Cybersecurity

Digital addiction in Italy sparks debate over social media bans

Italy has warned that digital addiction among teenagers is rising sharply, as health authorities link excessive social media and gaming use to family and educational challenges. Officials say bans alone will not resolve the issue.

According to Italy’s National Institute of Health, about 100,000 young people aged 15 to 18 are at risk of social media addiction. A further 500,000 are estimated to suffer from gaming disorder, recognised by the World Health Organisation as a medical condition.

A survey by digital ethics group Social Warning found that 77 percent of Italian teenagers consider themselves addicted to their devices. However, many say they lack the tools or support to change their behaviour.

Research by ‘Con i Bambini’, which funds projects tackling educational poverty in Italy, links digital dependency to isolation and strained parental relationships. The organisation says legislative measures can protect minors but cannot replace structured education and family support.

The debate extends across the EU. The European Parliament has called for a minimum age of 16 for social media platforms, while France, Italy, and Spain are considering national restrictions. Experts argue that prevention and digital literacy must complement regulation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Fake Google Forms phishing campaign targets job seekers

A phishing campaign is targeting job seekers with fake Google Forms pages designed to harvest account credentials. Attackers are using a spoofed domain, forms.google.ss-o[.]com, to mimic the legitimate Google Forms service and trick victims into signing in.

The fraudulent pages advertise a Customer Support Executive role and prompt applicants to enter personal details before clicking a ‘Sign in’ button. Victims are then redirected to id-v4[.]com/generation.php, a domain previously linked to credential harvesting campaigns.

Researchers identified the operation as part of a broader wave of job-themed phishing attacks. The attackers used a script called generation_form.php to create personalised tracking links and implemented redirects to evade security analysis by sending suspicious visitors to local Google search pages.

Security experts warn that the campaign relies on domain impersonation techniques, including the use of ‘ss-o’ to resemble ‘single sign-on’. The fake site reproduces Google branding elements and standard disclaimers to increase credibility.

Users are advised to avoid clicking unsolicited job links, verify opportunities through official channels, and enable multi-factor authentication. Password managers and real-time anti-malware tools can also reduce exposure to credential theft.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EVMbench from OpenAI, Paradigm and OtterSec measures AI smart contract risks

OpenAI, with Paradigm and OtterSec, introduced EVMbench to test how AI agents detect, patch, and exploit smart contract flaws. The benchmark draws on 120 real vulnerabilities from 40 blockchain projects to better reflect live conditions.

Researchers report that leading agents can now discover and exploit end-to-end vulnerabilities in live blockchain instances. Over six months, exploit success rates rose sharply, prompting both praise for improved auditing capabilities and concern over the rapid scaling of offensive skills.

EVMbench evaluates agents across three modes: detect, patch, and exploit. Each stage reflects increasing technical complexity and mirrors the responsibilities faced in production blockchain environments, where contracts are often immutable, and errors can lead to irreversible losses.

Recent incidents underline the stakes. A vulnerability in AI-generated Solidity code reportedly mispriced an asset, triggering liquidations and losses. Such cases highlight the risks of deploying AI-written financial logic without rigorous human review and governance safeguards.

While EVMbench advances measurement of AI capabilities, it remains limited to curated vulnerabilities and sandboxed conditions. As blockchain adoption expands and criminal misuse evolves, researchers stress the need for responsible AI development alongside stronger innovative contract security practices.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Lithuania selects Swiss firm Procivis for national eIDAS 2.0 wallet sandbox

Swiss firm Procivis has secured a contract to deliver Lithuania’s end-to-end Digital Identity Wallet sandbox, supporting the country’s preparations under eIDAS 2.0. The project will establish a national testbed for digital ID use cases and interoperability across the European Union.

Selected by Lithuania’s digitalisation agency, Procivis will build a platform for public authorities and relying parties to test secure digital wallet use cases. The sandbox will validate readiness ahead of the EU’s 2027 digital identity wallet deadline.

The updated eIDAS 2.0 technical framework sets out how wallets will store and share trusted digital credentials and electronic identification. Governments and private organisations will be able to integrate services into the wallets, streamlining authentication, onboarding, and cross-border access.

Across Lithuania and the EU, testbeds and large-scale pilots have been central to turning regulatory requirements into interoperable infrastructure. Lithuania’s sandbox will also support activities under the EU’s LSP Aptitude consortium, which is testing cross-sector digital identity solutions.

Procivis said the collaboration aims to accelerate practical validation while ensuring compliance with European standards on security, interoperability, and data protection. The company stated that supporting a timely, budget-aligned implementation of eIDAS 2.0 remains central to its mission.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI-generated harmful imagery sparks alarming warning from 60 regulators

Nearly 60 privacy and data protection authorities issued a joint statement warning about the risks of AI-generated harmful and non-consensual imagery. The initiative was coordinated through the Global Privacy Assembly (GPA) and its International Enforcement Cooperation Working Group (IEWG), reflecting growing cross-border cooperation.

Regulators expressed concern about AI systems that create realistic but fabricated images and videos of identifiable individuals without their knowledge or consent. They warned that such tools can lead to serious privacy violations and reputational harm.

The Office of the Privacy Commissioner for Personal Data (PCPD), which co-chairs the IEWG, highlighted the global dimension of the issue. Privacy Commissioner stressed that children are particularly vulnerable to abusive AI-generated content.

Authorities called on organisations developing and using AI systems to introduce strong safeguards against the misuse of personal data. They also urged transparency, effective mechanisms for content removal, and enhanced, age-appropriate protections for children and other vulnerable groups.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India’s UIDAI rolls out AI-enabled biometric deduplication and document verification platform

UIDAI has deployed an advanced platform that uses AI-enabled models to improve biometric deduplication, the process of ensuring that each resident has a unique identity record, by checking fingerprints, facial images and iris scans against the entire Aadhaar database.

The authority describes this system, developed with the International Institute of Information Technology, Hyderabad, as an ‘Invisible Shield’ that can perform billions of computations efficiently at a population scale, running on high-performance inference infrastructure such as NVIDIA DGX systems to enhance accuracy and speed nationwide.

In addition to biometric matching, the platform incorporates AI-based document metadata extraction and verification to curb enrolment fraud, using secure APIs (e.g. DigiLocker) for source-of-truth checks against submitted documents.

The system is already being rolled out in several states. It is expected to expand across India in the coming months, boosting service quality, reducing turnaround times for Aadhaar enrolment and update transactions, and reinforcing trust in the digital identity infrastructure.

The initiative is part of a broader push to leverage AI for fraud detection and identity assurance at a national scale. It comes amid ongoing efforts by UIDAI to modernise authentication processes as biometric and AI-based systems evolve.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Bremen trials AI-based safety system ‘AI Watch’ on city trams

The city of Bremen, Germany, has begun piloting an AI-based safety system called AI Watch on its tram fleet. The technology uses onboard cameras and computer vision models to automatically detect potential safety issues, such as passengers too close to doors, objects on the tracks, or unexpected pedestrian behaviour, and alerts tram operators in real time.

The goal is to reduce accidents and enhance situational awareness without replacing human oversight.

Developed with transport and AI specialists, AI Watch integrates with vehicles’ existing sensor suites and is designed to function in real-time operational environments. During the pilot, the system has been tested under various traffic and lighting conditions to refine hazard recognition accuracy and minimise false alarms.

BSAG representatives say the AI support tool complements human judgement, helping drivers focus on decision-making rather than continuously scanning for hazards.

The initiative comes as cities explore AI applications in urban mobility, from predictive maintenance to intelligent traffic management and automated incident detection, to improve safety, efficiency and passenger experience.

Bremen’s pilot will be evaluated for scalability across additional routes and potentially other types of public transport vehicles.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

South Africa balances fintech innovation with financial stability

South Africa’s fintech sector has evolved from a niche disruptor into a pillar of the digital economy, fuelled by rapid digital adoption and entrepreneurial growth. Regulators are now tasked with supporting innovation in decentralised finance and AI while safeguarding market stability and consumer protection.

Coordinated oversight has been central to that effort. The Intergovernmental Fintech Working Group, bringing together the National Treasury, the South African Reserve Bank and the Financial Sector Conduct Authority, promotes a harmonised and principle-based regulatory approach.

A significant turning point came when crypto assets were classified as financial products under the Financial Advisory and Intermediary Services Act. Licensing requirements for Crypto Asset Service Providers and alignment with Financial Action Task Force standards strengthened consumer safeguards and anti-money laundering controls.

Fintech also plays a growing role in financial inclusion, particularly through mobile money, digital lending and digital payments. Wider access to affordable financial tools supports inclusive economic growth across underserved communities.

AI presents fresh regulatory questions around bias, transparency and operational resilience. Ensuring compliance with the Protection of Personal Information Act while encouraging responsible experimentation remains central to South Africa’s evolving fintech strategy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

US freedom.gov and the EU’s DSA in a transatlantic fight over online speech

The transatlantic debate over ‘digital sovereignty’ is also, in a discrete measure, about whose rules govern online speech. In the EU, digital sovereignty has essentially meant building enforceable guardrails for platforms, especially around illegal content, systemic risks, and transparency, through instruments such as the Digital Services Act (DSA) and its transparency mechanisms for content moderation decisions. In Washington, the emphasis has been shifting toward ‘free speech diplomacy‘, framing some EU online-safety measures as de facto censorship that spills across borders when US-based platforms comply with the EU requirements.

What is ‘freedom.gov’?

The newest flashpoint is a reported US State Department plan to develop an online portal, widely described as ‘freedom.gov‘, intended to help users in the EU and elsewhere access content blocked under local rules, and it aligns with the Trump administration policy and a State Department programme called Internet Freedom. The ‘freedom.gov’ plan reportedly includes adding VPN-like functionality so traffic would appear to originate in the US, effectively sidestepping geographic enforcement of content restrictions. According to the US House of Representatives’ legal framework, the idea could be seen as a digital-rights tool, but experts warn it would export a US free-speech standard into jurisdictions that regulate hate speech and extremist material more tightly.

The ‘freedom.gov’ portal story occurs within a broader escalation that has already moved from rhetoric to sanctions. In late 2025, the US imposed visa bans on several EU figures it accused of pressuring platforms to suppress ‘American viewpoints,’ a move the EU governments and officials condemned as unjustified and politically coercive. The episode brought to the conclusion that Washington is treating some foreign content-governance actions not as domestic regulation, but as a challenge to US speech norms and US technology firms.

The EU legal perspective

From the EU perspective, this framing misses the point of to DSA. The Commission argues that the DSA is about platform accountability, requiring large platforms to assess and mitigate systemic risks, explain moderation decisions, and provide users with avenues to appeal. The EU has also built new transparency infrastructure, such as the DSA Transparency Database, to make moderation decisions more visible and auditable. Civil-society groups broadly supportive of the DSA stress that it targets illegal content and opaque algorithmic amplification; critics, especially in US policy circles, argue that compliance burdens fall disproportionately on major US platforms and can chill lawful speech through risk-averse moderation.

That’s where the two sides’ risk models diverge most sharply. The EU rules are shaped by the view that disinformation, hate speech, and extremist propaganda can create systemic harms that platforms must proactively reduce. On the other side, the US critics counter that ‘harm’ categories can expand into viewpoint policing, and that tools like a government-backed portal or VPN could be portrayed as restoring access to lawful expression. Yet the same reporting that casts the portal as a speech workaround also notes it may facilitate access to content the EU considers dangerous, raising questions about whether the initiative is rights-protective ‘diplomacy,’ a geopolitical pressure tactic, or something closer to state-enabled circumvention.

Why does it matter?

The dispute has gone from theoretical to practical, reshaping digital alliances, compliance strategies, and even travel rights for policy actors, not to mention digital sovereignty in the governance of online discourse and data. The EU’s approach is to make platforms responsible for systemic online risks through enforceable transparency and risk-reduction duties, while the US approach is increasingly to contest those duties as censorship with extraterritorial effects, using instruments ranging from public messaging to visa restrictions, and, potentially, state-backed bypass tools.

What could we expect then, if not a more fragmented internet, with platforms pulled between competing legal expectations, users encountering different speech environments by region, and governments treating content policy as an extension of foreign policy, complete with retaliation, countermeasures, and escalating mistrust?

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK sets 48-hour deadline for removing intimate images

The UK government plans to require technology platforms to remove intimate images shared without consent within forty-eight hours instead of allowing such content to remain online for days.

Through an amendment to the Crime and Policing Bill, firms that fail to comply could face fines amounting to ten percent of their global revenue or risk having their services blocked in the UK.

A move that reflects ministers’ commitment to treat intimate image abuse with the same seriousness as child sexual abuse material and extremist content.

The action follows mounting concern after non-consensual sexual deepfakes produced by Grok circulated widely, prompting investigations by Ofcom and political pressure on platforms owned by Elon Musk.

The government now intends victims to report an image once instead of repeating the process across multiple services. Once flagged, the content should disappear across all platforms and be blocked automatically on future uploads through hash-matching or similar detection tools.

Ministers also aim to address content hosted outside the reach of the Online Safety Act by issuing guidance requiring internet providers to block access to sites that refuse to comply.

Keir Starmer, Liz Kendall and Alex Davies-Jones emphasised that no woman should be forced to pursue platform after platform to secure removal and that the online environment must offer safety and respect.

The package of reforms forms part of a broader pledge to halve violence against women and girls during the next decade.

Alongside tackling intimate image abuse, the government is legislating against nudification tools and ensuring AI chatbots fall within regulatory scope, using this agenda to reshape online safety instead of relying on voluntary compliance from large technology firms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.