Cybersecurity

Taiwan tightens rules on chip shipments to China

Taiwan has officially banned the export of chips and chiplets to China’s Huawei and SMIC, joining the US in tightening restrictions on advanced semiconductor transfers.

The decision follows reports that TSMC, the world’s largest contract chipmaker, was unknowingly misled into supplying chiplets used in Huawei’s Ascend 910B AI accelerator. The US Commerce Department had reportedly considered a fine of over $1 billion against TSMC for that incident.

Taiwan’s new rules aim to prevent further breaches by requiring export permits for any transactions with Huawei or SMIC.

The distinction between chips and chiplets is key to the case. Traditional chips are built as single-die monoliths using the same process node, while chiplets are modular and can combine various specialised components, such as CPU or AI cores.

Huawei allegedly used shell companies to acquire chiplets from TSMC, bypassing existing US restrictions. If TSMC had known the true customer, it likely would have withheld the order. Taiwan’s new export controls are designed to ensure stricter oversight of future transactions and prevent repeat deceptions.

The broader geopolitical stakes are clear. Taiwan views the transfer of advanced chips to China as a national security threat, given Beijing’s ambitions to reunify with Taiwan and the potential militarisation of high-end semiconductors.

With Huawei claiming its processors are nearly on par with Western chips—though analysts argue they lag two to three generations behind—the export ban could further isolate China’s chipmakers.

Speculation persists that Taiwan’s move was partly influenced by negotiations with the US to avoid the proposed fine on TSMC, bringing both countries into closer alignment on chip sanctions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Indonesia’s cyber strategy balances power and capacity

Indonesia has taken a major step in decentralising its cybersecurity efforts by launching eight regional Cyber Crime Directorates across provinces, including Jakarta, West Java, East Java, and Papua. That marks a significant shift from a centralised system to one that recognises the localised nature of cyber threats, from financial fraud and data breaches to online disinformation.

The move reflects a growing awareness that cybersecurity is no longer just a technical issue but a broader governance challenge involving law enforcement at multiple levels. The rationale behind the decentralisation is clear: bringing cyber governance closer to where threats emerge allows for quicker responses and better local engagement.

It aligns with global ideas of ‘multi-level security governance,’ where various authorities work together across layers. However, while the creation of these regional directorates in Indonesia signals progress, it also reveals deep structural limitations—many local units still lack trained personnel, sufficient technology, and flexible organisational systems needed to tackle sophisticated cybercrime.

Experts warn that these new directorates risk becoming symbolic rather than effective without serious investments in infrastructure, education, and staff development. Current bureaucratic rigidity, hierarchical communication, and limited agency coordination further hamper their potential.

In some provinces, such as Central Sulawesi and Papua, the initiative may also reflect broader state security goals, highlighting how cybersecurity policy often intersects with political and geographic sensitivities. For Indonesia to build a truly adaptive and resilient cyber governance framework, reforms must go beyond institutional expansion.

That includes fostering partnerships with academia and civil society, enabling regional units to respond dynamically to emerging threats, and ensuring that cyber capabilities are built on solid foundations rather than unevenly distributed resources. Otherwise, the decentralisation could reinforce old inefficiencies under a new name.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

German state leaves Microsoft Teams for digital sovereignty

In a bold move highlighting growing concerns over digital sovereignty, the German state of Schleswig-Holstein is cutting ties with Microsoft. Announced by Digitalisation Minister Dirk Schroedter, the state is uninstalling the tech giant’s ubiquitous software across its entire administration.

‘We’re done with Teams!’ declared Minister Schroedter, signalling a complete shift away from Microsoft products like Word, Excel, Outlook, and eventually the Windows operating system itself. Instead, Schleswig-Holstein is turning to open-source alternatives like LibreOffice and Linux.

The reason? A strong desire to ‘take back control’ of its data and reduce reliance on US tech giants. Minister Schroedter emphasised that recent geopolitical tensions, particularly following Donald Trump’s return to the White House and rising US-EU friction, have ‘strengthened interest’ in their path.

‘The war in Ukraine revealed our energy dependencies,’ he noted, ‘and now we see there are also digital dependencies.’ The transition, affecting all 60,000 public servants, including police, judges, and eventually teachers, begins in less than three months.

Data will also move away from Microsoft-controlled clouds to German infrastructure. Beyond sovereignty, the state expects significant cost savings – potentially tens of millions of euros – compared to licensing fees and mandatory updates, which experts say can leave organisations feeling taken ‘by the throat’. The move also references long-standing antitrust concerns, like the EU’s investigation into Microsoft bundling Teams.

Microsoft was earlier accused of blocking the email of ICC Chief Prosecutor Karim Khan in compliance with US sanctions—an action it denied, noting the ICC had reportedly switched to ProtonMail. The incident raised fresh questions about digital sovereignty and the risks of foreign cloud dependency.

Why does it matter?

While challenges exist, like potential staff resistance highlighted by past struggles in Munich, Schleswig-Holstein is forging ahead. They join other entities like France’s gendarmerie and are watched by cities like Copenhagen and Aarhus. Bolstered by the new EU ‘Interoperable Europe Act‘, Schleswig-Holstein aims to be a pioneer, proving that governments can successfully reclaim control of their digital destiny.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google pushes users to move away from passwords

Google urges users to move beyond passwords, citing widespread reuse and vulnerability to phishing attacks. The company is now promoting alternatives like passkeys and social sign-ins as more secure and user-friendly options.

Data from Google shows that half of users reuse passwords, while the rest either memorise or write them down. Gen Z is leading the shift and is significantly more likely to adopt passkeys and social logins than older generations.

Passkeys, stored on user devices, eliminate traditional password input and reduce phishing risks by relying on biometrics or device PINs for authentication. However, limited app support and difficulty syncing across devices remain barriers to broader adoption.

Google highlights that while social sign-ins offer convenience, they come with privacy trade-offs by giving large companies access to more user activity data. Users still relying on passwords are advised to adopt app-based two-factor authentication over SMS or email, which are far less secure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK remote work still a major data security risk

A new survey reveals that 69% of UK companies reported data breaches to the Information Commissioner’s Office (ICO) over the past year, a steep rise from 53% in 2024.

The research conducted by Apricorn highlights that nearly half of remote workers knowingly compromised data security.

Based on responses from 200 UK IT security leaders, the study found that phishing remains the leading cause of breaches, followed by human error. Despite widespread remote work policies, 58% of organisations believe staff lack the proper tools or skills to protect sensitive data.

The use of personal devices for work has climbed to 56%, while only 19% of firms now mandate company-issued hardware. These trends raise ongoing concerns about end point security, data visibility, and maintaining GDPR compliance in hybrid work environments.

Technical support gaps and unclear encryption practices remain pressing issues, with nearly half of respondents finding it increasingly difficult to manage remote work technology. Apricorn’s Jon Fielding called for a stronger link between written policy and practical security measures to reduce breaches.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Real-time, on-device security: The only way to stop modern mobile Trojans

Mobile banking faces a serious new threat: AI-powered Trojans operating silently within legitimate apps. These advanced forms of malware go beyond stealing login credentials—they use AI to intercept biometrics, manipulate app flows in real-time, and execute fraud without raising alarms.

Today’s AI Trojans adapt on the fly. They bypass signature-based detection and cloud-based threat engines by completing attacks directly on the device before traditional systems can react.

Most current security tools weren’t designed for this level of sophistication, exposing banks and users.

To counter this, experts advocate for AI-native security built directly into mobile apps—systems that operate on the device itself, monitoring user interactions and app behaviour in real-time to detect anomalies and stop fraud before it begins.

As these AI threats grow more common, the message is clear: mobile apps must defend themselves from within. Real-time, on-device protection is now essential to safeguarding users and staying ahead of a rapidly evolving risk.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK health sector adopts AI while legacy tech lags

The UK’s healthcare sector has rapidly embraced AI, with adoption rising from 47% in 2024 to 94% in 2025, according to SOTI’s new report ‘Healthcare’s Digital Dilemma’.

AI is no longer confined to administrative tasks, as 52% of healthcare professionals now use it for diagnosis and 57% to personalise treatments. SOTI’s Stefan Spendrup said AI is improving how care is delivered and helping clinicians make more accurate, patient-specific decisions.

However, outdated systems continue to hamper progress. Nearly all UK health IT leaders report challenges from legacy infrastructure, Internet of Things (IoT) tech and telehealth tools.

While connected devices are widely used to support patients remotely, 73% rely on outdated, unintegrated systems, significantly higher than the global average of 65%.

These systems limit interoperability and heighten security risks, with 64% experiencing regular tech failures and 43% citing network vulnerabilities.

The strain on IT teams is evident. Nearly half report being unable to deploy or manage new devices efficiently, and more than half struggle to offer remote support or access detailed diagnostics. Time lost to troubleshooting remains a common frustration.

The UK appears more affected by these challenges than other countries surveyed, indicating a pressing need to modernise infrastructure instead of continuing to patch ageing technology.

While data security remains the top IT concern in UK healthcare, fewer IT teams see it as a priority, falling from 33% in 2024 to 24% in 2025. Despite a sharp increase in data breaches, the number rose from 71% to 84%.

Spendrup warned that innovation risks being undermined unless the sector rebalances priorities, with more focus on securing systems and replacing legacy tools instead of delaying necessary upgrades.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India urges preference for state telecom providers

The Department of Telecommunications (DoT) in India has introduced a policy urging all state governments and Union Territories to prioritise state-run telecom operators Bharat Sanchar Nigam Ltd (BSNL) and Mahanagar Telephone Nigam Ltd (MTNL) for their communication needs. Although not legally binding, that policy directive emphasises data security as a key reason for favouring these public sector providers.

DoT Secretary underscored the increasing competitiveness of BSNL and MTNL, noting that BSNL now manages MTNL’s operations and will set up a dedicated nodal point to cater to state governments efficiently. The move marks a significant strategic shift toward promoting state-owned telecom companies in government communications.

The policy has raised concerns among private telecom companies, who fear losing valuable government contracts to BSNL and MTNL. Private providers currently hold over 92% of the market’s revenue, and government contracts are especially important for smaller ISPs with tight margins. Diverting these contracts could significantly hurt their financial stability.

BSNL and MTNL were initially created to operate independently and compete fairly with private firms. This new policy, favouring them, risks undermining that independence and disrupting the telecom sector’s competitive balance in India.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Major internet outage disrupts Google Cloud and popular platforms

A sweeping internet outage on Wednesday, 12 June 2025, caused significant disruptions to services relying on Google Cloud and Cloudflare. Popular platforms such as Spotify, Discord, Twitch, and Fubo experienced widespread downtime, with many users reporting service interruptions through Downdetector.

Despite rampant speculation online about a large-scale cyberattack, neither Google nor Cloudflare has confirmed any such link. Google Cloud reported an incident affecting users globally, stating engineers had identified the root cause and were actively working on mitigation.

While some services have begun to recover, there is no definitive timeline for full restoration. Google attributed the issue to internal authentication problems, though details remain limited.

Adding to the confusion, social media posts speculated that multiple cloud providers, including AWS and Azure, were affected. However, this was quickly challenged, and Cloudflare clarified that only a small portion of its services, which rely on Google Cloud, experienced issues—its core systems remained fully operational.

While investigations are ongoing and recovery efforts are in progress, the full extent and exact cause of the outage remain unclear. For now, users are advised to monitor official updates from service providers as the situation develops.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NSA and allies set AI data security standards

The National Security Agency (NSA), in partnership with cybersecurity agencies from the UK, Australia, New Zealand, and others, has released new guidance aimed at protecting the integrity of data used in AI systems.

The Cybersecurity Information Sheet (CSI), titled AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems, outlines emerging threats and sets out 10 recommendations for mitigating them.

The CSI builds on earlier joint guidance from 2024 and signals growing global urgency around safeguarding AI data instead of allowing systems to operate without scrutiny.

The report identifies three core risks across the AI lifecycle: tampered datasets in the supply chain, deliberately poisoned data intended to manipulate models, and data drift—where changes in data over time reduce performance or create new vulnerabilities.

These threats may erode accuracy and trust in AI systems, particularly in sensitive areas like defence, cybersecurity, and critical infrastructure, where even small failures could have far-reaching consequences.

To reduce these risks, the CSI recommends a layered approach—starting with sourcing data from reliable origins and tracking provenance using digital credentials. It advises encrypting data at every stage, verifying integrity with cryptographic tools, and storing data securely in certified systems.

Additional measures include deploying zero trust architecture, using digital signatures for dataset updates, and applying access controls based on data classification instead of relying on broad administrative trust.

The CSI also urges ongoing risk assessments using frameworks like NIST’s AI RMF, encouraging organisations to anticipate emerging challenges such as quantum threats and advanced data manipulation.

Privacy-preserving techniques, secure deletion protocols, and infrastructure controls round out the recommendations.

Rather than treating AI as a standalone tool, the guidance calls for embedding strong data governance and security throughout its lifecycle to prevent compromised systems from shaping critical outcomes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!