Cybersecurity

Greece drafts national framework to implement the EU AI Act

Greece has opened a public consultation on a draft law to implement the EU AI Act and create a national framework for AI governance.

The Ministry of Digital Governance and Artificial Intelligence said the draft law has been under public consultation since 21 June 2026, with comments open until 6 July. The proposal aims to introduce the national mechanisms needed to apply the AI Act in Greece while supporting innovation, competitiveness and the protection of fundamental rights.

Under the draft law, the Hellenic Data Protection Authority would become the central market surveillance authority and national contact point for AI Act implementation. The Hellenic Telecommunications and Post Commission would act as the notifying authority for conformity assessment procedures.

The proposal would also establish an Artificial Intelligence Coordination and Expertise Centre to support the implementation of the new framework.

It would create an AI regulatory sandbox, allowing startups and small and medium-sized enterprises to develop and test innovative AI applications in real-world conditions with support from the state.

The draft law also introduces a complaint-handling mechanism, an administrative sanctions system and a unified registry of AI systems used by public-sector bodies. The registry is intended to strengthen transparency, accountability and public trust in government use of AI.

The proposal would also reinforce the role of Greece’s Artificial Intelligence Observatory in monitoring the implementation of the National AI Strategy.

Why does it matter?

Greece’s proposal shows how the EU AI Act is moving from Brussels-level legislation into national enforcement structures. The draft law would assign supervisory roles, create a national AI coordination centre, establish a regulatory sandbox and require a public-sector AI registry. Such measures could shape how AI systems are monitored, tested and deployed across both government and the private sector, while giving startups clearer pathways for compliance.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Cloudflare and beehiiv add AI crawler controls for newsletter publishers

Cloudflare and beehiiv have added AI crawler controls to the beehiiv newsletter platform, giving publishers more visibility over how AI bots access their content.

The integration embeds Cloudflare’s AI Crawl Control technology into beehiiv, allowing newsletter operators to monitor AI crawler activity and decide whether to allow or block access to their work.

The companies said the tool is designed for creators choosing between two strategies: increasing discovery through AI search engines and agents, or protecting content archives for future monetisation and licensing opportunities.

The new dashboard will show which AI crawlers attempt to access a publisher’s content, which are blocked, and how much referral traffic those crawlers send back to the newsletter.

AI Crawl Control will be available to all beehiiv users in beta. beehiiv Max customers will also be able to block AI crawlers and set permissions for how their content is accessed across the AI ecosystem.

Cloudflare and beehiiv said the integration eliminates the need for publishers to manually manage technical settings, such as robots.txt files and firewall rules. The system is also expected to update as new AI crawlers emerge.

Why does it matter?

The partnership shows how AI content access is becoming a practical governance issue for smaller publishers, not only large media companies. As AI search engines and agents change how online content is discovered and reused, creators need tools to see who is crawling their work, what traffic is returned, and whether access supports or undermines their business model. The integration also reflects a broader shift towards permission-based content access in the AI era.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK ICO warns against unauthorised access to patient records

The UK’s Information Commissioner’s Office (ICO) has warned that unauthorised access to patient records is a serious breach of trust and an ongoing concern across the healthcare sector. In a new blog, the regulator said medical records contain some of the most sensitive personal information and must only be accessed for legitimate reasons.

The ICO said inappropriate access remains rare and does not reflect the behaviour of most healthcare professionals. However, recent high-profile incidents suggest the problem is not confined to isolated cases and requires a stronger organisational response.

According to the regulator, personal curiosity is never a legitimate basis for accessing patient records. Deliberate or reckless access to personal data without authorisation is unlawful and may result in disciplinary measures, loss of professional registration and, in some cases, criminal prosecution.

The ICO called on healthcare leaders to strengthen organisational culture through clear communication, role-specific data protection training and technical safeguards, including role-based access controls and audit logging. Protecting patient privacy is fundamental to maintaining trust in the healthcare system in the UK.

Why does it matter?

Healthcare records contain some of the most sensitive categories of personal information, including medical histories, diagnoses and treatment details. Even isolated cases of unauthorised access can undermine public trust in healthcare institutions and raise concerns about privacy, confidentiality and professional accountability.

The warning also highlights the growing importance of data governance in healthcare. As health systems become increasingly digital and interconnected, organisations must combine technical safeguards, staff training and strong organisational culture to ensure sensitive information is accessed only when necessary and for legitimate purposes. Maintaining patient trust remains essential to the effective delivery of healthcare services.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Five Eyes agencies urge action on AI cyber risk

Five Eyes cybersecurity agencies have urged business and technology leaders to act quickly as AI transforms the cyber landscape.

In a joint statement issued on 22 June, the leaders of the Five Eyes cybersecurity agencies said AI is already changing both offensive and defensive cyber capabilities. They said AI can strengthen cyber defence capabilities, but it is also increasing the speed, scale and sophistication of cyber threats.

The agencies said frontier AI models could surpass current industry expectations and fundamentally reshape cyber capabilities within months rather than years. They warned that AI is lowering barriers for malicious actors and shrinking the time between vulnerability discovery and exploitation.

The statement was signed by cybersecurity leaders from Australia, Canada, New Zealand, the United Kingdom, and the United States. Signatories included the heads of the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, New Zealand’s National Cyber Security Centre, the UK’s National Cyber Security Centre, the US Cybersecurity and Infrastructure Security Agency, and the US National Security Agency’s Cyber Security Directorate.

The agencies said cyber resilience should be treated as a strategic business risk and leadership responsibility rather than solely a technical concern. Boards and executives should ensure that cyber controls are in place and can operate effectively under pressure during real incidents.

The statement urged leaders to assess organisational risk, preparedness and accountability while ensuring cybersecurity remains integrated into broader business decision-making. It also called on organisations to prioritise foundational cybersecurity practices, give cyber leaders sufficient authority and resources, and remain engaged as threats and guidance evolve.

The agencies said secure-by-design and secure-by-default must become standard practice rather than an aspiration. They also said resilience cannot depend on a single technology, making defence in depth essential as AI systems evolve.

The statement warned that new, previously unknown vulnerabilities, including zero-day exploits, will continue to emerge. It said breaches will occur, but preparedness can help organisations contain them quickly and prevent escalation into major operational and financial crises.

The Five Eyes agencies recommended five practical actions for leaders. Organisations should reduce their attack surface by limiting unnecessary access and external connectivity, and should question whether systems need to be exposed at all.

They should also accelerate patching processes because AI is shortening the time between vulnerability discovery and exploitation. Delays in patching can increase risk, especially for operational systems with long update cycles.

The statement also urged organisations to address legacy systems, describing unsupported systems as strategic liabilities rather than only technical debt. Leaders were also told to review and strengthen identity and access controls, enforce strong authentication, and regularly review permissions.

Incident preparation was another priority. The agencies said organisations should test response plans, train teams, and assume breaches will happen, with a focus on fast containment and recovery.

The agencies also encouraged organisations to deploy AI as a defensive tool, using it to identify vulnerabilities, strengthen monitoring and accelerate incident response. Organisations that integrate AI tools into security operations can detect vulnerabilities earlier, improve software quality, monitor unusual behaviour and respond faster to incidents.

The statement said success will not come from having the most tools. Instead, it said organisations should focus on getting the basics right, acting quickly and integrating cyber security into core business strategy.

The Five Eyes agencies said leaders who act now will reduce exposure, strengthen resilience, and build confidence with customers, partners, and investors. Those who delay, they said, will face growing, avoidable risks.

Why does it matter?

The statement reflects growing concern among major cybersecurity agencies that AI is changing the balance between attackers and defenders. By accelerating vulnerability discovery, automating reconnaissance and lowering technical barriers for malicious actors, AI could significantly reduce the time organisations have to identify, patch and mitigate emerging threats.

The warning also signals a broader shift in cybersecurity governance. Rather than treating cyber risk as a technical issue delegated to IT departments, governments increasingly expect boards and senior executives to view cyber resilience as a core organisational responsibility. As AI capabilities advance, secure-by-design systems, rapid patch management, strong identity controls and tested incident response plans are becoming central elements of national and corporate cyber resilience strategies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK and Malaysia launch negotiations on digital trade agreement

The UK and Malaysia have launched negotiations on a digital trade agreement aimed at supporting economic growth, creating jobs and expanding cross-border digital services.

The UK government said the talks mark the next step in its effort to strengthen the country’s role as a global hub for services and digital trade. Digital trade encompasses the exchange of goods, services and data that are enabled or delivered through digital technologies.

The proposed agreement could support activities such as UK businesses selling software to overseas customers through online platforms or providing financial consultancy services remotely across borders.

The UK said standalone digital trade agreements can deliver benefits similar to digital trade chapters in traditional free trade agreements while remaining more agile, flexible and quicker to negotiate and implement.

The UK and Malaysia already maintain a growing trade relationship. The UK said bilateral trade was worth £6.4 billion in 2025, and that it exported £730 million in digitally delivered services to Malaysia in 2023. The UK also cited OECD estimates showing that exports to Malaysia supported 31,100 UK jobs in 2022.

The proposed digital trade agreement aims to make trade with Malaysia easier, cheaper, and more secure through cross-border data flows. Other potential benefits include reducing paperwork and border friction through digital systems.

The agreement could also include provisions on personal data protection, intellectual property rights, online consumer protection and cybersecurity cooperation. The UK said the deal aims to strengthen international digital and technology cooperation by supporting responsible innovation in areas such as AI and data.

The government said the agreement could create new partnerships that support more efficient supply chains, infrastructure, and global competitiveness.

UK Trade Minister Chris Bryant said launching negotiations with Malaysia marks an important step in strengthening the UK’s position as a global leader in digital trade.

Bryant said a UK-Malaysia digital trade agreement could unlock new opportunities for British businesses, support high-skilled jobs, and help firms compete in fast-growing, technology-driven markets.

Why does it matter?

Digital trade is becoming a central pillar of international economic policy as services, data flows and digital platforms play a growing role in global commerce. For economies such as the UK, which have strong services sectors, agreements that facilitate cross-border data flows and remote service delivery can create new opportunities for businesses while reducing regulatory and administrative barriers.

The negotiations also reflect a broader shift towards standalone digital trade agreements as a faster and more flexible alternative to traditional trade deals. Beyond commercial benefits, such agreements increasingly address issues including AI governance, cybersecurity, consumer protection and data regulation, making them important instruments for shaping the rules of the digital economy and strengthening international digital cooperation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UNESCO launches media literacy guide for families in the digital age

UNESCO has launched a global media literacy guide to help parents, caregivers, and families support children’s safe, informed and critical engagement with digital environments.

The guide, titled Growing Up in a Connected World: A Family Guide for the Digital Age, was launched at UNESCO Headquarters and online, attracting around 700 participants. It is available in English, French, and Spanish.

Developed by UNESCO in partnership with the French Media and Information Literacy Centre, CLEMI / Réseau Canopé, the guide is intended to equip families with media and information literacy skills to help guide children’s digital engagement.

UNESCO said the initiative comes amid growing global debate over whether younger users’ access to social media should be restricted or, in some cases, prohibited altogether. The organisation said such debates reflect broader concerns about safety, wellbeing and exposure to harmful content, but also underline the need to help young people navigate digital spaces safely, critically, and confidently.

The guide addresses both opportunities and risks linked to digital technologies. UNESCO said digital technologies can expand access to knowledge, participation and connection, but can also expose children to cyberbullying, harmful content, misinformation, and hate speech.

Khaled El-Enany, Director-General of UNESCO, said, ‘UNESCO promotes robust, evidence-based Media and Information Literacy policies. There is progress: UNESCO’s 2025 global survey shows that 171 countries now have a MIL policy framework. However, implementation remains uneven, with fewer than half of countries integrating media and information literacy into school curricula. As a result, too many children still receive no structured support at all. And when schools cannot fill this gap, the responsibility falls on families.’

Samuel Vitel, Director General of Réseau Canopé, said, ‘It is often through dialogue with parents that children learn to question information, compare different perspectives, and develop their critical thinking skills. This is why parents need support, just as we already provide it to teachers and to all education stakeholders.’

UNESCO said families are increasingly at the centre of today’s information ecosystems as digital and political transformations reshape society. The organisation said regulatory approaches such as safety by design remain important, but are not sufficient on their own.

The guide is designed to place practical tools directly in the hands of parents and caregivers. UNESCO said the aim is to support informed decision-making, strengthen autonomy within family life, and help families guide digital practices at home.

Mariya Gabriel, UNESCO Assistant Director-General for Communication and Information, said, ‘This new Guide serves as a common foundation of knowledge that every parent should be able to access. Its publication today is, therefore, not the end of our work, but the beginning.’

UNESCO also highlighted the growing influence of AI on information consumption and communication practices. Citing research from the Reuters Institute, it said 15% of young adults aged 18 to 24 use AI weekly to access news, compared with 3% of older users.

The organisation called on regulators, media organisations, experts, and other stakeholders to help empower parents, children, and young people to navigate information ecosystems critically and confidently.

UNESCO said media and information literacy remains one of its core global programmes. Through these initiatives, UNESCO and its partners aim to strengthen critical thinking skills and digital competencies in response to rapid technological change.

Why does it matter?

The guide matters because debates over children’s online safety are moving beyond restrictions and platform rules alone. UNESCO’s approach places media literacy at the centre of child protection, arguing that young people also need support to understand information, assess risks, and navigate digital spaces critically.

It also highlights the role of families in digital governance. Where schools have not yet integrated media and information literacy into curricula, parents and caregivers often become the first line of support against misinformation, harmful content, cyberbullying, and AI-shaped information environments.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OECD examines young people’s social media use

The OECD has warned that young people are growing up in a social media age that offers opportunities for creativity and connection, but also creates risks for learning, well-being and online safety.

In a new Digital Economy Paper, ‘Growing up in the social media age’, the OECD reviews research on young people’s social media use and analyses data from the 2022 Programme for International Student Assessment. The paper focuses mainly on 15-year-olds and examines links between social media use, academic outcomes, creative thinking and policy responses.

The OECD says social media is almost universal among 15-year-olds. Around 95% report browsing social media daily, while 88% report communicating or sharing digital content on social platforms. On average, 15-year-olds across the OECD spend almost 35 hours a week on social media.

The paper says the evidence on social media and well-being remains complex. Excessive use is often associated with negative outcomes, but correlations do not prove that social media directly causes lower academic performance, poorer mental health or reduced well-being.

The OECD finds that moderate social media use is associated with stronger academic performance than either no use or heavy use. Mathematics performance is highest among students who use social media moderately, while performance tends to decline as time spent on social media exceeds 3 hours a day.

Creative thinking follows a similar pattern. Scores peak at moderate levels of browsing social media, usually one to three hours per day, but decline when students spend more than one hour communicating or sharing digital content.

The paper also notes that school mobile phone bans are becoming more common, but implementation remains difficult. Across the OECD, 29% of 15-year-olds in schools that ban mobile phones still reported using their phone at school several times a day.

The OECD says governments need balanced policies that help young people benefit from social media while protecting them from risks, and that safeguards should also respect freedom of expression, privacy, innovation and fair competition.

Why does it matter?

The OECD paper is useful because it pushes the debate beyond a simple ‘ban or allow’ framing. It shows that young people’s social media use is widespread and often excessive, yet moderate use can be associated with positive outcomes. For policymakers, the challenge is to design rules on school phone use, age limits and platform obligations that protect children without cutting them off from digital participation, creativity and social connection.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

US sets post-quantum cryptography deadlines for federal systems

US President Donald Trump has signed an executive order setting deadlines for federal agencies to migrate high-priority systems to post-quantum cryptography.

Executive Order 14409 says large-scale quantum computers could threaten widely used cryptographic systems and create risks for sensitive government data, critical infrastructure and the digital economy. It also highlights ‘harvest now, decrypt later’ attacks, where adversaries collect encrypted information today and decrypt it once quantum capabilities become available.

The order makes it US policy to transition federal information systems to National Institute of Standards and Technology-approved Federal Information Processing Standards for post-quantum cryptography. It also directs the federal government to assist critical infrastructure owners and operators with their own migration planning.

Within 30 days, each federal agency must name a post-quantum cryptography migration lead responsible for cryptographic inventories, migration planning and cross-agency coordination.

The Office of Management and Budget must issue guidance within 90 days requiring agencies to review inventories of high-value assets and high-impact systems (excluding National Security Systems) and submit migration plans.

Federal high-value assets and high-impact systems must transition to post-quantum cryptography for key establishment by 31 December 2030 and for digital signatures by 31 December 2031.

The order also directs CISA, in coordination with NIST, to publish public guidance within 270 days on minimum elements for a cryptographic bill of materials, supporting automated assessment of cryptographic assets in hardware and software.

Procurement rules are also expected to change. The Federal Acquisition Regulatory Council must propose requirements for covered contractors to comply with NIST cryptographic standards, including applicable post-quantum standards, by 31 December 2030.

Why does it matter?

The order gives the US post-quantum transition concrete deadlines and turns cryptographic migration into an operational, procurement and critical infrastructure issue. Quantum-capable attacks remain a future risk, but encrypted data can be stolen now and decrypted later. By requiring inventories, migration leads, contractor obligations and cryptographic bills of materials, the EO pushes agencies and suppliers to understand where vulnerable cryptography is used before quantum threats become practical.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Digital harms and child protection drive major Criminal Code reforms in Canada

Canada has enacted new criminal justice legislation aimed at strengthening protections for children, restoring mandatory minimum sentences for serious sexual offences and expanding legal tools to combat online exploitation and digital abuse. The Protecting Victims Act has been presented as a major update to the Criminal Code.

The law increases penalties for offences including sexual abuse, voyeurism, sextortion and the non-consensual sharing of intimate images, including AI-generated or digitally manipulated sexual deepfakes. Authorities have also been given enhanced powers to pursue offenders operating across borders.

Additional provisions extend investigative timeframes and require internet service providers to retain certain data for longer periods, improving access to evidence in cases involving online exploitation and abuse. The legislation also introduces a new criminal offence targeting the recruitment of minors into criminal activity.

Officials said the reforms are intended to strengthen enforcement capabilities and promote greater consistency in sentencing for serious offences, while preserving limited judicial discretion where mandatory penalties would be clearly disproportionate.

Why does it matter?

The reforms reflect how child protection laws are evolving to address increasingly digital forms of exploitation. Offences such as sextortion, non-consensual image sharing and AI-generated sexual deepfakes have created new challenges for law enforcement and courts, requiring legal frameworks that can respond to technology-enabled harms as effectively as traditional offences.

The legislation also highlights a broader policy trend towards stronger investigative powers and cross-border enforcement cooperation in cases involving online abuse. As criminal activity increasingly relies on digital platforms and international networks, governments are seeking new tools to obtain evidence, identify offenders and protect victims while balancing privacy, due process and judicial oversight.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Spain reports higher removal of online hate speech content

Spain’s Observatory on Racism and Xenophobia identified 31,003 pieces of hate speech and discriminatory content on social media in May 2026, according to its monthly monitoring report.

The Observatory, known as OBERAXE, said digital platforms removed 65% of notified content, up from 56% in April. TikTok, X and Instagram recorded the highest removal rates, while the Trusted Flagger route continued to perform better than ordinary user reporting.

Trusted Flagger notifications accounted for 53% of removed content, compared with 48% in April. Content reported through ordinary user channels reached a removal rate of 12%, up from 8% the previous month.

The report found that 73% of detected content presented targeted groups as a threat, while dehumanising and severely degrading messages increased sharply compared with April. It also recorded frequent use of aggressive language and growing reliance on images, videos, memes and coded expressions.

People from North Africa remained the main target of online hate speech, followed by African and Afro-descendant people and Roma people. Narratives linked to citizen insecurity accounted for the largest share of detected content, followed by content related to social benefits and access to public resources.

OBERAXE said continued cooperation with digital platforms is essential to improve detection, removal procedures and policies aimed at combating discrimination online.

Why does it matter?

The report shows how hate speech monitoring is becoming part of platform governance and anti-discrimination policy. Spain’s data suggest that trusted reporting channels can improve removal rates, but the scale and persistence of hostile narratives show the limits of reactive moderation. The findings also raise wider questions about transparency, platform accountability and how governments can address online hate while protecting freedom of expression.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.