Cybersecurity

Spain’s data protection authority issues privacy guidance for video game industry

The Spanish Data Protection Agency (AEPD) has published a new guide outlining data protection recommendations for the video game industry, urging companies to embed privacy safeguards throughout the entire game lifecycle.

According to the AEPD, modern video games have evolved into complex digital ecosystems that collect, analyse and process significant volumes of personal data. This may include account information, gameplay activity, behavioural data and other user-generated information, creating potential privacy and security risks.

The guide notes that AI-enabled and online gaming services increasingly rely on data-driven business models, making compliance with the General Data Protection Regulation (GDPR) particularly important. The agency emphasised that privacy protections are especially important for children and other vulnerable groups, given their significant participation in online gaming environments.

The recommendations span the entire development process, from pre-production and design to post-launch operations, covering transparency obligations, data minimisation, profiling controls and cybersecurity measures. Privacy and responsible data practices should be integrated into games from design through to end-of-life in Spain.

Why does it matter?

The guidance reflects the growing importance of data protection in the gaming industry as video games increasingly function as connected digital platforms rather than standalone entertainment products. Online services, in-game economies, AI-powered features and behavioural analytics have expanded the volume and sensitivity of personal data processed by game developers and publishers.

The recommendations also highlight broader regulatory concerns around children’s privacy and responsible data use. As gaming platforms become more immersive and data-driven, regulators are placing greater emphasis on privacy-by-design principles, transparency and user control. The AEPD’s guidance signals that compliance with data protection rules is becoming an integral part of game development, not simply a legal requirement applied after products are launched.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Ottawa strengthens role in quantum computing and cybersecurity research

Researchers and technology experts in Ottawa are contributing to advances in quantum computing, a technology that could transform fields such as drug discovery, clean energy and space exploration by solving highly complex problems beyond the reach of many conventional computers.

Researchers said quantum computing could accelerate scientific discovery and enable breakthroughs that may eventually translate into practical applications across a range of industries. However, the technology also presents significant cybersecurity challenges, as sufficiently advanced quantum computers could eventually undermine widely used encryption methods that protect digital communications and online services.

The University of Ottawa is conducting research into quantum communications and cryptography aimed at developing security technologies capable of withstanding future quantum-enabled threats. Researchers are working to better understand the fundamentals of quantum mechanics and future security systems.

Industry representatives said Ottawa’s concentration of cryptographic expertise has helped establish this city in Canada as an important centre for quantum cybersecurity research and innovation.

Why does it matter?

Quantum computing has the potential to become one of the most transformative technologies of the coming decades. Its ability to process certain types of complex calculations far more efficiently than conventional computers could accelerate advances in areas such as materials science, pharmaceuticals, energy systems and scientific research.

At the same time, quantum technologies present a major cybersecurity challenge. Many of today’s encryption systems were designed for classical computers and could become vulnerable to future quantum attacks. As a result, governments, universities and technology companies are investing in quantum-safe cryptography and secure communications. Ottawa’s growing role in quantum research reflects a broader international effort to prepare for both the opportunities and security implications of the quantum era.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Anthropic and South Korea partner on AI safety and cybersecurity

Anthropic has opened an office in Seoul and announced a series of partnerships across South Korea’s AI ecosystem, alongside a memorandum of understanding (MoU) with the Ministry of Science and ICT on AI safety.

The company said the Seoul office will serve as a long-term hub for collaboration with South Korean enterprises, startups, researchers and developers using Claude. Senior Anthropic leaders travelled to Seoul this week to open the office and meet partners, customers, and developers.

Anthropic said the MOU with South Korea’s Ministry of Science and ICT will support the safe and responsible adoption of AI across the public sector. The cooperation will focus on AI safety and cybersecurity, including Korean-language model safety evaluations with the Korea AI Safety Institute and information sharing on AI-enabled cyber threats.

KiYoung Choi, Representative Director of South Korea at Anthropic, said South Korean organisations understand that innovation and safety are linked. He said the Seoul office provides a long-term base for collaboration with organisations helping shape South Korea’s AI leadership.

Anthropic also highlighted broader adoption of Claude among South Korean companies. NAVER has deployed Claude Code across its engineering organisation, while Nexon engineering teams are using Claude Code to write, review, and ship code for live-service games.

Large South Korean business groups are also using Claude. LG CNS plans to deploy it across LG Group, Hanwha Solutions is using Claude through AWS Bedrock to meet in-region data residency and security requirements, and Samsung SDS is deploying Claude across Samsung Electronics for knowledge work, agentic workflows, and software development.

South Korean startups are also integrating Claude into products. Channel Corp uses Claude to power Channel Talk, a customer AI platform used by more than 230,000 companies across South Korea, Japan, and the United States.

Anthropic said it will also work with the National AI Research Lab, a consortium spanning KAIST, South Korea University, Yonsei University, and POSTECH. Anthropic will provide Claude access to up to 60 affiliated researchers to support work on AI safety, model evaluation, alignment, robustness and frontier AI research.

In the nonprofit sector, Good Neighbors Korea is deploying Claude to help staff analyse programme outcomes, navigate social welfare law and internal guidelines, and reduce administrative work for frontline social workers.

Anthropic said South Korea ranks among the top dozen countries globally for Claude.ai usage, with activity concentrated in technical and creative work. The company has launched Claude for Startups in South Korea and has held Claude Meetups for South Korean developers since September 2025.

The company also co-hosted Claude Build Day with BASS Ventures, bringing together more than 100 South Korean founders and developers. Anthropic will also co-host a Push to Prod hackathon with Replit, Korea Investment Partners, and Korea Investment Accelerator.

Why does it matter?

The announcement highlights South Korea’s growing importance in the global AI landscape. Beyond being a major market for AI products, the country is increasingly positioning itself as a centre for AI research, safety evaluation, enterprise adoption and public-sector deployment.

The expansion also illustrates how frontier AI companies are combining commercial growth with governance initiatives. Anthropic’s cooperation with the Ministry of Science and ICT and the Korea AI Safety Institute suggests that AI safety, cybersecurity and model evaluation are becoming integrated into broader ecosystem-building efforts. As competition among leading AI companies intensifies, partnerships that combine research, regulation, enterprise adoption and developer engagement are likely to play an increasingly important role in shaping national AI ecosystems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK cyber agency warns of growing vulnerability risks from Frontier AI

The UK’s National Cyber Security Centre (NCSC) has issued guidance for network defenders on managing the growing risk associated with software vulnerabilities discovered using Frontier AI.

The guidance states that Frontier AI models represent the most advanced AI systems and have already demonstrated the ability to identify vulnerabilities in software products. According to the NCSC, this has significant implications for the threat landscape because Frontier AI can help both defenders and threat actors identify weaknesses at greater speed and scale. The UK’s National Cyber Security Centre has issued guidance for network defenders on managing the growing risk from software vulnerabilities discovered with Frontier AI.

The guidance states that Frontier AI models represent the most advanced AI systems and have demonstrated the ability to discover vulnerabilities in software products. The NCSC says this has implications for the threat landscape because Frontier AI can help both defenders and threat actors identify weaknesses more quickly.

The NCSC emphasises that organisations using AI for vulnerability discovery should do so within secure and controlled environments. It recommends limiting what the AI system can access, ideally using it only in testing or development environments, running it through a service account with only necessary permissions, and placing it in a sandboxed environment.

Organisations should also consider legal, contractual, and security obligations before using AI-as-a-service tools for vulnerability discovery. Sending source code, intellectual property or other sensitive information to external AI providers could introduce additional security, confidentiality and compliance risks.

The NCSC notes that AI-assisted vulnerability discovery is only effective if organisations have the processes and resources needed to manage the findings. That means having processes for patch management, vulnerability identification, prioritisation, validation, remediation, and reporting, as well as the ability to filter false positives and address root causes rather than only individual flaws.

The NCSC stresses that Frontier AI should complement, rather than replace, human cybersecurity expertise. Staff with experience in cybersecurity or the relevant IT systems should guide and validate AI-based vulnerability discovery to improve speed and accuracy.

The NCSC also warns that threat actors are increasingly using Frontier AI to identify and exploit vulnerabilities, potentially accelerating cyberattack timelines. Frontier AI may reduce the time between discovery and exploitation of newly published vulnerabilities, leaving organisations with less time to patch. The guidance says organisations should therefore adopt an assume-compromised mindset.

The NCSC recommends that organisations meet minimum cybersecurity standards, apply defence-in-depth principles, monitor networks and endpoints for suspicious behaviour and maintain a strong incident response plan.

The guidance also urges organisations to reduce the number of systems exposed to the internet, especially high-risk systems such as admin login panels, legacy systems, and operational technology. Organisations should identify internet-accessible systems and assess whether they need to remain exposed.

The guidance also highlights the growing importance of software supply chain security. Organisations should understand the commercial software, cloud services, open-source software, and dependencies they use, review supplier security and AI assurance policies, apply updates quickly, and use software bills of materials or similar tools to identify vulnerable dependencies.

The NCSC says Frontier AI is likely to be used extensively to discover vulnerabilities in open-source software because source code is accessible. It also notes that open-source supply chains have already been targeted through malware campaigns affecting major packages.

Why does it matter?

The guidance reflects a growing shift in cybersecurity as advanced AI systems become capable of identifying software vulnerabilities at unprecedented speed. While these capabilities can help defenders improve security testing and vulnerability management, they can also enable attackers to discover and exploit weaknesses more quickly, potentially reducing the time organisations have to respond.

The NCSC’s recommendations also point to a broader governance challenge surrounding AI adoption in cybersecurity. Organisations must not only defend against AI-enabled threats but also ensure that their own use of AI tools does not introduce new risks related to sensitive data, software supply chains or overreliance on automated systems. As Frontier AI capabilities continue to improve, cyber resilience will increasingly depend on combining AI-driven analysis with strong human oversight, secure development practices and effective incident response.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU’s 2026 State of the Digital Decade report highlights progress and remaining challenges

The European Commission’s 2026 State of the Digital Decade report shows that the EU continues to make progress towards its digital transformation goals, although significant structural challenges remain on the path to its 2030 targets.

The report highlights progress in digital infrastructure, business digitalisation and public services. Basic 5G coverage now reaches 96.8% of households, while nearly one in five businesses uses AI.

AI adoption accelerated significantly during 2025, increasing by 48% compared with the previous year. More than 60% of Europeans now possess at least basic digital skills.

Despite the progress, the Commission identified several areas requiring urgent attention. However, the EU currently accounts for only 9% of the global semiconductor market, well below its target of reaching 20% by 2030.

Europe also remains heavily dependent on non-EU cybersecurity suppliers and continues to face shortages of ICT specialists, particularly women in digital professions.

The report also revealed strong public support for digital sovereignty and technological self-reliance. According to a new Eurobarometer survey, most citizens support greater investment in local digital infrastructure, reduced dependence on foreign technologies and stronger regulation of AI.

Citizens also identified digital health, green technologies, connectivity and AI as areas likely to deliver the greatest benefits over the next decade.

Why does it matter?

The report provides one of the most comprehensive assessments of Europe’s progress towards its 2030 Digital Decade objectives and offers insight into the EU’s broader competitiveness agenda. Strong growth in AI adoption, connectivity and digital public services suggests that digital transformation is accelerating across the Union.

At the same time, the findings highlight persistent challenges related to technological sovereignty. Europe’s limited share of the global semiconductor market, continued dependence on foreign technology suppliers, and ongoing digital skills shortages could constrain its long-term competitiveness. As the EU increasingly links economic resilience, security and digital policy, addressing these gaps will be critical to achieving its 2030 ambitions and strengthening strategic autonomy in key technologies.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Finland links communications networks to security and digital growth

Finland’s Ministry of Transport and Communications has completed the first phase of the TUUTTI project, concluding that secure and reliable communications networks are essential to both national security and digital economic growth.

The report, published on 17 June 2026, provides an overview of Finland’s communications networks, markets and services, and identifies long-term decision points affecting network investment, security and future development.

The ministry said communications infrastructure underpins the functioning of society, security of supply, business investment and the growth of the data economy. It also said security and growth objectives can no longer be treated separately, because the same networks support both public resilience and digital competitiveness.

The report highlights resilience as a prerequisite for growth, warning that communications networks are increasingly linked to energy systems, cloud and computing services, supply chains, suppliers and skills. These dependencies make long-term planning and continuous monitoring essential.

The report also frames digital and technological sovereignty as a question of managing critical dependencies, rather than pursuing complete self-sufficiency. Finland aims to reduce lock-in risks, keep systems interoperable and maintain alternatives where security or economic impacts are greatest.

Future work will focus on preparedness, management of critical dependencies, joint development of networks, data and computing, investment predictability, skills and implementation capacity. Short-term measures identified in the report will be taken forward in autumn 2026.

Why does it matter?

Finland’s assessment shows how communications networks are becoming part of wider national security and economic strategy. Connectivity policy is no longer only about broadband access or market competition; it now includes resilience, supply chains, cloud and computing dependencies, interoperability and technological sovereignty. The report may also matter beyond Finland because its findings could feed into the EU advocacy, legislative preparation and standardisation work.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

University of Nottingham data breach exposes student and alumni records

The University of Nottingham has confirmed that an external third party accessed a significant amount of data in its student record system during a cyber incident.

The university said the incident affected current students and alums and that it is working with the third-party provider that maintains the affected platform to support a forensic investigation. It has reported the incident to Action Fraud and the Information Commissioner’s Office.

The university has not publicly attributed the attack, but the ShinyHunters extortion group has claimed responsibility. Have I Been Pwned said the breach affected 454,600 accounts and involved tens of gigabytes of data, which was later published online.

According to Have I Been Pwned, the exposed data included names, email addresses, phone numbers, physical addresses, passport numbers, citizenship statuses, dates of birth, academic records, ethnicity, disability information, IP addresses and information relating to enrolments and fee payments.

The university told affected individuals that it was operating on the precautionary assumption that contact information, university-related details, financial information and personal information may have been accessed.

The breach creates risks of identity theft, fraud and follow-up phishing attacks, particularly where exposed records include identity documents, financial data and sensitive personal characteristics.

The University of Nottingham Students’ Union advised students to monitor university communications, use the dedicated support line and remain cautious about unexpected emails, messages or calls.

Why does it matter?

The breach highlights the scale of cyber risk facing higher education institutions, which hold large volumes of sensitive personal, financial and academic data. Exposure of passport numbers, contact details, protected characteristics and payment-related information can create long-term risks for students and alums. The incident also points to the importance of third-party platform security and clear breach communication, especially when student record systems are involved.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

India imposes temporary Telegram ban over exam security concerns

India has restricted access to Telegram until 22 June 2026 ahead of the NEET (UG) 2026 re-examination, citing concerns over exam security and alleged paper leak networks. The decision followed recommendations from the National Testing Agency (NTA), which sought to prevent the misuse of messaging platforms during a high-stakes national examination.

The Ministry of Electronics and Information Technology (MeitY) acted under Section 69A of the Information Technology Act, 2000, citing risks associated with organised cheating networks. Authorities also ordered Telegram to temporarily disable editing of the previously posted messages until 30 June 2026, arguing that the feature had been used to create misleading evidence of alleged paper leaks.

Enforcement efforts follow ongoing investigations coordinated by the Indian Cyber Crime Coordination Centre and state police units, which have previously dismantled multiple fraudulent channels and bot networks. Officials said groups operating under names suggesting exam leaks had demanded significant sums from students and families in exchange for false information.

Why does it matter?

The case illustrates how digital platforms have become a central battleground in efforts to protect the integrity of high-stakes examinations. Messaging applications can facilitate the rapid spread of misinformation, fraudulent schemes and alleged leak networks, prompting authorities to consider increasingly interventionist measures during sensitive national processes.

The decision also raises broader questions about digital governance and platform regulation. By restricting access to a major communication platform and temporarily limiting specific platform features, Indian authorities are signalling a willingness to use digital policy tools to address risks associated with public trust and institutional integrity. The move reflects a wider global debate over the balance between security objectives, platform accountability and access to digital communications.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

INTERPOL report warns of rising cybercrime across Asia-Pacific

INTERPOL has published its 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, covering the period from January 2024 to March 2025. The report documents a rise in cybercrime across the region, attributing the trend to expanding digital infrastructure, the adoption of new technologies and increasingly organised criminal networks.

More than half of the countries surveyed reported that cybercrime accounts for over 30% of all crimes recorded nationally. Phishing and related online scam techniques were identified as the most common and financially damaging forms of cybercrime, with 33 % of surveyed countries recorded over 10,000 such cases.

Neal Jetton, INTERPOL’s Cybercrime Director, said the findings demonstrate how cybercriminals are increasingly exploiting AI, ransomware-as-a-service models and sophisticated social engineering techniques. He noted that operational cooperation, information sharing, and cyber resilience are factors relevant to protecting communities and infrastructure as digital adoption in the region increases.

Growth in internet connectivity, mobile banking, cloud computing, and digital financial services has accompanied this cybercriminal activity, according to the report.

Survey respondents also highlighted challenges for law enforcement, including gaps in specialised forensic tools, cybercrime training and technical capacity. The report also notes differences in cybersecurity capacity across countries.

Some countries have established cybersecurity frameworks and institutional capabilities, while others, including developing countries and small island states, reported resource and capacity constraints.

The report identifies jurisdictions with fragmented enforcement structures, limited technical capabilities, and weaker legislation as more exposed to exploitation by cybercriminal actors.

The report was prepared through the Asia and South Pacific Joint Operations against Cybercrime (ASPJOC) project, funded by the United Kingdom’s Foreign, Commonwealth & Development Office (FCDO). It draws on information submitted by 18 INTERPOL member countries in the Asia and South Pacific region, along with contributions from private sector partners, operational case studies, and analysis of emerging cyber threat trends.

It is one of several regional cyber threat assessments produced by INTERPOL, alongside similar reports covering regions such as Africa. The full report is available from INTERPOL.

Why does this matter?

The report highlights how cybercrime is becoming a major security, economic and governance challenge across Asia and the South Pacific. As countries expand digital infrastructure, online banking, cloud services and digital government initiatives, cybercriminals are finding new opportunities to exploit vulnerabilities and target individuals, businesses and critical sectors.

The findings also illustrate the growing role of AI in cyberspace. While organisations increasingly use AI to strengthen cybersecurity, threat actors are adopting the same technologies to enhance phishing campaigns, generate deepfakes and automate attacks. This accelerating technological competition underscores the importance of international cooperation, cyber capacity-building and information sharing to strengthen resilience across the region.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ChatGPT set to join Pentagon’s GenAI.mil platform

Mohammed Husain, OpenAI’s Strategic Delivery Lead for Cyber, said at the Defense One Tech Summit in Virginia that the company expects to launch ChatGPT on GenAI.mil, the US Department of Defense’s enterprise-wide generative AI platform, in early July. The deployment would extend ChatGPT access to more than 3 million defence, civilian, and military personnel.

According to Husain, the version of ChatGPT deployed on GenAI.mil will be certified to handle Controlled Unclassified Information (CUI) and operate at Impact Level 5 (IL5), a Defense Department cloud security classification for systems processing sensitive unclassified information. Husain said OpenAI continues to coordinate with the Pentagon’s Chief Digital and Artificial Intelligence Office (CDAO) on the rollout.

The Department of Defense launched GenAI.mil in December 2025, initially centred on Gemini for Government, before announcing plans to integrate models from OpenAI and xAI. Outside GenAI.mil, federal agencies have had access to ChatGPT since at least January 2025 through ChatGPT Gov.

In August 2025, OpenAI and the General Services Administration reached a OneGov agreement that reduced the price of ChatGPT access for federal agencies. Most recently, OpenAI’s GPT-5.4 model became available to federal government users on Amazon Bedrock and AWS GovCloud earlier this month.

Husain said that as the Department of Defense adopts more capable models, token consumption, the units used by AI systems to process and generate information, is likely to increase, particularly for higher-value tasks.

He pointed to Amazon’s early June announcement that OpenAI’s GPT-5.5, GPT-5.4, and Codex models are now available on Amazon Bedrock as an example of broader access to more capable, token-intensive models.

Husain said token efficiency, measured by the cost of completing tasks rather than raw processing speed, is expected to become an increasingly important consideration in government AI deployments as model capabilities advance.

Why does this matter?

The planned rollout highlights how frontier AI models are moving from experimental deployments into core government and defence infrastructure. Rather than relying on a single provider, the Pentagon is building an ecosystem that includes models from OpenAI, Google and xAI, reflecting a broader strategy of integrating commercial AI capabilities into operational environments.

The development also illustrates the growing institutionalisation of relationships between leading AI companies and national security organisations. As advanced AI systems become embedded in government workflows, questions around security, procurement, oversight, interoperability, and strategic dependence on private-sector AI providers are likely to become increasingly important.

The deployment of ChatGPT on GenAI.mil, therefore, represents not only a technology upgrade but also a step in the evolving governance of AI within national security institutions.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.