Australian fintech platform youX has confirmed a data breach affecting hundreds of thousands of customers. The company said it identified unauthorised access to its systems and is investigating the full extent of the incident.
A hacker claimed responsibility for the breach and shared a preview of 141 gigabytes of data from a MongoDB Atlas cluster. The exposed information reportedly includes financial details, driver’s licences, residential addresses, and records from nearly 800 broker organisations.
Over 600,000 loan applications across almost 100 lenders could be affected. The hacker threatened to release further tranches of data in stages, citing previous warnings given to the company.
YouX is engaging with regulators, including the Office of the Australian Information Commissioner, and notifying affected individuals. Partners such as Viking Asset Aggregation are working closely with the fintech to support stakeholders and manage enquiries.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Derived from the Latin word ‘superanus’, through the French word ‘souveraineté’, sovereignty can be understood as: ‘the ultimate overseer, or authority, in the decision-making process of the state and in the maintenance of order’ – Britannica. Digital sovereignty, specifically European digital sovereignty, refers to ‘Europe’s ability to act independently in the digital world’.
In 2020, the European Parliament already identified the consequences of reliance on non-EU technologies. From the economic and social influence of non-EU technology companies, which can undermine user control over their personal data, to the slow growth of the EU technology companies and a limitation on the enforcement of European laws.
Today, these concerns persist. From Romanian election interference on TikTok’s platform, Microsoft’s interference with the ICC, to the Dutch government authentication platform being acquired by a US firm, and booming American and Chinese LLMs compared to European LLMs. The EU is at a crossroads between international reliance and homegrown adoption.
The issue of the EU digital sovereignty has gained momentum in the context of recent and significant shifts in US foreign policy toward its allies. In this environment, the pursuit of the EU digital sovereignty appears as a justified and proportionate response, one that might previously have been perceived as unnecessarily confrontational.
In light of this, this analysis’s main points will discuss the rationale behind the EU digital sovereignty (including dependency, innovation and effective compliance), recent European-centric technological and platform shifts, the steps the EU is taking to successfully be digitally sovereign and finally, examples of European alternatives
Rationale behind the move
The reasons for digital sovereignty can be summed up in three main areas: (I) less dependency on non-EU tech, (ii) leading and innovating technological solutions, and (iii) ensuring better enforcement and subsequent adherence to data protection laws/fundamental rights.
(i) Less dependency: Global geopolitical tensions between US-China/Russia push Europe towards developing its own digital capabilities and secure its supply chains. Insecure supply chain makes Europe vulnerable to failing energy grids.
More recently, US giant Microsoft threatened the International legal order by revoking US-sanctioned International Criminal Court Chief Prosecutor Karim Khan’s Microsoft software access, preventing the Chief Prosecutor from working on his duties at the ICC. In light of these scenarios, Europeans are turning to developing more European-based solutions to reduce upstream dependencies.
(ii) Leaders & innovators: A common argument is that Americans innovate, the Chinese copy, and the Europeans regulate. If the EU aims to be a digital geopolitical player, it must position itself to be a regulator which promotes innovation. It can achieve this by upskilling its workforce of non-digital trades into digital ones to transform its workforce, have more EU digital infrastructure (data centres, cloud storage and management software), further increase innovation spending and create laws that truly allow for the uptake of EU technological development instead of relying on alternative, cheaper non-EU options.
(iii) Effective compliance: Knowing that fines are more difficult to enforce towards non-EU companies than the EU companies (ex., Clearview AI), EU-based technological organisations would allow for corrective measures, warnings, and fines to be enforced more effectively. Thus, enabling more adherence towards the EU’s digital agenda and respect for fundamental rights.
Can the EU achieve Digital Sovereignty?
The main speed bumps towards the EU digital sovereignty are: i) a lack of digital infrastructure (cloud storage & data centres), ii) (critical) raw material dependency and iii) Legislative initiatives to facilitate the path towards digital sovereignty (innovation procurement and fragmented compliance regime).
i) lack of digital infrastructure: In order for the EU to become digitally sovereign it must have its own sovereign digital infrastructure.
In practice, the EU relies heavily on American data centre providers (i.e. Equinix, Microsoft Azure, Amazon Web Services) hosted in the EU. In this case, even though the data is European and hosted in the EU, the company that hosts it is non-European. This poses reliance and legislative challenges, such as ensuring adequate technical and organisational measures to protect personal data when it is in transit to the US. Given the EU-US DPF, there is a legal basis for transferring EU personal data to the US.
However, if the DPF were to be struck down (perhaps due to the US’ Cloud Act), as it has been in the past (twice with Schrems I and Schrems II) and potentially Schrems III, there would no longer be a legal basis for the transfer of the EU personal data to a US data centre.
Previously, the EU’s 2022 Directive on critical entities resilience allowed for the EU countries to identify critical infrastructure and subsequently ensure they take the technical, security and organisational measures to assure their resilience. Part of this Directive covers digital infrastructure, including providers of cloud computing services and providers of data centres. From this, the EU has recently developed guidelines for member states to identify critical entities. However, these guidelines do not anticipate how to achieve resilience and leave this responsibility with member states.
ii) Raw material dependency: The EU cannot be digitally sovereign until it reduces some of its dependencies on other countries’ raw materials to build the hardware necessary to be technologically sovereign. In 2025, the EU’s goals were to create a new roadmap towards critical raw material (CRM) sovereignty to rely on its own energy sources and build infrastructure.
Thus, the RESourceEU Action Plan was born in December 2025. This plan contains 6 pillars: securing supply through knowledge, accelerating and promoting projects, using the circular economy and fostering innovation (recycling products which contain CRMs), increasing European demand for European projects (stockpiling CRMs), protecting the single market and partnering with third countries for long-lasting diversification. Practically speaking, part of this plan is to match Europe and or global raw material supply with European demand for European projects.
iii) Legislative initiatives to facilitate the path towards digital sovereignty:
Tackling difficult innovation procurement: the argument is to facilitate its uptake of innovation procurement across the EU. In 2026, the EU is set to reform its public procurement framework for innovation. The Innovation Procurement Update (IPU) team has representatives from over 33 countries (predominantly through law firms, Bird & Bird being the most represented), which recommends that innovation procurement reach 20% of all public procurement.
Another recommendation would help more costly innovative solutions to be awarded procurement projects, which in the past were awarded to cheaper procurement bids. In practice, the lowest price of a public procurement bid is preferred, and if it meets the remaining procurement conditions, it wins the bid – but de-prioritising this non-pricing criterion would enable companies with more costly innovative solutions to win public procurement bids.
Alleviating compliance challenges: lowering other compliance burdens whilst maintaining the digital aquis: recently announced at the World Economic Forum by Commission President Ursula von der Leyen, EU.inc would help cross-border business operations scaling up by alleviating company, corporate, insolvency, labour and taxation law compliance burdens. By harmonising these into a single framework, businesses can more easily grow and deploy cross-border solutions that would otherwise face hurdles.
Power through data: another legislative measure to help facilitate the path towards the EU digital sovereignty is unlocking the potential behind European data. In order to research innovative solutions, data is required. This can be achieved through personal or non-personal data. The EU’s GDPR regulates personal data and is currently undergoing amendments. If the proposed changes to the GDPR are approved, i.e. a broadening of its scope, data that used to be considered personal (and thus required GDPR compliance) could be deemed non-personal and used more freely for research purposes. The Data Act regulate the reuse and re-sharing of non-personal data. It aims to simplify and bolster the fair reuse of non-personal data. Overall, both personal and non-personal data can give important insight that research can benefit from in developing European innovative sovereign solutions.
European alternatives
European companies have already built a network of European platforms, services and apps with European values at heart:
Category
Currently Used
EU Alternative
Comments
Social media
TikTok, X, Instagram
Monnet (Luxembourg)
‘W’ (Sweden)
Monnet is a social media app prioritises connections and non-addictive scrolling. Recently announced ‘W’ replaces ‘X’ and is gaining major traction with non-advertising models at its heart.
Email
Microsoft’s Outlook and Google’s gmail
Tuta (mail/calendar), Proton (Germany), Mailbox (Germany), Mailfence (Belgium)
Replace email and calendar apps with a privacy focused business model.
Search engine
Google Search and DuckDuckGo
Qwant (France) and Ecosia (German)
Qwant has focused on privacy since its launch in 2013. Ecosia is an ecofriendly focused business model which helps plant trees when users search
Video conferencing
Microsoft Teams and Slack a
Visio (France), Wire (Switzerland, Mattermost (US but self hosted), Stackfield (Germany), Nextcloud Talk (Germany) and Threema (Switzerland)
These alternatives are end-to-end encrypted. Visio is used by the French Government
Writing tools
Microsoft’s Word & Excel and Google Sheets, Notion
Most of these options provide cloud storage and NexCloud is a recurring alternative across categories.
Finance
Visa and Mastercard
Wero (EU)
Not only will it provide an EU wide digital wallet option, but it will replace existing national options – providing for fast adoption.
LLM
OpenAI, Gemini, DeepSeek’s LLM
Mistral AI (France) and DeepL (Germany)
DeepL is already wildly used and Mistral is more transparent with its partially open-source model and ease of reuse for developers
Hardware
Semi conductors: ASML (Dutch) Data Center: GAIA-X (Belgium)
ASML is a chip powerhouse for the EU and GAIA-X set an example of EU based data centres with it open-source federated data infrastructure.
A dedicated website called ‘European Alternatives’ provides exactly what it says, European Alternatives. A list with over 50 categories and 100 alternatives
Conclusion
In recent years, the Union’s policy goals have shifted towards overt digital sovereignty solutions through diversification of materials and increased innovation spending, combined with a restructuring of the legislative framework to create the necessary path towards European digital infrastructure.
Whilst this analysis does not include all speed bumps, nor avenues towards the road of the EU digital sovereignty, it sheds light on the EU’s most recent major policy developments. Key questions remain regarding data reuse, its impact on data protection fundamental rights and whether this reshaping of the framework will yield the intended results.
Therefore, how will the EU tread whilst it becomes a more coherent sovereign geopolitical player?
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Gabon’s media regulator, the High Authority for Communication (HAC), has announced a nationwide open-ended suspension of social media, citing online content that it says is fueling tensions and undermining social cohesion. In a statement, the HAC framed the move as a response to material it described as defamatory or hateful and, in some cases, a threat to national security, telling telecom operators and internet service providers to block access to major platforms.
The regulator pointed to what it called a rise in coordinated cyberbullying and the unauthorised sharing of personal data, saying existing moderation measures were not working and that the shutdown was necessary to stop violations of Gabon’s 2016 Communications Code.
The announcement arrives amid mounting labour pressure. Teachers began a high-profile strike in December 2025 over pay, status and working conditions, and the dispute has become one of the most visible signs of broader public-sector discontent. At the same time, the economic stakes are significant: Gabon had an estimated 850,000 active social media users in late 2025 (around a third of the population), and platforms are widely used for marketing and small-business sales.
Why does it matter?
Governments increasingly treat social media suspensions as a rapid-response tool for ‘public order’, but they also reshape information access, civic debate and commerce, especially in countries where mobile apps are a primary channel for news and income. The current announcement comes at a politically sensitive moment, since Gabon has a precedent here: during the 2023 election period, authorities shut down internet access, citing the need to counter calls for violence and misinformation. Gabon is still in transition after the August 2023 coup, and President Brice Oligui Nguema, who led the takeover, won the subsequent presidential election by a landslide in 2025, consolidating power while facing rising expectations for reform and stability.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Politico reports that Germany is preparing legislative reforms that would expand the legal framework for conducting offensive cyber operations abroad and strengthen authorities to counter hybrid threats.
According to the Interior Ministry, two draft laws are under preparation:
One would revise the mandate of Germany’s foreign intelligence service to allow cyber operations outside national territory.
A second would grant security services expanded powers to fight back against hybrid threats and what the government describes as active cyber defense.
The discussion in Germany coincides with broader European debates on offensive cyber capabilities. In particular, the Netherlands have incorporated offensive cyber elements into national strategies.
The reforms in Germany remain in draft form and may face procedural and constitutional scrutiny. Adjustments to intelligence mandates could require amendments supported by a two-thirds majority in both the Bundestag and Bundesrat.
The proposed framework for ‘active cyber defense’ would focus on preventing or mitigating serious threats. Reporting by Tagesschau ndicates that draft provisions may allow operational follow-up measures in ‘special national situations,’ particularly where timely police or military assistance is not feasible.
Opposition lawmakers have raised questions regarding legal clarity, implementation mechanisms, and safeguards. Expanding offensive cyber authorities raises longstanding policy questions, including challenges of attribution to identify responsible actors; risks of escalation or diplomatic repercussions; oversight and accountability mechanisms; and compatibility with international law and norms of responsible state behaviour.
The legislative process is expected to continue through the year, with further debate anticipated in parliament.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Organised by the UN Office of Counter-Terrorism in partnership with the Republic of Korea’s UN mission, the dialogue will take place at UN Headquarters in New York. Discussions will bring together policymakers, technology experts, civil society representatives, and youth stakeholders.
A central milestone will be the launch of the first UN Practice Guide on Artificial Intelligence and Preventing and Countering Violent Extremism. The guide offers human rights-based advice on responsible AI use, addressing ethical, governance, and operational risks.
Officials warn that AI-generated content, deepfakes, and algorithmic amplification are accelerating extremist narratives online. Responsibly governed AI tools could enhance early detection, research, and community prevention efforts.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Japan and the United Kingdom have formalised a Strategic Cyber Partnership focused on strengthening cooperation in cybersecurity, including information sharing, defensive capabilities, and resilience of critical infrastructure. In related high-level discussions between the two leaders, Japan and the UK also agreed on the need to work with like-minded partners to address vulnerabilities in critical mineral supply chains.
The Strategic Cyber Partnership outlines three core areas of cooperation:
sharing cyber threat intelligence and enhancing cyber capabilities;
supporting whole-of-society resilience through best practices on infrastructure and supply chain protection and alignment on regulatory and standards issues;
collaborating on workforce development and emerging cyber technologies.
The agreement is governed through a joint Cyber Dialogue mechanism and is non-binding in nature.
Separately, at a summit meeting in Tokyo, the leaders noted the importance of strengthening supply chains for minerals identified as critical for modern industry and technology, and agreed to coordinate efforts with other partners on this issue.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Institutions in the EU have begun designing a new framework to help European armies share defence information securely, rather than relying on US technology.
A plan centred on creating a military-grade data platform, the European Defence Artificial Intelligence Data Space, is intended to support sensitive exchanges among defence authorities.
Ultimately, the approach aims to replace the current patchwork of foreign infrastructure that many member states rely on to store and transfer national security data.
The European Defence Agency is leading the effort and expects the platform to be fully operational by 2030. The concept includes two complementary elements: a sovereign military cloud for data storage and a federated system that allows countries to exchange information on a trusted basis.
Officials argue that this will improve interoperability, speed up joint decision-making, and enhance operational readiness across the bloc.
A project that aligns with broader concerns about strategic autonomy, as EU leaders increasingly question long-standing dependencies on American providers.
Several European companies have been contracted to develop the early technical foundations. The next step is persuading governments to coordinate future purchases so their systems remain compatible with the emerging framework.
Planning documents suggest that by 2029, member states should begin integrating the data space into routine military operations, including training missions and coordinated exercises. EU authorities maintain that stronger control of defence data will be essential as military AI expands across European forces.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Poland has disclosed a coordinated cyber sabotage campaign targeting more than 30 renewable energy sites in late December 2025. The incidents occurred during severe winter weather and were intended to cause operational disruption, according to CERT Polska.
Electricity generation and heat supply in Poland continued, but attackers disabled communications and remote control systems across multiple facilities. Both IT networks and industrial operational technology were targeted, marking a rare shift toward destructive cyber activity against energy infrastructure.
Investigators found attackers accessed renewable substations through exposed FortiGate devices, often without multi-factor authentication. After breaching networks, they mapped systems, damaged firmware, wiped controllers, and disabled protection relays.
Two previously unknown wiper tools, DynoWiper and LazyWiper, were used to corrupt and delete data without ransom demands. The malware spread through compromised Active Directory systems using malicious Group Policy tasks to trigger simultaneous destruction.
CERT Polska linked the infrastructure to the Russia-connected threat cluster Static Tundra, though some firms suggest Sandworm involvement. The campaign marks the first publicly confirmed destructive operation attributed to this actor, highlighting rising cyber-sabotage risks to critical energy systems.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The reported approval follows earlier developments in which ByteDance, Alibaba and Tencent were allowed to purchase more than 400,000 H200 chips in total, suggesting Beijing is moving from broad caution to selective, case-by-case permissions. Separate coverage has described the approvals as a shift after weeks of uncertainty over whether China would allow imports, even as US export licensing was moving forward.
Nvidia’s CEO Jensen Huang, speaking in Taipei, said the company had not received confirmation of DeepSeek’s clearance and indicated the licensing process is still being finalised, underscoring the uncertainty for suppliers and buyers. China’s industry and commerce ministries have been involved in approvals, with conditions reportedly shaped by the state planner, the National Development and Reform Commission.
The H200 has become a high-stakes flashpoint in US-China tech ties because access to top-tier chips directly affects AI capability and competitiveness. US political scrutiny is also rising: a senior US lawmaker has alleged Nvidia provided technical support that helped DeepSeek develop advanced models later used by China’s military, according to a letter published by the House Select Committee on China; Nvidia has pushed back against such claims in subsequent reporting.
DeepSeek is also preparing a next-generation model, V4, expected in mid-February, according to reporting that cited people familiar with the matter, which makes access to high-end compute especially consequential for timelines and performance.
Why does it matter?
If China’s conditional approvals translate into real shipments, they could ease a key bottleneck for Chinese AI development while extending Nvidia’s footprint in a market constrained by geopolitics. At the same time, the episode highlights how AI hardware is now regulated not only by Washington’s export controls but also by Beijing’s import approvals, with companies caught between shifting policy priorities.
The European Union and India have opened a new phase in their relationship at the 16th EU-India Summit in New Delhi, marked by the conclusion of a landmark Free Trade Agreement and the launch of a Security and Defence Partnership.
These agreements signal a shared ambition to deepen economic integration while strengthening cooperation in an increasingly volatile global environment.
The EU-India Free Trade Agreement ranks among the largest trade deals worldwide, significantly reducing tariff and non-tariff barriers and unlocking new opportunities for businesses of all sizes.
By improving market access and establishing clear and enforceable rules, the agreement supports more resilient supply chains, greater trade diversification and stronger joint economic security for both partners.
Alongside trade, leaders signed an EU-India Security and Defence Partnership covering maritime security, cyber and hybrid threats, counterterrorism, space and defence industrial cooperation.
Negotiations were also launched on a Security of Information Agreement, paving the way for India’s participation in EU security and defence initiatives.
The Summit further expanded cooperation on innovation, emerging technologies, climate action and people-to-people ties.
Initiatives include new EU-India Innovation Hubs, closer research collaboration, enhanced labour mobility frameworks and joint efforts on clean energy, connectivity and global development, reinforcing the partnership as a defining pillar of 21st-century geopolitics.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
