Cybersecurity

IWF and CaseScan partner to strengthen the detection of child abuse material

The Internet Watch Foundation has announced a new partnership with CaseScan aimed at improving the detection and identification of child sexual abuse material online.

CaseScan, a specialist technology company supporting child protection investigations and digital safety work, has joined the IWF as a member. The company develops tools that help specialist teams identify, classify, and prioritise illegal material more efficiently, reducing manual workloads and supporting faster responses when criminal content is found.

Through its membership, CaseScan will be able to draw on IWF intelligence and services to strengthen how it helps approved clients detect child sexual abuse material. The IWF said the collaboration will support faster identification of criminal content.

The partnership comes amid a rapidly evolving online threat landscape. According to the IWF’s 2025 Annual Data & Insights Report, new technologies, systemic vulnerabilities, and the continued distribution of child sexual abuse material are increasing the challenges faced by investigators and online safety organisations.

CaseScan said the collaboration will strengthen its ability to support professionals working on the front line of child protection investigations. The IWF said industry partnerships are essential to disrupting the criminal distribution of abusive images and videos and preventing the repeated victimisation of children online.

Why does it matter?

The partnership shows how child safety organisations and specialist technology providers are working to improve the speed and accuracy of CSAM detection. As the volume and complexity of illegal material online grow, trusted intelligence and specialist detection tools can help investigators and approved organisations prioritise cases, reduce manual review burdens, and respond more quickly to harmful content.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK proposes hash-matching rules to combat intimate image abuse in search results

The UK government has published draft amendments to the Illegal Content Codes of Practice for search services under the Online Safety Act, proposing new measures to help detect intimate image abuse content. The amendments, published on 1 June, would add a recommended measure for large general search services to use hash-matching technology to detect intimate-image abuse content.

According to the draft, Ofcom prepared the amendments under section 41 of the Online Safety Act and submitted them to the Secretary of State on 15 May. The document was presented to Parliament under section 43 of the Act and is due to lie before both Houses for 40 days.

The proposed measure, designated ICS C8, would apply to providers of large general search services. The measure recommends the use of perceptual hash matching to identify known intimate image abuse content, or cryptographic hash matching where perceptual matching is not supported by the provider’s hash database.

Under the proposal, content matching an unverified hash for the first time would be treated as potentially illegal and subjected to review under Ofcom’s search moderation procedures. Other matches may be treated as illegal content or reviewed as suspected video and image abuse, depending on the provider’s assurance in the detection outcomes.

The amendments also set expectations for human moderator review, regular updates to hash databases, removal of hashes found not to relate to intimate image abuse content, and reviews of precision and recall at least every six months. Ofcom said the proposed measure includes safeguards intended to protect freedom of expression and privacy rights while supporting the detection of illegal content.

Why does it matter?

The proposal reflects growing efforts by regulators to address the spread of non-consensual intimate imagery, including AI-generated content, through proactive detection and moderation measures.

By encouraging the use of hash-matching technologies, UK authorities aim to reduce the repeated circulation of known abusive material while maintaining safeguards for privacy and freedom of expression.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission proposes EU-wide satellite spectrum authorisation system

The European Commission has proposed a new EU-wide authorisation system for mobile satellite services operating in the harmonised 2 GHz frequency band once current licences expire in 2027. The move is intended to strengthen connectivity, resilience, competitiveness and critical communications across the bloc.

Under the proposal, an EU-level selection process would replace the framework introduced in 2008. The European Commission said a single authorisation system across Member States would improve regulatory consistency and enable satellite operators to provide cross-border services more efficiently.

The proposal would reserve one-third of the 2 GHz band for governmental uses, including critical communications, security and defence, through an EU operator associated with the Union’s IRIS² Secure Connectivity programme.

The European Commission said the new framework is intended to support secure, resilient and innovative satellite services while strengthening critical communications capabilities and reducing strategic dependencies. The proposal was presented in Brussels and aligns with broader plans for EU-level satellite spectrum management.

Why does it matter?

Satellite communications are becoming increasingly important for connectivity, emergency response, government communications and critical infrastructure resilience. A harmonised EU authorisation system could simplify cross-border operations for satellite providers while strengthening the bloc’s ability to support secure communications services.

The proposal also reflects broader European efforts to improve resilience in strategic digital and space infrastructure and reduce dependence on external providers in critical sectors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Australia’s CEDA event to examine AI-generated threats and trust

The Committee for Economic Development of Australia (CEDA) will host an event in Brisbane examining the impact of AI-generated scams, synthetic media and the challenge of maintaining trust in digital environments. The discussion will focus on the economic and reputational risks posed by deepfakes, voice cloning, phishing campaigns and fraudulent online services.

The event, titled ‘The scam economy: How to manage AI-generated threats and build trust’, will examine how businesses can maintain trust with stakeholders when visual, audio, and written material can be generated or manipulated using AI. It will bring together communications, cyber, technology, finance, and policy experts.

The discussion comes ahead of the entry into force of Australia’s Scams Prevention Framework Act 2025 on 1 July. Under the new framework, banks, telecommunications providers and digital platforms will be required to take proactive steps to prevent, detect and respond to scam activity.

CEDA says the event will explore how businesses can manage the economic risks of AI-generated fraud as synthetic media becomes more accessible and harder to identify. The programme will be held at Pullman King George Square in Brisbane.

Why does it matter?

Advances in generative AI are making it easier and cheaper to create convincing fake content, including images, videos, voices and websites. These tools are increasingly being used in fraud schemes that target consumers, businesses and public institutions.

As AI-generated deception becomes more sophisticated, organisations face growing challenges in maintaining trust, verifying authenticity and protecting users from scams. The discussion reflects broader efforts by governments and industry to adapt regulatory and security frameworks to emerging AI-related risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU launches consultation on trusted flagger guidelines under the DSA

The European Commission has launched a public consultation on draft guidelines for trusted flaggers under the Digital Services Act, aiming to establish a clearer and more consistent framework for organisations that identify and report illegal online content.

Trusted flaggers are specialised entities whose notices about illegal content must be prioritised by online platforms under the DSA. Platforms remain responsible for assessing whether the reported content is illegal.

More than 70 trusted flaggers have already been designated across the EU, covering areas such as child sexual abuse material, intellectual property infringements, online fraud, financial scams, and online harassment.

The proposed guidelines clarify the criteria and procedures used by national Digital Services Coordinators to grant trusted flagger status. They also set out technical requirements for trusted flaggers and platforms when processing notices of illegal content.

The draft guidelines include safeguards intended to ensure that trusted flaggers remain independent, objective, and accountable while operating in full respect of freedom of expression. They also include measures to prevent misuse of the mechanism, including public annual transparency reports and procedures to suspend or revoke trusted flagger status.

The Commission is inviting feedback from platforms, trusted flaggers, applicants, researchers, civil society organisations, and other stakeholders until 26 June 2026. Following the consultation, the Commission plans to adopt the final guidelines in the second half of 2026.

Why does it matter?

Trusted flaggers are becoming an important procedural tool in the EU’s online safety framework. Clearer rules could improve the reporting and handling of illegal content while reducing fragmentation across member states. The safeguards are also important because prioritised notices must be balanced with accountability, transparency, and protection of freedom of expression.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Singapore and Japan launch mutual recognition of IoT cybersecurity labels

Singapore and Japan have launched mutual recognition of their cybersecurity labelling schemes for Internet of Things (IoT) under a Memorandum of Cooperation that entered into force on 1 June 2026. The arrangement covers Singapore’s Cybersecurity Labelling Scheme and Japan’s JC-STAR scheme.

The Memorandum of Cooperation was signed by Rahayu Mahzam, Singapore’s Minister of State for Digital Development and Information, and Ino Toshiro, Japan’s State Minister of Economy, Trade and Industry. The Cyber Security Agency of Singapore (CSA) and Japan’s Ministry of Economy, Trade and Industry agreed to recognise cybersecurity labels issued under either scheme.

IoT devices certified under either Japan’s JC-STAR scheme or Singapore’s Cybersecurity Labelling Scheme will be eligible for streamlined recognition in the other market. Covered products include smart home assistants, home automation and alarm systems, and IoT gateways and hubs that connect multiple devices.

Japan is the fifth country to establish such an arrangement with Singapore, following Finland, Germany, South Korea, and the United Kingdom. According to Singapore authorities, the arrangement is expected to support stronger cybersecurity practices for connected devices, reduce certification burdens for manufacturers, and increase consumer confidence in smart technologies.

The CSA launched the Cybersecurity Labelling Scheme in 2020. Since then, it has received applications for more than 1,000 products, including routers, smart lighting, and smart cameras.

Why does it matter?

Connected devices are increasingly used in homes, businesses, and critical services, making cybersecurity a growing concern for governments and consumers. Cybersecurity labelling schemes are designed to help buyers identify products that meet recognised security requirements while encouraging manufacturers to improve security practices.

By recognising each other’s certification schemes, Singapore and Japan are reducing regulatory barriers and promoting greater interoperability in cybersecurity standards. The agreement also reflects broader international efforts to strengthen trust and security in the rapidly expanding IoT ecosystem.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

G7 agrees on the first common principles on protecting children online

G7 digital ministers have agreed a shared set of principles for protecting children and young people from online harm for the first time, marking the first coordinated approach adopted by the group on the issue. The agreement, reached during talks in Paris, sets shared principles for addressing risks linked to harmful content, exploitation and the use of AI chatbots.

The principles call for stronger digital literacy, robust online safety practices by digital service providers and safety measures built into digital services from the start. The agreement also sets expectations for effective age assurance and closer cooperation between providers, children, parents and guardians.

Ministers also called for improved access to data and research on how digital services affect children’s well-being, including greater cooperation among platforms, researchers and families. UK Science and Technology Secretary Liz Kendall said: ‘The agreements we have reached today are an important step on that journey: outlining a shared approach to protecting our children, backing our small businesses to adopt AI, and ensuring AI is developed safely and responsibly.’

The G7 also reaffirmed its commitment to promoting trustworthy AI while continuing discussions on assessing and managing AI-related risks. Under France’s presidency, members agreed to continue discussions on a mutual understanding of AI risk assessment frameworks, including in relation to cyberattacks and chemical and biological capabilities.

Ministers also backed support for small and medium-sized enterprises to adopt AI through a tool developed with the Organisation for Economic Co-operation and Development (OECD). G7 members also agreed a Vision on AI Openness and committed to further work on AI-generated content detection, secure AI systems, trusted data flows, and resource-efficient digital and AI infrastructure.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Finland proposes rules for EU Cyber Resilience Act

The Finnish Government has proposed the approval of national provisions supplementing the EU Cyber Resilience Act, which sets cybersecurity requirements for products with digital elements.

The legislation will enter into force on 1 June 2026, with phased application aligned with the Cyber Resilience Act’s transitional periods during 2026 and 2027. The aim is to improve the cybersecurity of connected devices and software placed on the EU market.

The Cyber Resilience Act will be supplemented in Finland by a new national act on the cyber resilience of certain products and cybersecurity certification. The act covers supervision of product-related obligations, notification of conformity assessment bodies under the Cyber Resilience Act, administrative sanctions, and national provisions linked to the EU cybersecurity certification.

Market surveillance under the Cyber Resilience Act, along with the designation and supervision of notified bodies, will be assigned to the Finnish Transport and Communications Agency, Traficom. Market surveillance of high-risk AI systems will be carried out by the authorities responsible for supervising compliance with the AI Act, depending on the sector.

Conformity assessment bodies will be able to apply to Traficom from 11 June 2026 to be notified for assessment tasks under the Cyber Resilience Act. Bodies notified by Finland will be able to carry out conformity assessments across the EU member states within their area of competence.

Finland will also add a new chapter to the Act on Electronic Communications Services concerning the collection and disclosure of domain name registration data under the NIS2 Directive. The obligations will extend beyond .fi and .ax domains where the registrar or top-level domain registry is located in Finland, after a three-month transitional period.

The Government said the domain name provisions will complement Finland’s national implementation of NIS2 and improve the availability of registration data, making it easier to tackle illegal activity online.

Why does it matter?

Finland’s legislation shows how EU cybersecurity rules are being translated into national enforcement structures. The Cyber Resilience Act sets product security obligations at the EU level, but member states still need national provisions for supervision, notified bodies, sanctions, and certification. The added NIS2 domain registration rules also show how cybersecurity implementation is expanding beyond products into online infrastructure and data availability for enforcement.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

GCHQ outlines AI-driven cyber defence programme for protecting critical infrastructure

The UK’s signals intelligence agency GCHQ has announced plans to develop an AI-powered national cyber defence capability that would use autonomous software agents to identify and respond to cyber threats at machine speed. Speaking publicly, GCHQ director Anne Keast-Butler described the initiative as a ‘blueprint for a new national cyber defence capability’ to be operational within five years.

The programme would apply agentic AI to monitor and protect critical sectors including energy, water, healthcare, transport, and financial services. According to Keast-Butler, advances in AI are accelerating the discovery of software vulnerabilities, increasing pressure on defenders to identify and mitigate risks more quickly.

UK Security Minister Dan Jarvis had previously outlined the national cyber shield concept in April, noting that protecting critical infrastructure in an AI-enabled environment would require approaches beyond standard commercial security products. The Cabinet Office has since approached AI companies to contribute to the development of these capabilities.

GCHQ is separately integrating AI into its intelligence analysis workflows, including language translation and large-scale data processing.

Alongside the cyber defence announcement, Keast-Butler addressed two further technical priorities. On quantum computing, she noted that post-quantum encryption is now an active planning requirement rather than a future consideration, pointing to National Cyber Security Centre guidance on transitioning to quantum-resistant algorithms. On space, she observed that the volume of orbital infrastructure has grown substantially — over 10,000 new objects launched in three years — with GCHQ working to secure space-based systems that underpin data transmission globally.

GCHQ’s Mathematics directorate is developing new cryptographic methods suited to the post-quantum environment, building on the agency’s role in pioneering public-key cryptography in the 1970s.

Taken together, the announcements sketch a broader shift in how GCHQ positions its role. The announcements suggest a broader role for GCHQ, combining intelligence, cybersecurity, cryptography and infrastructure protection as part of the UK’s wider digital resilience strategy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Germany approves draft law expanding cyber defense powers for federal authorities

Germany’s federal cabinet has approved draft legislation that would expand cyber defence capabilities for three federal agencies, the Federal Office for Information Security (BSI), the Federal Criminal Police Office (BKA), and the Federal Police (Bundespolizei), as part of a broader effort to strenghten the country’s response to cyber threats.

Under the proposal, authorities would be able to block or disrupt software and server infrastructure used in cyberattacks, including systems located outside Germany. The BSI would also receive expanded authority to collect, store, and analyse data to detect activities indicative of attack preparation. Telecommunications providers and major digital platforms would be required to relay BSI warnings about identified threats directly to users.

The government describes the measures as ‘active cyber defence,’ arguing that they are intended to stop or disrupt ongoing attacks rather than conduct retaliatory cyber operations. Current practice involves redirecting attacks to isolated network areas; the new framework would instead authorize direct action against attacker-controlled systems.

According to the Federal Situation Report on Cybercrime 2025, presented by Federal Interior Minister Alexander Dobrindt and the Vice President of the Federal Criminal Police Office, Martina Link, Germany is among Europe’s most frequently targeted countries for cyberattacks.

Federal authorities in Germany have documented sustained campaigns against industrial companies, small and medium-sized enterprises, research institutions, government bodies, and political parties, with a portion attributed to state-affiliated actors.

The draft will now proceed to parliamentary debate. It requires a legislative vote before entering into force.

Why does it matter?

The proposal reflects a broader shift among governments toward more proactive cybersecurity strategies as cyberattacks become increasingly frequent and sophisticated. Rather than focusing solely on defending networks, authorities are seeking legal powers to disrupt malicious infrastructure before attacks cause significant harm.

The legislation also raises important questions about the scope of state cyber powers, oversight mechanisms, and the legal implications of taking action against infrastructure located outside national borders. If adopted, it would mark one of Germany’s most significant cybersecurity policy changes in recent years.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.