Consumer protection

Non-human identities gain importance in cloud and AI security

As organisations expand across cloud environments, non-human identities are becoming a critical component of modern cybersecurity strategies. Managing machine identities and their associated secrets is increasingly central to reducing risk and improving AI-driven threat detection.

As digital infrastructure grows, machine identities function as secure access credentials for applications, services, and automated processes. Effective governance can reduce vulnerabilities, improve compliance, and streamline operations across sectors such as finance and healthcare.

Integrating non-human identities into AI security frameworks enables more contextual anomaly detection and improved visibility into network behaviour. Rather than relying solely on static scanning, organisations can adopt adaptive models that enhance predictive threat response.

Challenges remain, particularly around coordination between security, DevOps, and research teams. Gaps in collaboration and limited awareness of identity lifecycle management can create blind spots that weaken overall cyber resilience.

Automation is increasingly seen as essential for scaling non-human identity management. By automating secrets rotation, certificate renewal, and access reviews, organisations can strengthen governance while enabling security teams to focus on higher-value strategic priorities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

A new bill aims to formalise crypto taxation in Turkey

Turkey’s ruling AK Party has introduced a bill in parliament to formalise cryptocurrency taxation and revise key tax and spending rules. The legislation links crypto taxation to Turkey’s Capital Markets Law and sets a clear framework for digital assets.

Under the proposal, regulated crypto platforms would withhold a 10% tax on gains quarterly, applicable to both individuals and companies, residents and non-residents. Transaction service providers are subject to a 0.03% tax, and investors on unlicensed platforms must declare gains annually.

The president would have the authority to adjust the withholding tax between 0% and 20%, depending on factors such as token type, holding period, issuer, or wallet type. Exemptions include VAT-free crypto deliveries and corporate tax changes for foundation university hospitals from 2027.

If approved, the crypto taxation provisions would take effect two months after publication, signalling Turkey’s first formal steps to regulate digital assets and integrate them into the national tax system.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU pressures Meta over alleged smart glasses privacy breaches

Lawmakers in the European Parliament are pressing the European Commission for clarity after reports that Meta’s smart glasses recorded people in intimate moments without their knowledge.

Concerns intensified when Swedish outlets reported that Ray-Ban AI glasses captured and uploaded sensitive footage in violation of strict consent requirements under the EU’s General Data Protection Regulation.

The reports indicate that personal data from EU users was sent to Sama, a third-party contractor, in Kenya for human review. Annotators working there said they viewed images of individuals changing clothes and believed the recordings were taken without consent.

They added that Meta’s attempts to blur faces or apply other safeguards failed often enough to expose identifiable material instead of ensuring proper anonymisation.

EU privacy law requires clear information and consent before collecting and processing personal data, and additional safeguards when exporting data to countries without recognised adequacy status.

Kenya is still negotiating such recognition with the Commission, meaning contractual protections would be necessary.

The Irish Data Protection Commission, responsible for Meta’s GDPR oversight, has been contacted amid questions about whether Meta complied with EU requirements.

Lawmakers also want the Commission to examine whether proposed changes in the Digital Omnibus package could dilute privacy protections rather than strengthen them.

Critics argue the reforms might ease data-use rules for AI training at a moment when allegations about Meta’s smart glasses have intensified scrutiny of the EU’s broader digital policy agenda.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Samsung settles Texas lawsuit over smart TV data collection

Samsung has settled a lawsuit with the Texas Attorney General over allegations that its smart TVs collected viewing data without users’ informed consent.

Texas Attorney General Ken Paxton filed the suit last December, accusing Samsung of using Automated Content Recognition (ACR) technology to capture screenshots of what consumers were watching and using that information for targeted advertising.

As part of the settlement, Samsung must halt any collection or processing of ACR viewing data without first obtaining the express consent of Texas consumers.

The company is also required to update its smart TVs with clear, conspicuous disclosure and consent screens, replacing what a court had previously identified as ‘dark patterns’ requiring over 200 clicks to access privacy settings.

Samsung stated that it does not believe its Viewing Information Services system violated any regulations, but agreed to strengthen its privacy disclosures. Paxton noted that other smart TV manufacturers, including Sony, LG, Hisense, and TCL Technologies, have not yet made similar changes in response to ongoing lawsuits.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Quantum-safe security upgrades SIM and eSIM cards

Thales has successfully demonstrated a world-first capability that prepares 5G networks for the era of quantum computing. The test proved that SIM and eSIM cards can be remotely upgraded to support post-quantum cryptography, boosting security without disrupting services or user experience.

The breakthrough highlights the potential of crypto-agile networks to evolve securely as quantum threats emerge.

Replacing millions of devices is impractical, so Thales enables operators to deploy quantum-safe algorithms directly to existing devices. Remote upgrades preserve data and connectivity while instantly boosting security, keeping 5G networks resilient and trusted.

The demonstration reinforces Thales’ leadership in post-quantum cryptography, with dedicated research teams developing quantum-resistant methods and contributing to international standards, including NIST initiatives.

Operators can now protect long-term investments, secure critical services, and prepare for the next generation of quantum computing without operational disruptions.

Thales’ approach offers a practical roadmap for telecoms to adopt quantum-safe security today, ensuring continuity, trust, and resilience across mobile networks as digital threats evolve.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Central bank in Russia cracks down on crypto-enabled pyramid schemes

Russia’s central bank reports that two-thirds of pyramid scheme operators use crypto, with funds sent to over 4,600 fraudster-controlled wallets in 2025. Authorities identified 7,087 online scams last year, most of which used crypto and money mules to collect illicit funds.

Officials highlighted that these schemes typically operate without physical offices, engaging victims via social media, chat apps, and phone calls. Nearly 1,500 firms offered fake crypto investments, and 84% of scammers used cryptocurrency to raise funds, up from 77% in 2024.

The central bank has blocked 21,500 web pages and social media posts linked to fraudulent operators.

The government is fast-tracking regulations, warning that only licensed firms can offer investments to Russian retail investors. Authorities plan to continue monitoring sophisticated online schemes and enhance public awareness to combat crypto-enabled fraud.

Crypto markets remain active, with Bitcoin trading at $66,566, up 3.8%, and Ethereum at $1,990, up more than 6% in the past 24 hours.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Finance ministry in South Korea pledges reform for public crypto management

South Korea’s finance minister, Koo Yun-cheol, has pledged urgent reforms to how government agencies manage digital assets following high-profile failures in state custody.

Recent incidents revealed that police and tax authorities mishandled seized cryptocurrency, highlighting weaknesses in oversight and security practices. Authorities will review current management methods and implement measures to prevent future losses.

Operational risks around securing crypto in public institutions have become increasingly apparent. A notable case involved Seoul police in Gangnam losing access to 22 BTC, worth around $1.4 million, after failing to retain private keys and allowing a third-party firm to manage the assets.

Prosecutors are now investigating potential bribery linked to the case.

The government says it holds only digital assets acquired through lawful enforcement, such as seizures for unpaid taxes or criminal cases. The reforms aim to strengthen security, improve operational controls, and restore confidence in the public sector’s handling of crypto amid growing scrutiny.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Reddit surges as AI search drives a new era of online discovery

AI-generated search summaries are reshaping online discovery and pushing Reddit to the forefront of global information flows.

The rise of Google’s AI Overview feature places curated AI summaries above traditional search results, encouraging users to rely on machine-generated syntheses instead of browsing lists of websites.

Reddit’s visibility surged after the platform agreed to data access partnerships with Google and OpenAI, enabling large language models to train on its vast archive of human conversations.

The platform’s user-generated discussions are increasingly prioritised because they provide commentary viewed as more neutral and less commercially influenced.

Research from Profound identifies Reddit as the most cited source across major AI platforms. Reddit’s rapid expansion reflects such a shift.

It has overtaken TikTok in the UK, according to Ofcom and now reports 116 million daily active users and more than one billion monthly users.

Communities built around niche interests, combined with voting systems and karma-driven credibility, create a structure that appeals to AI systems searching for grounded, human-authored content.

The platform’s design, centred on subreddits run by volunteer moderators, reinforces trust signals that large models can evaluate when generating AI Overview results.

As AI-powered search becomes the dominant interface for navigating the internet, Reddit’s role as a primary corpus for training and citation continues to expand, reshaping how people discover and verify information.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

FTC signals flexibility on COPPA age checks

The US FTC has issued a policy statement signalling greater flexibility in enforcing parts of the Children’s Online Privacy Protection Act when companies deploy age verification tools. The agency said it will not take enforcement action where personal data is collected solely for age verification purposes.

The FTC framed age assurance as a key safeguard to prevent children from accessing inappropriate content online in the US. Officials said the approach is intended to encourage broader adoption of age verification technologies by online services.

While offering flexibility, the US regulator stressed that organisations must maintain strong safeguards, including data deletion practices and clear notice to parents and children. The FTC also warned that personal data used beyond age verification could still trigger enforcement action under COPPA.

Similar to previous 2023 amendments, legal experts cautioned that companies using age assurance may face additional compliance duties under state youth privacy laws, even as federal requirements evolve.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Action-capable AI highlights new security challenges

AI agents are evolving from demos into autonomous tools, with OpenClaw emerging as a leading example. Unlike chatbots, these agents execute tasks directly, interacting with software and systems without constant human input.

The rise of action-capable AI introduces new security challenges. Agents can be manipulated through untrusted input or prompt injection. Persistent memory can also prolong mistakes or unintended behaviour.

The combination of access to sensitive data, external actions, and unverified content, sometimes called the ‘lethal trifecta’, amplifies risks, making careful configuration and oversight essential.

Self-hosted agents offer more control, while cloud-based versions simplify setup but shift security responsibility. Experts recommend running agents in isolated environments, limiting permissions, and requiring approval for sensitive actions.

These precautions reduce the chance of accidental or malicious harm while allowing users to experiment safely.

OpenClaw illustrates the potential of AI agents to automate workflows, handle repetitive tasks, and act proactively rather than passively advising. These tools show the future of consumer AI, but broader adoption requires stronger safety measures and awareness of risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.