EU proposes Cloud and AI Development Act to boost tech sovereignty

The European Commission has published a proposal for the Cloud and AI Development Act to strengthen Europe’s cloud and AI ecosystem, investment and infrastructure.

CADA forms part of the Commission’s Tech Sovereignty Package and is also linked to the AI Continent Action Plan.

The proposal aims to make it easier and faster to deploy sustainable data centres and cloud infrastructure across the EU.

The Commission said Europe needs more cloud, data centre and computing capacity as demand for AI grows across businesses and public administrations.

It also warned that long permitting procedures, limited access to energy, land and financing, and overreliance on non-EU cloud service providers are holding back Europe’s digital autonomy and resilience.

The Act is intended to accelerate cloud and AI deployment in critical sectors while keeping the European market open to international partners.

The broader Tech Sovereignty Package also includes Chips Act 2.0, an EU Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy.

The proposal will now need to go through the EU legislative process before final rules are adopted.

Why does it matter?

Cloud infrastructure is becoming the foundation for AI deployment, public services and critical industries. CADA shows the EU trying to treat cloud and compute capacity as strategic infrastructure, not only as a commercial service. The proposal could shape data-centre deployment, public procurement and investment in European cloud and AI capacity, while also raising difficult questions about energy demand, semiconductor dependence, market openness and how far digital sovereignty can realistically go.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

NVIDIA unveils RTX Spark for the AI-powered PC era

NVIDIA and Microsoft have introduced RTX Spark, a new Windows PC platform designed for personal AI agents.

NVIDIA describes RTX Spark as a 1-petaflop superchip that combines its AI and graphics stack with Windows-native agent capabilities.

NVIDIA’s Blackwell architecture powers the platform and supports up to 128GB of unified memory.

According to NVIDIA, RTX Spark will allow users to run local AI agents, large language models, creative workflows and advanced games on laptops and compact desktop PCs.

The company said the platform can run 120-billion-parameter large language models with up to 1 million tokens of context locally.

NVIDIA and Microsoft are also introducing new Windows security primitives and NVIDIA OpenShell to help agents run securely on primary devices.

OpenShell will allow users to define what agents can and cannot do, route queries to local models according to privacy policies and mask personal information when cloud models are used.

RTX Spark-powered laptops and compact desktops are expected to be available this autumn from manufacturers including ASUS, Dell, HP, Lenovo, Microsoft Surface and MSI, with Acer and GIGABYTE models to follow.

Why does it matter?

RTX Spark reflects the industry shift towards AI-native personal computers, where more AI processing happens locally on the device. Running agents and large models on PCs could improve privacy, reduce latency and make advanced AI tools less dependent on cloud access. The governance question is whether local agents can operate with clear user permissions, strong containment and meaningful accountability as they gain the ability to search files, interact with apps and execute tasks across a personal device.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Sysdig reports first documented agentic ransomware case

Cloud security firm Sysdig says it has documented the first known case of agentic ransomware, after observing an AI-driven extortion operation it tracks as JADEPUFFER.

According to Sysdig, the operation began with exploiting CVE-2025-3248 on an internet-facing Langflow instance. Langflow is an open-source framework for building LLM-driven applications and agent workflows.

The attacker then pivoted towards a production database server running MySQL and Alibaba Nacos.

Sysdig said the operation was driven by a large language model rather than a traditional human-led toolkit. The agent carried out reconnaissance, credential harvesting, lateral discovery, persistence and destructive database activity.

The company said JADEPUFFER executed more than 600 distinct payloads and adapted to failures in real time. In one case, the agent moved from a failed login attempt to a corrected working approach in 31 seconds.

CyberScoop later reported Sysdig’s clarification that the attack was not fully human-free. A person still set up and directed the operation, provisioned command-and-control and staging infrastructure, chose the victim, and supplied credentials likely obtained through a prior compromise.

Sysdig also said API keys for OpenAI, Anthropic, DeepSeek and Gemini were among the material the agent collected from the compromised environment. That does not confirm which model powered the attack.

The case is notable less for novel techniques than for automation. Sysdig said the attack relied on known vulnerabilities and exposed infrastructure, but an AI agent chained the steps together quickly and carried out a ransomware-style database extortion workflow.

Why does it matter?

JADEPUFFER shows how agentic AI could change cybercrime by automating work that previously required skilled operators. Even if humans still choose targets and set up infrastructure, agents can speed up reconnaissance, credential theft, lateral movement and destructive activity once access is available. The defensive lesson is immediate: exposed AI tools, unpatched systems, leaked credentials, and internet-facing databases become more dangerous when attackers can automate exploitation and adaptation at machine speed.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Intesa Sanpaolo moves core IT systems to Google Cloud in Italy

Intesa Sanpaolo has completed the migration of core IT systems to Google Cloud’s Italian regions, hosted in TIM data centres in Milan and Turin.

The Italian banking group said the project is one of the largest cloud migrations carried out by a European financial institution. It forms part of a broader digital transformation effort with Google Cloud and TIM.

The migration involved more than 800 business applications and the retirement of a similar number of legacy systems previously hosted on the bank’s own infrastructure.

According to the partners, the transition was completed while maintaining operational continuity for the bank’s services.

Google Cloud provided cloud infrastructure and data capabilities, while TIM hosted the Italian cloud regions and supported data centre services, connectivity and project governance.

Intesa Sanpaolo said the migration strengthens its cloud-first strategy and provides the technological foundation for Isytech, its cloud-native digital platform for customers and employees across the group.

The bank also linked the project to workforce transformation. More than 3,000 employees participated in cloud training programmes, earning more than 170 Google Cloud certifications.

The project is intended to support advanced analytics, AI adoption and future digital banking services while keeping workloads in Google Cloud’s Italian regions.

Why does it matter?

The migration shows how major European banks are modernising legacy IT infrastructure to support AI, analytics and digital financial services. Moving core systems to cloud environments can improve scalability and accelerate new services, but it also raises important questions about resilience, cybersecurity, data governance and regulatory compliance. The use of Italian cloud regions hosted in TIM data centres reflects the growing importance of data residency and trusted infrastructure in regulated financial services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU examines cloud competition under the Digital Markets Act

The European Commission has held a stakeholder roundtable on cloud computing services as part of its ongoing market investigation under the Digital Markets Act.

The roundtable brought together cloud providers, business users, software providers and technical experts to discuss practices that may affect contestability and fairness in cloud markets.

Discussions focused on interoperability and technical features, financial conditions, and contractual and commercial practices.

Participants examined practical technical, commercial and regulatory approaches that could reduce switching barriers, improve interoperability and strengthen customer choice.

The Commission said the roundtable forms part of a fact-finding exercise to assess whether current DMA obligations are effective in addressing practices that limit competitiveness or are unfair in the cloud sector.

The process is separate from the Commission’s pending investigations into the potential designation of two cloud providers.

The Commission said it will publish a report setting out its findings within 18 months of opening the investigation, and no later than May 2027.

Why does it matter?

Cloud computing is now a core layer of Europe’s digital infrastructure, supporting AI, public services, software markets and enterprise operations. Switching barriers, restrictive contracts or weak interoperability can lock customers into specific providers and reduce competition across the wider digital economy. The Commission’s investigation shows that DMA enforcement is moving beyond consumer-facing platforms towards the infrastructure markets that underpin AI and digital services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Microsoft Defender adds protection for local AI agents

Microsoft has announced new Defender capabilities designed to help organisations secure local AI agents and Model Context Protocol servers across enterprise environments.

The company said Microsoft Defender can now discover more than 25 types of local AI agents and MCP servers across managed Windows and macOS devices.

Microsoft said the feature also provides runtime protection when developers use coding agents such as GitHub Copilot CLI or Claude Code. According to the company, Defender can detect and block prompt injection attempts before a malicious action is executed.

Security teams can investigate AI agent exposure through Advanced Hunting. Microsoft said the local AI agent capabilities are currently in preview.

The update reflects a broader shift in enterprise security as organisations deploy AI agents, coding tools and MCP servers inside development and productivity workflows.

Microsoft also announced Codename MDASH, a private-preview multi-model agentic scanning system designed to discover, validate and help remediate software vulnerabilities. The company said MDASH can route validated issues into Microsoft Defender workflows and engineering pipelines.

Other June security updates include Microsoft Entra Backup and Recovery, expanded multicloud coverage in Defender for Cloud, new database threat protection for open-source relational databases on AWS RDS, Microsoft Purview customisable reports and a unified identity risk score.

Why does it matter?

AI agents are becoming part of enterprise infrastructure, which means they also become part of the attack surface. Local coding agents, MCP servers and agentic development tools can interact with files, code, credentials and internal systems. Microsoft’s update shows end point security expanding beyond traditional malware detection towards prompt injection, agent exposure and AI-driven development workflows. It also reflects a wider trend: security teams will need visibility and controls for AI systems deployed inside organisations, not only for cloud-hosted models.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

University of Wisconsin launches College of Computing & AI

The University of Wisconsin-Madison has launched its College of Computing & Artificial Intelligence (CAI), the institution’s first new college in more than four decades.

The new college brings together the departments of Computer Sciences, Statistics and the Information School, building on the School of Computer, Data & Information Sciences established in 2019.

The college will focus on computing and AI education and research while promoting collaboration across fields including health, engineering, business, the social sciences, the arts and the humanities.

The university also plans to launch new academic programmes, recruit 50 faculty members over the coming years and expand partnerships with industry and government to strenthen research, education and innovation.

Why does it matter?

The creation of a dedicated College of Computing & Artificial Intelligence reflects the growing importance universities are placing on AI as a cross-disciplinary field rather than a specialised area within computer science. By bringing together expertise from multiple disciplines, the university aims to prepare students and researchers to address the technical, social and ethical challenges of AI.

The investment also highlights intensifying competition among higher education institutions to attract talent, research funding and industry partnerships in AI. Expanding faculty, academic programmes and collaboration with government and business positions the university to play a larger role in developing the next generation of AI research and workforce skills.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft launches $2.5 billion AI implementation business

Microsoft has announced a $2.5 billion investment to create Microsoft Frontier Company, a new operating business focused on helping organisations deploy AI systems at scale.

The company said the unit will embed 6,000 engineers, consultants, support specialists and industry experts with customers to design, deploy and continuously improve AI systems linked to measurable business outcomes.

Microsoft said the initiative responds to a shift in enterprise AI adoption, as companies move from experimentation to implementation, return on investment, and the protection of proprietary knowledge.

A central part of the approach is model choice. Microsoft said customers should be able to use different models for different scenarios, including models from OpenAI, Anthropic, Microsoft AI, open-source communities and specialised industry developers.

The company also said customer data, intellectual property, workflows and competitive knowledge should remain protected and should not be used to train models in ways that reduce customers’ market advantages.

Microsoft said early projects with organisations including the London Stock Exchange Group, Land O’Lakes, Unilever and Novo Nordisk have already delivered measurable outcomes through AI integration.

Rodrigo Kede Lima will serve as president of Microsoft Frontier Company. Microsoft said the new business will work with global systems integration partners, including Accenture, Capgemini, EY, KPMG and PwC.

Why does it matter?

The announcement shows how the enterprise AI market is shifting from access to models towards implementation, integration and measurable business outcomes. Many organisations already have AI tools, but struggle to embed them into workflows, protect proprietary data and show returns on investment. Microsoft’s new unit positions the company as an AI engineering and services partner across models, cloud infrastructure and enterprise operations, while also reflecting growing demand for multi-model AI ecosystems rather than single-provider dependency.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Singapore proposes Digital Infrastructure Bill to strengthen cloud security

Singapore has launched a public consultation on a proposed Digital Infrastructure Bill that would establish a comprehensive regulatory framework for major cloud computing services and data centres.

Published jointly by the Ministry of Digital Development and Information and the Infocomm Media Development Authority (IMDA), the draft legislation aims to strengthen the resilience and security of critical digital infrastructure while introducing mandatory environmental sustainability standards for data centre operations.

The Bill recognises digital infrastructure as a foundation of Singapore’s digital economy, supporting services ranging from digital banking and e-commerce to cloud platforms and public administration. Unlike earlier amendments to the Cybersecurity Act, which focused primarily on cyber risks, the proposal extends regulatory oversight to operational resilience, business continuity, disaster recovery and environmental sustainability.

A central feature is a new licensing regime for major foundational digital infrastructure (FDI) providers. Cloud providers generating at least S$100 million annually from Singapore-based customers through Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) offerings would require a major FDI licence.

Cloud and colocation data centres with a critical IT load of at least 10 megawatts serving third parties would also fall within the regime. Licensed providers will be required to implement robust physical security and cybersecurity measures, maintain business continuity and disaster recovery plans, and report cybersecurity incidents and service disruptions to IMDA.

The Bill also establishes a separate licensing regime for data centres with a critical IT load of at least 3 megawatts. In addition to operational capability, applicants would be assessed against energy efficiency, water efficiency and broader sustainability criteria.

Beyond operational capability, applicants will be assessed on energy efficiency, water efficiency and broader sustainability considerations. Licensed operators will initially need to comply with facility-level Power Usage Effectiveness (PUE) requirements, while the legislation enables future regulations covering IT equipment efficiency and water consumption.

Singapore’s Green Data Centre Roadmap and previous voluntary industry standards will therefore evolve into legally enforceable baseline requirements across the sector.

IMDA would receive broad enforcement powers, including the authority to grant, suspend and revoke licences, issue binding codes of practice, conduct investigations and impose financial penalties. The Bill also proposes amendments to Singapore’s Cybersecurity Act to ensure consistency across the country’s digital infrastructure framework. Public consultation remains open until 22 July 2026.

Why does it matter?

The proposed legislation reflects a growing shift in how governments view digital infrastructure. As cloud computing and data centres become increasingly critical to AI, financial services and public administration, policymakers are expanding regulation beyond cybersecurity to include operational resilience, business continuity and environmental sustainability.

Singapore’s approach could also serve as a model for other digital hubs. By combining resilience requirements, licensing, cyber oversight and sustainability obligations within a single regulatory framework, the Bill illustrates how governments are adapting infrastructure governance to support the rapid growth of cloud services and AI-driven computing.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Saudi Arabia leads world in digital connectivity

Saudi Arabia has ranked first globally in the International Telecommunication Union’s 2025 ICT Development Index, which measures progress towards universal and meaningful connectivity.

The index assessed 164 economies using indicators grouped around universal and effective connectivity. Saudi Arabia’s Communications, Space and Technology Commission said the result reflects sustained investment in digital infrastructure and the country’s efforts to strengthen the competitiveness of its technology sector.

CST said advanced telecommunications networks have helped support digital economic growth, attract investment and expand the role of technology across the economy.

According to the regulator, Saudi Arabia’s digital economy reached SAR 495 billion in 2024, accounting for 15% of the national GDP. The country’s ICT market was valued at SAR 180 billion in 2024, according to CST, which described it as the largest and fastest-growing in the MENA region.

The regulator also said mobile subscriptions reached 212% of the population, while average monthly data use per person was more than three times the global average.

The ranking supports Saudi Arabia’s broader digital transformation agenda, which links connectivity investment to economic diversification, emerging technology adoption and the growth of digital services.

Why does it matter?

Connectivity is a foundation for digital transformation. High-performing broadband and mobile networks can support cloud services, AI adoption, digital public services and new business models. Saudi Arabia’s ranking also shows how Gulf states are using telecommunications infrastructure as part of wider economic diversification strategies, with digital markets increasingly tied to competitiveness, investment and technological sovereignty.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!