Canada’s Cyber Centre has warned that the FIFA World Cup 2026 will almost certainly attract cyber threat activity from cybercriminals, non-state actors and state-sponsored actors.
The tournament will run from 11 June to 19 July 2026 across Canada, the US and Mexico, with 104 matches in 16 cities. The Cyber Centre said the event’s global visibility, complex supporting infrastructure and broad ecosystem of suppliers and services create a large attack surface.
According to the bulletin, cybercriminals are expected to exploit public interest in the tournament through phishing, social engineering, ticket scams, fraudulent travel offers, fake livestreaming services, malicious apps and other forms of online fraud. The Cyber Centre cited research identifying more than 4,300 likely fraudulent domain registrations linked to the tournament as of August 2025.
Organisations connected to the event, including travel, hospitality, ticketing, broadcasting, telecommunications, utilities and transport providers, could also face ransomware, distributed denial-of-service attacks and website defacement. The Cyber Centre said attackers may target entities in the wider tournament ecosystem to maximise publicity, even when their targets are not part of the core World Cup infrastructure.
The bulletin also warned that threat actors are very likely to use the event for disinformation and influence activity, including campaigns involving AI-generated articles, images, videos and deepfakes. It found that there is roughly an even chance of disruptive state-sponsored cyber activity, depending on geopolitical tensions involving host nations or participating countries.
Canadian authorities urged fans, attendees, athletes, government officials and organisations linked to the tournament to strengthen cybersecurity practices and prepare for scams, disruptive attacks and information manipulation during the event.
Why does it matter?
The bulletin treats the World Cup as more than a sports event. It frames major tournaments as digitally dependent public safety environments involving ticketing systems, broadcasters, transport networks, hotels, mobile communications, local authorities and critical infrastructure. Cyber incidents during such events can cause financial loss, service disruption, data exposure, emergency communication risks and information manipulation, making cybersecurity part of event resilience and public trust.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Commission framed the initiative as a fundamental shift in the EU’s approach to technology, underpinned by the recognition that digital dependence is no longer a market inefficiency to be tolerated, but a strategic vulnerability to be corrected through legislation.
Commission President Ursula von der Leyen stated that Europe cannot afford to depend on others for the technologies that keep its hospitals running, its energy grids stable, and its services secure, calling on the EU to convert its research excellence, industrial base and single market into technological sovereignty.
The package is designed to broaden choice in core technologies for EU businesses, citizens and public administrations, and to position Europe to capture a larger share of a global semiconductor market projected to reach EUR 1.37 trillion by 2030, with AI-related components accounting for roughly 70% of that growth.
The timing reflects a specific convergence of pressures. The rapid spread of AI applications is driving a sharp increase in demand for data centre and cloud capacity that EU infrastructure cannot currently meet at scale. At the same time, longstanding dependence on non-EU suppliers for advanced semiconductor manufacturing, chip design and cloud services has become increasingly difficult to ignore as geopolitical tensions have demonstrated the economic risk of concentrated supply chains.
The 2022 US CHIPS and Science Act, generous subsidy regimes in Asia and tightening export controls on advanced semiconductor equipment have accelerated the global race for technological self-sufficiency, prompting Europe to adopt a more active industrial policy response.
Chips Act 2.0
The Chips Act 2.0 revises and expands the 2023 European Chips Act, which has mobilised more than EUR 52 billion in public and private investment, created an estimated 46,000 direct and indirect jobs and strengthened Europe’s research and innovation capacity in semiconductors. Despite this progress, the EU remains dependent on third countries for advanced chip manufacturing and semiconductor design.
The revised regulation is designed to accelerate Europe’s position across the entire semiconductor value chain, from raw materials and design to manufacturing and packaging, and to ensure that Europe captures a greater share of the growth in AI-related chip demand.
The proposal is structured around four objectives. On investment and competitiveness, the Act would cap permitting approvals at 12 months, introduce ‘Grand Challenges’ to support the development of strategically important chip types such as AI processors, and formalise Strategic Partnerships on Semiconductors with international allies.
To stimulate demand, it establishes Demand Accelerators to align new products with industry needs, expands innovation procurement, notably for European start-ups and scale-ups, and creates structural synergies with CADA to benefit from the data centre and AI Gigafactory buildout planned under that regulation.
On the supply side, the Act enables state aid for ‘First-of-a-Kind’ facilities not yet present in the Union, covering the full semiconductor value chain, designates strategic projects to unlock EU and member state co-investment, and creates a ‘Semiconductor Regions of Excellence’ label to attract investment at the regional level. To strengthen resilience, it establishes a business-to-business semiconductor supply chain platform and provides sector-specific guidance on risk assessment and mitigation.
The explicit linkage between Chips Act 2.0 and CADA reflects a deliberate industrial logic: European-made chips powering European cloud infrastructure, with demand from that infrastructure in turn supporting European chipmakers.
Cloud and AI Development Act
The Cloud and AI Development Act (CADA) forms a central part of the Commission’s AI Continent Action Plan and simultaneously addresses two structural problems: insufficient EU cloud and data centre capacity to meet AI-driven demand, and strategic dependence on a small number of non-EU cloud providers.
The Act is designed to facilitate and accelerate the deployment of sustainable cloud and data centre infrastructure, while ensuring the EU accelerates the rollout of cloud and AI in critical sectors and retains meaningful control over the infrastructure on which that rollout depends.
The Act focuses on three main areas. On research, development and innovation, it supports next-generation cloud and AI technologies, including frontier AI, industrial AI, and physical AI, introduces grand challenges to drive R&D efforts, and promotes adoption in strategic sectors through national cloud and AI strategies and new Experience and Acceleration Centres for AI in member states.
On capacity, it targets at least a tripling of EU data centre capacity within five to seven years, simplifies and accelerates permitting, and improves access to energy, land, water and financing. On sovereignty and autonomy, it establishes a single EU-wide sovereignty classification framework, promotes open source solutions as a tool for resilience, and introduces a common EU-level procurement framework for public administrations.
The sovereignty classification system merits particular attention. It introduces four assurance levels for cloud and AI services, to be applied by public sector bodies based on their own risk assessments. Level 1 requires data to be processed and stored within the EU. Level 2 requires providers to demonstrate independence from third countries and transparency over their software supply chain.
Level 3 requires providers to be owned and controlled from within the EU and to meet additional criteria including personnel citizenship, although the Commission retains the ability to recognise third-country providers at this level. Level 4 requires full transparency and control over the software supply chain with no third-country interference.
Cloud service providers seeking recognition under this framework must undergo an independent audit conducted by member state authorities. The framework is significant because it creates, for the first time, a legally grounded and progressive definition of what it means for a cloud service to be sovereign, moving the concept from political rhetoric to a procurement-relevant standard.
EU Open Source Strategy
The EU Open Source Strategy is the non-legislative pillar of the package most directly aimed at reducing dependence on proprietary, non-EU software. It places open source at the centre of the EU’s technological sovereignty approach, arguing that open ecosystems reduce supplier lock-in, increase transparency and give European developers and public administrations greater control over their digital infrastructure.
The strategy addresses a persistent structural weakness: the economic value generated by open source projects has historically been captured outside Europe, limiting the ability of European developers and companies to benefit fully from their own contributions.
The strategy is organised around four objectives. The first, Open Source for Tech Sovereignty, focuses on scaling the Open Internet Stack, a Commission-curated catalogue of EU-aligned open source solutions, and promoting alternatives to dominant proprietary products in areas such as cloud platforms, workplace tools, secure e-mail and decentralised social media.
The work will be carried out in cooperation with member states through the European Digital Infrastructure Consortium for Digital Commons. The second objective, Vibrant Open Source Ecosystem, targets start-up support through accelerators and procurement access, alongside a stewardship toolkit for critical open source assets and investment in digital skills across schools, universities, and civil services.
The third objective, Open Source in Public Administration, sets out procurement guidelines that favour open standards, reinforces the Commission’s Open Source Programme Office (OSPO) and the EU Public Sector OSPO Network, and seeks to embed openness and sovereignty-by-design in digital investment decisions across EU institutions and member states.
The fourth objective, Reinforced Standards and International Outreach, promotes EU open source developers and solutions internationally through the EU Tech Business Offer, supports uptake in partner countries and integrates open source communities into standardisation processes, including through a forthcoming revision of the EU Standardisation Regulation.
The strategy also intersects directly with the other package components. On semiconductors, it targets open hardware development through the Chips Joint Undertaking’s RISC-V programme. On AI, it supports the GenAI4EU initiative and promotes open source tooling for public sector AI adoption through the Apply AI Strategy.
On digital identity, it prioritises open source implementation of the European Digital Identity Wallet (EUDI Wallet) and the European Business Wallet. The strategy also interacts with the recently enacted Cyber Resilience Act (CRA), which imposes new security obligations on open source projects that have generated concern in the developer community. The Open Source Maintenance Instrument and critical dependency mapping exercises set out in the strategy are designed in part to address those obligations, though reconciling the CRA’s security requirements with the growth objectives of the strategy will be a key implementation challenge.
Strategic Roadmap for Digitalisation and AI in Energy
The Strategic Roadmap for Digitalisation and AI in Energy is the least legally binding element of the package but arguably the one that determines whether its ambitions are physically realisable. The targets set by CADA, particularly the goal of at least tripling EU data centre capacity within five to seven years, cannot be achieved without a corresponding expansion in reliable, affordable power supply.
Data centres are energy-intensive by nature, and the AI workloads they are increasingly required to process are even more demanding. The roadmap addresses this constraint by setting out how AI and digital technologies can improve the efficiency and flexibility of Europe’s energy systems while also enabling the energy infrastructure that these systems need.
The roadmap connects the package’s digital ambitions to the EU’s energy transition objectives, creating a mutually reinforcing relationship: cleaner, smarter energy systems create more viable conditions for data centre expansion, while AI-enabled demand management and grid optimisation tools reduce the cost and environmental impact of that expansion. The roadmap is also relevant as a governance document, since the deployment of AI in critical energy infrastructure raises its own questions about cybersecurity, data sovereignty and the concentration of control over systems on which entire economies depend.
Governance and policy implications
The Tech Sovereignty Package raises several governance issues that extend beyond its immediate legislative content. The most significant concerns the model it establishes for EU industrial policy. The package marks a clear departure from the long-standing assumption in EU competition policy that market mechanisms and trade openness are the primary tools for achieving efficient and innovative technology markets.
The explicit use of state aid for strategic semiconductor projects, the joint procurement frameworks in CADA and the deliberate promotion of EU-origin suppliers both in public procurement and sovereign cloud classification illustrate a greater role for public intervention in the technology sector. Whether the EU’s trading partners, particularly the United States and major Asian semiconductor producers, will treat these provisions as proportionate industrial policy or as market-distorting intervention is likely to become a significant diplomatic issue.
The package also has important implications for the governance of AI in Europe. It operates in parallel to the EU AI Act and the work of the EU AI Office, but addresses a different layer of the AI ecosystem. While the AI Act focuses on the risk profile and compliance obligations of AI systems once deployed, the Tech Sovereignty Package governs the infrastructure and supply chains that enable AI development in the first place.
The relationship between the two frameworks matters as decisions taken at the infrastructure layer, such as the cloud sovereignty level applied to a given public sector AI deployment, can have downstream consequences for compliance with AI Act requirements. The relationship between these frameworks will be an important area to monitor as implementation progresses.
A further coordination challenge arises internally. The package spans multiple policy domains and directorates-general within the Commission, including DG CONNECT for semiconductors, cloud and open source, and DG ENERGY for the energy roadmap.
It also interacts with DG COMP on State aid approvals and with DG TRADE on the trade implications of sovereignty-oriented procurement rules. Ensuring coherence across these areas during the legislative process, and subsequently during implementation, will require stronger-than-usual inter-institutional coordination.
Legislative process and upcoming milestones
The two legislative proposals, the Chips Act 2.0 and CADA, need to enter the ordinary legislative procedure, meaning they will be negotiated separately by the European Parliament and the Council of the European Union before trilogue negotiations between the two institutions and the Commission can begin.
Given the political and economic stakes involved, and the number of member states with competing interests in semiconductor investment locations and cloud market access, the negotiations are likely to be protracted. The original European Chips Act took approximately two years from proposal to final adoption, and CADA, which touches on the politically sensitive question of digital sovereignty vis-à-vis key trading partners, may encounter comparable friction.
Several near-term milestones are already in view. The Commission is expected to launch a call for AI Gigafactories in July 2026, following the European High Performance Computing Joint Undertaking (EuroHPC JU) Governing Board’s agreement in principle on 1 June 2026. AI Gigafactories are large-scale, purpose-built AI training facilities and represent one of the most concrete and immediately actionable elements of the broader AI infrastructure agenda.
Their deployment is intended to provide European researchers, start-ups and industry with access to the kind of computing capacity currently concentrated in the United States, and the July call will be an early test of the Commission’s ability to move from legislative ambition to operational delivery.
The Commission will also launch a consultation with member states, the European Investment Bank Group and other key stakeholders to design a European equity capacity at scale for financing tech sovereignty ambitions. This implies that the Commission does not believe grant funding and state aid alone will be sufficient to mobilise the investment required, and that a blended finance model, combining public equity with private capital, will be needed.
The EIB Group’s involvement points towards the kind of risk-sharing instruments it has used in other strategic sectors, although the specific structures and governance arrangements have yet to be designed through the consultation process.
Broader context
The package does not emerge in isolation. It sits within a cluster of interconnected EU strategic frameworks that have, over the past two to three years, progressively shifted the EU’s economic policy stance from market liberalisation towards what the Commission calls ‘open strategic autonomy’: the maintenance of trade openness where possible, combined with targeted interventionism to reduce strategic dependencies where necessary.
The Competitiveness Compass, adopted earlier in 2025 and drawing heavily on the 2024 Draghi report on European competitiveness, identifies reducing strategic dependencies as one of three pillars for restoring European economic dynamism. The Tech Sovereignty Package is the most operationally specific expression of that pillar to date.
The Economic Security Strategy, adopted in 2023, provided the risk-assessment framework within which the package sits, identifying advanced semiconductors, AI, quantum computing and biotechnology as the technological areas posing the most significant dual-use and strategic dependency risks for the EU. The Tech Sovereignty Package translates that risk assessment into concrete legislative and policy instruments, with semiconductors and AI infrastructure receiving the most direct regulatory attention.
The Commission’s AI Continent Action Plan, which positions Europe to become a global AI leader by focusing on computing infrastructure, data, skills, and adoption, provides the most direct policy antecedent for CADA in particular. The Tech Sovereignty Package fast-tracks the infrastructure ambitions of the Action Plan and adds the supply chain governance dimension that the Action Plan did not fully address.
Taken together, these documents represent a sustained and internally consistent shift in EU digital and industrial policy, one in which technological leadership is treated not merely as an economic aspiration but as a precondition for political and regulatory autonomy in an increasingly contested global technological order.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The process of developing a supplementary protocol to the UN Convention against Cybercrime has begun, with early state submissions already showing competing views over its scope and timing.
The Ad Hoc Committee Secretariat invited preliminary written inputs on the possible scope, objectives and structure of a draft protocol supplementary to the Convention, also known as the ‘Hanoi Convention’. The mandate follows UN General Assembly resolution 79/243, which asked the Committee to negotiate a draft protocol addressing, among other issues, additional criminal offences.
The United States questioned the exercise’s premise, arguing that discussions on a supplementary protocol are premature because the Convention has not yet entered into force and its implementation has not yet been tested. Washington called for the Committee first to address whether a protocol is needed at all before discussing its scope, objectives and structure.
Russia, by contrast, submitted a draft protocol text covering a broad range of offences, including terrorism financing, extremism, arms and drug trafficking, critical information infrastructure, unauthorised access to personal data and crimes involving AI. The proposal reflects a wider approach to criminalisation, including content-related offences that are likely to be contested by states concerned about overreach, legal certainty and human rights safeguards.
Other early submissions appear more cautious. Brazil, Nigeria, and Ecuador broadly support advancing the protocol process, while signalling the need to limit its scope and maintain attention to safeguards. Brazil warned against including offences where there is insufficient international consensus, while Ecuador proposed a structure that includes emerging offences, digital evidence, public-private cooperation, proportionality and human rights.
The early inputs point to a familiar divide in UN cybercrime negotiations: whether the treaty framework should remain focused on classical cybercrime, electronic evidence and criminal justice cooperation, or expand further into content-based offences, national security concerns and politically sensitive forms of online conduct.
Why does it matter?
A supplementary protocol could shape the evolution of the UN cybercrime framework after the adoption of the main Convention. If states use the protocol to add broad or content-related offences, the treaty system could move beyond core cybercrime and electronic evidence cooperation into areas with direct implications for freedom of expression, human rights safeguards, political speech, platform governance and state sovereignty. The early submissions suggest that those unresolved tensions are already resurfacing before the Convention has entered into force.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
In its latest fraud and scams advisory, the company said phishing attacks are becoming more sophisticated, with criminals using adversary-in-the-middle techniques and QR code phishing, also known as quishing, to steal credentials and bypass security measures.
The advisory also highlighted risks linked to cryptocurrency investment scams, malicious finance applications and police impersonation schemes. According to Google, scammers are using AI, social engineering and trusted digital services to deceive users, obtain money and collect sensitive information.
Google said its Trust & Safety teams are using AI tools, predictive analytics and policy enforcement to detect and disrupt fraudulent activity across its services. The company also pointed to measures such as stronger protections for session cookies, enforcement against deceptive crypto ads, monitoring of post-installation app behaviour and developer identity verification for apps installed on certified Android devices.
The company urged users to be cautious of unsolicited communications, unrealistic investment promises, unexpected QR codes and requests for personal or financial information.
Why does it matter?
The advisory shows how online fraud is becoming a cross-platform governance problem rather than a narrow cybersecurity issue. Scams now rely on trusted cloud services, mobile apps, messaging platforms, crypto infrastructure and impersonation of public authorities. That creates pressure on major technology companies to strengthen detection, app accountability and policy enforcement, while raising broader questions about consumer protection, platform responsibility and digital trust.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The US Treasury Department has acknowledged that cryptocurrency mixers may have lawful privacy uses, while warning that such tools remain vulnerable to abuse by illicit actors.
In a March 2026 report to Congress on innovative technologies to counter illicit finance involving digital assets, Treasury said lawful users may rely on mixers to protect sensitive financial information when transacting on public blockchains. The report said users may seek to conceal details about personal wealth, business payments, charitable donations or consumer spending habits.
Treasury distinguished between custodial digital asset services, including custodial mixers, and decentralised or non-custodial mechanisms that can operate without a central intermediary. Custodial services that accept and transmit value may be required to register with the Financial Crimes Enforcement Network as money services businesses, maintain records and file suspicious activity reports.
The report nevertheless stressed that criminals commonly use mixers, bridges and swaps to make illicit digital asset flows harder to trace. Treasury said mixing is frequently used by North Korea-linked cyber actors, money launderers, ransomware actors and darknet market participants.
Treasury also warned that stablecoins can form part of complex laundering processes involving mixers and other obfuscation techniques. According to the report, illicit actors may move stolen or fraud-linked assets through mixers and then swap them into stablecoins to break the traceable link to the original criminal activity.
The assessment was prepared under the GENIUS Act, which required the Treasury to examine innovative tools for countering illicit finance involving digital assets, including the role of mixers, tumblers and similar services.
Why does it matter?
The report shows the regulatory tension at the centre of digital asset policy: privacy tools can protect legitimate users on transparent public blockchains, but the same tools can also weaken AML/CFT controls, sanctions enforcement and law enforcement tracing. Treasury’s framing matters because future rules on mixers, DeFi, blockchain analytics and stablecoin compliance will need to balance financial privacy with security and illicit finance risks.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
Ofcom has urged online platforms to strengthen protections against illegal hate speech, abuse, threats and harassment ahead of the FIFA World Cup 2026. The UK regulator reminded technology companies that they have legal responsibilities under the Online Safety Act to reduce the risk of users encountering criminal content on their services.
The intervention follows concerns about abuse directed at players, coaches, officials and commentators during previous international tournaments. According to Ofcom, online attacks have frequently targeted individuals based on race, ethnicity, perceived sexual orientation and disability, causing significant personal and professional harm.
Under the UK’s Online Safety Act, platforms are required to operate effective reporting systems, maintain adequately resourced moderation teams and remove illegal content without undue delay. Ofcom stated that evidence of failures to meet these obligations during the tournament could be considered as part of its ongoing compliance assessments.
The regulator also highlighted a partnership established earlier this year with the UK Football Policing Unit, the Football Association, the Premier League, the English Football League, the Women’s Super League, the Professional Footballers’ Association and anti-discrimination organisation Kick It Out.
Major sporting events often lead to spikes in online abuse, particularly against athletes, officials and other high-profile figures. The scale and visibility of these events can amplify harmful behaviour and place additional pressure on platforms to enforce their content moderation policies effectively.
Ofcom’s intervention highlights how online safety regulation is increasingly being tested during major public events. The regulator’s warning also signals that compliance with the Online Safety Act will be assessed not only through policies on paper but through how platforms respond to real-world surges in harmful content.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
According to Albanese, Cook said the changes were partly inspired by Australia’s under-16 social media age restrictions and by Apple’s continuing research into the impact of social media on children.
Albanese said Australia was proud of its work to support a safer online environment for children and argued that other countries are now developing similar social media age restrictions.
Cook invited Albanese to visit Apple during his next trip to the United States to see the technology in action. Albanese said he intended to accept the invitation as Australia continues to consider how best to protect children online.
The Prime Minister said Australian parents had led the push for stronger protections and that the government was backing their efforts. He said more than 5 million under-16 accounts had already been removed, deactivated, or restricted.
Albanese said social media companies have a social responsibility and that Australia would continue holding them to account to help keep children safe.
Why does it matter?
The announcement highlights how national online safety rules can shape platform design beyond a country’s borders. Australia’s under-16 social media restrictions have been closely watched internationally, and Albanese is presenting Apple’s new child safety tools as evidence that regulatory pressure can push major technology companies towards stronger child protection features. The case also shows the growing link between device-level controls, platform accountability, age assurance, and children’s digital rights.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The company said it disrupted spear-phishing attempts linked to NSO after investigating user reports. According to WhatsApp, the activity involved malicious links that sought to redirect users to external websites outside the messaging platform.
WhatsApp also said it identified and removed test accounts and groups created on its service as part of the suspected NSO-linked activity. The company is sharing threat indicators to help users and researchers check whether targeting attempts may have occurred across WhatsApp, text messages, email, or other channels.
The latest filing follows WhatsApp’s earlier legal victory against NSO. The company said a court found that NSO violated federal and state anti-hacking laws and issued a permanent injunction barring NSO from targeting WhatsApp and its users.
WhatsApp described commercial spyware as a national security threat, arguing that surveillance-for-hire firms target not only messaging services but also browsers, operating systems, and other applications. The company said the targets reported for such tools include journalists, government officials, military personnel, and humanitarian organisations. It also warned against easing US restrictions on NSO, which remains on the US government’s Entity List.
WhatsApp said it is contributing to the Spyware Accountability Initiative, which supports organisations working on forensic research, user support, and advocacy against spyware.
Why does it matter?
The case shows how legal orders against spyware companies may still require active technical monitoring and enforcement. WhatsApp’s contempt request also keeps pressure on the commercial spyware industry, where surveillance tools can move across platforms, devices, browsers, and operating systems. The story matters for encrypted communications because it shows that protecting users depends not only on encryption, but also on legal accountability, threat intelligence, vulnerability research, and support for civil society targets.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
The European Commission has welcomed a new G7 Cybersecurity Working Group Declaration aimed at strengthening international cooperation in response to growing cyber threats.
Adopted under France’s G7 Presidency, the declaration calls for coordinated action to address cybersecurity challenges associated with quantum computing, AI, telecommunications infrastructure, and the protection of small and medium-sized enterprises (SMEs).
One of the declaration’s central priorities is accelerating the transition to post-quantum cryptography. As quantum computing capabilities continue to advance, governments and industry are being urged to accelerate preparations for new encryption standards capable of resisting future quantum attacks. The declaration describes migration to quantum-resistant encryption as an urgent cybersecurity priority that organisations should begin addressing now.
AI is another major focus of the declaration. The G7 declaration recognises that AI can both strengthen and threaten cybersecurity. Concerns include AI-enabled cyberattacks, model manipulation, data breaches, and software vulnerabilities.
The European Commission noted that it is preparing an action plan on AI and cybersecurity to help Member States and businesses address emerging risks while strengthening Europe’s cyber resilience.
The declaration also emphasises the importance of resilient telecommunications infrastructure and stronger protection for SMEs. Building on initiatives such as the NIS2 Directive and the Cyber Resilience Act, the EU said it will continue working with international partners to strengthen cybersecurity standards, protect critical infrastructure and support organisations facing increasingly sophisticated cyber threats.
Why does it matter?
The declaration reflects growing international recognition that cybersecurity challenges are increasingly transnational and require coordinated responses. Emerging technologies such as AI and quantum computing are creating new opportunities for innovation, but also introducing new vulnerabilities that could affect governments, businesses and critical infrastructure.
The emphasis on post-quantum cryptography is particularly significant, as organisations worldwide face the long-term challenge of protecting sensitive data against future quantum-enabled attacks. The declaration also highlights the growing importance of international cooperation in building cyber resilience and securing digital ecosystems.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Trump administration has issued a new National Security Presidential Memorandum aimed at accelerating the adoption of AI across the US national security apparatus.
According to the White House, the framework is intended to ensure that military personnel, intelligence professionals and national security agencies have access to advanced AI systems while maintaining accountability and operational control.
The memorandum also proposes the creation of an AI National Security Strategic Reserve, bringing together leading non-governmental experts to support national security priorities.
The new framework places emphasis on accountability, reliability and command authority. The White House emphasised that agency leaders and military commanders will remain accountable for decisions and operations supported by AI systems.
Why does it matter?
AI is increasingly viewed as a strategic capability across defence, intelligence, cybersecurity and military planning. Governments are investing heavily in AI systems that can enhance analysis, decision support, operational planning and threat detection.
The memorandum signals Washington’s intention to accelerate the integration of AI into national security operations while maintaining human oversight and accountability. It also reflects broader geopolitical competition over advanced technologies, as major powers seek to secure advantages in AI-driven security capabilities.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
