Cybersecurity

UK regulator updates online safety guidance on AI-generated intimate imagery

Ofcom has announced proposed measures intended to strengthen protections against illegal intimate image abuse online, including AI-generated explicit deepfakes and non-consensual image sharing.

The UK regulator said it is updating its Illegal Content Codes to recommend that certain online platforms use automated detection technologies to identify illegal intimate images.

According to Ofcom, hash matching systems convert images into digital identifiers that can help platforms detect repeated uploads of harmful content. Ofcom specifically referenced the StopNCII database as a recommended tool for platforms implementing the technology.

Ofcom said the measures are intended to improve protections against AI-generated intimate imagery and digitally manipulated sexual content.

The recommendations complement recent UK legislation addressing non-consensual intimate imagery and AI-enabled nudification tools.

Ofcom said the updated Illegal Content Codes are expected to enter into force in autumn 2026, subject to parliamentary approval. The regulator also said additional online safety measures under consultation may be announced later in the year.

The measures form part of the UK’s implementation of the Online Safety Act and related online safety obligations for digital platforms.

Why does it matter?

AI-generated deepfakes and synthetic sexual imagery are rapidly becoming major online safety and digital rights concerns globally. Regulators increasingly fear that existing moderation systems cannot keep pace with the scale and speed of AI-generated abuse. Ofcom’s decision illustrates how governments are beginning to shift towards mandatory or strongly encouraged proactive detection systems, particularly for highly harmful content involving intimate imagery, harassment, and exploitation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK financial regulators highlight operational risks linked to frontier AI

Bank of England, Financial Conduct Authority and HM Treasury have issued a joint statement warning regulated firms about escalating cybersecurity risks associated with frontier AI models.

The authorities said current frontier AI systems already possess cyber capabilities that may exceed those of skilled practitioners in some areas while operating at greater speed and scale. According to the statement, malicious use of these capabilities could increase risks to financial stability, market integrity, customers, and firms’ operational resilience.

UK regulators warned that firms underinvesting in cybersecurity protections may face increased exposure as more advanced AI systems emerge. The statement said regulated firms and financial market infrastructures should strengthen resilience against AI-driven cyber threats.

The guidance highlighted several priority areas, including governance, vulnerability management, third-party and supply-chain risks, data protection, network security, and recovery planning. The authorities urged boards and senior management teams to improve their understanding of frontier AI cyber risks.

Bank of England, Financial Conduct Authority and HM Treasury also warned that frontier AI models could rapidly identify and exploit vulnerabilities across complex technology estates, forcing firms to accelerate patching, remediation, and threat-detection processes. Firms were encouraged to deploy automation and AI-enabled defensive tools capable of responding at a comparable speed to emerging AI-driven attacks.

The statement additionally emphasised growing risks linked to third-party providers, open-source software dependencies, and supply-chain exposure. Regulators said firms should strengthen capabilities to identify, monitor, and manage vulnerabilities linked to third-party providers and software dependencies.

The authorities confirmed they will continue monitoring AI developments and coordinating with industry through the Cross Market Operational Resilience Group.

Why does it matter?

The financial sector increasingly depends on interconnected digital infrastructure, cloud services, AI systems, and third-party software supply chains. Frontier AI could dramatically accelerate both offensive cyber capabilities and defensive security operations, creating a rapidly evolving threat environment where traditional cybersecurity practices may no longer be sufficient.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Indian science ministry outlines AI and quantum technology priorities

India’s Ministry of Science and Technology has outlined a strategy placing AI and quantum sovereignty at the centre of future growth, according to statements by Jitendra Singh. The announcement was made during a programme hosted by the Technology Development Board.

Minister Jitendra Singh said long-term progress in deep technology depends on a coordinated national approach. The minister linked the strategy to the Research, Development and Innovation Fund scheme, which aims to expand private-sector participation in research and innovation.

According to officials, five projects were approved under the scheme in areas including battery technology, satellite systems, healthcare, and unmanned aerial systems. Initial funding disbursement has begun, alongside the release of progress reports and outlining a national quantum safe ecosystem.

Officials said post-quantum cryptography and secure digital infrastructure are emerging priorities under the National Quantum Mission. The announcements were made during a programme hosted by the Technology Development Board in New Delhi, India.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Council of Europe highlights role of democracy and AI governance in security

The Council of Europe has called for a legal and democratic framework for European security in its 2026 annual report, warning that the continent cannot separate security from democracy, human rights, and the rule of law.

Secretary General Alain Berset presented his 2026 annual report, titled ‘The New Democratic Pact for Europe in times of rupture’, to foreign ministers from the Council of Europe’s 46 member states during the Committee of Ministers session in Chişinău on 15 May.

The report states that Europe is increasing defence spending and argues that military measures alone cannot provide lasting security. Berset said democratic security depends on legal safeguards, resilient institutions, and public trust.

The report links Europe’s security challenges to Russia’s invasion of Ukraine, foreign information manipulation, and declining trust in democratic systems. It also stresses that safeguards for human rights and democratic principles must keep pace with rapid technological change, including digital technology and AI.

Berset argues that social rights, health, education, and institutional trust have too often been treated as ‘soft security’. He said security depends on public trust in institutions and resilient democratic systems.

The report presents the state of play of the New Democratic Pact for Europe, launched in 2025 to identify integrated responses to democratic backsliding and renew democratic governance across the continent. Its first consultation phase runs until December 2026.

The annual report is structured around six areas: countering information manipulation and disinformation; promoting social rights; defending equal rights and inclusion; safeguarding elections and democratic processes; supporting civic space and fundamental freedoms; and promoting positive use of digital technology and AI, including action against cyber-enabled threats.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

WEF highlights cybersecurity as a strategic economic priority in the AI era

The World Economic Forum said cybersecurity is rapidly evolving into a strategic economic and national security priority as AI systems, geopolitical tensions, and increasingly interconnected digital ecosystems reshape global cyber risks.

During the Annual Meeting on Cybersecurity 2026 held in Geneva, participants discussed how cyber threats are increasingly affecting economic activity, supply chains, financial systems, and critical infrastructure.

The forum said large-scale cyber incidents can disrupt national economies and critical infrastructure. The report referenced a major 2025 cyberattack that disrupted UK automotive production and reportedly contributed to weaker GDP growth, with estimated economic losses reaching approximately £1.9 billion.

WEF argued that organisations are increasingly abandoning compliance-driven cybersecurity models in favour of measurable resilience strategies focused on rapid recovery, operational continuity, incident response readiness, and stronger governance structures.

AI featured heavily throughout the discussions. The forum warned that attackers are using AI almost universally, allowing cyber operations to become faster, more autonomous, and more scalable. Leaders also highlighted emerging risks linked to agentic AI systems, software supply chain vulnerabilities, and quantum computing developments.

Participants stressed that cyber resilience now requires far broader coordination between governments, regulators, businesses, insurers, and infrastructure operators. Public-private cooperation, information-sharing systems, interoperable intelligence frameworks, and cross-border regulatory coordination were described as increasingly necessary to manage systemic cyber risks.

The discussions also focused on cyber-enabled fraud, scams, and online criminal operations that increasingly target both institutions and ordinary citizens across digital ecosystems. Experts argued that cybersecurity strategies must combine technological protection, digital literacy, public awareness, and platform-level safeguards instead of relying solely on reactive responses.

WEF concluded that cybersecurity is becoming inseparable from economic security and strategic stability in the AI era, with future resilience depending heavily on how effectively governments and industries align incentives, quantify cyber risk, and strengthen cooperation across interconnected systems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK’s Ofcom accepts X commitments on illegal hate and terror content moderation

Ofcom has accepted a series of public commitments from X aimed at strengthening protections for UK users against illegal hate speech and terrorist content under the Online Safety Act framework.

Under the commitments, X will review suspected illegal terrorist and hate content reported through its dedicated UK illegal content reporting tool within an average of 24 hours. As a backstop, the platform will review at least 85% of such reports within 48 hours. Ofcom said the targets, if met, would give UK users some of the strongest protections on X globally.

X is also committed to engaging external experts on reporting systems for illegal hate and terror content, following concerns from organisations that reports submitted to the platform were not always clearly acknowledged or acted on. The company also said it would withhold access to accounts reported for posting illegal terrorist content in the UK if it determines they are operated by or on behalf of a terrorist organisation proscribed in the UK.

Ofcom said X will submit quarterly performance data over the next 12 months so the regulator can monitor whether the platform is meeting its commitments. The regulator added that its broader compliance programme examining how major social media services handle illegal hate and terrorist material remains ongoing.

The announcement comes amid wider scrutiny of illegal hate content on major social media platforms. Ofcom said evidence gathered from civil society and expert organisations, including the Antisemitism Policy Trust, Tech Against Terrorism and Tell MAMA, indicates that such content persists on some of the largest social media sites.

Ofcom also noted that its investigation into X’s Grok remains ongoing, focusing on the company’s compliance with duties to deal with illegal content and the systems it has in place to do so.

Why does it matter?

The commitments show how the UK’s Online Safety Act is beginning to translate into concrete performance expectations for major platforms. Review-time targets, expert engagement and regular reporting to Ofcom could make illegal hate and terrorist content moderation more measurable. Still, the wider test will be whether X delivers these protections in practice and whether similar pressure is applied across other large platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Europe’s AI future increasingly depends on electricity and power infrastructure

A new opinion piece published by the World Economic Forum argues that the global AI race is rapidly shifting from software and models towards electricity generation, power infrastructure, and compute capacity.

The analysis by Lucy Yu, CEO for Centre for Net Zero, suggests that Europe’s future competitiveness in AI may depend less on research talent and more on whether the region can deliver clean and reliable energy fast enough to support expanding AI infrastructure.

The article highlights how the US and China continue to dominate the global AI ecosystem through massive investments in data centres, cloud infrastructure, and semiconductor capacity. Europe, meanwhile, faces growing concerns over digital dependence, particularly because US hyperscalers control most of the European cloud market while China maintains a leading position in AI patent filings and industrial deployment.

One of the central concerns involves the speed of infrastructure deployment. Grid connection timelines in some European markets can reportedly stretch close to a decade, while energy prices remain significantly higher than in the USA.

Such delays are already affecting investment decisions, with some operators reportedly bypassing congested electricity networks through direct links to gas-fired power plants, despite Europe’s broader net-zero objectives.

One more argument is that Europe’s challenge is not necessarily a shortage of renewable energy resources, but rather the inability to coordinate energy generation, electricity demand, and infrastructure deployment efficiently.

Offshore wind in the North Sea, southern European solar generation, and Scandinavian hydropower are identified as major strategic assets that remain underutilised because of fragmented infrastructure planning.

Large-scale data centres may help stabilise electricity systems by creating predictable demand patterns capable of improving grid utilisation and spreading infrastructure costs across greater consumption volumes.

Flexible AI data centres, battery systems, distributed energy resources, and AI-powered energy management systems are presented as possible solutions capable of reducing network strain and supporting cleaner electricity integration.

Lucy Yu’s analysis concludes that Europe still has an opportunity to compete in the next phase of AI development, but warns that the window is narrowing quickly. Without faster regulatory coordination, grid modernisation, and energy infrastructure reform, AI investment could increasingly shift towards regions capable of delivering power and compute capacity more rapidly.

Why does it matter?

The debate reflects a major structural shift in the global AI economy. Instead of competing only on algorithms and talent, countries are increasingly competing on access to electricity, semiconductor infrastructure, and data centre capacity. Decisions taken during the next few years could determine whether Europe becomes a major AI infrastructure hub or remains dependent on foreign cloud providers and external compute ecosystems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK committee urges stronger online safety protections

The UK Parliament’s Science, Innovation and Technology Committee has urged the government to strengthen online safety protections for young people, following evidence on proposals to restrict social media access for under-16s.

Committee Chair Dame Chi Onwurah wrote to Science, Innovation and Technology Secretary Liz Kendall and AI and Online Safety Minister Kanishka Narayan after an evidence session on age-based restrictions.

The committee said there is strong and consistent evidence of significant individual harms linked to social media use, alongside a growing body of evidence showing wider negative impacts. It said there is a clear need to protect people, especially young users, from those harms.

The letter argues that responsibility for preventing harm should not rest solely on young people or parents. It says government inaction on online safety is not an option and calls for stronger enforcement of existing age restrictions

The committee also urged the government to revisit its July 2025 report on social media misinformation. Although the government accepted almost all of the report’s conclusions, the committee said it rejected almost all recommendations for change. It is now calling for action on misinformation, harmful algorithms, and online harms in the new parliamentary session.

Dame Chi Onwurah said: ‘The status quo, where social media companies are neither accountable nor responsible for preventing harms, isn’t acceptable. It’s clear social media can cause real harm and more must be done to protect people, especially young users. If any other consumer product caused these harms, it would’ve been recalled or changed. Shouldn’t the same be true for social media services and design features?’

She added: ‘The government must urgently address gaps in the regulation, legislation and enforcement of online safety. It should revisit and adopt my committee’s previous recommendations on tackling misinformation and harmful algorithms and bring forward legislation to effectively tackle online harms in the new parliamentary session.’

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI governance priorities outlined by EU at UN dialogue

The European Union has called for the UN Global Dialogue on AI Governance to focus on responsible innovation, human rights, capacity-building and stronger interoperability between AI governance frameworks.

In a statement delivered on behalf of the EU and its member states, the bloc said the dialogue should examine AI’s social, economic, ethical, cultural, linguistic, technical and environmental implications. It also argued that responsible AI innovation should be framed not only as a risk-management challenge, but also as an opportunity for public benefit in areas such as education and government.

The EU urged participants to address who controls the data, compute and value chains behind AI systems. It also highlighted linguistic and cultural diversity, warning that AI systems trained mainly on a limited number of languages can produce less accurate and more costly outputs for speakers of underrepresented languages.

Capacity-building was presented as a core condition for effective AI governance, particularly for developing countries. The EU said countries and institutions need the skills, systems and human capacity to evaluate, question and deploy AI responsibly, while treating AI infrastructure as a matter of public interest rather than only market access or proprietary control.

The statement also identified agentic AI as an emerging governance frontier, arguing that such systems raise new questions around accountability, oversight and control that existing frameworks do not yet adequately address.

On safe and trustworthy AI, the EU called for greater compatibility between governance approaches to prevent regulatory arbitrage and support responsible cross-border deployment. It said trust should not rely only on self-assessment or voluntary disclosure, but also on auditability, traceability, validation mechanisms, certification approaches and evaluation frameworks for high-risk systems.

The EU also urged a human-centric, human rights-based approach grounded in international law. It identified AI-facilitated gender-based violence, harmful AI-generated content affecting children and older persons, manipulative algorithmic systems, data exploitation and AI-enabled surveillance as areas requiring dedicated attention.

The statement called for the UN dialogue to build on existing initiatives, including those led by UNESCO, ITU, UNDP, OHCHR, GPAI, the Council of Europe, the Hiroshima Process and AI summit processes. The EU also supported more interactive thematic sessions, continuity between dialogue editions and a co-chairs’ summary reflecting both converging and diverging views.

Why does it matter?

The EU statement shows how global AI governance debates are moving beyond broad principles towards questions of implementation, institutional capacity and interoperability between frameworks. By linking AI infrastructure, human rights, auditability and agentic AI, the EU is signalling that future international coordination will need to address both today’s deployment risks and the governance challenges posed by more autonomous systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ICO warns organisations about growing AI cyber threats

The UK Information Commissioner’s Office has warned that AI is enabling faster, more advanced and harder-to-detect cyberattacks, urging organisations to strengthen their defences against emerging threats.

In a blog post, the regulator highlighted risks such as AI-generated phishing emails, deepfake social engineering, automated vulnerability scanning, AI-powered malware, credential attacks, data poisoning and indirect prompt injection. The ICO said cybersecurity must be treated as a shared responsibility, with organisations expected to take proactive steps to protect the personal data they hold.

The ICO said strong foundational security measures remain essential, but should be reinforced with layered defences to counter AI-powered threats. It pointed to practical steps such as patching systems, restricting access through multi-factor authentication, applying least-privilege principles and managing supplier risks.

The recommendations also include monitoring systems for unusual activity, carrying out vulnerability scanning and penetration testing, and maintaining regularly tested incident response plans. The ICO said AI can also support cyber defence, but should operate within a clear framework of human oversight and accountability.

Organisations are further advised to minimise data collection, conduct regular data audits and train staff to recognise AI-powered social engineering attacks. The ICO said AI tools processing high-risk personal data should be supported by data protection impact assessments and appropriate safeguards.

Why does it matter?

The ICO’s warning links AI-powered cyber threats directly to data protection obligations. As attackers use AI to scale phishing, exploit vulnerabilities and impersonate trusted contacts, organisations are expected not only to improve technical security, but also to limit the personal data they hold, strengthen governance and prepare for faster-moving incidents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.