administrative efficiency, and address longstanding bureaucratic bottlenecks.

Successful deployment could serve as a model for other countries seeking to digitise planning and regulatory processes, demonstrating how AI can support faster decision-making while reducing operational costs and helping public authorities manage growing workloads.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Italian competition authority investigates Apple over DMA interoperability rules

The Italian Competition Authority has launched an investigation into Apple Inc., Apple Distribution International Ltd and Apple Italia S.r.l. over their compliance with interoperability requirements under the Digital Markets Act (DMA).

According to the authority, the Digital Markets Act requires Apple to provide third-party consumer cloud service providers with free and effective interoperability with its iOS and iPadOS operating systems under conditions equivalent to those available to iCloud.

The authority said there are indications that alternative cloud providers may not have access to the same hardware and software functionalities available to iCloud. As an example, the authority cited device backup functions on iOS and iPadOS, which appear to be unavailable to competing cloud services.

The investigation marks the first time the authority has exercised its powers under Italy’s 2022 Annual Law on Pro-competitive Reforms to support preliminary investigations under the DMA. The authority said its findings will be shared with the European Commission following the launch of the investigation in Rome.

Why does it matter?

The investigation highlights the growing role of national authorities in supporting enforcement of the Digital Markets Act, the EU’s flagship competition framework for large digital platforms. Interoperability requirements are a central element of the DMA, aiming to ensure that dominant platform operators do not unfairly favour their own services over competitors.

The case could also have broader implications for cloud competition and platform ecosystems. If regulators conclude that third-party providers do not have access to the same functionalities as Apple’s own services, the findings may influence how gatekeeper obligations are interpreted and enforced across the EU’s digital markets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UNIDIR launches platform for AI peace and security policy

UNIDIR, Switzerland, and Pakistan will host a pre-launch briefing for the Institute’s Centre of Excellence on AI, Peace and Security in Geneva on 17 June 2026.

The briefing will take place at the Palais des Nations ahead of the centre’s formal launch later the same day. It will bring together stakeholders involved in the governance of AI and international security.

UNIDIR said the Centre of Excellence on AI, Peace and Security is being established at a critical moment for global AI governance, as AI increasingly reshapes international peace and security dynamics. The centre is intended to serve as a permanent platform for consolidating knowledge, connecting stakeholders and maintaining continuity between multilateral processes and global discussions on AI and international security.

The platform aims to promote greater continuity and coherence across international AI governance initiatives. It will also promote inclusive global engagement and provide practical, evidence-based policy guidance, resources, and capacity-building support.

According to UNIDIR, the goal is to strengthen international cooperation on the governance of AI in peace and security contexts, amid growing urgency and complexity.

The pre-launch briefing will introduce the centre as a platform for multistakeholder engagement and actionable knowledge generation. Participants will also be invited to express interest in supporting the centre, joining its Forum and contributing to future activities.

Speakers will include Dr Giacomo Persi Paoli, Head of UNIDIR’s Security and Technology Programme; Reto Wollenmann, Senior Advisor on AI and International Security at Switzerland’s Federal Department of Foreign Affairs; and Husham Ahmed, Counsellor at the Permanent Mission of Pakistan to the UN in Geneva.

The briefing will also include an overview of the centre’s governance structure and ways for states and other stakeholders to engage through its Forum. The event will be moderated by Dr Yasmin Afina, Researcher in UNIDIR’s Security and Technology Programme.

Why does it matter?

AI is becoming an increasingly important factor in international peace and security, influencing areas ranging from military applications and cyber operations to information integrity, crisis management and strategic stability. As discussions on AI governance expand across multiple international forums, there is growing demand for mechanisms that can provide continuity, expertise and coordination between policy processes.

The new UNIDIR centre seeks to fill that gap by creating a permanent platform for research, dialogue and capacity-building. By bringing together governments, international organisations, industry, academia and civil society, it could help promote more inclusive and evidence-based approaches to governing AI in security contexts, particularly for countries with limited resources or technical expertise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Western Balkans schools explore AI in education with UNESCO and UNICEF support

Educators from across the Western Balkans gathered in Sarajevo to discuss the rapid rise of AI in education and its implications for teaching and learning. The regional conference brought together more than 80 teachers and practitioners from Bosnia and Herzegovina, Croatia, Serbia and Slovenia.

Supported by UNESCO, UNICEF, the French Institute and the Croatian Cultural Society ‘Napredak’, the event focused on both the opportunities and risks associated with AI adoption in education. Discussions covered ethical use of AI, data protection, safeguarding learner well-being and maintaining educational integrity in digital environments.

Workshops provided hands-on training in AI tools, allowing participants to explore how the technology can be used responsibly and effectively in classroom settings. UNESCO also introduced multilingual resources on AI in education, aimed at improving access to practical guidance and best practices across the region.

The initiative highlighted a shared priority among educators: ensuring that AI supports human-centred learning while teachers remain central to delivering effective, inclusive and equitable education.

Why does it matter?

The integration of AI into education systems marks a structural shift in how learning is designed, delivered and evaluated, with implications that extend beyond classrooms into labour markets and civic participation. As governments and institutions experiment with AI tools, the key challenge is ensuring that efficiency gains do not come at the expense of equity, privacy and critical thinking.

Regional cooperation and shared ethical frameworks, such as those promoted by UNESCO, are therefore essential for preventing fragmented adoption and widening digital divides, while helping education systems remain adaptable, inclusive and centred on human development in an increasingly automated environment.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

South Korea and Saudi Arabia expand cooperation on AI and digital transformation

South Korea and Saudi Arabia have agreed to strengthen cooperation in AI and digital transformation as part of a broader partnership spanning energy, advanced industries and critical mineral supply chains.

The agreement was signed in Riyadh by South Korean Minister of Trade, Industry and Energy Kim Jung-Kwan and Saudi Energy Minister Prince Abdulaziz bin Salman.

While the memorandum includes cooperation in oil and gas, a key focus is the use of AI and digital technologies to modernise energy infrastructure, improve resource management and enhance operational efficiency.

The two countries also agreed to expand collaboration in advanced technology sectors, including AI, digital innovation and emerging industrial technologies. The partnership aims to combine Saudi Arabia’s resource base with South Korea’s industrial and technological capabilities to support future economic growth and industrial development.

Officials described the agreement as an important step towards deeper cooperation in emerging technologies, with AI expected to play an increasingly important role in energy innovation, supply-chain resilience and industrial transformation.

Why does it matter?

The agreement highlights how AI is becoming an increasingly important component of industrial and energy policy. Governments are no longer viewing AI solely as a digital technology sector, but as a tool for improving efficiency, resilience and competitiveness across strategic industries such as energy, manufacturing and resource management.

The partnership also reflects a broader trend of linking technological cooperation with economic diversification and supply-chain security. By combining Saudi Arabia’s resource strengths with South Korea’s technological and industrial expertise, the two countries are seeking to position themselves more strongly within the evolving global landscape of AI-driven industrial development.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Swiss parliament weighs AI apps in media copyright bill

Swiss lawmakers want the government to examine whether AI applications should be covered by a media copyright bill that would require online services to compensate publishers for displaying extracts from newspaper articles.

The Swiss Senate unanimously referred the media copyright bill and related rights bill back to the federal government on Wednesday. The House of Representatives had already approved the request in March by 157 votes to 29, with two abstentions, making the decision final.

The media copyright bill aims to require online platforms, including search engines and social media services, to pay copyright fees for displaying extracts of journalistic content. Swiss lawmakers now want the government to consider how AI applications should be treated under the proposal.

The federal government has been asked to examine how AI is changing the way platforms and search engines operate and what those changes mean for the proposed legislation. The review could determine whether AI services that display or reuse extracts from news articles should also compensate publishers.

Current Swiss rules do not provide specific protection for snippets and thumbnails, including short text extracts or images produced as part of journalistic work. As a result, online services have so far not paid remuneration to media companies for using this type of content.

The renewed review reflects growing concern that AI tools could reshape how users access news and how journalistic material is reused online. It also expands an existing debate over search engines, social media platforms and publisher compensation to include AI-powered services.

Why does it matter?

The review reflects growing international concern about how AI systems use and display journalistic content. As AI-powered search tools, chatbots and assistants increasingly become gateways to information, policymakers are questioning whether existing copyright frameworks adequately compensate publishers whose content helps power these services.

The Swiss debate also highlights a broader challenge facing governments worldwide: balancing innovation in AI with the economic sustainability of journalism. Decisions on whether AI services should pay for snippets, summaries or other reused content could influence future relationships between publishers, digital platforms and AI developers.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

The future of agentic AI: A cross-regulatory perspective from the UK

Published in March 2026, ‘The Future of Agentic AI‘ is a foresight paper from the Digital Regulation Cooperation Forum (DRCF), the joint body bringing together the Competition and Markets Authority (CMA), the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and Ofcom.

Drawn on a public call for views conducted through the DRCF Thematic Innovation Hub in autumn 2025 and a series of cross-regulatory workshops, it maps how agentic AI simultaneously activates the remits of all four regulators, and identifies the areas where cross-regulatory coherence will be most difficult to maintain as the technology advances.

The DRCF emphasises that regulation should function as an enabler of innovation rather than a barrier. All four regulators affirm that existing UK frameworks, across data protection, consumer protection, financial regulation and online safety, already apply to agentic AI.

Much of the analytical weight, therefore, lies not in proposing new rules but in mapping how the simultaneous application of those frameworks to a single agentic deployment creates coordination challenges that a sector-by-sector regulatory model was not designed to manage.

The document does not constitute regulatory policy and is explicitly framed as a contribution to the stakeholder debate.

Agentic AI: definition and current state of development

 Person, Security

Agentic AI is defined as systems of AI agents that behave and interact autonomously to achieve their objectives, where each individual agent is an increasingly autonomous AI capable of directly affecting real-world environments. The key distinction from standard generative AI lies in what agents do beyond generating outputs: they assess goals and decompose them into subtasks, retrieve real-time data from external services, execute actions such as making payments or sending communications, and retain memory of past interactions.

Information retrieval alone does not make a system an agent. The critical feature is the autonomous plan-act loop through which multi-step tasks are completed, often by invoking external tools, with limited or no human intervention at each step.

A five-level autonomy spectrum structures the analysis of the current and near-future agent landscape. At the base sits the ‘tool’, a reactive system with no initiative or memory. Above it is the ‘assistant’, capable of planning a few steps and using approved tools while deferring to the user for execution.

The ‘operator’ handles bounded workflows end-to-end once authorised. The ‘collaborator’ and ‘autonomous actor’ tiers, capable of initiating and coordinating multi-step work with minimal human approval, remain largely theoretical at the time of publication.

Most practical deployments today sit at the assistant or operator tiers: customer-support copilots that triage tickets, workflow agents that automate expense claims, or fraud detection systems in financial services. Agentic AI is not exclusively software-based. Embodied agents in robotics and the Internet of Things (IoT) represent an important adjacent development, with LLM-enabled humanoid robots already deployed in some industrial settings.

Emerging opportunities across the economy

 Blackboard, Text, Symbol

For individual users, the core opportunity lies in a ‘delegation layer’ between people and the digital services they rely on: agents that can translate natural-language intent into executable sequences of steps across tools, services and platforms, reducing friction and cognitive load. Specific consumer benefits highlighted include reduced search costs through conversational product comparison, improved deal quality through continuous price monitoring and automatic coupon application, and support for switching and cancellation journeys.

Particular potential is identified for users with disabilities or limited digital literacy, for whom conversational interfaces may substantially lower barriers to digital participation, touching directly on the future of work and labour market inclusion.

For businesses, a large-scale study of a generative AI assistant in customer support found improvements of around 14 to 15% in issues resolved per hour, with the greatest gains among less experienced workers.

Illustrations of current commercial deployment include Allianz’s agentic system for automating food spoilage claims, which uses seven specialised agents, and the UK Government Digital Service’s trial of Microsoft 365 Copilot across 20,000 staff, which reported time savings of 26 minutes per person per day.

For regulators, the CMA has already deployed agentic AI to detect consumer harms such as drip pricing. The DRCF discusses how agentic supervision tools could enable compliance monitoring at a scale and speed that would be impossible for human inspectors alone, pointing to a future in which regulators themselves are among the primary users of the technologies they oversee.

Amplified and novel risks

 Pen, Adult, Male, Man, Person, Text, Furniture, Table

Agentic AI does not merely introduce new hazards; it amplifies existing ones through the combination of autonomy, multi-step execution and access to sensitive data. The most structurally significant risk is accountability fragmentation, which the DRCF describes as the ‘many hands problem’: when a deployment involves a model provider, a system provider and a downstream deployer, each contributing distinct elements to an outcome, attributing liability for harm becomes substantially more complex than in conventional software.

Model providers have a role in monitoring and emergency controls, system providers in adapting those tools to the context, and downstream deployers in maintaining oversight during operation. Importantly, the foresight paper makes clear that ‘my agent did it’ is not a defence any UK regulator will accept as organisational responsibility for legal compliance remains unchanged regardless of the agent autonomy.

Data protection risks are particularly acute. Agentic systems frequently require broad access to personal and operational data, which may be shared across multiple agents and integrated with external tools in ways that make it difficult to maintain the data minimisation principle under the UK GDPR.

Action bundling, the tendency of agents to execute sequences of steps that would normally represent separate consumer decisions simultaneously and at speed, raises questions about whether consent remains meaningful.

Cascading errors, where a flaw in one agent propagates across interconnected systems with amplified effect, are identified as a governance challenge with potentially systemic consequences touching on critical infrastructure. The Moffatt v. Air Canada case, in which an automated system provided incorrect information and the airline was held accountable, is cited by respondents to the call for views as an illustration of how accountability challenges in automated deployments are already reaching the courts.

Cybersecurity risks are materially increased by agentic capabilities. Agents designed to ingest and act on content from diverse external sources are particularly vulnerable to prompt injection attacks, in which malicious instructions are embedded in the content the agent processes, raising direct cybersecurity concerns.

Agents may also operate under non-human identities (NHIs) without the session-based oversight that applies to conventional user authentication, creating surfaces for privilege escalation and data exfiltration. A documented attack in which agentic AI was used to perform 80 to 90% of the attack lifecycle illustrates how the same capabilities that make agents useful can be weaponised at speeds and scales beyond human capacity to manage.

Hyper-personalisation adds a further risk dimension. Agents with persistent memory and detailed user profiles can generate highly persuasive communications, and the same techniques can be turned to personalised fraud, as demonstrated in documented AI-driven influence campaigns. Where agents are optimised to advance the commercial objectives of deployers through undisclosed advertising arrangements or data-extractive digital business models, they may channel users toward platform-preferred outcomes while presenting themselves as neutral intermediaries.

Foresight scenarios and their regulatory implications

 Face, Head, Person, Photography, Portrait, Adult, Female, Woman, Skin

A methodologically distinctive feature of the foresight paper is its use of scenario analysis to stress-test the cross-regulatory implications of different agentic AI futures. Building on the ICO’s Agentic AI Tech Futures Report, the DRCF constructed a two-by-two matrix of four plausible futures defined by two critical uncertainties: the capability level of agentic systems and the degree of their adoption in the economy.

Subject-matter experts from all four regulators examined each scenario for regulatory synergies and friction points in a cross-regulatory workshop.

The first scenario, ‘scarce, simple agents’, describes low capability and low adoption, in which agents remain narrow tools used in controlled professional contexts with close human oversight. The regulatory challenges here are primarily about maintaining proportionality without over-regulating an immature technology.

The second scenario, ‘just good enough to be everywhere’, combines low capability with high adoption: agents are widely deployed despite significant limitations, creating systemic consumer harm at scale and widespread accountability confusion. Of the four scenarios, this is considered the most acute near-term risk.

The third scenario, ‘agents in waiting’, describes high capability but low adoption, in which powerful agents are held back by regulatory uncertainty, liability concerns or lack of consumer trust. The regulatory challenge shifts from harm prevention to enabling conditions: excessive caution risks suppressing valuable innovation.

The fourth scenario, ‘ubiquitous agents’, represents high capability combined with high adoption, a fully agentic future in which agents mediate most consumer-market interactions and manage enterprise workflows autonomously. Winner-takes-most market concentration, spontaneous algorithmic collusion, systemic accountability gaps and agent-to-agent communication operating beyond human-readable oversight are identified as the primary governance challenges in this scenario.

The cross-regulatory workshop exercise enabled the four regulators to map not only sector-specific risks within each scenario but also the points where their remits intersect or conflict. The DRCF presents this methodology as a model for ongoing interdisciplinary horizon scanning that other jurisdictions could adapt to stress-test their own frameworks before tensions manifest in real-world deployments.

The cross-regulatory challenge

 Art, Graphics, Adult, Male, Man, Person, Head

Using the example of a large UK retailer deploying an autonomous customer assistant, the DRCF demonstrates how a single agentic deployment can simultaneously raise data protection issues for the ICO through automated decision-making on credit or loyalty discounts, financial regulation concerns for the FCA if the assistant recommends or arranges financial products, online safety duties for Ofcom if the agent retrieves and synthesises information from third-party websites in ways that may constitute a regulated search service under the Online Safety Act 2023, and competition regulation and consumer protection matters for the CMA if the agent behaviour steers users away from competitors or constitutes algorithmic collusion.

No single regulator holds the full picture, yet each may need to act.

Each regulator sets out its current approach. The ICO launched a public consultation on updated automated decision-making and profiling guidance on 31 March 2026, responding to the reforms introduced by the Data (Use and Access) Act 2025, section 80 of which came into force on 5 February 2026.

That provision replaced Article 22 of the UK GDPR with new Articles 22A to 22D, substituting the previous near-prohibition on solely automated decision-making with a more permissive, safeguards-based framework. The consultation closed on 29 May 2026, with final guidance expected in summer 2026.

The ICO has also been formally commissioned under the Statutory Instrument 2026/425 to produce a statutory code of practice on AI and automated decision-making, which will carry evidential weight in enforcement proceedings and is expected to address agentic systems directly.

The FCA applies its outcomes-focused Consumer Duty to firms using agentic AI in financial services, with its AI Live Testing platform providing a supervised environment for firms to experiment with agentic use cases. Ofcom is assessing how agentic AI affects telecoms markets and whether agent-enabled services fall within the scope of its online safety regime.

The CMA draws on the Digital Markets, Competition and Consumers Act (DMCCA) to address strategic market status, self-preferencing and exclusionary conduct in agentic AI contexts, and has published guidance for businesses on complying with consumer law when using AI agents.

Governance, accountability and human oversight

 Pen, Chart

Observability, defined as the ability of deployers to understand what is happening within a system by examining its outputs, including logs of interactions, reasoning steps, action traces and performance metrics, is identified as a foundational governance requirement. Legal obligations under data protection law, consumer law, competition law, financial regulation and online safety requirements apply regardless of the degree of automation involved.

Nominal human oversight, where a person is present but has no genuine capacity to intervene, does not satisfy the human-in-the-loop requirement under UK data protection law when automated decisions have legal or similarly significant effects on individuals. Permissions controls that specify which data sources an agent may access are presented as both a data governance and a data minimisation tool, with the additional benefit of reducing consent fatigue: the risk that users who are repeatedly prompted to approve the agent actions begin doing so without meaningful deliberation.

Responsibility in multi-agent systems remains one of the most unresolved points in the analysis. As agents interact with each other and blend datasets without human involvement, identifying who controls which data and who is responsible for a given compliance failure under the UK GDPR becomes progressively harder.

Respondents to the call for views proposed that regulators require firms to adopt AI supply chain governance frameworks addressing component integrity, compatibility, and risk propagation. The DRCF raises the concept of ‘transparency agents’, systems designed specifically to monitor inter-agent transactions and maintain audit trails, noting that governing agentic AI may itself require agentic tools.

Consumer rights, market dynamics and algorithmic collusion

 Lighting, Architecture, Building, Wall

The Consumer Rights Act 2015 and the consumer protection provisions of the DMCCA apply fully to agentic AI providers. Drawing on the CMA’s research on agentic AI and consumers, published on 9 March 2026, the core risk identified is that systems optimised for the deployer’s commercial objectives through undisclosed advertising arrangements or data-extractive business models may influence consumer protection outcomes in ways users cannot anticipate or contest.

‘Choice outsourcing’ is identified as an emerging structural risk: when consumers delegate comparison and transaction decisions to agents that, in turn, respond to platform incentives, competition shifts from the product layer to the agent layer, with firms competing to be favoured by assistants rather than to offer the best price or quality.

Digital inequality receives dedicated analysis across two distinct risk groups. Users with lower media literacy and limited device access may struggle to recognise AI-generated responses, navigate privacy controls or correct agent errors. Users with higher digital literacy may nonetheless find their critical assessment skills weakened by the reduced visibility into multi-agent decision-making.

As agentic AI becomes embedded in everyday systems, the DRCF cautions that users may increasingly feel that non-adoption means being shut out of services entirely, a form of structural compulsion that existing consumer protection frameworks were not designed to address.

Algorithmic collusion is among the most technically specific risk areas addressed. Experimental evidence suggests that LLM-based agents may spontaneously converge on supra-competitive prices in price-setting, bidding and financial market simulations without explicit instruction, maintaining those prices even as conditions change.

Research also demonstrates that AI systems can develop covert communication strategies, including hiding messages within ordinary text, and may evolve faster non-natural-language communication protocols as alternatives to human-readable exchange.

All existing collusion evidence comes from controlled experimental conditions rather than from real-world markets, but the DRCF treats the findings as sufficient to warrant caution in deploying agents in pricing roles. The CMA’s paper on AI and collusion, published on 4 March 2026, provides the most detailed UK regulatory analysis of these risks to date.

Open communication protocols such as the Model Context Protocol (MCP) and Agent2Agent (A2A) are discussed as tools for supporting interoperability and reducing vendor lock-in, although their competitive implications remain to be addressed.

Further developments

 Computer, Electronics, Tablet Computer, Computer Hardware, Hardware, Monitor, Screen

Since the foresight paper was published in March 2026, the regulatory programme it outlines has moved forward on several fronts. Most notably, on 3 June 2026 the DRCF launched a call for input on consumer interest and AI, open until 3 July 2026. Structured in two phases, the call gathers the consumer evidence that the four regulators need to apply their existing rules more effectively.

Phase one examines consumer attitudes: how much risk consumers will tolerate from generative and agentic AI in exchange for convenience and cost savings, how well they understand the technology, and whether disclosures and consent mechanisms have a meaningful effect. Phase two asks what tools, frameworks and obligations can best deliver good consumer outcomes.

The call is significant as it represents the first concrete step toward building an empirical evidence base for enforcement rather than anticipatory guidance. Findings will feed directly into the autumn regulatory agenda of all four member bodies.

The ICO’s consultation on the updated automated decision-making and profiling guidance closed on 29 May 2026, with final guidance expected later in 2026. The FCA’s Mills Review, which examined how advanced AI models could reshape retail financial services by 2030, is on track to deliver recommendations to the FCA Board in summer 2026, with an external publication to follow. Cohort 2 of the FCA’s AI Live

Testing programme has launched, building on findings from the first cohort. Ofcom is expected to publish its 2026 to 2027 strategic approach to AI later in the year, covering agentic AI’s implications for telecoms markets and online safety.

The UK regulatory landscape is also developing in an international context. Spain’s data protection authority, the AEPD, published a detailed technical guide on AI agent architecture in February 2026, addressing prompt injection vulnerabilities and automated decisions under Article 22 of the GDPR, one of the most granular analyses produced by a European data protection authority to date.

In March 2026, an EU Parliament committee voted in favour of amendments pushing EU AI Act high-risk compliance deadlines to December 2027 and August 2028, reflecting continued implementation pressure at the EU level.

Together, these developments illustrate that the governance issues raised by the DRCF are being worked through simultaneously across multiple jurisdictions, with regulatory divergence as real a risk as convergence.

Implications for the broader digital governance landscape

 Person, Security

The DRCF’s multi-regulator framing reflects a structural reality that most national governance frameworks have not yet fully absorbed: agentic AI is not a sector-specific technology but a general-purpose capability that simultaneously activates legal obligations across multiple regulatory domains.

Countries that have assigned AI oversight to a single lead authority may find that agentic AI creates accountability gaps at the boundaries between those domains that a single-regulator model cannot address.

A fundamental difference between the UK approach and the EU AI Act is worth noting. The EU AI Act employs a risk-based classification system applied at the level of AI systems and their use cases, imposing pre-market obligations on high-risk systems before deployment.

The UK’s approach applies existing sector-specific rules to AI through the regulator most relevant to a given harm, without a central AI authority or horizontal AI statute. Both approaches acknowledge that deploying an AI agent does not transfer legal accountability to the agent; accountability remains concentrated on the deployer.

Where the two frameworks diverge is in their approach to ex ante versus ex post intervention. The UK model relies more heavily on enforcement after harm has occurred, supplemented by guidance and safe-space testing.

The EU model attempts to prevent certain harms before deployment. The ‘just good enough to be everywhere’ scenario, in which low-capability agents cause consumer harm at scale, implicitly raises the question of whether the post-hoc enforcement model is sufficiently robust for the near-term agentic AI risks the DRCF itself identifies as the most pressing.

On standards and interoperability, the governance of agent communication protocols is emerging as a question of digital standards and competition policy as much as a technical one. If open protocols such as the Model Context Protocol (MCP) and Agent2Agent (A2A) become widely adopted, they could reduce the ecosystem advantages that currently favour large incumbent platform operators.

If dominant firms instead establish proprietary standards, the market concentration risks in the ‘ubiquitous agents’ scenario could materialise more rapidly.

A related concept raised in the foresight paper is ‘know your agent’ protocols, analogous to ‘financial services ‘know-your-customer frameworks’ in financial services, as a tool for verifying agent identity, intent and permissions in commercial settings. Potential links are noted to the digital identity reforms currently under development in the UK. How these standards issues are addressed will significantly shape the competitive landscape of agentic AI markets over the next several years.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Parliament backs AI Act simplification and nudifier app ban

The European Parliament has approved amendments to parts of the EU AI Act as part of the digital omnibus package, postponing some compliance deadlines while adding a ban on AI systems used to create non-consensual sexually explicit content.

MEPs backed the changes with 423 votes in favour, 57 against and 174 abstentions. The measures are intended to simplify compliance for companies while preserving the AI Act’s risk-based structure and core safeguards.

Under the approved text, obligations for stand-alone high-risk AI systems would apply from 2 December 2027. Obligations for AI systems embedded as safety components in products covered by the EU sectoral safety and market surveillance legislation would apply from 2 August 2028.

The text also delays the obligation to watermark AI-generated content until 2 December 2026. By then, AI-generated content will need to be labelled in a machine-readable way to support transparency.

Parliament also approved a ban on AI systems that generate child sexual abuse material or create images, videos or audio depicting an identifiable person’s intimate parts or sexually explicit activities without consent. Providers would not be allowed to place such systems on the EU market unless they include adequate technical safeguards to prevent the creation of such material. The ban would also apply to deployers using systems for that purpose.

Other changes include removing overlapping requirements for AI used in machinery products, clarifying the definition of ‘safety component’, extending some SME exemptions to small mid-cap enterprises, and streamlining enforcement of certain general-purpose AI systems through the EU AI Office.

The legislation still needs formal adoption by the Council before it can enter into force.

Why does it matter?

The vote shows the EU trying to adjust the implementation AI the AI Act without reopening the law’s overall risk-based architecture. Delaying some deadlines could reduce legal uncertainty for businesses and give standards, guidance, and support measures more time to mature. At the same time, the proposed ban on nudification tools and AI-assisted child sexual abuse material addresses a fast-growing harm linked to generative AI, especially image and video manipulation targeting women and minors.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!