Artificial intelligence

UK Ofcom sets out AI safety and innovation strategy

Ofcom has outlined its approach to enabling safe and secure AI adoption across the UK communications sectors it regulates and within its own work.

The regulator said its approach is technology-neutral and outcomes-based, aligning AI oversight with its wider mission of making communications work for everyone while supporting innovation and growth.

Ofcom’s report uses case studies to show how AI is already shaping regulatory work and the sectors it oversees. Planned and recent initiatives include building a pilot data lake to make spectrum licensing and online safety data more accessible, engaging with innovators to identify regulatory uncertainty, and assessing public trust in AI chatbots.

The regulator is also examining the impact of AI on telecoms customer experience, exploring AI deployment in broadcasting, assessing AI use in cybersecurity for telecommunications networks, and considering how AI could support network management and optimisation.

Alongside innovation support, Ofcom said it is monitoring AI-related risks and emerging harms. Its work includes guidance on technology-led mitigation against deepfakes, research into chatbot-related harms, and action to address risks posed by AI systems to users.

Ofcom said it coordinated with the AI Security Institute and the National Cyber Security Centre to brief stakeholders on the frontier AI cybersecurity implications following Anthropic’s preview of Claude Mythos, which caused concern. It also said it launched a formal investigation into X’s Grok chatbot.

The regulator is also piloting responsible AI use internally, including tools to support policy development, research, consultation processes, tracking of technical standards, and operational efficiency. Ofcom said it will take a safety-first approach and roll out internal AI tools only once it is confident they are safe and secure.

Why does it matter?

Ofcom’s approach shows how AI governance is becoming operational inside sector regulators, not only debated at the government level. The strategy links innovation support with risk monitoring across online safety, telecoms, broadcasting, cybersecurity, spectrum management, and consumer protection. It also shows regulators experimenting with AI in their own workflows while trying to maintain safety, accountability, and public trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

EU and India deepen digital cooperation through Tech Business Forum

The European Union and India have concluded the first EU-India Tech Business Forum in New Delhi, advancing digital and trade cooperation under the framework of the EU-India Trade and Technology Council (TTC). The forum brought together businesses, policymakers, researchers, think tanks, and civil society to strengthen private-sector collaboration and identify opportunities for joint innovation.

The forum was organised by the EU Delegation to India and Bhutan and India’s Ministry of Electronics and Information Technology, with support from industry organisations including the Federation of European Business in India and the National Association of Software and Service Companies (NASSCOM).

More than 100 European and Indian technology companies participated in discussions covering semiconductors, AI, cybersecurity, data governance and digital public infrastructure.

Participants explored opportunities to strengthen interoperability, advance cooperation on technical standards and improve market access for companies operating in both markets. The forum also aimed to operationalise wider EU-India cooperation, including the recently concluded Free Trade Agreement and the Administrative Arrangement on Advanced Electronic Signatures and Seals signed under the Trade and Technology Council in January 2026.

Speaking at the forum, EU Ambassador to India Hervé Delphin said:

In today’s fragmented world, working with trusted partners like India is essential to diversify supply chains and reduce over-reliance on certain sources and geographies.

He said Europe brings strengths in advanced technology, innovation, and regulation, while India offers scale, talent, and technological applications.

The forum’s outcomes are expected to shape the next steps in EU-India digital and trade cooperation. The Trade and Technology Council remains the primary framework for EU-India cooperation on strategic technologies, digital governance and connectivity, covering areas such as digital public infrastructure, semiconductors, data governance and emerging technologies.

Why does it matter?

The EU and India are seeking to deepen cooperation on strategic technologies at a time when governments are prioritising supply chain resilience, digital sovereignty and secure technology partnerships. Closer collaboration in areas such as AI, semiconductors and cybersecurity could help both sides reduce dependencies and strengthen innovation ecosystems.

The forum also demonstrates the growing role of technology diplomacy in trade relations, with policymakers and businesses working together to address standards, interoperability and market access challenges that increasingly shape the global digital economy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Mayo Clinic and Microsoft partner to build frontier AI model for healthcare

Mayo Clinic and Microsoft have announced a strategic collaboration to develop and deploy a frontier AI model designed specifically for healthcare.

The initiative combines Mayo Clinic’s clinical expertise, de-identified health data, and longitudinal medical insights with Microsoft’s AI, cloud, engineering, and superintelligence capabilities.

The model is intended to support a broad range of clinical reasoning and healthcare use cases by synthesising diverse clinical information. Mayo Clinic said it could support earlier diagnoses, more personalised treatment decisions, and improved patient outcomes.

Unlike general-purpose AI systems, the model is being developed for healthcare environments that require deep clinical context, longitudinal understanding, rigorous governance, and real-world validation.

Mayo Clinic will own the model, which it said reflects its commitment to patient trust, clinical rigour, safety, and responsible stewardship of clinical data and AI.

The system will initially be deployed within Mayo Clinic’s clinical environment, where physicians and researchers can test, refine, and improve it through real-world use.

Microsoft plans to make the model available through Azure Foundry APIs, enabling healthcare organisations worldwide to access advanced medical AI capabilities designed to support patients, clinicians, and consumers.

Why does it matter?

The partnership shows how major health institutions and technology companies are moving towards domain-specific frontier AI models rather than relying only on general-purpose systems. Healthcare AI requires specialised data governance, clinical validation, longitudinal patient understanding, and robust safeguards, as errors can directly affect diagnosis, treatment, and patient trust. Mayo Clinic’s ownership of the model is also important because it signals an attempt to keep clinical accountability and data stewardship closer to the healthcare institution.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

European Commission unveils roadmap for AI and digitalisation in energy

The European Commission has published a Strategic Roadmap for Digitalisation and AI in the Energy Sector, outlining how digital technologies could support a more resilient, competitive and secure European energy system.

The roadmap outlines how digital tools and AI could help consumers and businesses reduce energy costs through greater efficiency, smarter energy consumption and improved management of electricity demand. It also highlights the role of digital technologies in supporting the integration of renewable energy into electricity grids.

The Commission has structured the roadmap around three main priorities. These priorities include integrating data centres into energy systems in a sustainable manner, accelerating the deployment of digital and AI-enabled technologies such as smart meters and intelligent grid solutions, and establishing a framework for secure cross-border energy data sharing.

The Commission said the plan will also focus on cybersecurity, AI trust, digital skills and international cooperation. As part of the next phase, the Commission plans to support industry cooperation initiatives and launch the AI.grids community, which will focus on developing AI models for energy network management across the EU.

Why does it matter?

The energy sector is becoming increasingly dependent on digital technologies to manage growing electricity demand, integrate renewable energy sources and maintain grid stability. AI and advanced data analytics could help improve efficiency, reduce costs and support more flexible energy systems.

At the same time, greater digitalisation introduces new challenges related to cybersecurity, data governance and infrastructure resilience. The roadmap signals the EU’s intention to ensure that digital transformation in the energy sector supports both sustainability goals and long-term energy security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

ILO calls for stronger EU action on mental health, AI and climate risks at work

The International Labour Organization has called for occupational disease prevention, mental health risks, AI, and climate change to become central elements of the European Union’s future workplace health and safety agenda.

The intervention was delivered during a European Parliament hearing on the EU strategic framework on occupational safety and health after 2027.

The ILO stressed that while Europe has reduced fatal workplace accidents, occupational diseases now account for more than 98% of work-related deaths in the EU. Cancer, respiratory diseases, and circulatory diseases remain the leading causes, underscoring the need for stronger prevention, better labour inspection, and improved recognition of work-related illness.

The organisation also highlighted emerging risks linked to digitalisation and environmental change. AI-driven systems are reshaping working conditions through algorithmic management, surveillance, and automated decision-making, while psychosocial pressures and mental health risks are becoming a growing concern for workers.

Climate change was also identified as a major occupational safety and health challenge, with rising temperatures and extreme weather events increasing risks across European workplaces.

The ILO urged the EU policymakers to integrate these evolving risks into a renewed strategic framework, alongside stronger international cooperation and prevention-based approaches. It said Europe can help shape global workplace safety standards through coordinated regulation, effective prevention, and sustainable working conditions.

Why does it matter?

The ILO’s intervention shows how workplace safety policy is expanding beyond traditional accident prevention. AI systems, algorithmic management, psychosocial risks, occupational disease, and climate-related hazards are becoming part of the same strategic debate. For the EU, the post-2027 framework will be a test of whether workplace regulation can adapt to technology-driven work organisation, demographic pressures, and climate volatility.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

European Central Bank warns banks to strengthen resilience as AI reshapes cyber threats

Europe’s banking sector must strengthen its operational resilience as AI transforms the cyber threat landscape and increases systemic risks, according to the European Central Bank (ECB). Speaking at a financial conference, Executive Board member Frank Elderson warned that technological disruption and geopolitical fragmentation are increasing pressure on financial infrastructure.

The ECB said Europe’s reliance on external providers for technology, energy and financial services creates vulnerabilities that could expose critical functions to operational disruptions. While banks remain financially stable, their ability to maintain critical services during cyberattacks or system failures has become key to long-term competitiveness and stability.

According to the ECB, AI is accelerating cyber risks by lowering barriers to sophisticated attacks, enabling faster identification of vulnerabilities and expanding the range of actors capable of conducting cyber operations. While supervisors have strengthened oversight through measures such as stress testing and the implementation of the Digital Operational Resilience Act (DORA), the ECB warned that cyber and operational risks continue to evolve rapidly.

Authorities are now urging banks to invest more heavily in systems, governance, and third-party risk management to ensure continuity of services under stress. The ECB emphasised that operational resilience should be viewed not only as a technical challenge but as a strategic priority for maintaining trust in financial services and supporting Europe’s wider economic transformation.

Why does it matter?

Financial stability increasingly depends not only on the financial health of banks but also on their ability to maintain critical services during cyber incidents, technology failures and operational disruptions.

As AI enables more sophisticated cyberattacks and financial institutions become more dependent on complex digital infrastructure and third-party providers, regulators are placing greater emphasis on operational resilience as a core component of financial stability, economic competitiveness and public trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

US SEC outlines roadmap for market growth, digital assets and investor protection

The US Securities and Exchange Commission (SEC) has released a draft strategic plan outlining its priorities for the coming years, with a focus on investor protection, market efficiency and capital formation.

The agency is seeking public feedback on the proposal, which also highlights the growing importance of digital assets and emerging technologies within the financial system.

Under the plan, the SEC aims to modernise its regulatory framework by supporting innovation while maintaining market integrity. Among its objectives is the development of a clearer and more consistent regulatory approach to digital assets and distributed ledger technologies, with the aim of providing businesses and investors with greater certainty.

The regulator also intends to strengthen engagement with market participants and review existing rules to improve compliance and effectiveness. The draft plan states that enforcement should focus on fraud, market manipulation and violations of existing laws, rather than relying on expansive interpretations of regulatory authority.

Technology modernisation is also a key component of the strategy, including plans to upgrade legacy systems and expand the use of technologies such as AI and blockchain. According to the SEC, these improvements could enhance oversight capabilities, reduce operational costs, and improve efficiency across the agency.

Why does it matter?

The SEC plays a central role in regulating the world’s largest capital market, making its approach to digital assets and emerging technologies influential beyond the United States. Greater regulatory clarity could affect how businesses develop blockchain-based services, how investors engage with digital assets and how other jurisdictions shape their own regulatory frameworks.

The proposal also signals a broader shift towards integrating AI and advanced technologies into financial supervision, reflecting growing efforts by regulators to adapt to increasingly digital and technology-driven markets.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

New Washington initiative targets legal frameworks for collective cyber defence

A new policy coalition has been launched in Washington to develop frameworks governing collaboration between government agencies and private companies on cyber operations, amid growing concerns that unresolved legal questions are limiting deeper cooperation.

Venable’s Center for Cybersecurity Policy and Law established the Cyber Operations Policy Coalition this week. The coalition aims to bring together industry representatives, government officials, legal experts, academics and civil society organisations to develop policy frameworks for collective cyber defence.

Corporate members include Microsoft, Lumen, Halcyon, Autonomous Cyber, and Voreas Labs. Non-corporate members span think tanks and academic institutions, including the Foundation for Defense of Democracies, the Cyber Threat Alliance, the Institute for Security and Technology, McCrary Institute for Cyber and Critical Infrastructure Security, and American University’s Tech, Law, and Security Program. The International Committee of the Red Cross and the Stimson Center participate as observers.

The coalition is coordinated by Stacy O’Mara and advised by a panel that includes former NSA Cybersecurity Director Rob Joyce, former CISA official Bryan Ware, and former Representative Jim Langevin.

During the launch event, current and former officials identified legal authorities, liability arrangements and operational rules as key areas requiring clarification before public-private cyber collaboration can expand at scale. Katie Sutton, assistant secretary of defence for cyber policy, noted that legal expertise would be central to closer integration, pointing to existing authority frameworks on both the government and industry sides.

Tonya Ugoretz, head of PwC’s Cyber & Risk Innovation Institute, highlighted the need for clearer liability frameworks to enable cyber operations without requiring case-by-case authorisation.

The initiative reflects the structure of the cyber domain, where much of the internet and critical infrastructure is privately owned, making companies both potential targets of cyberattacks and key partners in cyber defence efforts.

Several parallel developments add context to the coalition’s launch. The Joint Cyber Defense Collaborative, the CISA-led body for public-private cyber coordination, is mapping both defensive and potential offensive options for use in geopolitical crisis scenarios involving major infrastructure providers, according to JCDC deputy assistant director Matt Springer.

The US military has also more openly discussed offensive cyber operations in recent months, while Congress is considering a proposal for a dedicated cyber service branch.

The emergence of increasingly capable AI systems with cybersecurity applications has further expanded the range of technical, operational and legal questions facing policymakers.

Why does it matter?

Cybersecurity increasingly depends on cooperation between governments and private companies because much of the infrastructure targeted by cyberattacks is privately owned and operated. However, legal questions surrounding authority, liability and operational responsibilities remain unresolved in many jurisdictions.

The coalition reflects growing recognition that existing frameworks may not be fully suited to large-scale cyber defence efforts, particularly as geopolitical tensions, critical infrastructure threats and AI-enabled cyber capabilities increase. Its work could help shape future approaches to collective cyber defence and public-private cybersecurity cooperation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Australia issues guidance for government use of agentic AI

Australia’s Digital Transformation Agency (DTA) has issued an agentic AI addendum to its AI Technical Standard, providing guidance for government agencies exploring, developing or deploying agentic AI systems. The document provides best-practice guidance for agencies exploring, developing, or using agentic AI and states that existing requirements in the AI technical standard remain applicable.

The addendum says agentic AI systems may autonomously plan tasks, coordinate work, and trigger actions in real-world contexts. The addendum notes that agentic AI could improve the responsiveness, efficiency and consistency of public services, particularly in high-volume administrative environments, while also introducing new risks related to oversight, control and system behaviour.

The guidance defines agentic AI as systems capable of perceiving and interpreting their environment, maintaining an internal state, reasoning about objectives and autonomously executing actions within defined permissions and constraints. Agencies are advised to implement human oversight, operational safeguards, continuous evaluation processes and mechanisms that allow systems to be rolled back when necessary.

The addendum sets out guidance across the AI lifecycle, including governance and safeguards, memory management, workflow design, secure data exchange, technology selection, evaluation, tool integration, monitoring, and decommissioning. It also calls for clear human accountability, human-in-the-loop or human-on-the-loop oversight, auditable decision records, and orchestration layers.

The guidance recommends ongoing monitoring of agent behaviour, tool usage, memory functions, operational costs, latency, authorisations and changes in the operating environment. The addendum also recommends centralised oversight mechanisms, referred to as ‘control towers’, and calls for the secure decommissioning of agentic AI resources, including agents, associated data, memory stores, tools and system logs.

Why does it matter?

Agentic AI represents a shift from AI systems that generate outputs in response to prompts to systems capable of planning, coordinating tasks and taking actions with limited human intervention. While these capabilities could improve efficiency and service delivery, they also create new governance, accountability and security challenges.

Australia’s guidance reflects growing international efforts to establish safeguards for increasingly autonomous AI systems. The emphasis on human oversight, auditability and lifecycle governance highlights concerns that public-sector AI deployments must remain transparent, controllable and accountable as the technology evolves.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New Zealand’s NCSC warns frontier AI could amplify cybersecurity risks

New Zealand’s National Cyber Security Centre (NCSC) has issued guidance to help government agencies prepare for the cybersecurity implications of frontier AI systems. The advisory notes that frontier AI models may enable more advanced automation, reasoning and decision-making capabilities than previous generations of AI systems.

The guidance describes frontier AI as a dual-use technology, noting that the same capabilities that enhance cyber defence could also enable malicious actors to conduct cyber operations more quickly, at lower cost and on a larger scale. The NCSC warns that frontier AI could amplify risks associated with known vulnerabilities, legacy systems and poor cyber hygiene, creating what it describes as a ‘vulnerability storm’ for organisations.

According to the NCSC, organisations do not need access to the most advanced frontier AI models to strengthen their cyber resilience. Instead, it says effective readiness depends on existing cybersecurity mitigations and practices, including the New Zealand Information Security Manual, the NCSC Cyber Security Framework, Minimum Cyber Security Standards, and Protective Security Requirements.

The advisory urges government entities to treat several actions as immediate priorities, including reviewing compliance with existing standards, confirming executive accountability for frontier AI cyber risk, reviewing NCSC guidance, and identifying material gaps that AI-enabled threat actors could exploit.

The guidance also restates the NCSC Cyber Security Framework’s five functions: guide and govern, identify and understand, prevent and protect, detect and contain, and respond and recover. The advisory highlights a range of baseline cybersecurity measures, including risk management, security awareness, secure configuration, patch management, multi-factor authentication, least-privilege access controls, anomaly detection, data recovery and incident response planning.

Why does it matter?

Frontier AI is expected to increase the speed, scale and sophistication of cyber operations, potentially allowing attackers to identify vulnerabilities, automate exploitation and conduct campaigns more efficiently than before.

Rather than relying solely on new AI-specific defences, New Zealand’s guidance emphasises that strong cybersecurity fundamentals, including patching, access controls, monitoring and incident response, remain the most effective way to reduce risk. The advisory reflects a growing international view that AI is amplifying existing cyber challenges rather than replacing them with entirely new ones.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.