Critical infrastructure

Amazon launches AU$ 20 bn investment in Australian solar-powered data centres

Amazon will invest AU$ 20 billion to expand its data centre infrastructure in Australia, using solar and wind power instead of traditional energy sources.

The plan includes power purchase agreements with three utility-scale solar plants developed by European Energy, one of which—Mokoan Solar Park in Victoria—is already operational. The other two projects, Winton North and Bullyard Solar Parks, are expected to lift total solar capacity to 333MW.

The investment supports Australia’s aim to enhance its cloud and AI capabilities. Amazon’s commitment includes purchasing over 170MW of power from these projects, contributing to both data centre growth and the country’s renewable energy transition.

According to the International Energy Agency, electricity demand from data centres is expected to more than double by 2030, driven by AI.

Amazon Web Services CEO Matt Garman said the move positions Australia to benefit from AI’s economic potential. The company, already active in solar projects across New South Wales, Queensland and Victoria, continues to prioritise renewables to decarbonise operations and meet surging energy needs.

Instead of pursuing growth through conventional means, Amazon’s focus on clean energy could set a precedent for other tech giants expanding in the region.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Cyberattack on Nova Scotia Power exposes sensitive data of 280,000 customers

Canada’s top cyber-defence official has spoken out following the ransomware attack that compromised the personal data of 280,000 Nova Scotia Power customers.

The breach, which occurred on 19 March but went undetected until 25 April, affected over half of the utility’s customer base. Stolen data included names, addresses, birthdates, driver’s licences, social insurance numbers, and banking details.

Rajiv Gupta, head of the Canadian Centre for Cyber Security, confirmed that Nova Scotia Power had contacted the agency following the incident.

While he refrained from discussing operational details or attributing blame, he highlighted the rising frequency of ransomware attacks against critical infrastructure across Canada.

He explained how criminal groups use double extortion tactics — stealing data and locking systems — to pressure organisations into paying ransoms, often without guaranteeing system restoration or data confidentiality.

Although the utility declined to pay the ransom, the fallout has led to a wave of scrutiny. Gupta warned that interconnectivity and integrating legacy systems with internet-facing platforms have increased vulnerability.

He urged utilities and other infrastructure operators to build defences based on worst-case scenarios and to adopt recommended cyber hygiene practices and the Centre’s ransomware playbook.

In response to the breach, the Nova Scotia Energy Board has approved a $1.8 million investment in cybersecurity upgrades.

The Canadian cyber agency, although lacking regulatory authority, continues to provide support and share lessons from such incidents with other organisations to raise national resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Taiwan tightens rules on chip shipments to China

Taiwan has officially banned the export of chips and chiplets to China’s Huawei and SMIC, joining the US in tightening restrictions on advanced semiconductor transfers.

The decision follows reports that TSMC, the world’s largest contract chipmaker, was unknowingly misled into supplying chiplets used in Huawei’s Ascend 910B AI accelerator. The US Commerce Department had reportedly considered a fine of over $1 billion against TSMC for that incident.

Taiwan’s new rules aim to prevent further breaches by requiring export permits for any transactions with Huawei or SMIC.

The distinction between chips and chiplets is key to the case. Traditional chips are built as single-die monoliths using the same process node, while chiplets are modular and can combine various specialised components, such as CPU or AI cores.

Huawei allegedly used shell companies to acquire chiplets from TSMC, bypassing existing US restrictions. If TSMC had known the true customer, it likely would have withheld the order. Taiwan’s new export controls are designed to ensure stricter oversight of future transactions and prevent repeat deceptions.

The broader geopolitical stakes are clear. Taiwan views the transfer of advanced chips to China as a national security threat, given Beijing’s ambitions to reunify with Taiwan and the potential militarisation of high-end semiconductors.

With Huawei claiming its processors are nearly on par with Western chips—though analysts argue they lag two to three generations behind—the export ban could further isolate China’s chipmakers.

Speculation persists that Taiwan’s move was partly influenced by negotiations with the US to avoid the proposed fine on TSMC, bringing both countries into closer alignment on chip sanctions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

German state leaves Microsoft Teams for digital sovereignty

In a bold move highlighting growing concerns over digital sovereignty, the German state of Schleswig-Holstein is cutting ties with Microsoft. Announced by Digitalisation Minister Dirk Schroedter, the state is uninstalling the tech giant’s ubiquitous software across its entire administration.

‘We’re done with Teams!’ declared Minister Schroedter, signalling a complete shift away from Microsoft products like Word, Excel, Outlook, and eventually the Windows operating system itself. Instead, Schleswig-Holstein is turning to open-source alternatives like LibreOffice and Linux.

The reason? A strong desire to ‘take back control’ of its data and reduce reliance on US tech giants. Minister Schroedter emphasised that recent geopolitical tensions, particularly following Donald Trump’s return to the White House and rising US-EU friction, have ‘strengthened interest’ in their path.

‘The war in Ukraine revealed our energy dependencies,’ he noted, ‘and now we see there are also digital dependencies.’ The transition, affecting all 60,000 public servants, including police, judges, and eventually teachers, begins in less than three months.

Data will also move away from Microsoft-controlled clouds to German infrastructure. Beyond sovereignty, the state expects significant cost savings – potentially tens of millions of euros – compared to licensing fees and mandatory updates, which experts say can leave organisations feeling taken ‘by the throat’. The move also references long-standing antitrust concerns, like the EU’s investigation into Microsoft bundling Teams.

Microsoft was earlier accused of blocking the email of ICC Chief Prosecutor Karim Khan in compliance with US sanctions—an action it denied, noting the ICC had reportedly switched to ProtonMail. The incident raised fresh questions about digital sovereignty and the risks of foreign cloud dependency.

Why does it matter?

While challenges exist, like potential staff resistance highlighted by past struggles in Munich, Schleswig-Holstein is forging ahead. They join other entities like France’s gendarmerie and are watched by cities like Copenhagen and Aarhus. Bolstered by the new EU ‘Interoperable Europe Act‘, Schleswig-Holstein aims to be a pioneer, proving that governments can successfully reclaim control of their digital destiny.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK health sector adopts AI while legacy tech lags

The UK’s healthcare sector has rapidly embraced AI, with adoption rising from 47% in 2024 to 94% in 2025, according to SOTI’s new report ‘Healthcare’s Digital Dilemma’.

AI is no longer confined to administrative tasks, as 52% of healthcare professionals now use it for diagnosis and 57% to personalise treatments. SOTI’s Stefan Spendrup said AI is improving how care is delivered and helping clinicians make more accurate, patient-specific decisions.

However, outdated systems continue to hamper progress. Nearly all UK health IT leaders report challenges from legacy infrastructure, Internet of Things (IoT) tech and telehealth tools.

While connected devices are widely used to support patients remotely, 73% rely on outdated, unintegrated systems, significantly higher than the global average of 65%.

These systems limit interoperability and heighten security risks, with 64% experiencing regular tech failures and 43% citing network vulnerabilities.

The strain on IT teams is evident. Nearly half report being unable to deploy or manage new devices efficiently, and more than half struggle to offer remote support or access detailed diagnostics. Time lost to troubleshooting remains a common frustration.

The UK appears more affected by these challenges than other countries surveyed, indicating a pressing need to modernise infrastructure instead of continuing to patch ageing technology.

While data security remains the top IT concern in UK healthcare, fewer IT teams see it as a priority, falling from 33% in 2024 to 24% in 2025. Despite a sharp increase in data breaches, the number rose from 71% to 84%.

Spendrup warned that innovation risks being undermined unless the sector rebalances priorities, with more focus on securing systems and replacing legacy tools instead of delaying necessary upgrades.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India urges preference for state telecom providers

The Department of Telecommunications (DoT) in India has introduced a policy urging all state governments and Union Territories to prioritise state-run telecom operators Bharat Sanchar Nigam Ltd (BSNL) and Mahanagar Telephone Nigam Ltd (MTNL) for their communication needs. Although not legally binding, that policy directive emphasises data security as a key reason for favouring these public sector providers.

DoT Secretary underscored the increasing competitiveness of BSNL and MTNL, noting that BSNL now manages MTNL’s operations and will set up a dedicated nodal point to cater to state governments efficiently. The move marks a significant strategic shift toward promoting state-owned telecom companies in government communications.

The policy has raised concerns among private telecom companies, who fear losing valuable government contracts to BSNL and MTNL. Private providers currently hold over 92% of the market’s revenue, and government contracts are especially important for smaller ISPs with tight margins. Diverting these contracts could significantly hurt their financial stability.

BSNL and MTNL were initially created to operate independently and compete fairly with private firms. This new policy, favouring them, risks undermining that independence and disrupting the telecom sector’s competitive balance in India.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NSA and allies set AI data security standards

The National Security Agency (NSA), in partnership with cybersecurity agencies from the UK, Australia, New Zealand, and others, has released new guidance aimed at protecting the integrity of data used in AI systems.

The Cybersecurity Information Sheet (CSI), titled AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems, outlines emerging threats and sets out 10 recommendations for mitigating them.

The CSI builds on earlier joint guidance from 2024 and signals growing global urgency around safeguarding AI data instead of allowing systems to operate without scrutiny.

The report identifies three core risks across the AI lifecycle: tampered datasets in the supply chain, deliberately poisoned data intended to manipulate models, and data drift—where changes in data over time reduce performance or create new vulnerabilities.

These threats may erode accuracy and trust in AI systems, particularly in sensitive areas like defence, cybersecurity, and critical infrastructure, where even small failures could have far-reaching consequences.

To reduce these risks, the CSI recommends a layered approach—starting with sourcing data from reliable origins and tracking provenance using digital credentials. It advises encrypting data at every stage, verifying integrity with cryptographic tools, and storing data securely in certified systems.

Additional measures include deploying zero trust architecture, using digital signatures for dataset updates, and applying access controls based on data classification instead of relying on broad administrative trust.

The CSI also urges ongoing risk assessments using frameworks like NIST’s AI RMF, encouraging organisations to anticipate emerging challenges such as quantum threats and advanced data manipulation.

Privacy-preserving techniques, secure deletion protocols, and infrastructure controls round out the recommendations.

Rather than treating AI as a standalone tool, the guidance calls for embedding strong data governance and security throughout its lifecycle to prevent compromised systems from shaping critical outcomes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Denmark moves to replace Microsoft software as part of digital sovereignty strategy

Prior to the Danish government’s formal decision, the cities of Copenhagen and Aarhus had already announced plans to reduce reliance on Microsoft software and cloud services. The national government has now followed suit.

Caroline Stage, Denmark’s Minister of Digitalisation, confirmed that the government will begin transitioning from Microsoft Office to the open-source alternative, LibreOffice. The decision aligns with broader European Union efforts to enhance digital sovereignty—a concept referring to the ability of states to maintain control over their digital infrastructure, data, and technologies.

EU member states have increasingly prioritised digital sovereignty in response to a range of concerns, including security, economic resilience, regulatory control, and the geopolitical implications of dependency on non-European technology providers.

Among the considerations are questions about data governance, operational autonomy, and the risks associated with potential service disruptions in times of political tension. For example, reports following US sanctions against the International Criminal Court (ICC) suggest that Microsoft temporarily restricted access to email services for the ICC’s Chief Prosecutor, Karim Khan, highlighting the potential vulnerabilities linked to foreign service providers.

Denmark’s move is part of a wider trend within the EU aimed at diversifying digital service providers and strengthening domestic or European alternatives. LibreOffice is developed by The Document Foundation (TDF), an independent, non-profit organisation based in Germany.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK National Cyber Security Centre calls for strategic cybersecurity policy agenda

The United Kingdom’s National Cyber Security Centre (NCSC), part of GCHQ, has called for the adoption of a long-term, strategic policy agenda to address increasing cybersecurity risks. That appeal follows prolonged delays in the introduction of updated cybersecurity legislation by the UK government.

In a blog post, co-authored by Ollie Whitehouse, NCSC’s Chief Technology Officer, and Paul W., the Principal Technical Director, the agency underscored the need for more political engagement in shaping the country’s cybersecurity landscape. Although the NCSC does not possess policymaking powers, its latest message highlights its growing concern over the UK’s limited progress in implementing comprehensive cybersecurity reforms.

Whitehouse has previously argued that the current technology market fails to incentivise the development and maintenance of secure digital products. He asserts that while the technical community knows how to build secure systems, commercial pressures and market conditions often favour speed, cost-cutting, and short-term gains over security. That, he notes, is a structural issue that cannot be resolved through voluntary best practices alone and likely requires legislative and regulatory measures.

The UK government has yet to introduce the long-anticipated Cyber Security and Resilience Bill to Parliament. Initially described by its predecessor as a step toward modernising the country’s cyber legislation, the bill remains unpublished. Another delayed effort is a consultation led by the Home Office on ransomware response policy, which was postponed due to the snap election and is still awaiting an official government response.

The agency’s call mirrors similar debates in the United States, where former Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly advocated for holding software vendors accountable for product security. The Biden administration’s national cybersecurity strategy introduced early steps toward vendor liability, a concept that has gained traction among experts like Whitehouse.

However, the current US administration under President Trump has since rolled back some of these requirements, most notably through a recent executive order eliminating obligations for government contractors to attest to their products’ security.

By contrast, the European Union has advanced several legislative initiatives aimed at strengthening digital security, including the Cyber Resilience Act. Yet, these efforts face challenges of their own, such as reconciling economic priorities with cybersecurity requirements and adapting EU-wide standards to national legal systems.

In its blog post, the NCSC reiterated that the financial and societal burden of cybersecurity failures is currently borne by consumers, governments, insurers, and other downstream actors. The agency argues that addressing these issues requires a reassessment of underlying market dynamics—particularly those that do not reward secure development practices or long-term resilience.

While the NCSC lacks the authority to enforce regulations, its increasingly direct communications reflect a broader shift within parts of the UK’s cybersecurity community toward advocating for more comprehensive policy intervention.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India unveils AI incident reporting guidelines for critical infrastructure

India is developing AI incident reporting guidelines for companies, developers, and public institutions to report AI-related issues affecting critical infrastructure sectors such as telecommunications, power, and energy. The government aims to create a centralised database to record and classify incidents like system failures, unexpected results, or harmful impacts caused by AI.

That initiative will help policymakers and stakeholders better understand and manage the risks AI poses to vital services, ensuring transparency and accountability. The proposed guidelines will require detailed reporting of incidents, including the AI application involved, cause, location, affected sector, and severity of harm.

The Telecommunications Engineering Centre (TEC) is spearheading the effort, focusing initially on telecom and digital infrastructure, with plans to extend the standard across other sectors and pitch it globally through the International Telecommunication Union. The framework aligns with international initiatives such as the OECD’s AI Incident Monitor and builds on government recommendations to improve oversight while fostering innovation.

Why does it matter?

The draft emphasises learning from incidents rather than penalising reporters, encouraging self-regulation to avoid excessive compliance burdens. The following approach complements broader AI safety goals of India, including the recent launch of the IndiaAI Safety Institute, which works on risk management, ethical frameworks, and detection tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!