Critical infrastructure

Rapid AI growth tests regulation in the Gulf

Gulf states are accelerating AI investment to drive diversification, while regulators struggle to keep pace with rapid technological change. Saudi Arabia, the UAE, and Qatar are deploying AI across key sectors while pursuing regional leadership in digital innovation.

Despite political commitment and large-scale funding, policymakers struggle to balance innovation with risk management. AI’s rapid pace and global reach strain governance, while foreign tech reliance raises sovereignty and security risks.

Corporate influence, intensifying geopolitical competition, and the urgent race to attract foreign capital further complicate oversight efforts, constraining regulators’ ability to impose robust and forward-looking governance frameworks.

With AI increasingly viewed as a source of economic and strategic power, Gulf governments face a narrowing window to establish effective regulatory frameworks before the technology becomes deeply embedded across critical infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

WorldLeaks claims massive Nike data leak

Nike has launched an internal investigation following claims by the WorldLeaks cybercrime group that company data was stolen from its systems.

The sportswear giant said it is assessing a potential cybersecurity incident after the group listed Nike on its Tor leak site and published a large volume of files allegedly taken during the intrusion.

WorldLeaks claims to have released approximately 1.4 terabytes of data, comprising more than 188,000 files. The group is known for data theft and extortion tactics, pressuring organisations to pay by threatening public disclosure instead of encrypting systems with ransomware.

The cybercrime operation emerged in 2025 after rebranding from Hunters International, a ransomware gang active since 2023. Increased law enforcement pressure reportedly led the group to abandon encryption-based attacks and focus exclusively on stealing sensitive corporate data.

An incident that adds to growing concerns across the retail and apparel sector, following a recent breach affecting Under Armour that exposed tens of millions of customer records.

Nike has stated that consumer privacy and data protection remain priorities while the investigation continues.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft confirms Outlook disruption

Microsoft confirmed a service disruption affecting Outlook and Microsoft 365 users in the US, with problems first reported on Wednesday afternoon. The outage primarily affected business and enterprise customers nationwide.

In the US, users reported difficulties sending and receiving email, alongside problems accessing services such as Teams, SharePoint and OneDrive. Microsoft said part of its North America infrastructure was failing to process traffic correctly.

Engineers in the US began rebalancing traffic and restoring affected systems to stabilise services. Microsoft said recovery was under way, though full resolution would take additional time.

The incident highlights the reliance of organisations in the US on cloud-based productivity tools. Businesses across the country experienced disruptions extending into the evening as work and communication systems remained unstable.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Analysis reveals Grok generated 3 million sexualised images

A new analysis found Grok generated an estimated three million sexualised images in 11 days, including around 23,000 appearing to depict children. The findings raise serious concerns over safeguards, content moderation, and platform responsibility.

The surge followed the launch of Grok’s one-click image editing feature in late December, which quickly gained traction among users. Restrictions were later introduced, including paid access limits and technical measures to prevent image undressing.

Researchers based their estimates on a random sample of 20,000 images, extrapolating from these results to more than 4.6 million images generated during the study period. Automated tools and manual review identified sexualised content and confirmed cases involving individuals appearing under 18.

Campaigners have warned that the findings expose significant gaps in AI safety controls, particularly in protecting children. Calls are growing for stricter oversight, stronger accountability, and more robust safeguards before large-scale AI image deployment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Education for Countries programme signals OpenAI push into public education policy

OpenAI has launched the Education for Countries programme, a new global initiative designed to support governments in modernising education systems and preparing workforces for an AI-driven economy.

The programme responds to a widening gap between rapid advances in AI capabilities and people’s ability to use them effectively in everyday learning and work.

Education systems are positioned at the centre of closing that gap, as research suggests a significant share of core workplace skills will change by the end of the decade.

By integrating AI tools, training and research into schools and universities, national education frameworks can evolve alongside technological change and better equip students for future labour markets.

The programme combines access to tools such as ChatGPT Edu and advanced language models with large-scale research on learning outcomes, tailored national training schemes and internationally recognised certifications.

A global network of governments, universities and education leaders will also share best practices and shape responsible approaches to AI use in classrooms.

Initial partners include Estonia, Greece, Italy, Jordan, Kazakhstan, Slovakia, Trinidad and Tobago and the United Arab Emirates. Early national rollouts, particularly in Estonia, already involve tens of thousands of students and educators, with further countries expected to join later in 2026.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Burkina Faso pushes digital sovereignty through national infrastructure supervision

Burkina Faso has launched work on a Digital Infrastructure Supervision Centre as part of a broader effort to strengthen national oversight of digital public infrastructure and reduce exposure to external digital risks.

The project forms a core pillar of the government’s digital sovereignty strategy amid rising cybersecurity threats across public systems.

Led by the Ministry of Digital Transition, Posts and Electronic Communications, the facility is estimated to cost $5.4 million and is scheduled for completion by October.

Authorities state that the centre will centralise oversight of the national backbone network, secure cyberspace operations and supervise the functioning of domestic data centres instead of relying on external monitoring mechanisms.

Government officials argue that the supervision centre will enable resilient and sovereign management of critical digital systems while supporting a policy requiring sensitive national data to remain within domestic infrastructure.

The initiative also complements recent investments in biometric identity systems and regional digital identity frameworks.

Beyond infrastructure security, the project is positioned as groundwork for future AI adoption by strengthening sovereign data and connectivity systems.

The leadership of Burkina Faso continues to emphasise digital autonomy as a strategic priority across governance, identity management and emerging technologies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU cyber rules target global tech dependence

The European Union has proposed new cybersecurity rules aimed at reducing reliance on high-risk technology suppliers, particularly from China. In the European Union, policymakers argue existing voluntary measures failed to curb dependence on vendors such as Huawei and ZTE.

The proposal would introduce binding obligations for telecom operators across the European Union to phase out Chinese equipment. At the same time, officials have warned that reliance on US cloud and satellite services also poses security risks for Europe.

Despite increased funding and expanded certification plans, divisions remain within the European Union. Countries including Germany and France support stricter sovereignty rules, while others favour continued partnerships with US technology firms.

Analysts say the lack of consensus in the European Union could weaken the impact of the reforms. Without clear enforcement and investment in European alternatives, Europe may struggle to reduce dependence on both China and the US.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

WEF paper warns of widening AI investment gap

Policy-makers are being urged to take a more targeted approach to ‘sovereign AI’ spending, as a new paper released alongside the World Economic Forum meeting in Davos argues that no country can realistically build every part of the AI stack alone. Instead, the authors recommend treating AI sovereignty as ‘strategic interdependence’, combining selective domestic investment with trusted partnerships and alliances.

The paper, co-authored by the World Economic Forum and Bain & Co, highlights how heavily the United States and China dominate the global AI landscape. It estimates that the two countries capture around 65% of worldwide investment across the AI value chain, reflecting a full-stack model, from chips and cloud infrastructure to applications, that most other economies cannot match at the same scale.

For smaller and mid-sized economies, that imbalance can translate into a competitive disadvantage, because AI infrastructure, such as data centres and computing capacity, is increasingly viewed as the backbone of national AI capability. Still, the report argues that faster-moving countries can carve out a niche by focusing on a few priority areas, pooling regional capacity, or securing access through partnerships rather than trying to replicate the US-China approach.

The message was echoed in Davos by Nvidia chief executive Jensen Huang, who said every country should treat AI as essential infrastructure, comparable to electricity grids and transport networks. He argued that building AI data centres could drive demand for well-paid skilled trades, from electricians and plumbers to network engineers, framing the boom as a major job creator rather than a trigger for widespread job losses.

At the same time, the paper warns that physical constraints could slow expansion, including the availability of land, energy and water, as well as shortages of highly skilled workers. It also notes that local regulation can delay projects, although some industry groups argue that regulatory and cost pressures may push countries to innovate sooner in efficiency and greener data-centre design.

In the UK, industry body UKAI says high energy prices, limited grid capacity, complex planning rules and public scrutiny already create the same hurdles many other countries may soon face. It argues these constraints are helping drive improvements in efficiency, system design and coordination, seen as building blocks for more sustainable AI infrastructure.

Diplo is live reporting on all sessions from the World Economic Forum 2026 in Davos.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Rethinking the digital embassy concept

The term ‘digital embassy’ has been floating around for years, but it often adds more confusion than clarity. In his blog ‘What is a ‘digital embassy’? (Spoiler: It’s not an embassy)’, Jovan Kurbalija argues that the phrase is a misnomer in a field already crowded with overlapping labels like digital diplomacy, cyber diplomacy, and tech diplomacy.

The expression became popular after Estonia, in 2017, set up an offshore backup of national data on servers in Luxembourg under diplomatic protection. The idea was innovative, but Kurbalija stresses that a protected data vault is not an embassy in the traditional sense; it does not represent a country, negotiate on its behalf, or engage with the host society.

He points to the 1961 Vienna Convention on Diplomatic Relations, which defines an embassy as a state’s official presence on foreign territory, tasked with representation, negotiation, and the safeguarding of national interests. While states have experimented with online forms of presence, such as official websites or even ‘virtual embassies’ in platforms like Second Life, the core function remains political and relational, not simply technical.

Calling a remote server a ‘digital embassy,’ Kurbalija warns, can mislead the public and muddy policymaking. An embassy suggests diplomacy and interaction; a backup facility is about continuity, resilience, and the preservation of state records.

Estonia’s motivation, he notes, was shaped by history, specifically the fear of losing national archives and collective memory, echoing the 1940 seizure of records during Soviet control.

The push for more precise terminology may become even more important if these facilities evolve. A proposal raised during a World Economic Forum panel suggested adding AI-based processing capabilities to such offshore data sites, an idea that could shift them from passive storage toward something closer to strategic infrastructure linked to ‘AI sovereignty.’

Kurbalija suggests that instead of stretching the word ‘embassy,’ governments could borrow more precise historical concepts for protected foreign facilities, such as a ‘diplomatic enclave,’ ‘diplomatic funduq,’ or ‘diplomatic sanctuary.’ His broader point is that as countries invest in digital resilience and sovereignty, the language used to describe these arrangements should keep pace, because legitimacy and legal clarity often begin with accurate naming.

Diplo is live reporting on all sessions from the World Economic Forum 2026 in Davos.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware attack on Under Armour leads to massive customer data exposure

Under Armour is facing growing scrutiny following the publication of customer data linked to a ransomware attack disclosed in late 2025.

According to breach verification platform Have I Been Pwned, a dataset associated with the incident appeared on a hacking forum in January, exposing information tied to tens of millions of customers.

The leaked material reportedly includes 72 million email addresses alongside names, dates of birth, location details and purchase histories. Security analysts warn that such datasets pose risks that extend far beyond immediate exposure, particularly when personal identifiers and behavioural data are combined.

Experts note that verified customer information linked to a recognised brand can enable compelling phishing and fraud campaigns powered by AI tools.

Messages referencing real transactions or purchase behaviour can blur the boundary between legitimate communication and malicious activity, increasing the likelihood of delayed victimisation.

The incident has also led to legal action against Under Armour, with plaintiffs alleging failures in safeguarding sensitive customer information. The case highlights how modern data breaches increasingly generate long-term consequences rather than immediate technical disruption.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!