Cybersecurity

India imposes temporary Telegram ban over exam security concerns

India has restricted access to Telegram until 22 June 2026 ahead of the NEET (UG) 2026 re-examination, citing concerns over exam security and alleged paper leak networks. The decision followed recommendations from the National Testing Agency (NTA), which sought to prevent the misuse of messaging platforms during a high-stakes national examination.

The Ministry of Electronics and Information Technology (MeitY) acted under Section 69A of the Information Technology Act, 2000, citing risks associated with organised cheating networks. Authorities also ordered Telegram to temporarily disable editing of the previously posted messages until 30 June 2026, arguing that the feature had been used to create misleading evidence of alleged paper leaks.

Enforcement efforts follow ongoing investigations coordinated by the Indian Cyber Crime Coordination Centre and state police units, which have previously dismantled multiple fraudulent channels and bot networks. Officials said groups operating under names suggesting exam leaks had demanded significant sums from students and families in exchange for false information.

Why does it matter?

The case illustrates how digital platforms have become a central battleground in efforts to protect the integrity of high-stakes examinations. Messaging applications can facilitate the rapid spread of misinformation, fraudulent schemes and alleged leak networks, prompting authorities to consider increasingly interventionist measures during sensitive national processes.

The decision also raises broader questions about digital governance and platform regulation. By restricting access to a major communication platform and temporarily limiting specific platform features, Indian authorities are signalling a willingness to use digital policy tools to address risks associated with public trust and institutional integrity. The move reflects a wider global debate over the balance between security objectives, platform accountability and access to digital communications.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

INTERPOL report warns of rising cybercrime across Asia-Pacific

INTERPOL has published its 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, covering the period from January 2024 to March 2025. The report documents a rise in cybercrime across the region, attributing the trend to expanding digital infrastructure, the adoption of new technologies and increasingly organised criminal networks.

More than half of the countries surveyed reported that cybercrime accounts for over 30% of all crimes recorded nationally. Phishing and related online scam techniques were identified as the most common and financially damaging forms of cybercrime, with 33 % of surveyed countries recorded over 10,000 such cases.

Neal Jetton, INTERPOL’s Cybercrime Director, said the findings demonstrate how cybercriminals are increasingly exploiting AI, ransomware-as-a-service models and sophisticated social engineering techniques. He noted that operational cooperation, information sharing, and cyber resilience are factors relevant to protecting communities and infrastructure as digital adoption in the region increases.

Growth in internet connectivity, mobile banking, cloud computing, and digital financial services has accompanied this cybercriminal activity, according to the report.

Survey respondents also highlighted challenges for law enforcement, including gaps in specialised forensic tools, cybercrime training and technical capacity. The report also notes differences in cybersecurity capacity across countries.

Some countries have established cybersecurity frameworks and institutional capabilities, while others, including developing countries and small island states, reported resource and capacity constraints.

The report identifies jurisdictions with fragmented enforcement structures, limited technical capabilities, and weaker legislation as more exposed to exploitation by cybercriminal actors.

The report was prepared through the Asia and South Pacific Joint Operations against Cybercrime (ASPJOC) project, funded by the United Kingdom’s Foreign, Commonwealth & Development Office (FCDO). It draws on information submitted by 18 INTERPOL member countries in the Asia and South Pacific region, along with contributions from private sector partners, operational case studies, and analysis of emerging cyber threat trends.

It is one of several regional cyber threat assessments produced by INTERPOL, alongside similar reports covering regions such as Africa. The full report is available from INTERPOL.

Why does this matter?

The report highlights how cybercrime is becoming a major security, economic and governance challenge across Asia and the South Pacific. As countries expand digital infrastructure, online banking, cloud services and digital government initiatives, cybercriminals are finding new opportunities to exploit vulnerabilities and target individuals, businesses and critical sectors.

The findings also illustrate the growing role of AI in cyberspace. While organisations increasingly use AI to strengthen cybersecurity, threat actors are adopting the same technologies to enhance phishing campaigns, generate deepfakes and automate attacks. This accelerating technological competition underscores the importance of international cooperation, cyber capacity-building and information sharing to strengthen resilience across the region.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ChatGPT set to join Pentagon’s GenAI.mil platform

Mohammed Husain, OpenAI’s Strategic Delivery Lead for Cyber, said at the Defense One Tech Summit in Virginia that the company expects to launch ChatGPT on GenAI.mil, the US Department of Defense’s enterprise-wide generative AI platform, in early July. The deployment would extend ChatGPT access to more than 3 million defence, civilian, and military personnel.

According to Husain, the version of ChatGPT deployed on GenAI.mil will be certified to handle Controlled Unclassified Information (CUI) and operate at Impact Level 5 (IL5), a Defense Department cloud security classification for systems processing sensitive unclassified information. Husain said OpenAI continues to coordinate with the Pentagon’s Chief Digital and Artificial Intelligence Office (CDAO) on the rollout.

The Department of Defense launched GenAI.mil in December 2025, initially centred on Gemini for Government, before announcing plans to integrate models from OpenAI and xAI. Outside GenAI.mil, federal agencies have had access to ChatGPT since at least January 2025 through ChatGPT Gov.

In August 2025, OpenAI and the General Services Administration reached a OneGov agreement that reduced the price of ChatGPT access for federal agencies. Most recently, OpenAI’s GPT-5.4 model became available to federal government users on Amazon Bedrock and AWS GovCloud earlier this month.

Husain said that as the Department of Defense adopts more capable models, token consumption, the units used by AI systems to process and generate information, is likely to increase, particularly for higher-value tasks.

He pointed to Amazon’s early June announcement that OpenAI’s GPT-5.5, GPT-5.4, and Codex models are now available on Amazon Bedrock as an example of broader access to more capable, token-intensive models.

Husain said token efficiency, measured by the cost of completing tasks rather than raw processing speed, is expected to become an increasingly important consideration in government AI deployments as model capabilities advance.

Why does this matter?

The planned rollout highlights how frontier AI models are moving from experimental deployments into core government and defence infrastructure. Rather than relying on a single provider, the Pentagon is building an ecosystem that includes models from OpenAI, Google and xAI, reflecting a broader strategy of integrating commercial AI capabilities into operational environments.

The development also illustrates the growing institutionalisation of relationships between leading AI companies and national security organisations. As advanced AI systems become embedded in government workflows, questions around security, procurement, oversight, interoperability, and strategic dependence on private-sector AI providers are likely to become increasingly important.

The deployment of ChatGPT on GenAI.mil, therefore, represents not only a technology upgrade but also a step in the evolving governance of AI within national security institutions.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European consortium launches SHIELD-6G project to develop cybersecurity capabilities for future 6G networks

A consortium of 19 organisations from across Europe has launched SHIELD-6G (Scalable, Hybrid, and Intelligent End-to-End Defense for 6G Networks), a research and innovation project aimed at developing cybersecurity technologies for future 6G communications networks.

The project is coordinated by University College Dublin and brings together universities, research institutes, telecommunications operators, technology companies, and small and medium-sized enterprises from 10 European countries, including Ireland, Spain, Finland, France, the Netherlands, Italy, Greece, Latvia, Estonia, and Türkiye.

According to the consortium, SHIELD-6G will focus on developing a cyber threat intelligence platform designed for future 6G environments. The platform is intended to support the detection, analysis, and response to cyber threats, including previously unknown vulnerabilities and attacks.

The project will explore several technology areas, including AI-based threat detection and response, federated learning for privacy-preserving data processing, digital twin technologies for security testing, and explainable AI approaches intended to improve transparency in cybersecurity operations.

Researchers will evaluate the technologies through use cases in healthcare, smart manufacturing, and maritime communications. These sectors are expected to rely increasingly on advanced connectivity and automated digital systems, creating new cybersecurity requirements.

The initiative is funded through the European Union’s Horizon Europe programme under the Smart Networks and Services Joint Undertaking (SNS JU), which supports research and innovation activities related to future communication networks and services.

According to the project description, SHIELD-6G is expected to contribute to the development of automated network security capabilities, real-time threat detection and mitigation mechanisms, and approaches to compliance and auditing. The consortium also plans to contribute to ongoing discussions on 6G standardisation.

Commenting on the launch, Madhusanka Liyanage of University College Dublin said future communication networks will require security and resilience measures capable of supporting increasingly critical digital services. He said the project aims to develop cybersecurity capabilities that can help protect those services while supporting the broader development of future connectivity infrastructure.

SHIELD-6G is one of several projects funded under the SNS JU programme that aim to advance research on 6G technologies and related cybersecurity challenges as Europe prepares for the next generation of digital communications networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU court clarifies age verification rules for pornographic websites

The Court of Justice of the European Union (CJEU) has clarified the conditions under which EU Member States may require age verification for users of pornographic websites and restrict the rebroadcasting of information about certain roadside checks.

The ruling concerns joined cases involving WebGroup Czech Republic, NKL Associates and Coyote System. The cases were referred by France’s Council of State and concerned French measures requiring pornographic websites to verify users’ ages and allowing restrictions on geolocation driving assistance services that rebroadcast information about certain roadside checks.

The companies argued that the measures breached the country-of-origin principle under the Directive on electronic commerce. Under that principle, information society services are generally governed by the laws of the Member State in which the provider is established.

The Court found that the contested measures, including age verification requirements, fall within the directive’s coordinated field and that applying them to providers established in other Member States constitutes a restriction on the free movement of the services concerned. However, it said the directive allows such restrictions under certain conditions.

The CJEU said Member States may impose measures on providers established elsewhere in the EU where necessary for recognised objectives such as public policy, public security, or public safety. According to the Court, protecting minors through age verification may constitute a public policy objective, while restrictions on rebroadcasting information about certain roadside checks may be justified on public security grounds.

The Court said such measures must be proportionate and targeted at specific information society services that actually prejudice those objectives. Except in urgent cases, the Member State taking the measure must first ask the provider’s Member State of establishment to act and must notify the European Commission and that Member State before adopting the measure.

The ruling means an EU Member State may require providers established in another Member State to introduce age verification systems to prevent minors from accessing pornographic websites, provided the directive’s conditions are met. The referring French court must determine whether the national age verification measures satisfy those conditions.

The Court also addressed liability for information stored and rebroadcast by online services. It said a provider cannot rely on the hosting liability exemption if it has knowledge of or control over the information. Control can exist when a provider uses an algorithm to determine the conditions, methods and priority according to which information is rebroadcast.

The decision therefore clarifies both the limits of the e-commerce country-of-origin principle and the circumstances in which algorithmic control over content distribution may affect platform liability.

Why does it matter?

The ruling provides important guidance on how EU Member States can pursue online safety objectives while respecting the Digital Single Market’s country-of-origin principle. In particular, it confirms that age verification requirements aimed at protecting minors may be applied to providers established in other Member States, provided procedural safeguards and proportionality requirements are met.

The judgement also has broader implications for platform governance and intermediary liability. By highlighting the relevance of algorithmic control in determining whether a provider can benefit from hosting liability exemptions, the Court contributes to ongoing debates about platform responsibility, content moderation and the legal consequences of algorithm-driven content distribution.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UNIDIR launches platform for AI peace and security policy

UNIDIR, Switzerland, and Pakistan will host a pre-launch briefing for the Institute’s Centre of Excellence on AI, Peace and Security in Geneva on 17 June 2026.

The briefing will take place at the Palais des Nations ahead of the centre’s formal launch later the same day. It will bring together stakeholders involved in the governance of AI and international security.

UNIDIR said the Centre of Excellence on AI, Peace and Security is being established at a critical moment for global AI governance, as AI increasingly reshapes international peace and security dynamics. The centre is intended to serve as a permanent platform for consolidating knowledge, connecting stakeholders and maintaining continuity between multilateral processes and global discussions on AI and international security.

The platform aims to promote greater continuity and coherence across international AI governance initiatives. It will also promote inclusive global engagement and provide practical, evidence-based policy guidance, resources, and capacity-building support.

According to UNIDIR, the goal is to strengthen international cooperation on the governance of AI in peace and security contexts, amid growing urgency and complexity.

The pre-launch briefing will introduce the centre as a platform for multistakeholder engagement and actionable knowledge generation. Participants will also be invited to express interest in supporting the centre, joining its Forum and contributing to future activities.

Speakers will include Dr Giacomo Persi Paoli, Head of UNIDIR’s Security and Technology Programme; Reto Wollenmann, Senior Advisor on AI and International Security at Switzerland’s Federal Department of Foreign Affairs; and Husham Ahmed, Counsellor at the Permanent Mission of Pakistan to the UN in Geneva.

The briefing will also include an overview of the centre’s governance structure and ways for states and other stakeholders to engage through its Forum. The event will be moderated by Dr Yasmin Afina, Researcher in UNIDIR’s Security and Technology Programme.

Why does it matter?

AI is becoming an increasingly important factor in international peace and security, influencing areas ranging from military applications and cyber operations to information integrity, crisis management and strategic stability. As discussions on AI governance expand across multiple international forums, there is growing demand for mechanisms that can provide continuity, expertise and coordination between policy processes.

The new UNIDIR centre seeks to fill that gap by creating a permanent platform for research, dialogue and capacity-building. By bringing together governments, international organisations, industry, academia and civil society, it could help promote more inclusive and evidence-based approaches to governing AI in security contexts, particularly for countries with limited resources or technical expertise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Western Balkans schools explore AI in education with UNESCO and UNICEF support

Educators from across the Western Balkans gathered in Sarajevo to discuss the rapid rise of AI in education and its implications for teaching and learning. The regional conference brought together more than 80 teachers and practitioners from Bosnia and Herzegovina, Croatia, Serbia and Slovenia.

Supported by UNESCO, UNICEF, the French Institute and the Croatian Cultural Society ‘Napredak’, the event focused on both the opportunities and risks associated with AI adoption in education. Discussions covered ethical use of AI, data protection, safeguarding learner well-being and maintaining educational integrity in digital environments.

Workshops provided hands-on training in AI tools, allowing participants to explore how the technology can be used responsibly and effectively in classroom settings. UNESCO also introduced multilingual resources on AI in education, aimed at improving access to practical guidance and best practices across the region.

The initiative highlighted a shared priority among educators: ensuring that AI supports human-centred learning while teachers remain central to delivering effective, inclusive and equitable education.

Why does it matter?

The integration of AI into education systems marks a structural shift in how learning is designed, delivered and evaluated, with implications that extend beyond classrooms into labour markets and civic participation. As governments and institutions experiment with AI tools, the key challenge is ensuring that efficiency gains do not come at the expense of equity, privacy and critical thinking.

Regional cooperation and shared ethical frameworks, such as those promoted by UNESCO, are therefore essential for preventing fragmented adoption and widening digital divides, while helping education systems remain adaptable, inclusive and centred on human development in an increasingly automated environment.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Canada enacts cybersecurity legislation to protect critical infrastructure

Canada has strengthened its national cybersecurity framework after Bill C-8, the Act Respecting Cyber Security (ARCS), received Royal Assent.

The legislation is designed to strengthen the security of critical infrastructure and telecommunications networks that support essential services across Canada.

The new law amends the Telecommunications Act by making security an explicit policy objective and granting the government additional powers to require action against threats targeting telecommunications systems.

The legislation also establishes the Critical Cyber Systems Protection Act, creating a regulatory framework for designated operators in the finance, telecommunications, energy and transportation sectors.

Under the new framework, organisations responsible for critical systems will be required to implement enhanced cybersecurity measures, report significant cyber incidents and comply with new security obligations. The government of Canada argues that the measures are necessary as cyber threats continue to increase in both frequency and sophistication.

While amendments to the Telecommunications Act take effect immediately, implementation of the Critical Cyber Systems Protection Act will occur gradually through a phased approach. Canadian officials said the legislation will help strengthen national resilience, protect sensitive information and support the uninterrupted operation of essential services.

Why does it matter?

The legislation reflects a growing international shift towards mandatory cybersecurity requirements for operators of critical infrastructure. Governments increasingly view cyber resilience as a matter of national security, particularly as cybercriminal groups and state-linked actors target sectors whose disruption could have significant economic and societal consequences.

The new framework also signals a move from voluntary cybersecurity practices towards enforceable obligations. By requiring organisations to strengthen security measures, report incidents and comply with regulatory requirements, Canada is seeking to improve visibility into cyber threats and reduce risks to essential services and national infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

US FTC reveals record losses from imposter scams in 2025

The US Federal Trade Commission said consumers reported losing $3.5 billion to imposter scams in 2025, nearly tripling from 2020.

The FTC said imposter scams were the most reported fraud category last year, accounting for nearly one in three fraud reports. Consumers were targeted through text messages, phone calls, email, social media, search engine results and other channels.

Some of the costliest scams began with fake security alerts that often appeared to come from banks. Victims were persuaded to move money to ‘protect’ it, with losses often limited only by the funds they had available.

Consumers reported losing nearly $1 billion to business impersonators in 2025, with the highest losses linked to bank impersonators. Reported losses to government impersonators reached about $920 million, up from $789 million in 2024.

The figures form part of a wider rise in reported fraud losses. The FTC said consumers reported losing about $16 billion to all types of fraud in 2025, the highest figure on record and around 25% higher than in 2024.

The data were released as the FTC, the Department of Justice, the Department of Health and Human Services and members of the Elder Justice Coordinating Council launched the Never Ever campaign. The public-private campaign aims to raise awareness of government and business imposter scams, including scams affecting older adults.

The FTC also pointed to its 2024 Impersonation Rule, which gives the agency stronger tools to pursue scammers impersonating government agencies and businesses. Since the rule was finalised, the FTC said it has brought a dozen enforcement actions and obtained more than $70 million in redress for consumers.

Why does it matter?

Imposter scams exploit trust in digital communications, financial institutions and government services. Fake bank alerts, official-looking messages and multi-channel fraud campaigns can push consumers to act quickly and transfer money before they verify the request. The FTC’s response shows how consumer protection is increasingly combining fraud data, enforcement tools and public education to address digital trust risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EDPS warns Shadow AI creates hidden data protection risks

The European Data Protection Supervisor (EDPS) has warned that Shadow AI can create hidden data protection and breach risks when employees use unauthorised AI tools without organisational approval. The warning was published in a blog post by EDPS Wojciech Wiewiórowski on 15 June 2026.

The EDPS said Shadow AI can include tools such as generative AI chatbots, coding assistants and automated note-taking applications. While employees may use them as shortcuts to improve productivity, unauthorised AI tools can bypass data protection and security safeguards.

According to the EDPS, data entered into unapproved AI tools can fall into a regulatory and compliance blind spot. Unauthorised tools may lack formal agreements governing the legal basis for processing, data retention periods and safeguards for international data transfers.

The EDPS also warned that Shadow AI can create a transparency gap, making it difficult for organisations to determine where information is stored, how it is processed or whether it is used to train AI models. Such tools can also introduce security vulnerabilities, including automated meeting recorders joining meetings without oversight from IT security teams.

The blog post argues that organisations should address these risks proactively rather than attempting to ignore or prohibit them outright. Instead, they should adopt proactive AI governance policies that define authorised AI use, establish data classification rules and set approval processes for new technologies.

The EDPS said policies should be backed by technical controls and monitoring, including blocking unapproved AI domains, enforcing data loss prevention rules and restricting the installation of unauthorised AI software. The EDPS also recommended that organisations provide approved AI platforms that are secure, compliant and capable of meeting employees’ operational needs.

The EDPS said reducing Shadow AI risks requires cooperation between data protection officers, IT departments, security teams and business functions. The aim, it said, is to protect data subject rights and institutional information while enabling responsible AI adoption.

Why does it matter?

Shadow AI turns everyday workplace AI use into a data protection and cybersecurity issue. Employees may use unauthorised tools to save time, but organisations can lose visibility over personal data, legal compliance, retention, international transfers and model training.

The warning also shows that responsible AI adoption depends on more than staff guidance. Organisations need approved AI tools, technical controls, monitoring and cooperation between data protection, IT, security and business teams to reduce breach risks without blocking useful innovation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.