Critical infrastructure

UK health sector adopts AI while legacy tech lags

The UK’s healthcare sector has rapidly embraced AI, with adoption rising from 47% in 2024 to 94% in 2025, according to SOTI’s new report ‘Healthcare’s Digital Dilemma’.

AI is no longer confined to administrative tasks, as 52% of healthcare professionals now use it for diagnosis and 57% to personalise treatments. SOTI’s Stefan Spendrup said AI is improving how care is delivered and helping clinicians make more accurate, patient-specific decisions.

However, outdated systems continue to hamper progress. Nearly all UK health IT leaders report challenges from legacy infrastructure, Internet of Things (IoT) tech and telehealth tools.

While connected devices are widely used to support patients remotely, 73% rely on outdated, unintegrated systems, significantly higher than the global average of 65%.

These systems limit interoperability and heighten security risks, with 64% experiencing regular tech failures and 43% citing network vulnerabilities.

The strain on IT teams is evident. Nearly half report being unable to deploy or manage new devices efficiently, and more than half struggle to offer remote support or access detailed diagnostics. Time lost to troubleshooting remains a common frustration.

The UK appears more affected by these challenges than other countries surveyed, indicating a pressing need to modernise infrastructure instead of continuing to patch ageing technology.

While data security remains the top IT concern in UK healthcare, fewer IT teams see it as a priority, falling from 33% in 2024 to 24% in 2025. Despite a sharp increase in data breaches, the number rose from 71% to 84%.

Spendrup warned that innovation risks being undermined unless the sector rebalances priorities, with more focus on securing systems and replacing legacy tools instead of delaying necessary upgrades.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India urges preference for state telecom providers

The Department of Telecommunications (DoT) in India has introduced a policy urging all state governments and Union Territories to prioritise state-run telecom operators Bharat Sanchar Nigam Ltd (BSNL) and Mahanagar Telephone Nigam Ltd (MTNL) for their communication needs. Although not legally binding, that policy directive emphasises data security as a key reason for favouring these public sector providers.

DoT Secretary underscored the increasing competitiveness of BSNL and MTNL, noting that BSNL now manages MTNL’s operations and will set up a dedicated nodal point to cater to state governments efficiently. The move marks a significant strategic shift toward promoting state-owned telecom companies in government communications.

The policy has raised concerns among private telecom companies, who fear losing valuable government contracts to BSNL and MTNL. Private providers currently hold over 92% of the market’s revenue, and government contracts are especially important for smaller ISPs with tight margins. Diverting these contracts could significantly hurt their financial stability.

BSNL and MTNL were initially created to operate independently and compete fairly with private firms. This new policy, favouring them, risks undermining that independence and disrupting the telecom sector’s competitive balance in India.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NSA and allies set AI data security standards

The National Security Agency (NSA), in partnership with cybersecurity agencies from the UK, Australia, New Zealand, and others, has released new guidance aimed at protecting the integrity of data used in AI systems.

The Cybersecurity Information Sheet (CSI), titled AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems, outlines emerging threats and sets out 10 recommendations for mitigating them.

The CSI builds on earlier joint guidance from 2024 and signals growing global urgency around safeguarding AI data instead of allowing systems to operate without scrutiny.

The report identifies three core risks across the AI lifecycle: tampered datasets in the supply chain, deliberately poisoned data intended to manipulate models, and data drift—where changes in data over time reduce performance or create new vulnerabilities.

These threats may erode accuracy and trust in AI systems, particularly in sensitive areas like defence, cybersecurity, and critical infrastructure, where even small failures could have far-reaching consequences.

To reduce these risks, the CSI recommends a layered approach—starting with sourcing data from reliable origins and tracking provenance using digital credentials. It advises encrypting data at every stage, verifying integrity with cryptographic tools, and storing data securely in certified systems.

Additional measures include deploying zero trust architecture, using digital signatures for dataset updates, and applying access controls based on data classification instead of relying on broad administrative trust.

The CSI also urges ongoing risk assessments using frameworks like NIST’s AI RMF, encouraging organisations to anticipate emerging challenges such as quantum threats and advanced data manipulation.

Privacy-preserving techniques, secure deletion protocols, and infrastructure controls round out the recommendations.

Rather than treating AI as a standalone tool, the guidance calls for embedding strong data governance and security throughout its lifecycle to prevent compromised systems from shaping critical outcomes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Denmark moves to replace Microsoft software as part of digital sovereignty strategy

Prior to the Danish government’s formal decision, the cities of Copenhagen and Aarhus had already announced plans to reduce reliance on Microsoft software and cloud services. The national government has now followed suit.

Caroline Stage, Denmark’s Minister of Digitalisation, confirmed that the government will begin transitioning from Microsoft Office to the open-source alternative, LibreOffice. The decision aligns with broader European Union efforts to enhance digital sovereignty—a concept referring to the ability of states to maintain control over their digital infrastructure, data, and technologies.

EU member states have increasingly prioritised digital sovereignty in response to a range of concerns, including security, economic resilience, regulatory control, and the geopolitical implications of dependency on non-European technology providers.

Among the considerations are questions about data governance, operational autonomy, and the risks associated with potential service disruptions in times of political tension. For example, reports following US sanctions against the International Criminal Court (ICC) suggest that Microsoft temporarily restricted access to email services for the ICC’s Chief Prosecutor, Karim Khan, highlighting the potential vulnerabilities linked to foreign service providers.

Denmark’s move is part of a wider trend within the EU aimed at diversifying digital service providers and strengthening domestic or European alternatives. LibreOffice is developed by The Document Foundation (TDF), an independent, non-profit organisation based in Germany.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK National Cyber Security Centre calls for strategic cybersecurity policy agenda

The United Kingdom’s National Cyber Security Centre (NCSC), part of GCHQ, has called for the adoption of a long-term, strategic policy agenda to address increasing cybersecurity risks. That appeal follows prolonged delays in the introduction of updated cybersecurity legislation by the UK government.

In a blog post, co-authored by Ollie Whitehouse, NCSC’s Chief Technology Officer, and Paul W., the Principal Technical Director, the agency underscored the need for more political engagement in shaping the country’s cybersecurity landscape. Although the NCSC does not possess policymaking powers, its latest message highlights its growing concern over the UK’s limited progress in implementing comprehensive cybersecurity reforms.

Whitehouse has previously argued that the current technology market fails to incentivise the development and maintenance of secure digital products. He asserts that while the technical community knows how to build secure systems, commercial pressures and market conditions often favour speed, cost-cutting, and short-term gains over security. That, he notes, is a structural issue that cannot be resolved through voluntary best practices alone and likely requires legislative and regulatory measures.

The UK government has yet to introduce the long-anticipated Cyber Security and Resilience Bill to Parliament. Initially described by its predecessor as a step toward modernising the country’s cyber legislation, the bill remains unpublished. Another delayed effort is a consultation led by the Home Office on ransomware response policy, which was postponed due to the snap election and is still awaiting an official government response.

The agency’s call mirrors similar debates in the United States, where former Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly advocated for holding software vendors accountable for product security. The Biden administration’s national cybersecurity strategy introduced early steps toward vendor liability, a concept that has gained traction among experts like Whitehouse.

However, the current US administration under President Trump has since rolled back some of these requirements, most notably through a recent executive order eliminating obligations for government contractors to attest to their products’ security.

By contrast, the European Union has advanced several legislative initiatives aimed at strengthening digital security, including the Cyber Resilience Act. Yet, these efforts face challenges of their own, such as reconciling economic priorities with cybersecurity requirements and adapting EU-wide standards to national legal systems.

In its blog post, the NCSC reiterated that the financial and societal burden of cybersecurity failures is currently borne by consumers, governments, insurers, and other downstream actors. The agency argues that addressing these issues requires a reassessment of underlying market dynamics—particularly those that do not reward secure development practices or long-term resilience.

While the NCSC lacks the authority to enforce regulations, its increasingly direct communications reflect a broader shift within parts of the UK’s cybersecurity community toward advocating for more comprehensive policy intervention.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India unveils AI incident reporting guidelines for critical infrastructure

India is developing AI incident reporting guidelines for companies, developers, and public institutions to report AI-related issues affecting critical infrastructure sectors such as telecommunications, power, and energy. The government aims to create a centralised database to record and classify incidents like system failures, unexpected results, or harmful impacts caused by AI.

That initiative will help policymakers and stakeholders better understand and manage the risks AI poses to vital services, ensuring transparency and accountability. The proposed guidelines will require detailed reporting of incidents, including the AI application involved, cause, location, affected sector, and severity of harm.

The Telecommunications Engineering Centre (TEC) is spearheading the effort, focusing initially on telecom and digital infrastructure, with plans to extend the standard across other sectors and pitch it globally through the International Telecommunication Union. The framework aligns with international initiatives such as the OECD’s AI Incident Monitor and builds on government recommendations to improve oversight while fostering innovation.

Why does it matter?

The draft emphasises learning from incidents rather than penalising reporters, encouraging self-regulation to avoid excessive compliance burdens. The following approach complements broader AI safety goals of India, including the recent launch of the IndiaAI Safety Institute, which works on risk management, ethical frameworks, and detection tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

INTERPOL cracks down on global cybercrime networks

Over 20,000 malicious IP addresses and domains linked to data-stealing malware have been taken down during Operation Secure, a coordinated cybercrime crackdown led by INTERPOL between January and April 2025.

Law enforcement agencies from 26 countries worked together to locate rogue servers and dismantle criminal networks instead of tackling threats in isolation.

The operation, supported by cybersecurity firms including Group-IB, Kaspersky and Trend Micro, led to the removal of nearly 80 per cent of the identified malicious infrastructure. Authorities seized 41 servers, confiscated over 100GB of stolen data and arrested 32 suspects.

More than 216,000 individuals and organisations were alerted, helping them act quickly by changing passwords, freezing accounts or blocking unauthorised access.

Vietnamese police arrested 18 people, including a group leader found with cash, SIM cards and business records linked to fraudulent schemes. Sri Lankan and Nauruan authorities carried out home raids, arresting 14 suspects and identifying 40 victims.

In Hong Kong, police traced 117 command-and-control servers across 89 internet providers. INTERPOL hailed the effort as proof of the impact of cross-border cooperation in dismantling cybercriminal infrastructure instead of allowing it to flourish undisturbed.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Europe’s new digital diplomacy: From principles to power

In a decisive geopolitical shift, the European Union has unveiled its 2025 International Digital Strategy, signalling a turn from a values-first diplomacy to a focus on security and competitiveness. As Jovan Kurbalija explains in his blog post titled ‘EU Digital Diplomacy: Geopolitical shift from focus on values to economic security‘, the EU is no longer simply exporting its regulatory ideals — often referred to as the ‘Brussels effect’ — but is now positioning digital technology as central to its economic and geopolitical resilience.

The strategy places special emphasis on building secure digital infrastructure, such as submarine cables and AI factories, and deepening digital partnerships across continents. Unlike the 2023 Council Conclusions, which promoted a human-centric, rights-based approach to digital transformation, the 2025 Strategy prioritises tech sovereignty, resilient supply chains, and strategic defence-linked innovations.

Human rights, privacy, and inclusivity still appear, but mainly in supporting roles to broader goals of power and resilience. The EU’s new path reflects a realpolitik understanding that its survival in the global tech race depends on alliances, capability-building, and a nimble response to the rapid evolution of AI and cyber threats.

In practice, this means more digital engagement with key partners like India, Japan, and South Korea and coordinated global investments through the ‘Tech Team Europe’ initiative. The strategy introduces new structures like a Digital Partnership Network while downplaying once-central instruments like the AI Act.

With China largely sidelined and relations with the US in ‘wait and see’ mode, the EU seems intent on building an independent but interconnected digital path, reaching out to the Global South with a pragmatic offer of secure digital infrastructure and public-private investments.

Why does it matter?

Yet, major questions linger: how will these ambitious plans be implemented, who will lead them, and can the EU maintain coherence between its internal democratic values and this outward-facing strategic assertiveness? As Kurbalija notes, the success of this new digital doctrine will hinge on whether the EU can fuse its soft power legacy with the hard power realities of a turbulent tech-driven world.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Massive leak exposes data of millions in China

Cybersecurity researchers have uncovered a brief but significant leak of over 600 gigabytes of data, exposing information on millions of Chinese citizens.

The haul, containing WeChat, Alipay, banking, and residential records, is part of a centralised system, possibly aimed at large-scale surveillance instead of a random data breach.

According to research from Cybernews and cybersecurity consultant Bob Diachenko, the data was likely used to build individuals’ detailed behavioural, social and economic profiles.

They warned the information could be exploited for phishing, fraud, blackmail or even disinformation campaigns instead of remaining dormant. Although only 16 datasets were reviewed before the database vanished, they indicated a highly organised and purposeful collection effort.

The source of the leak remains unknown, but the scale and nature of the data suggest it may involve government-linked or state-backed entities rather than lone hackers.

The exposed information could allow malicious actors to track residence locations, financial activity and personal identifiers, placing millions at risk instead of keeping their lives private and secure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Digital Social Security cards coming this summer

The US Social Security Administration is launching digital access to Social Security numbers in the summer of 2025 through its ‘My Social Security’ portal. The initiative aims to improve convenience, reduce physical card replacement delays, and protect against identity theft.

The digital rollout responds to the challenges of outdated paper cards, rising fraud risks, and growing demand for remote access to US government services. Cybersecurity experts also recommend using VPNs, antivirus software, and identity monitoring services to guard against phishing scams and data breaches.

While it promises faster and more secure access, experts urge users to bolster account protection through strong passwords, two-factor authentication, and avoidance of public Wi-Fi when accessing sensitive data.

Users should regularly check their credit reports and SSA records and consider requesting an IRS PIN to prevent tax-related fraud. The SSA says this move will make Social Security more efficient without compromising safety.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!