India and Japan expand strategic AI partnership

India and Japan have agreed to deepen cooperation on AI, linking AI governance, cybersecurity, infrastructure, research and talent development.

In a joint statement, the two countries described AI as a transformative technology with long-term implications for innovation, economic security, governance and the international order.

Both sides are committed to building a safe, secure, trustworthy, inclusive and human-centric AI ecosystem. They also agreed to strengthen cooperation with partners in the Indo-Pacific and the Global South.

The statement identifies international AI governance, safety and cybersecurity as priority areas. India and Japan said they would coordinate in forums including the G20, OECD, Global Partnership on AI and the UN, while supporting responsible innovation and risk-based governance.

The two countries also agreed to cooperate on AI-enabled cybersecurity and the security of AI systems, with particular attention to critical infrastructure. They highlighted the need for safeguards to ensure AI supports children’s learning and growth rather than causing harm.

AI infrastructure is another focus. India and Japan will strengthen cooperation on data centres, GPU and other compute resources, semiconductors and trustworthy supply chains across the AI technology stack.

The statement also supports collaboration on multilingual, open-source and domain-specific AI models, including models for native languages and public-interest applications. Several memoranda were signed, including partnerships involving IIT Bombay, BharatGen, Japan’s National Institute of Informatics, Sarvam, Preferred Networks, IndiaAI and Japan’s Ministry of Economy, Trade and Industry.

Both sides also committed to researcher exchanges, industry-academia collaboration and talent mobility. Japan reaffirmed its goal of welcoming 500 highly skilled AI professionals from India by 2030.

Why does it matter?

The joint statement shows how AI cooperation is becoming part of broader economic and security strategies in the Indo-Pacific. India and Japan are not only discussing AI governance, but also the infrastructure and supply chains needed to build and deploy AI systems, including compute, semiconductors, data centres and talent. The focus on multilingual and open-source models also matters for countries seeking AI systems that reflect local languages, public-interest needs and Global South priorities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Singapore proposes Digital Infrastructure Bill to strengthen cloud security

Singapore has launched a public consultation on a proposed Digital Infrastructure Bill that would establish a comprehensive regulatory framework for major cloud computing services and data centres.

Published jointly by the Ministry of Digital Development and Information and the Infocomm Media Development Authority (IMDA), the draft legislation aims to strengthen the resilience and security of critical digital infrastructure while introducing mandatory environmental sustainability standards for data centre operations.

The Bill recognises digital infrastructure as a foundation of Singapore’s digital economy, supporting services ranging from digital banking and e-commerce to cloud platforms and public administration. Unlike earlier amendments to the Cybersecurity Act, which focused primarily on cyber risks, the proposal extends regulatory oversight to operational resilience, business continuity, disaster recovery and environmental sustainability.

A central feature is a new licensing regime for major foundational digital infrastructure (FDI) providers. Cloud providers generating at least S$100 million annually from Singapore-based customers through Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) offerings would require a major FDI licence.

Cloud and colocation data centres with a critical IT load of at least 10 megawatts serving third parties would also fall within the regime. Licensed providers will be required to implement robust physical security and cybersecurity measures, maintain business continuity and disaster recovery plans, and report cybersecurity incidents and service disruptions to IMDA.

The Bill also establishes a separate licensing regime for data centres with a critical IT load of at least 3 megawatts. In addition to operational capability, applicants would be assessed against energy efficiency, water efficiency and broader sustainability criteria.

Beyond operational capability, applicants will be assessed on energy efficiency, water efficiency and broader sustainability considerations. Licensed operators will initially need to comply with facility-level Power Usage Effectiveness (PUE) requirements, while the legislation enables future regulations covering IT equipment efficiency and water consumption.

Singapore’s Green Data Centre Roadmap and previous voluntary industry standards will therefore evolve into legally enforceable baseline requirements across the sector.

IMDA would receive broad enforcement powers, including the authority to grant, suspend and revoke licences, issue binding codes of practice, conduct investigations and impose financial penalties. The Bill also proposes amendments to Singapore’s Cybersecurity Act to ensure consistency across the country’s digital infrastructure framework. Public consultation remains open until 22 July 2026.

Why does it matter?

The proposed legislation reflects a growing shift in how governments view digital infrastructure. As cloud computing and data centres become increasingly critical to AI, financial services and public administration, policymakers are expanding regulation beyond cybersecurity to include operational resilience, business continuity and environmental sustainability.

Singapore’s approach could also serve as a model for other digital hubs. By combining resilience requirements, licensing, cyber oversight and sustainability obligations within a single regulatory framework, the Bill illustrates how governments are adapting infrastructure governance to support the rapid growth of cloud services and AI-driven computing.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU launches Cybersecurity Skills Coalition EDIC

The European Commission and participating member states have launched the Cybersecurity Skills Coalition European Digital Infrastructure Consortium to strengthen cybersecurity skills across the EU.

The consortium, known as CSC-EDIC, will support the implementation of the EU Cybersecurity Skills Academy, a flagship initiative launched by the Commission in 2023.

Announced during Digital Skills EU Days 2026, the consortium will be based in Athens. Greece, Cyprus, Austria, Croatia and Slovenia are founding members, while Czechia and Poland have joined as observers. Other member states will be able to join later.

The Commission said CSC-EDIC will develop and deliver tailored cybersecurity training programmes, measure cybersecurity skills gaps and serve as the secretariat for the Industry-Academia Network.

Working with ENISA, the consortium will also support cyber resilience in critical sectors, particularly the healthcare sector. Planned activities include an EU-wide attestation scheme for cybersecurity skills, career pathways and micro-credentials.

The initiative has received a €3.1 million grant from the Digital Europe Programme to support its initial governance, staffing and operations.

The Commission said the Cybersecurity Skills Academy has already secured 26 industry pledges, helping train more than 900,000 cybersecurity professionals. Ten partnerships have also been established through the Industry-Academia Network.

Why does it matter?

Europe’s cybersecurity workforce shortage affects the resilience of governments, businesses and critical sectors such as healthcare. CSC-EDIC gives member states a formal structure to pool resources, coordinate training and align skills development with EU cyber priorities. The initiative also shows how the EU is treating cybersecurity capacity as part of digital infrastructure, rather than solely as a labour-market issue.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

CISA launches critical infrastructure security partnership

The US Cybersecurity and Infrastructure Security Agency has launched a new advisory framework to strengthen public-private cooperation on critical infrastructure security and resilience.

The initiative, called the Alliance of National Councils for Homeland Operational Resilience, or ANCHOR-CI, is designed to improve information sharing between government and industry and broaden participation across critical infrastructure sectors.

CISA said the framework builds on lessons from the Critical Infrastructure Partnership Advisory Council while expanding engagement to a wider range of public and private stakeholders.

ANCHOR-CI will provide forums for federal, state, local, tribal and territorial officials to engage with critical infrastructure owners, operators and other organisations with responsibilities for cybersecurity, physical security and resilience.

The framework will allow participants to discuss the threat environment, identify vulnerabilities and develop recommendations for securing more resilient critical infrastructure and cyberspace.

CISA will manage the governance of councils established under ANCHOR-CI, including sector, cross-sector, industry and regional councils.

The launch comes as critical infrastructure operators and public authorities face growing pressure from ransomware, cyberespionage and other threats affecting essential services.

Why does it matter?

Critical infrastructure security depends on cooperation between government agencies and the private-sector operators that own or manage many essential services. ANCHOR-CI is important because it creates a new structure for sharing sensitive information, coordinating resilience planning and giving sector stakeholders a formal way to advise the government. The framework could be especially relevant for cyber threats that cross sectors, such as ransomware, supply-chain compromise and attacks on water, energy, transport or communications systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore strengthens cyber resilience against AI threats

Singapore’s Cyber Security Agency (CSA) has outlined new and ongoing initiatives to strengthen national cyber resilience as AI reshapes the cyber threat landscape.

The measures are detailed in the Singapore Cyber Landscape 2025/2026 report, which reviews cybersecurity trends and the country’s response to evolving digital threats.

CSA said AI is reshaping the global cyber threat environment by enabling attackers to operate with greater speed, scale and sophistication. The agency said agentic AI is a particular concern because autonomous systems could automate parts of the cyber kill chain, compressing attacks that once unfolded over days into hours.

The agency cited Anthropic’s Mythos and the misuse of OpenClaw, an open-source agentic AI framework, as examples of how AI can accelerate vulnerability research, exploit development and cyberattack preparation.

At the same time, CSA said AI can strengthen cyber defence by improving threat detection, accelerating incident response and helping organisations identify vulnerabilities more quickly. As AI systems become more widely deployed across enterprise networks and critical infrastructure, however, they are also becoming attractive targets, making secure AI deployment an increasing priority.

To support secure AI adoption, CSA has published Guidelines on Securing AI Systems and a Companion Guide for system owners. It also released a discussion paper on securing agentic AI systems in October 2025 and said it will continue working with international partners on AI security standards.

The report also highlights how AI is changing the tactics of phishing and scam operations. CSA said attackers can use AI to generate convincing phishing lures at scale, produce realistic voice clones and video deepfakes, and create tools that can bypass multi-factor authentication.

CSA also warned that AI is making phishing and scam campaigns more convincing through voice cloning, video deepfakes and large-scale generation of personalised phishing messages. Despite these growing capabilities, reported phishing cases fell by 21% in 2025 to around 4,800 incidents.

Singapore has also launched the pilot National Simulated Scams Exercise, supported by the Ministry of Home Affairs. The exercise simulated AI-enabled government official impersonation scam calls to help the public recognise and respond to emerging scam tactics.

CSA said the number of infected infrastructure units detected in Singapore rose sharply to 284,300 in 2025, a 142% increase from 2024. The increase was driven mainly by persistent malicious infrastructure activity and improved detection of infected botnet devices.

The agency said weakly secured consumer Internet-of-Things devices and unpatched firmware continue to create opportunities for botnet operators. To address this, all residential routers sold in Singapore must meet Cybersecurity Labelling Scheme Level 2 requirements by the end of 2027.

Ransomware also remained a significant threat, with reported cases rising slightly from 159 in 2024 to 165 in 2025. CSA said small- and medium-sized enterprises remained disproportionately affected due to lower cybersecurity maturity and limited resources.

To support SMEs, CSA backed the Cyber Resilience Centre, which provides cybersecurity health checks and recovery assistance after incidents. Eligible SMEs can also receive co-funding for cybersecurity advisory services through the CISO-as-a-Service programme.

One of the year’s most significant incidents involved an attempted intrusion by the APT group UNC3886 targeting Singapore’s four largest telecommunications operators. CSA said the attack was contained through Operation CYBER GUARDIAN without disruption to services or evidence of customer data being compromised.

CSA is also requiring critical information infrastructure owners to attain Cyber Trust mark certification by the end of 2027. The requirement is intended to extend good cybersecurity practices across broader enterprise environments that support critical infrastructure operations.

In 2025, Singapore also conducted its largest Exercise Cyber Star, involving close to 500 participants from CSA, the Singapore Armed Forces’ Digital and Intelligence Service and critical infrastructure owners across 11 sectors.

CSA said it has expanded Cyber Essentials and Cyber Trust mark certifications to include mandatory cloud and AI security requirements. More than 800 organisations had attained at least one Cyber Essentials certification as of early 2026.

The agency is also advancing Singapore’s National Quantum-Safe initiative, working with industry, academia and international partners to raise awareness of quantum risks, support migration planning and accelerate adoption of quantum-safe technologies.

CSA said Singapore will continue investing in cybersecurity capabilities, strengthening partnerships and supporting secure adoption of emerging technologies in an AI-driven threat landscape.

Commissioner of Cybersecurity and CSA Chief Executive David Koh said Singapore must ‘lock down, find first, and fix fast’ as AI and quantum technologies reshape cyber risks. He said the response must be continuous, with government, industry and citizens working together to ensure digital innovation develops alongside trust and security.

The report illustrates how Singapore is treating cybersecurity as a continuous national resilience effort encompassing AI, critical infrastructure, ransomware, online scams and future quantum threats.

Why does it matter?

Singapore’s strategy reflects a growing shift from reactive cybersecurity towards continuous cyber resilience. Rather than addressing individual threats in isolation, the government is integrating AI security, critical infrastructure protection, scam prevention, cybersecurity certification and quantum readiness into a coordinated national strategy.

The report also illustrates how AI is changing cybersecurity on both sides of the equation. While attackers are using AI to accelerate phishing, malware development and vulnerability exploitation, governments are increasingly deploying AI to strengthen cyber defence, making secure AI deployment and governance central components of national cybersecurity policy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Canada’s CSE expands cyber defence amid growing threats

The Communications Security Establishment Canada (CSE) has published its 2025-2026 Annual Report, detailing the activities of the agency and the Canadian Centre for Cyber Security between April 2025 and March 2026 as cyber threats continued to grow in scale and complexity.

During the reporting period, the Canadian Centre for Cyber Security responded to more than 3,200 cybersecurity incidents affecting federal institutions and critical infrastructure. It also issued 25 alerts, 995 advisories and more than 97,000 notifications through the National Cyber Threat Notification System to 1,363 subscribed organisations.

CSE also took direct action against ten of the ransomware groups causing the greatest harm to Canada and its allies, while completing 1,772 supply chain risk assessments to strengthen cyber resilience across government. During the year, the agency received 13 ministerial authorisations, including four supporting foreign cyber operations.

The report highlights how recent defence investments are supporting work on secure digital infrastructure, stronger cyber defence capabilities, AI, post-quantum cryptography and deeper collaboration with trusted international partners.

Minister of National Defence David J. McGuinty said the report demonstrates the importance of CSE’s work to Canada’s security and economic well-being. Chief of CSE Caroline Xavier noted that the agency will mark its 80th anniversary in 2026 and said recent investments are providing the tools needed to address an increasingly complex threat environment.

Why does it matter?

The report illustrates how national cybersecurity agencies are shifting from responding to isolated incidents to maintaining continuous operations against increasingly sophisticated digital threats. Activities ranging from ransomware disruption to supply chain assessments demonstrate the expanding role of cyber defence in protecting governments and critical infrastructure.

The emphasis on AI, post-quantum cryptography and secure digital infrastructure also signals Canada’s long-term approach to cybersecurity. By investing in emerging technologies while strengthening cooperation with allies, CSE is preparing for a threat environment in which cyber resilience is closely tied to national security, economic stability and technological competitiveness.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU approves simplified AI rules under Omnibus VII

The Council of the European Union has given its final approval to a regulation that simplifies parts of the EU’s AI framework as part of the broader ‘Omnibus VII’ package to reduce regulatory complexity.

The updated rules revise the implementation timeline for high-risk AI systems, postponing full application until December 2027 for standalone systems and August 2028 for AI systems integrated into regulated products. The regulation also strengthens safeguards by explicitly prohibiting AI-generated non-consensual sexual content, including manipulated intimate imagery and AI-generated child sexual abuse material.

Additional changes aim to reduce administrative burdens and improve legal clarity. Deadlines for establishing AI regulatory sandboxes have been extended to August 2027, transparency obligations for AI-generated content have been streamlined, and the regulation clarifies the division of responsibilities between EU and national authorities while reducing overlap with sector-specific legislation.

The framework also clarifies the division of responsibilities between EU and national authorities and introduces mechanisms to avoid overlap with sector-specific legislation.

EU officials said the reforms will improve legal certainty, support innovation and promote more consistent implementation across member states while preserving safeguards for fundamental rights in the development and deployment of AI systems.

Why does it matter? 

The reforms illustrate the EU’s effort to move from adopting AI legislation to making it easier to implement in practice. By extending compliance deadlines, reducing administrative complexity and clarifying supervisory responsibilities, the Union aims to encourage AI innovation without weakening protections for fundamental rights.

The package also reflects a more pragmatic phase of EU AI governance. Rather than rewriting the AI Act, policymakers are refining its implementation to improve legal certainty for developers and users while maintaining strict rules for high-risk and harmful AI applications.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

NVIDIA and Palantir expand sovereign AI for US government

Palantir has announced a new sovereign AI capability built on NVIDIA’s open-source Nemotron models, enabling US government agencies and critical infrastructure operators to deploy, customise and continuously improve AI models within highly secure environments.

The platform combines NVIDIA Nemotron open models with Palantir’s Sovereign AI Operating System, allowing organisations to retain full control over their data, model weights and deployment infrastructure.

The system is designed for air-gapped and highly regulated environments where sensitive information cannot be connected to external networks.

Agencies will be able to train AI models using their own operational data, retain ownership of the resulting models and continuously improve performance through internal feedback loops.

The deployment is supported by NVIDIA AI Enterprise and Palantir’s Artificial Intelligence Platform (AIP), Foundry, Ontology and Apollo platforms.

NVIDIA said the initiative reflects the growing importance of open AI models for government and enterprise development, arguing that they offer greater transparency, customisation and lower deployment costs than proprietary alternatives.

The company also highlighted the role of open models in strengthening AI adoption across sectors including defence, healthcare, energy, transportation and public administration.

Why does it matter?

The announcement reflects the growing importance of sovereign AI, as governments and operators of critical infrastructure seek to deploy advanced AI systems without relying on externally hosted services or relinquishing control over sensitive data. Open models combined with secure, self-managed infrastructure offer an alternative approach for organisations with strict security and regulatory requirements.

The partnership also highlights the strategic role of open foundation models in the evolving AI ecosystem. As competition intensifies between proprietary and open AI approaches, governments are increasingly viewing customisable, locally deployable models as critical assets for national security, digital sovereignty and public-sector modernisation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

NIST explores OT asset management to strengthen cybersecurity

NIST’s National Cybersecurity Center of Excellence (NCCoE) is seeking public feedback on a new project focused on operational technology (OT) asset management as the foundation for stronger OT cybersecurity.

The draft project description, Asset Management as a Foundation for OT Cybersecurity, outlines the project’s scope, challenges and technical approach. The NCCoE plans to demonstrate practical methods for OT asset discovery, inventory, configuration and change management.

The project will involve collaboration with asset owners, operators, and solution providers. The NCCoE plans to demonstrate real-world OT asset management and visibility solutions using commercially available products.

The proposal also includes a high-level reference architecture, desired technical capabilities and alignment with relevant standards, including outcomes from the NIST Cybersecurity Framework 2.0.

The NCCoE said AI is accelerating both the discovery and exploitation of vulnerabilities, making strong OT asset management increasingly important as organisations modernise industrial systems, adopt zero trust architectures and respond to AI-driven cyber threats.

Many organisations struggle to maintain a complete inventory of OT assets. Without effective asset management, activities such as risk assessment, network segmentation, vulnerability management, incident response and technology modernisation become significantly more difficult.

The NCCoE said the laboratory demonstration will support the development of source code, scripts, architectures, procedures, and guidelines. These resources are intended to help organisations gain the visibility needed to detect and respond to modern cyber threats in OT environments.

The centre is seeking input from asset owners, operators, technology providers, and cybersecurity practitioners. Feedback will help refine the project scope, use cases, reference architecture, and demonstration objectives.

Following the consultation, the NCCoE plans to recruit collaborators for project demonstrations and development activities. Public comments on the draft are open until 31 July 2026.

Why does it matter?

Operational technology underpins critical infrastructure, manufacturing and industrial operations, making accurate asset visibility a prerequisite for effective cybersecurity. As AI enables attackers to identify and exploit vulnerabilities more quickly, organisations need reliable inventories, configuration management and continuous monitoring to support risk assessments, zero trust strategies and incident response.

The project also reflects a broader shift towards practical cybersecurity guidance. By working with industry to develop reference architectures, tools and implementation guidance aligned with the NIST Cybersecurity Framework 2.0, the NCCoE aims to help organisations translate cybersecurity best practices into operational improvements across industrial environments.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

NCSC warns of growing cyber risks to critical infrastructure

Hostile state actors were linked to around three-quarters of cyber attacks affecting the UK’s critical national infrastructure over the past year, according to the head of the National Cyber Security Centre.

Speaking at the Royal United Services Institute’s Annual Security Lecture, NCSC CEO Dr Richard Horne said the agency managed more than 200 cyber incidents affecting critical national infrastructure and its supporting ecosystem in the year to May 2026.

Horne said around 75% of those incidents were believed to be linked to state actors. He warned that hostile states are increasingly targeting the systems that underpin essential services in the UK.

The NCSC chief said cybersecurity should not be treated only as a technical risk to be managed, but as an ongoing contest with capable adversaries. He urged executives and board members to improve resilience by understanding their exposure to threats, strengthening proven security fundamentals and ensuring organisations can continue operating and recover quickly after attacks.

Horne also warned that AI is likely to accelerate the threat. The NCSC assesses that by 2028, attackers will probably use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale across critical national infrastructure.

He said many serious incidents still occur because basic cybersecurity measures are not in place. The warning places legacy systems, board-level accountability and operational resilience at the centre of the UK’s critical infrastructure security debate.

Why does it matter?

The NCSC warning shows that cyber attacks on critical infrastructure are no longer just an operational IT risk. They are part of a wider geopolitical contest involving hostile states, essential services and national resilience. The AI warning makes the issue more urgent: if attackers can use AI to exploit known weaknesses in legacy systems at scale, organisations that have tolerated unresolved vulnerabilities may face attacks much faster and broader.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot