UK brings major cloud providers under financial oversight

The UK government has designated Microsoft, Google Cloud, Amazon Web Services (AWS) and Oracle as Critical Third Parties (CTPs), bringing the major cloud providers under direct financial regulatory oversight for the first time.

From 13 July 2026, the four companies will come under direct oversight by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), with the aim of strengthening the operational resilience of the UK financial system.

The new regime reflects the financial sector’s growing dependence on cloud infrastructure. Regulators will be able to assess the resilience of critical services, gather operational information and require providers to address risks that could disrupt banking, insurance or financial market infrastructure.

The oversight applies only to services considered systemically important to the financial sector, rather than to the companies’ wider commercial operations.

The UK government described the framework as a proportionate, risk-based approach designed to reduce the likelihood of widespread service disruptions affecting millions of consumers and businesses. It also said additional technology providers could be designated in the future if they meet the statutory threshold for systemic importance.

Microsoft, Google Cloud, AWS and Oracle all welcomed the framework, saying they would comply with the new requirements and continue supporting the resilience of the UK’s financial sector.

Why does it matter?

The designation marks a significant shift in financial regulation by extending direct oversight beyond banks and financial institutions to the technology providers that underpin critical financial services. As cloud infrastructure becomes increasingly central to banking, payments and financial markets, regulators are treating operational resilience as a systemic issue rather than solely a commercial responsibility.

The UK’s approach could also influence regulators in other jurisdictions. As financial institutions become more dependent on a small number of hyperscale cloud providers, governments may increasingly seek direct oversight of technology companies whose services have become essential to the stability of critical sectors.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

European Commission accepts SAP commitments in ERP antitrust case

The European Commission has accepted legally binding commitments from SAP to address competition concerns over maintenance and support (M&S) services for its on-premises enterprise resource planning (ERP) software.

The commitments follow the Commission’s preliminary finding that SAP may have abused its dominant market position by limiting customer choice, increasing switching costs and restricting competition in the aftermarket for ERP support services.

Under the agreement, SAP will give customers greater flexibility in managing software licences and support contracts. Businesses will be able to split their SAP environments and choose different maintenance providers or support levels for different parts of their systems.

SAP will also allow licence termination in specific circumstances, including reduced support phases, failed implementation projects attributable to SAP, insolvency, major workforce reductions and business divestitures.

Additional commitments include broader access to alternative licensing models, the removal of reinstatement fees, lower back-maintenance charges, clearer contractual terms and an internal mechanism for handling customer complaints related to compliance with the commitments.

The Commission opened its formal antitrust investigation in September 2025 after identifying practices that could have discouraged customers from using independent support providers and increased the cost of leaving SAP’s maintenance services.

Following a market test, SAP revised its proposal before the Commission concluded that the final commitments adequately addressed its concerns. The commitments will apply globally for ten years under the supervision of an independent monitoring trustee.

Executive Vice-President Teresa Ribera said the decision would give businesses using SAP’s on-premises ERP software greater freedom to choose maintenance and support providers while strengthening competition in enterprise software markets.

She added that the case sends a broader message that dominant technology companies should not use restrictive commercial practices to lock customers into their ecosystems, particularly as enterprises continue migrating to cloud-based services.

Why does it matter?

The decision reinforces the principle that customers should be able to choose maintenance and support providers without facing unnecessary contractual or financial barriers. For businesses relying on enterprise software, greater flexibility could reduce costs, increase negotiating power and make it easier to adopt competing services.

The case also shows that the European Commission is extending competition enforcement beyond consumer-facing digital platforms to enterprise software markets. As organisations increasingly depend on integrated cloud and business software ecosystems, regulators are paying closer attention to practices that may create customer lock-in and restrict competition after the initial software sale.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

CISA shares lessons from GitHub credential exposure

CISA has published details of an internal CISA incident response triggered after an investigative reporter alerted the agency to Amazon AWS GovCloud keys and other internal information exposed in a public GitHub repository.

The agency said the information was identified by a security researcher whose company continuously scans public code repositories. The repository was not part of CISA’s official GitHub environment but belonged to a contractor’s personal GitHub account.

According to CISA, its Office of the Chief Information Officer immediately took the repository offline and preserved it for forensic analysis. The agency also suspended its development environment, reset affected credentials and revoked the contractor’s system access.

The investigation found that the contractor had uploaded copies of a CISA build and deployment repository to a personal GitHub account while attempting to build cloud infrastructure independently. The repository contained infrastructure-as-code, build scripts, administrator credentials and build credentials.

Forensic analysis found no evidence that the exposed credentials had been used outside CISA environments and no customer or mission data was compromised.

CISA subsequently rotated all credentials associated with environments where the contractor had administrator privileges, expanded repository allow and deny lists, and restricted users’ ability to upload code to public repositories before restoring the development environment.

The agency said the incident reinforced the value of taking external vulnerability reports seriously, applying Zero Trust principles to development environments and maintaining detailed logging that enabled rapid investigation.

It also identified several areas for improvement, including stricter controls over public repositories, better secrets detection, clearer GitHub and cloud incident response playbooks, simpler reporting channels for security researchers, stronger development environment guardrails and more mature cryptographic key management.

CISA also said organisations should maintain clear reporting channels for incidents affecting their own environments and publish reporting instructions in multiple locations rather than relying solely on a security.txt file.

The agency said publishing its own incident response experience is intended to help other organisations strengthen their security practices and improve preparedness for similar incidents.

Why does it matter?

The incident illustrates how easily sensitive credentials can be exposed through routine developer workflows and personal code repositories, even within organisations responsible for cybersecurity. It also highlights the importance of rapid detection, credential rotation and strong access controls when managing cloud infrastructure.

By publicly documenting both its response and the lessons learned, CISA is encouraging organisations to treat incident reporting, secrets management, Zero Trust architecture and developer governance as integral parts of software security rather than afterthoughts.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Digital investment gains momentum in South Africa

South Africa is strengthening its position as a digital investment destination, with growing commitments from global technology companies, according to the Presidency of the Republic of South Africa. The government says new investments in cloud infrastructure, AI and digital skills will support economic growth, job creation and innovation.

Recent announcements include Google’s plans for a Digital Exchange Port in the Eastern Cape, a digital innovation centre in Soweto and AI support for local start-ups. The government also highlighted previous investments by Amazon Web Services, Microsoft and Mastercard to expand cloud infrastructure and cybersecurity capabilities.

The Presidency says cloud computing and AI can improve productivity, support small businesses and enhance public services, while helping address challenges in education, healthcare and climate change. It also believes stronger digital infrastructure will reinforce South Africa’s role as Africa’s largest cloud market.

The government says digital expansion must be matched by safeguards that protect privacy, sovereignty and security. It adds that investment in domestic cloud infrastructure and collaboration between government, business and civil society will help build a secure and inclusive digital future.

Why does it matter?

The statement highlights the growing importance of digital infrastructure as a driver of economic development. The Presidency argues that cloud computing, AI and digital skills can improve business competitiveness, public services and employment while attracting further private investment.

It also reflects a broader focus on digital sovereignty. Alongside expanding AI and cloud adoption, the government emphasises the need to protect data, strengthen cybersecurity and develop domestic digital capabilities to reduce long-term dependence on external providers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU proposes Cloud and AI Development Act to boost tech sovereignty

The European Commission has published a proposal for the Cloud and AI Development Act to strengthen Europe’s cloud and AI ecosystem, investment and infrastructure.

CADA forms part of the Commission’s Tech Sovereignty Package and is also linked to the AI Continent Action Plan.

The proposal aims to make it easier and faster to deploy sustainable data centres and cloud infrastructure across the EU.

The Commission said Europe needs more cloud, data centre and computing capacity as demand for AI grows across businesses and public administrations.

It also warned that long permitting procedures, limited access to energy, land and financing, and overreliance on non-EU cloud service providers are holding back Europe’s digital autonomy and resilience.

The Act is intended to accelerate cloud and AI deployment in critical sectors while keeping the European market open to international partners.

The broader Tech Sovereignty Package also includes Chips Act 2.0, an EU Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy.

The proposal will now need to go through the EU legislative process before final rules are adopted.

Why does it matter?

Cloud infrastructure is becoming the foundation for AI deployment, public services and critical industries. CADA shows the EU trying to treat cloud and compute capacity as strategic infrastructure, not only as a commercial service. The proposal could shape data-centre deployment, public procurement and investment in European cloud and AI capacity, while also raising difficult questions about energy demand, semiconductor dependence, market openness and how far digital sovereignty can realistically go.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

NVIDIA unveils RTX Spark for the AI-powered PC era

NVIDIA and Microsoft have introduced RTX Spark, a new Windows PC platform designed for personal AI agents.

NVIDIA describes RTX Spark as a 1-petaflop superchip that combines its AI and graphics stack with Windows-native agent capabilities.

NVIDIA’s Blackwell architecture powers the platform and supports up to 128GB of unified memory.

According to NVIDIA, RTX Spark will allow users to run local AI agents, large language models, creative workflows and advanced games on laptops and compact desktop PCs.

The company said the platform can run 120-billion-parameter large language models with up to 1 million tokens of context locally.

NVIDIA and Microsoft are also introducing new Windows security primitives and NVIDIA OpenShell to help agents run securely on primary devices.

OpenShell will allow users to define what agents can and cannot do, route queries to local models according to privacy policies and mask personal information when cloud models are used.

RTX Spark-powered laptops and compact desktops are expected to be available this autumn from manufacturers including ASUS, Dell, HP, Lenovo, Microsoft Surface and MSI, with Acer and GIGABYTE models to follow.

Why does it matter?

RTX Spark reflects the industry shift towards AI-native personal computers, where more AI processing happens locally on the device. Running agents and large models on PCs could improve privacy, reduce latency and make advanced AI tools less dependent on cloud access. The governance question is whether local agents can operate with clear user permissions, strong containment and meaningful accountability as they gain the ability to search files, interact with apps and execute tasks across a personal device.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Sysdig reports first documented agentic ransomware case

Cloud security firm Sysdig says it has documented the first known case of agentic ransomware, after observing an AI-driven extortion operation it tracks as JADEPUFFER.

According to Sysdig, the operation began with exploiting CVE-2025-3248 on an internet-facing Langflow instance. Langflow is an open-source framework for building LLM-driven applications and agent workflows.

The attacker then pivoted towards a production database server running MySQL and Alibaba Nacos.

Sysdig said the operation was driven by a large language model rather than a traditional human-led toolkit. The agent carried out reconnaissance, credential harvesting, lateral discovery, persistence and destructive database activity.

The company said JADEPUFFER executed more than 600 distinct payloads and adapted to failures in real time. In one case, the agent moved from a failed login attempt to a corrected working approach in 31 seconds.

CyberScoop later reported Sysdig’s clarification that the attack was not fully human-free. A person still set up and directed the operation, provisioned command-and-control and staging infrastructure, chose the victim, and supplied credentials likely obtained through a prior compromise.

Sysdig also said API keys for OpenAI, Anthropic, DeepSeek and Gemini were among the material the agent collected from the compromised environment. That does not confirm which model powered the attack.

The case is notable less for novel techniques than for automation. Sysdig said the attack relied on known vulnerabilities and exposed infrastructure, but an AI agent chained the steps together quickly and carried out a ransomware-style database extortion workflow.

Why does it matter?

JADEPUFFER shows how agentic AI could change cybercrime by automating work that previously required skilled operators. Even if humans still choose targets and set up infrastructure, agents can speed up reconnaissance, credential theft, lateral movement and destructive activity once access is available. The defensive lesson is immediate: exposed AI tools, unpatched systems, leaked credentials, and internet-facing databases become more dangerous when attackers can automate exploitation and adaptation at machine speed.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Intesa Sanpaolo moves core IT systems to Google Cloud in Italy

Intesa Sanpaolo has completed the migration of core IT systems to Google Cloud’s Italian regions, hosted in TIM data centres in Milan and Turin.

The Italian banking group said the project is one of the largest cloud migrations carried out by a European financial institution. It forms part of a broader digital transformation effort with Google Cloud and TIM.

The migration involved more than 800 business applications and the retirement of a similar number of legacy systems previously hosted on the bank’s own infrastructure.

According to the partners, the transition was completed while maintaining operational continuity for the bank’s services.

Google Cloud provided cloud infrastructure and data capabilities, while TIM hosted the Italian cloud regions and supported data centre services, connectivity and project governance.

Intesa Sanpaolo said the migration strengthens its cloud-first strategy and provides the technological foundation for Isytech, its cloud-native digital platform for customers and employees across the group.

The bank also linked the project to workforce transformation. More than 3,000 employees participated in cloud training programmes, earning more than 170 Google Cloud certifications.

The project is intended to support advanced analytics, AI adoption and future digital banking services while keeping workloads in Google Cloud’s Italian regions.

Why does it matter?

The migration shows how major European banks are modernising legacy IT infrastructure to support AI, analytics and digital financial services. Moving core systems to cloud environments can improve scalability and accelerate new services, but it also raises important questions about resilience, cybersecurity, data governance and regulatory compliance. The use of Italian cloud regions hosted in TIM data centres reflects the growing importance of data residency and trusted infrastructure in regulated financial services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU examines cloud competition under the Digital Markets Act

The European Commission has held a stakeholder roundtable on cloud computing services as part of its ongoing market investigation under the Digital Markets Act.

The roundtable brought together cloud providers, business users, software providers and technical experts to discuss practices that may affect contestability and fairness in cloud markets.

Discussions focused on interoperability and technical features, financial conditions, and contractual and commercial practices.

Participants examined practical technical, commercial and regulatory approaches that could reduce switching barriers, improve interoperability and strengthen customer choice.

The Commission said the roundtable forms part of a fact-finding exercise to assess whether current DMA obligations are effective in addressing practices that limit competitiveness or are unfair in the cloud sector.

The process is separate from the Commission’s pending investigations into the potential designation of two cloud providers.

The Commission said it will publish a report setting out its findings within 18 months of opening the investigation, and no later than May 2027.

Why does it matter?

Cloud computing is now a core layer of Europe’s digital infrastructure, supporting AI, public services, software markets and enterprise operations. Switching barriers, restrictive contracts or weak interoperability can lock customers into specific providers and reduce competition across the wider digital economy. The Commission’s investigation shows that DMA enforcement is moving beyond consumer-facing platforms towards the infrastructure markets that underpin AI and digital services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Microsoft Defender adds protection for local AI agents

Microsoft has announced new Defender capabilities designed to help organisations secure local AI agents and Model Context Protocol servers across enterprise environments.

The company said Microsoft Defender can now discover more than 25 types of local AI agents and MCP servers across managed Windows and macOS devices.

Microsoft said the feature also provides runtime protection when developers use coding agents such as GitHub Copilot CLI or Claude Code. According to the company, Defender can detect and block prompt injection attempts before a malicious action is executed.

Security teams can investigate AI agent exposure through Advanced Hunting. Microsoft said the local AI agent capabilities are currently in preview.

The update reflects a broader shift in enterprise security as organisations deploy AI agents, coding tools and MCP servers inside development and productivity workflows.

Microsoft also announced Codename MDASH, a private-preview multi-model agentic scanning system designed to discover, validate and help remediate software vulnerabilities. The company said MDASH can route validated issues into Microsoft Defender workflows and engineering pipelines.

Other June security updates include Microsoft Entra Backup and Recovery, expanded multicloud coverage in Defender for Cloud, new database threat protection for open-source relational databases on AWS RDS, Microsoft Purview customisable reports and a unified identity risk score.

Why does it matter?

AI agents are becoming part of enterprise infrastructure, which means they also become part of the attack surface. Local coding agents, MCP servers and agentic development tools can interact with files, code, credentials and internal systems. Microsoft’s update shows end point security expanding beyond traditional malware detection towards prompt injection, agent exposure and AI-driven development workflows. It also reflects a wider trend: security teams will need visibility and controls for AI systems deployed inside organisations, not only for cloud-hosted models.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!