Cybersecurity

Consumer groups file DSA complaints against Meta, TikTok and Google

Consumer organisations have filed complaints against Meta, TikTok, and Google over alleged failures to address financial scam advertising on their platforms.

The complaints were submitted by the European Consumer Organisation (BEUC) and partner organisations to the European Commission and national authorities under the Digital Services Act. According to research cited by the organisations, nearly 900 suspected fraudulent advertisements were identified across 13 countries between December 2025 and March 2026.

The groups said a relatively small proportion of reported content was removed, while many notices were allegedly rejected or received no response. Consumer organisations argued that the reported moderation response may leave users exposed to large volumes of potentially fraudulent advertising content.

BEUC and partner organisations are calling for investigations into whether the platforms are complying with Digital Services Act obligations related to systemic risks and harmful content.

The organisations also urged regulators to consider enforcement measures if non-compliance is identified, arguing that current moderation efforts are insufficient to mitigate systemic risks linked to online financial fraud.

Why does it matter? 

The case highlights a broader issue of how effectively large online platforms can be held accountable for systemic risks such as financial scams. When reported fraudulent ads remain online at scale, it raises questions about whether existing regulatory tools are strong enough to protect consumers in practice.

It also puts pressure on enforcement bodies to move beyond complaint handling and ensure meaningful, consistent compliance across the digital advertising ecosystem.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

United Kingdom and Australia tighten alliance on AI security risks

The United Kingdom and Australia are deepening cooperation on AI security through a new partnership between the UK AI Security Institute and the Australian AI Safety Institute.

Under a Memorandum of Understanding, the two institutes will share information on frontier AI capabilities, collaborate on AI evaluation practices and exchange research findings. The UK government said the partnership will focus partly on how advanced AI systems could be used in cyberattacks, as well as how they can strengthen defensive capabilities.

The agreement will also support staff exchanges between the two institutes, strengthening day-to-day collaboration. UK officials said the partnership reflects the need for trusted international cooperation as AI systems evolve quickly and create new security and safety risks.

The UK’s AI Minister Kanishka Narayan is expected to sign the agreement with Australia’s Assistant Minister for Science, Technology and the Digital Economy, Andrew Charlton, during a meeting in Canberra. Narayan said no country can address fast-moving AI risks alone, particularly in cybersecurity.

The announcement follows research from the UK AI Security Institute showing that advanced AI systems are rapidly improving their ability to carry out complex cyberattacks, creating opportunities for both attackers and defenders. The UK said the institute’s frontier AI research continues to inform policymaking to protect businesses, critical infrastructure, and the public.

Why does it matter?

The partnership shows how AI security is becoming a matter of international coordination, especially as frontier models develop stronger cyber capabilities. By sharing research, evaluation methods and staff expertise, the UK and Australia are trying to reduce blind spots in oversight and develop more consistent approaches to testing fast-moving AI systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

European Commission marks 10 years of GDPR

The European Commission has marked ten years since the General Data Protection Regulation (GDPR) entered into force across the European Union.

The GDPR entered into force on 24 May 2016 and established a common data protection framework across EU member states, and introduced rules governing the collection and processing of personal data. According to the European Commission, the regulation strengthened individuals’ rights regarding how personal data is collected, processed, corrected, deleted, and shared.

The framework applies to organisations ranging from small businesses to multinational technology companies. Authorities across the EU have also issued significant penalties in cases involving non-compliance with the regulation.

The GDPR has influenced privacy and data protection discussions internationally and contributed to wider adoption of similar regulatory approaches.

The Commission linked the GDPR to broader EU digital regulation efforts, including the Digital Services Act, the Digital Markets Act, and the AI Act. According to the Commission, these measures address issues including platform accountability, competition, and AI governance.

The Commission also referenced online child protection initiatives, including work on age verification and cyberbullying prevention. It said the EU’s approach reflects the principle that the online world should serve people.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Apple introduces formal verification framework for post-quantum cryptography

Apple has introduced a formal verification framework for its corecrypto library as part of broader efforts related to post-quantum cryptography. The framework focuses on validating implementations of ML-KEM and ML-DSA, algorithms standardised for quantum-resistant encryption and digital signatures.

Apple said the corecrypto library supports encryption and security functions across its operating systems and device ecosystem. The company stated that the scale and security importance of the library increase the need for reliable cryptographic implementations.

Apple said it used formal verification tools, including Cryptol, SAW, and Isabelle, to validate alignment with FIPS 203 and FIPS 204 standards. According to the company, the verification process covers both C implementations and ARM64 assembly code used across Apple silicon architectures.

Apple also published verification tools and proofs alongside the updated corecrypto release for independent review. The company said the approach is intended to strengthen confidence in the correctness of its post-quantum cryptography implementations.

Why does it matter? 

The significance lies in the shift from conventional testing to mathematically proven correctness for cryptographic systems that protect billions of devices. As quantum computing threatens to weaken traditional encryption methods, ensuring that post-quantum algorithms are implemented without subtle errors becomes critical to maintaining long-term digital security.

Apple’s approach also raises the bar for how large-scale software systems can be audited and trusted, potentially influencing broader industry standards for secure system design.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Anthropic says AI system identified thousands of critical software flaws

Anthropic has published an update on Project Glasswing, a cybersecurity initiative focused on identifying software vulnerabilities using AI systems.

According to Anthropic, partner organisations used Claude Mythos Preview to identify thousands of high- and critical-severity vulnerabilities across software platforms and infrastructure systems.

The company said the initiative demonstrated how AI systems are increasing the speed and scale of vulnerability discovery processes. Anthropic reported that participating organisations observed substantial increases in software vulnerability detection capabilities during testing.

Evaluations cited by Anthropic suggested the system performed strongly in vulnerability identification and exploit-detection tasks compared with earlier AI cybersecurity models.

Anthropic also said the model analysed more than 1,000 open-source projects and identified vulnerabilities affecting widely used software components. The company highlighted a vulnerability identified in the open-source cryptography library wolfSSL as one example from the project.

According to Anthropic, the vulnerability was patched after disclosure.

Anthropic said AI-assisted vulnerability discovery may increasingly shift cybersecurity challenges toward verification, disclosure, and remediation processes. The company also said similar AI cybersecurity capabilities are likely to become more widely available across the industry.

Why does it matter?

The rapid growth of AI-driven cybersecurity is becoming increasingly important as AI is fundamentally changing the balance between cyber defence and cyber threats. Systems such as Anthropic’s Project Glasswing demonstrate that advanced AI models can identify software vulnerabilities at a speed far beyond traditional human-led security testing, potentially making critical infrastructure, financial systems, cloud platforms, and open-source software both safer and more exposed at the same time.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Europol concludes major operation targeting criminal assets and crypto laundering

Europol has concluded the third operational phase of Project A.S.S.E.T., an international initiative focused on criminal asset tracing and money laundering investigations.

The operational phase took place between 19 and 22 May 2026 at Europol headquarters in The Hague and involved law enforcement agencies from 31 countries. More than 40 law enforcement agencies participated, including Asset Recovery Offices, Financial Intelligence Units, and specialised anti-money laundering teams from 31 countries.

The initiative also involved cooperation with Eurojust, INTERPOL, the European Public Prosecutor’s Office, and private-sector financial and cryptocurrency partners.

According to Europol, investigators identified bank accounts, cryptocurrency wallets, companies, vehicles, and real estate assets allegedly linked to criminal activities. Authorities additionally located two suspected criminals, with one arrested through the European Network of Fugitive Active Search Teams.

Europol said the operation generated intelligence related to emerging money laundering techniques and cross-border financial structures associated with organised crime networks. Investigators also reported identifying operational patterns involving cryptocurrencies and international asset concealment practices.

The operation followed an earlier cryptocurrency-focused enforcement phase conducted in October 2025.

European Commissioner for Internal Affairs and Migration Magnus Brunner said online fraud and crypto-related crime have become increasingly significant revenue sources for organised criminal groups. Europol officials additionally emphasised that international cooperation and financial intelligence increasingly play a central role in disrupting organised crime ecosystems and recovering illicit proceeds.

Europol said investigations are ongoing and that the full value of identified assets remains under assessment. Follow-up investigations are continuing across participating jurisdictions.

Why does it matter?

The operation reflects growing international focus on financial intelligence, cryptocurrency tracing, and cross-border asset recovery as organised crime groups increasingly rely on digital financial infrastructures. Furthermore, it demonstrates how law enforcement agencies and private-sector financial actors are strengthening cooperation to combat money laundering, online fraud, and illicit cryptocurrency operations across multiple jurisdictions simultaneously.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU advances DSA researcher access with platform roundtable

The European Commission and a group of Digital Services Coordinators have held a roundtable with Very Large Online Platforms and Very Large Online Search Engines to support the first data access requests by vetted researchers under the Digital Services Act.

The meeting focused on the new mechanism for submitting vetted researcher status applications. The DSA and its delegated act give researchers a route to request platform data needed to study systemic risks and societal impacts, while adding safeguards to prevent misuse of accessed data.

Digital Services Coordinators told participants that they had received 49 applications for assessment as of 19 May. The applications mainly request data from social media platforms and focus on risks such as illegal content, advertising transparency and AI features.

The roundtable forms part of the EU’s wider supervision of designated platforms under the DSA. The regime applies to major online services that meet the threshold for Very Large Online Platforms or Very Large Online Search Engines, including XNXX, which was designated as a Very Large Online Platform in 2024 and is therefore subject to stricter transparency, risk assessment and researcher access duties.

The Commission said Digital Services Coordinators are assessing the applications and preparing guidance to help researchers navigate the process. VLOPs and VLOSEs also shared updates on their work to manage data access requests and make data catalogues available.

Although Digital Services Coordinators assess individual applications, the Commission remains responsible for enforcing VLOP and VLOSE compliance with vetted researcher data access obligations. It said it would closely monitor whether platforms provide researchers with access to data as required under the DSA.

The Commission noted that it has already taken action on research-related transparency obligations under the DSA, including proceedings, commitments from AliExpress and the first non-compliance decision and fine issued to X.

Why does it matter?

The roundtable marks an important step toward operationalising DSA researchers’ access. Independent researchers need platform data to study systemic risks such as illegal content, advertising transparency, AI-driven features and risks linked to large online platforms, including adult services such as XNXX. The process will test whether the DSA can turn platform transparency from a legal obligation into usable evidence for public-interest research, while balancing access with privacy, security and safeguards against misuse.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Italy launches Operation All Clear against major streaming piracy network

Authorities in Italy have launched Operation ‘All Clear’, an international enforcement action targeting audiovisual piracy networks operating across Europe. The operation was coordinated by the Ravenna Financial Police with support from multiple specialised cybercrime and fraud units.

Authorities conducted more than 100 searches and seizures across Italy, following an investigation led by the Bologna Public Prosecutor’s Office. According to investigators, the operation targeted illegal subscription services providing unauthorised access to commercial streaming platforms, including Netflix, Disney+, Spotify, DAZN and Sky Group.

Investigators said they identified a piracy infrastructure centred around an application known as CINEMAGOAL. Authorities alleged that the system connected users to foreign servers capable of accessing and retransmitting protected audiovisual content.

Virtual machines reportedly operated continuously across multiple locations to capture and retransmit subscription authentication codes from legitimate accounts registered under fictitious identities.

Officials described the infrastructure as technically sophisticated and designed to reduce detection by anti-piracy monitoring systems. Authorities additionally stated that the system concealed user identities by avoiding direct IP address associations, making enforcement and tracing more difficult.

Investigators identified more than 70 individuals allegedly involved in distributing illegal subscriptions within Italy. Subscription packages reportedly cost between €40 and €130 annually, with payments frequently conducted through cryptocurrencies or foreign accounts designed to avoid traceability.

Italian authorities also coordinated with France and Germany through Eurojust to seize servers and source code linked to the operation. Investigators also confirmed that traditional IPTV ‘pezzotto’ systems were simultaneously used alongside the newer CINEMAGOAL platform.

Authorities estimated that affected media companies may have suffered substantial financial losses linked to unauthorised content distribution. Financial police officers seized significant quantities of digital material that investigators believe may help identify additional participants and determine the full scale of illicit profits generated by the operation.

Authorities in Italy said administrative fines may initially target identified users of the illegal services, while criminal investigations remain ongoing. They added that criminal proceedings remain in the preliminary investigation phase and that final liability will only be determined following judicial proceedings.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

European Commission advances AI transparency code under EU AI Act

The European Commission’s AI Office has convened a new round of working group meetings and workshops on the forthcoming Code of Practice on Marking and Labelling of AI-Generated Content.

The discussions brought together providers of generative AI systems and models, technology companies, industry representatives, civil society organisations and academic experts. Feedback from the meetings will inform the third and final draft of the code, expected in early June.

The code is intended to support transparency obligations under the AI Act, including requirements linked to marking, labelling, disclosure and detectability of AI-generated content. It covers issues such as synthetic media, deepfakes and certain AI-generated text.

Working Group 1 focused on marking and detection obligations for providers, including a revised multi-layered approach, technical feasibility, benchmarking, compliance frameworks and possible third-party assessments. Industry participants raised concerns over compliance burdens, innovation and feasibility, while civil society and academic experts called for stronger safeguards in the public interest.

Working Group 2 examined disclosure obligations for deployers of generative AI systems, particularly deepfakes and certain AI-generated text. Discussions covered origin disclosure, user-facing labels, proportionality, governance measures, editorial control and the possible development of a uniform EU label.

Additional workshops explored how machine-readable marks, provenance data, visible labels, watermarking systems and an EU-wide icon could work together across the AI value chain. Participants also discussed coordination with other EU rules, including the Digital Services Act, while stressing the need to balance transparency, legal clarity, accessibility and innovation.

Why does it matter?

The code of practice will help determine how AI-generated content is marked, labelled and disclosed across the EU. Its development highlights the practical difficulty of turning transparency obligations into workable rules, particularly when regulators, companies and civil society disagree over technical feasibility, compliance costs, user experience and safeguards against deceptive synthetic media.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Ofcom says major platforms will introduce new child safety measures in the UK

Ofcom said Snap, Meta, and Roblox plan to introduce additional child safety measures in the UK following regulatory pressure to strengthen protections against online grooming.

The commitments were outlined in an Ofcom report reviewing how major platforms responded to requests for stronger child safety protections. The measures include changes to contact settings, age assurance systems, AI-assisted detection tools, and controls for direct messaging.

According to Ofcom, Snap committed to implementing all recommended grooming prevention measures under the regulator’s Illegal Harms Codes. The changes will prevent adult strangers from contacting children by default, prevent children from being encouraged to expand their friendship groups to people they do not know, and introduce stronger age checks for UK users over the summer.

Roblox said it would expand existing protections, including parental controls for direct chat functions involving younger users. Meta said it plans to introduce additional privacy settings for teen accounts and AI-assisted detection tools for potentially inappropriate interactions.

Ofcom said it remains concerned about measures related to recommendation systems and harmful content exposure on some platforms. The regulator said evidence shows children’s exposure to harmful content has changed little since online safety duties came into force in July 2025.

The regulator also said platforms have not yet demonstrated effective enforcement of minimum age requirements. Its research found that 84% of children aged 8 to 12 were still using one of the top five online services, despite minimum age rules.

Ofcom has written to the UK Secretary of State advising that online safety legislation would need a clearer basis if Parliament wants the regulator to force platforms to enforce minimum age policies effectively.

Ofcom’s action plan includes monitoring implementation, reviewing recommender system risks, considering enforcement action, and continuing research into children’s online experiences.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.