Cybersecurity

Ofcom says major platforms will introduce new child safety measures in the UK

Ofcom said Snap, Meta, and Roblox plan to introduce additional child safety measures in the UK following regulatory pressure to strengthen protections against online grooming.

The commitments were outlined in an Ofcom report reviewing how major platforms responded to requests for stronger child safety protections. The measures include changes to contact settings, age assurance systems, AI-assisted detection tools, and controls for direct messaging.

According to Ofcom, Snap committed to implementing all recommended grooming prevention measures under the regulator’s Illegal Harms Codes. The changes will prevent adult strangers from contacting children by default, prevent children from being encouraged to expand their friendship groups to people they do not know, and introduce stronger age checks for UK users over the summer.

Roblox said it would expand existing protections, including parental controls for direct chat functions involving younger users. Meta said it plans to introduce additional privacy settings for teen accounts and AI-assisted detection tools for potentially inappropriate interactions.

Ofcom said it remains concerned about measures related to recommendation systems and harmful content exposure on some platforms. The regulator said evidence shows children’s exposure to harmful content has changed little since online safety duties came into force in July 2025.

The regulator also said platforms have not yet demonstrated effective enforcement of minimum age requirements. Its research found that 84% of children aged 8 to 12 were still using one of the top five online services, despite minimum age rules.

Ofcom has written to the UK Secretary of State advising that online safety legislation would need a clearer basis if Parliament wants the regulator to force platforms to enforce minimum age policies effectively.

Ofcom’s action plan includes monitoring implementation, reviewing recommender system risks, considering enforcement action, and continuing research into children’s online experiences.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore launches new AI, cybersecurity and quantum-readiness programmes

Singapore has announced new initiatives aimed at supporting enterprise AI adoption, strengthening cybersecurity, and preparing digital infrastructure for future quantum-related risks.

The measures were announced at ATxEnterprise 2026 by Senior Minister of State for Digital Development and Information Tan Kiat How. They include new partnerships under the Digital Enterprise Blueprint, an AI adoption playbook for enterprises, SME awards recognising AI impact, and a pilot on quantum-safe technologies.

According to IMDA’s Singapore Digital Economy Report 2025, AI adoption among SMEs increased significantly during 2024.

IMDA and the Singapore Business Federation will introduce SME AI Impact Awards recognising enterprises using AI technologies in business operations. Up to 30 winners will be recognised across categories for proprietary AI tools and adoption of ready-to-use AI solutions.

The Digital Enterprise Blueprint is being expanded through partnerships involving AI training, digital skills development, and cybersecurity support for SMEs. One programme led by Grab will provide AI-related training and courses for SMEs in sectors including retail, e-commerce, and food services.

RSM Stone Forest IT will also launch cybersecurity initiatives involving phishing simulations, awareness webinars, and tabletop exercises for SMEs. With the two partnerships, IMDA aims to reach 12,000 more SMEs, contributing to its target of supporting 50,000 SMEs by 2029.

IMDA, SkillsFuture Singapore, and Workforce Singapore have also developed an AI for Enterprise Impact Playbook to help digitally progressive enterprises assess readiness, identify support, and plan next steps for AI adoption.

Singapore additionally announced a pilot initiative focused on quantum-safe technologies for telecommunications infrastructure. IMDA signed a Memorandum of Intent with Singtel, Ericsson, and NCS Singapore to test and validate quantum-safe migration approaches.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Malaysia expands online safety rules for platforms and digital services

Malaysia’s Communications and Multimedia Commission (MCMC) has published the Child Protection Code and Risk Mitigation Code under the Online Safety Act 2025, following stakeholder engagement and a public consultation held from 12 February to 31 March 2026.

The codes form part of Malaysia’s broader online safety framework and outline expectations for service providers addressing online harms. According to MCMC, the framework follows an outcome-based approach that allows providers flexibility in implementing safety measures.

The Child Protection Code focuses on age-appropriate online experiences and child-safety-by-design principles for digital services in Malaysia. The code includes safeguards related to account registration, ownership restrictions for younger users, and protections involving higher-risk platform features.

It also introduces age-appropriate protections and restrictions on high-risk features, aiming to reduce children’s exposure to exploitative interactions and harmful content.

The Risk Mitigation Code outlines measures related to risk assessments, content governance, reporting systems, advertiser verification, and labelling of manipulated content. Measures include risk assessments, stronger content governance, effective reporting and response mechanisms, advertiser verification, and labelling manipulated content where appropriate.

Both codes are scheduled to take effect on 1 June 2026, with a transition period for implementation and verification processes. MCMC said a reasonable grace period will be provided for service providers to complete the verification process effectively.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ICO warns major platforms over lack of privacy-friendly age assurance

The UK Information Commissioner’s Office has warned that major platforms have not yet introduced viable and privacy-friendly age assurance measures to stop underage children from accessing services with minimum age limits.

The statement follows letters sent by the ICO in March to TikTok, Snapchat, Facebook, Instagram, YouTube, and X, calling on them to urgently review and strengthen measures to prevent underage children from accessing their services.

Responses from the platforms show that some services are taking, or considering, additional steps to protect children. However, the regulator said none had yet introduced new age assurance solutions that it considers both viable and privacy-friendly.

The ICO said it does not yet have confidence that appropriate measures are being put in place and raised concerns that underage children’s data is still being processed on platforms they should not be able to access.

The regulator warned that more progress is needed and said it is considering next steps, including formal investigations and sanctions. Platforms that set minimum age limits must have effective age assurance measures in place, it added.

The ICO said it will continue working closely with Ofcom, which enforces the Online Safety Act, to ensure underage users cannot access services that were not designed for them. It also said its response to the government’s ongoing consultation sets out how the ICO can act under data protection law.

Why does it matter?

The ICO’s warning shows that age assurance is becoming both a child safety and data protection issue. Platforms that set minimum age limits may face pressure not only to keep younger users away from unsuitable services, but also to avoid unlawfully processing children’s personal data when those users should not have access in the first place.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol dismantles cybercriminal VPN linked to ransomware investigations

Europol has announced that international law enforcement agencies dismantled the cybercriminal VPN platform known as First VPN during a coordinated operation targeting ransomware infrastructure and wider cybercrime networks.

The operation, led by authorities in France and the Netherlands with support from Eurojust, targeted infrastructure allegedly used by cybercriminals to conceal ransomware attacks, fraud, data theft and other illegal online activities.

Europol described the service as deeply embedded in the cybercrime ecosystem and said it had featured in almost every major Europol-supported cybercrime investigation over the past few years. The platform was allegedly promoted as an anonymity service for criminal use, offering anonymous payments, concealed infrastructure and tools intended to help users evade law enforcement detection.

Coordinated action days took place on 19 and 20 May, during which authorities dismantled 33 servers connected to the service and shut down associated domain names. Investigators also interviewed the alleged administrator in Ukraine and carried out a residential search linked to the operation.

According to Europol, investigators gained access to the platform’s infrastructure and user database during the investigation, which began in December 2021. The agency said the data helped identify users allegedly connected to ransomware campaigns, fraud schemes and other cybercrime operations across several jurisdictions.

Intelligence generated through the operation led to 83 intelligence packages being distributed internationally, information linked to 506 users being shared with partner agencies, and 21 Europol-supported investigations advancing through newly obtained evidence.

The operation also received support from cybersecurity company Bitdefender, while a joint investigation team coordinated by Eurojust facilitated judicial cooperation and evidence sharing among participating countries.

Why does it matter?

The takedown shows how law enforcement is increasingly targeting the infrastructure that enables cybercrime, not only the attackers themselves. VPN services marketed for criminal use can help ransomware actors and fraud networks hide their identity, route attacks and evade detection. By dismantling First VPN and obtaining user data, investigators can disrupt multiple cybercrime operations at once and strengthen ongoing ransomware investigations.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK Pensions Regulator publishes AI governance plan for pension schemes

The UK Pensions Regulator (TPR) has published an AI plan outlining expectations for governance and oversight of AI use in pension schemes.

TPR said AI may support pension administration, decision-making, and member engagement, while also creating operational and cybersecurity risks. According to the regulator, accountability remains with trustees and scheme managers even when AI systems or third-party providers are involved.

TPR Chief Executive Nausicaa Delfas said:

‘AI has the potential to transform pensions for the better: improving how schemes are run, how members are supported, and how the system as a whole delivers value.’

She added: ‘But trust is the most valuable asset in our system, and that trust depends on the safe and responsible adoption of AI in members’ interests.’

The plan recommends governance measures, including system testing, risk monitoring, fraud prevention, data management, and compliance with data protection requirements.

TPR’s plan sets out four areas of focus:

  • Ensuring schemes are well run and governed
  • Strengthening data foundations
  • Supporting responsible innovation
  • Using AI to become a more effective regulator.

TPR said it will continue coordinating with the Financial Conduct Authority on regulatory alignment across the pensions sector.

The regulator also said it has used AI-supported processes to identify pension scam websites and support enforcement actions. Further guidance and industry engagement activities are planned later this year.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK government launches cyber resilience measures amid AI-related risks

The UK Department for Science, Innovation and Technology has warned that cyber threats are becoming more frequent and complex, with AI contributing to faster and more scalable attacks. Digital Minister Baroness Lloyd of Effra said cyber resilience is increasingly important for national security and economic stability.

According to the government’s Cyber Security Breaches Survey, 43% of businesses reported experiencing a cyber breach or attack during the past year. The minister said AI tools are making some cyber capabilities more accessible by automating tasks such as vulnerability detection and reconnaissance.

The government also encouraged technology providers to adopt a ‘secure by design’ approach and referred to existing cybersecurity guidance frameworks.

The Department additionally announced a £90 million cyber resilience fund intended to support businesses, including SMEs and NHS suppliers. The government said a broader National Cyber Action Plan is expected later this summer.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

FTC targets nudify tools over TAKE IT DOWN Act compliance

The US Federal Trade Commission has sent warning letters to 12 websites offering so-called ‘nudify’ tools, expanding its enforcement of the TAKE IT DOWN Act.

The law requires covered platforms to provide a process for people to request the removal of intimate photos or videos shared online without consent, and to remove that content within 48 hours of a valid request.

The letters were sent to companies offering tools that can take a clothed image of a person and generate non-consensual sexualised images by removing clothing. According to the FTC, the companies appear to be violating the law by failing to provide a process for victims to request the removal of non-consensual intimate images from their platforms.

FTC Chairman Andrew N. Ferguson said platforms ‘no longer have any excuses’ and must comply with their obligations under the TAKE IT DOWN Act or face consequences.

The letters urge the companies to comply with the law immediately. Platforms that fail to do so could face FTC legal action and civil penalties of up to $53,088 per violation.

The action follows the FTC’s start of TAKE IT DOWN Act enforcement on 19 May. Ahead of the deadline, Ferguson sent letters to major platforms, including Alphabet, Amazon, Apple, Meta, Microsoft, Reddit, Snapchat, TikTok and X, reminding them of their compliance obligations.

The FTC has also issued business guidance on compliance with the law, which was signed in May 2025 and gave companies one year to meet its requirements.

Why does it matter?

The warning letters show how the FTC is applying the TAKE IT DOWN Act directly to AI-powered nudify tools, not only mainstream social media platforms. The action reflects growing concern that generative AI can make image-based sexual abuse easier to create and distribute at scale, while placing stronger legal pressure on platforms to give victims a fast removal process.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Switzerland advances National Cyberstrategy implementation

Switzerland has reported progress in implementing its National Cyberstrategy, with more than 90 projects underway and new measures addressing the role of AI in cybersecurity.

The Federal Council was informed of the 2025 implementation report. The implementation report was prepared by the National Cyberstrategy Steering Committee together with the National Cyber Security Centre. The report tracks work across five objectives:

  • Empowering the public
  • Securing digital services and critical infrastructure
  • Managing cyberattacks
  • Combating cybercrime
  • Strengthening international cooperation

The report identifies AI as an important area influencing both cybersecurity risks and defensive capabilities. The report describes measures related to AI-assisted cyber threats, AI-supported cyberdefence, research projects, and public awareness activities.

The report also refers to regulatory safeguards linked to Switzerland’s ratification of the Council of Europe Convention on AI. The report frames those steps as part of a broader response to the growing importance of AI in cybersecurity.

According to the report, the National Cyber Security Centre has received 222 reports since mandatory reporting requirements for cyberattacks on critical infrastructure entered into force in April 2025. Authorities say the reports improve national cyber situational awareness and support coordinated responses to threats.

The report also highlights developments involving sector-specific cybersecurity centres, information-sharing initiatives, and vulnerability management programmes. Switzerland also continued its federal bug bounty programme and other vulnerability management initiatives.

Capacity-building programmes include the Cyber-Defence Campus Fellowship, the Cyber Startup Challenge, and the national S-U-P-E-R.ch awareness campaign. The report also notes information-sharing work through Cyber-CASE, Cyber-STRAT, and NEDIK to support faster handling of digital crimes.

International activities included participation in cyber diplomacy and capacity-building initiatives linked to Geneva Cyber Week and UN and OSCE processes.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore and Google expand partnership on frontier AI deployment

Google and Singapore’s Ministry of Digital Development and Information have announced an expanded National AI Partnership to accelerate the deployment of frontier AI across the economy and public sector.

The partnership builds on earlier collaboration between Google and Singapore’s digital authorities and aims to support healthcare innovation, scientific research, workforce development, enterprise transformation and AI governance. The Ministry said the initiative supports Singapore’s National AI Strategy by deploying AI at scale for economic growth and public good.

A major focus is on healthcare and life sciences. Google DeepMind is exploring collaboration with Singapore’s public health clusters on AI co-clinician research, including systems that could support doctors and patients during care journeys under the clinical authority of physicians.

Google DeepMind will also work with the National Research Foundation to train local researchers on agentic AI tools for science, while Google and A*STAR will collaborate on AI-enabled tools for scientific research and analysis in materials and life sciences. The partnership also includes work on a Gemma-powered running assistant for blind and low-vision athletes, in collaboration with SG Enable.

Education and workforce development are another pillar. Google has enabled advanced AI features in Google Workspace for Education for educators from primary schools to junior colleges, while the Ministry of Education and Google will expand collaboration on teacher training, upskilling and AI-supported teaching and learning.

The partnership also covers enterprise transformation and AI governance. Google Cloud’s Forward Deployed Engineers will support Singapore-based companies working on agentic enterprise transformation, while Singapore agencies and Google are testing how ‘computer use’ AI agents behave in real-world settings through an AI Agents Sandbox.

Singapore and Google will also collaborate on AI safety, including the development of multimodal and multilingual safety benchmarks with IMDA and MLCommons. The work is intended to support responsible AI deployment that reflects local languages, cultures and governance needs.

Why does it matter?

The partnership shows how frontier AI is moving from experimentation into national deployment strategies. Singapore is using public-private collaboration to test AI in healthcare, research, education, enterprise workflows and governance, while also building safeguards around agentic systems and multilingual safety. The initiative could strengthen Singapore’s position as a regional AI hub, yet its impact will depend on how effectively these tools are governed in sensitive areas such as healthcare, education and public-sector services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.