Council of the EU backs interim rules on online child abuse detection

The Council of the European Union has adopted its position on interim legislation that would restore a legal basis for online service providers to voluntarily detect, report and remove child sexual abuse material (CSAM) from their platforms.

The proposal aims to restore legal certainty after the previous temporary framework expired on 3 April 2026, while negotiations continue on a permanent EU regulation to combat online child sexual abuse.

The interim regulation introduces a limited derogation from the EU’s electronic communications privacy rules, allowing online platforms to voluntarily detect child sexual abuse material and report suspected offences to law enforcement authorities.

According to the Council, these voluntary measures are essential for identifying children at risk, supporting criminal investigations, prosecuting offenders and reducing the circulation of child sexual abuse material online.

The Council proposes extending the temporary framework until 3 April 2028 to avoid a prolonged legal gap while negotiations continue on the long-term Child Sexual Abuse Regulation.

Irish Minister for Justice, Home Affairs and Migration Jim O’Callaghan said restoring providers’ ability to detect online child sexual abuse is essential to protecting victims and bringing offenders to justice. The proposal will now move to the European Parliament for a second reading, where MEPs may approve, amend or reject the Council’s position.

If adopted, the measure would restore the legal basis for voluntary detection activities while policymakers continue negotiations on a permanent framework governing the detection of child sexual abuse material across digital services in the European Union.

Why does it matter?

The proposal addresses a legal gap that emerged after the previous temporary framework expired, creating uncertainty for online platforms that voluntarily detect and report child sexual abuse material. Restoring a clear legal basis would allow providers to continue supporting law enforcement while longer-term legislation is negotiated.

The debate also reflects the EU’s continuing effort to balance child protection with privacy and fundamental rights. While the interim proposal focuses on voluntary detection, negotiations on a permanent framework are expected to continue raising questions about the appropriate balance between online safety, privacy and the responsibilities of digital platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Microsoft Defender adds protection for local AI agents

Microsoft has announced new Defender capabilities designed to help organisations secure local AI agents and Model Context Protocol servers across enterprise environments.

The company said Microsoft Defender can now discover more than 25 types of local AI agents and MCP servers across managed Windows and macOS devices.

Microsoft said the feature also provides runtime protection when developers use coding agents such as GitHub Copilot CLI or Claude Code. According to the company, Defender can detect and block prompt injection attempts before a malicious action is executed.

Security teams can investigate AI agent exposure through Advanced Hunting. Microsoft said the local AI agent capabilities are currently in preview.

The update reflects a broader shift in enterprise security as organisations deploy AI agents, coding tools and MCP servers inside development and productivity workflows.

Microsoft also announced Codename MDASH, a private-preview multi-model agentic scanning system designed to discover, validate and help remediate software vulnerabilities. The company said MDASH can route validated issues into Microsoft Defender workflows and engineering pipelines.

Other June security updates include Microsoft Entra Backup and Recovery, expanded multicloud coverage in Defender for Cloud, new database threat protection for open-source relational databases on AWS RDS, Microsoft Purview customisable reports and a unified identity risk score.

Why does it matter?

AI agents are becoming part of enterprise infrastructure, which means they also become part of the attack surface. Local coding agents, MCP servers and agentic development tools can interact with files, code, credentials and internal systems. Microsoft’s update shows end point security expanding beyond traditional malware detection towards prompt injection, agent exposure and AI-driven development workflows. It also reflects a wider trend: security teams will need visibility and controls for AI systems deployed inside organisations, not only for cloud-hosted models.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol Roblox game wins EU award for online child safety

Europol’s Cyber Defenders initiative has won the 2026 European Ombudsman Award for Good Administration.

The free educational game, built on Roblox, is designed to help children recognise online risks and develop safer behaviour in digital environments.

Cyber Defenders received the overall award, selected from 48 nominations submitted by the EU institutions, bodies and agencies. It also won the Excellence in Technological Innovation and the Use of AI category award.

The game teaches children about risks such as fraud, identity theft and online grooming through interactive missions rather than traditional awareness campaigns.

Europol says the project was developed to reach children in online gaming environments they already use, while making them more comfortable asking for help when they encounter risks.

The agency has also published supporting resources for teachers, parents and schools, including a game guide, lesson assessment, poster and letter to parents.

The award follows earlier recognition of Europol digital initiatives, including Trace An Object, which uses public participation to help identify victims of child sexual abuse.

Why does it matter?

Cyber Defenders shows how law enforcement agencies are experimenting with interactive tools to improve children’s digital safety skills. Game-based learning can make online safety more relevant for younger users, especially in gaming environments where risks such as grooming, scams and identity theft may appear. The award also reflects broader recognition that digital literacy and prevention are part of child online safety, alongside regulation, enforcement and platform accountability.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

IWF warns under-16 social media ban is not enough to stop online abuse

The Internet Watch Foundation (IWF) has welcomed the UK government’s decision to restrict social media access for under-16s but argues that the measure alone will not significantly reduce online child sexual exploitation and abuse.

In a new blog, IWF Chief Executive Kerry Smith describes the proposed ban as a major policy milestone while warning that it must be accompanied by broader reforms if it is to deliver lasting improvements in children’s online safety.

According to the IWF, children continue to face a rapidly evolving range of online threats, including grooming, financial sextortion, commercial child sexual abuse and the growing exploitation of young people across digital platforms.

While limiting access to social media may reduce exposure to some risks, the organisation argues that determined offenders will continue to exploit encrypted messaging services, gaming platforms and other online environments if wider safeguards are not introduced.

The charity therefore calls for a more comprehensive regulatory approach centred on safety by design. Its recommendations include stronger safeguards for end-to-end encrypted services, tougher enforcement of the UK’s Online Safety Act, greater accountability for technology companies, and platform design that prevents harmful products and features from reaching users before risks are identified.

The IWF also highlights the need to regulate emerging technologies such as AI chatbots and strengthen device-level protections for children.

Why does it matter?

The IWF’s position reflects a growing international consensus that age restrictions alone cannot address the complex ecosystem of online child exploitation. As abuse increasingly migrates across encrypted services, gaming platforms and AI-powered technologies, policymakers are being encouraged to adopt broader regulatory frameworks that target platform design as well as user access.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Russian draft law includes 48-hour crypto cooling-off rule

Russian lawmakers are considering a 48-hour cooling-off period for certain cryptocurrency transfers as part of a draft law on digital currencies and digital rights.

The measure would apply to non-qualified investors and is intended to protect users from fraud, according to comments from Vladimir Chistyukhin, First Deputy Governor of the Bank of Russia.

Chistyukhin said the cooling-off period would not apply to cryptocurrency trading itself. He clarified that the mechanism is intended for transfers to other accounts and similar operations, rather than brokerage activity.

The proposal forms part of a broader legislative effort to establish a legal framework for the circulation of cryptocurrencies in Russia. The State Duma adopted the government-backed draft law in its first reading in April.

Russian officials have framed the cooling-off mechanism as a targeted investor-protection tool rather than a broader restriction on market activity.

The proposal reflects a regulatory approach focused on reducing fraud risks while allowing parts of the crypto market to operate under a more formal legal framework.

Why does it matter?

The proposal shows how crypto regulation is moving beyond general warnings and enforcement actions towards safeguards built into transaction flows. A cooling-off period can slow down transfers linked to fraud, giving users and intermediaries more time to detect suspicious activity. The narrow scope is also important: by excluding trading and brokerage activities, Russian regulators aim to reduce consumer harm without directly limiting market liquidity or day-to-day trading.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

US House of Representatives passes Kids Internet and Digital Safety Act

The US House of Representatives has passed the Kids Internet and Digital Safety Act in a bipartisan 267-117 vote, advancing a broad package that combines 14 online child safety proposals into a single piece of legislation.

The legislation includes provisions requiring AI chatbots to remind users they are not human, provide mental health resources, encourage regular breaks and avoid promoting potentially harmful topics. Lawmakers also removed the original Kids Online Safety Act’s proposed ‘duty of care’ provision after concerns it could lead to censorship, a decision criticised by several senators who co-authored the earlier bill.

Critics, including digital rights organisations and several lawmakers, argue the legislation weakens existing protections and does not go far enough in holding technology companies accountable. The Electronic Frontier Foundation warned that compliance could encourage widespread age verification, potentially requiring users to submit personal information and raising concerns about privacy and freedom of expression.

Supporters reject those criticisms, arguing that the bill does not explicitly require age verification but instead strengthens safeguards for minors and expands parental controls. The legislation now moves to the Senate, where it is expected to face further scrutiny.

Why does it matter?

The legislation represents one of the most comprehensive federal efforts to strengthen online child safety in the United States. Its inclusion of AI chatbot requirements reflects growing recognition that conversational AI introduces new risks for younger users that existing online safety frameworks were not designed to address.

At the same time, the bill highlights the continuing challenge of balancing child protection with privacy and freedom of expression. As it moves to the Senate, debate is likely to focus on whether stronger platform accountability can be achieved without expanding age verification requirements or creating incentives for broader online censorship.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Singapore proposes Digital Infrastructure Bill to strengthen cloud security

Singapore has launched a public consultation on a proposed Digital Infrastructure Bill that would establish a comprehensive regulatory framework for major cloud computing services and data centres.

Published jointly by the Ministry of Digital Development and Information and the Infocomm Media Development Authority (IMDA), the draft legislation aims to strengthen the resilience and security of critical digital infrastructure while introducing mandatory environmental sustainability standards for data centre operations.

The Bill recognises digital infrastructure as a foundation of Singapore’s digital economy, supporting services ranging from digital banking and e-commerce to cloud platforms and public administration. Unlike earlier amendments to the Cybersecurity Act, which focused primarily on cyber risks, the proposal extends regulatory oversight to operational resilience, business continuity, disaster recovery and environmental sustainability.

A central feature is a new licensing regime for major foundational digital infrastructure (FDI) providers. Cloud providers generating at least S$100 million annually from Singapore-based customers through Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) offerings would require a major FDI licence.

Cloud and colocation data centres with a critical IT load of at least 10 megawatts serving third parties would also fall within the regime. Licensed providers will be required to implement robust physical security and cybersecurity measures, maintain business continuity and disaster recovery plans, and report cybersecurity incidents and service disruptions to IMDA.

The Bill also establishes a separate licensing regime for data centres with a critical IT load of at least 3 megawatts. In addition to operational capability, applicants would be assessed against energy efficiency, water efficiency and broader sustainability criteria.

Beyond operational capability, applicants will be assessed on energy efficiency, water efficiency and broader sustainability considerations. Licensed operators will initially need to comply with facility-level Power Usage Effectiveness (PUE) requirements, while the legislation enables future regulations covering IT equipment efficiency and water consumption.

Singapore’s Green Data Centre Roadmap and previous voluntary industry standards will therefore evolve into legally enforceable baseline requirements across the sector.

IMDA would receive broad enforcement powers, including the authority to grant, suspend and revoke licences, issue binding codes of practice, conduct investigations and impose financial penalties. The Bill also proposes amendments to Singapore’s Cybersecurity Act to ensure consistency across the country’s digital infrastructure framework. Public consultation remains open until 22 July 2026.

Why does it matter?

The proposed legislation reflects a growing shift in how governments view digital infrastructure. As cloud computing and data centres become increasingly critical to AI, financial services and public administration, policymakers are expanding regulation beyond cybersecurity to include operational resilience, business continuity and environmental sustainability.

Singapore’s approach could also serve as a model for other digital hubs. By combining resilience requirements, licensing, cyber oversight and sustainability obligations within a single regulatory framework, the Bill illustrates how governments are adapting infrastructure governance to support the rapid growth of cloud services and AI-driven computing.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU launches Cybersecurity Skills Coalition EDIC

The European Commission and participating member states have launched the Cybersecurity Skills Coalition European Digital Infrastructure Consortium to strengthen cybersecurity skills across the EU.

The consortium, known as CSC-EDIC, will support the implementation of the EU Cybersecurity Skills Academy, a flagship initiative launched by the Commission in 2023.

Announced during Digital Skills EU Days 2026, the consortium will be based in Athens. Greece, Cyprus, Austria, Croatia and Slovenia are founding members, while Czechia and Poland have joined as observers. Other member states will be able to join later.

The Commission said CSC-EDIC will develop and deliver tailored cybersecurity training programmes, measure cybersecurity skills gaps and serve as the secretariat for the Industry-Academia Network.

Working with ENISA, the consortium will also support cyber resilience in critical sectors, particularly the healthcare sector. Planned activities include an EU-wide attestation scheme for cybersecurity skills, career pathways and micro-credentials.

The initiative has received a €3.1 million grant from the Digital Europe Programme to support its initial governance, staffing and operations.

The Commission said the Cybersecurity Skills Academy has already secured 26 industry pledges, helping train more than 900,000 cybersecurity professionals. Ten partnerships have also been established through the Industry-Academia Network.

Why does it matter?

Europe’s cybersecurity workforce shortage affects the resilience of governments, businesses and critical sectors such as healthcare. CSC-EDIC gives member states a formal structure to pool resources, coordinate training and align skills development with EU cyber priorities. The initiative also shows how the EU is treating cybersecurity capacity as part of digital infrastructure, rather than solely as a labour-market issue.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK and Germany deepen AI safety cooperation

The United Kingdom and Germany have agreed to strengthen cooperation on AI safety and security, expanding collaboration on advanced AI evaluation, cybersecurity risks and research into frontier AI systems.

Both governments described AI as one of the most consequential technologies of the era, offering significant economic and societal benefits while creating new security risks that require closer international cooperation.

The cooperation builds on the UKGermany Strategic Science and Technology Partnership, a priority initiative under the UK-Germany Friendship and Bilateral Cooperation Treaty signed last year.

Under the partnership, the UK’s Department for Science, Innovation and Technology and AI Security Institute will work alongside Germany’s Federal Ministry for Digital Transformation and Government Modernisation, the Federal Ministry of the Interior and the German AI Safety and Security Institute.

The partners will deepen institutional cooperation by sharing best practices in AI evaluation, aligning research priorities and exchanging expertise. The collaboration will also examine the cybersecurity implications of advanced AI systems and contribute to the international evidence base on AI safety.

Germany’s Minister Dr Wildberger said the cooperation is open by design and reflects Germany’s position as an EU member state, including the role of the EU AI Office under the EU AI Act. He said the work is intended to be consistent with each country’s engagement with other partners.

UK Secretary Liz Kendall said the UK and Germany are natural partners on AI safety and security because their scientific communities are connected and their security interests are closely aligned.

She said the statement reflects a shared determination to ensure the public benefits from advanced AI while risks are rigorously understood and managed.

The partnership adds to a growing international network of public-sector AI safety institutions. Both governments said their work is intended to complement broader international initiatives while contributing new research and practical experience.

Why does it matter?

The agreement reflects a broader shift in AI governance from national initiatives to international cooperation. As advanced AI systems become more capable, governments are increasingly pooling expertise to improve model evaluation, understand emerging risks and develop common approaches to AI safety and security.

The partnership also reinforces the growing connection between AI governance and cybersecurity. By coordinating research, sharing technical expertise and aligning institutional capabilities, the UK and Germany aim to strengthen preparedness for frontier AI risks while supporting the responsible development and deployment of advanced AI technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Mauritius unveils fintech strategy to boost digital finance growth

Mauritius has launched its National Fintech Strategy 2026–2030, a roadmap aimed at strengthening digital finance, innovation and financial inclusion.

The strategy was developed by the Ministry of Financial Services and Economic Planning with technical support from the UN Economic Commission for Africa and input from public and private-sector stakeholders.

The government says the strategy is intended to position Mauritius as Africa’s trusted fintech hub while supporting sustainable growth and the wider digital transformation of financial services.

The roadmap focuses on six areas: regulation and innovation, digital infrastructure and cybersecurity, skills development, market growth, international cooperation and consumer protection.

Implementation will run until 2030 and will be overseen through a dedicated governance framework. Planned targets include shorter licensing approval times, expanded digital onboarding, stronger digital infrastructure and training more than 5,000 people each year in specialised fintech skills.

Officials said the strategy responds to the growing role of digital technologies in finance, including digital payments, digital assets, regulatory technology and cross-border financial services.

UNECA said the initiative could support fintech development in Mauritius and offer lessons for other African countries seeking to build more inclusive and competitive digital finance ecosystems.

Why does it matter?

Mauritius’ strategy reflects a wider African policy trend: governments are trying to move fintech from fragmented innovation into structured national development plans. Stronger digital finance ecosystems can expand access to financial services, support small businesses, improve cross-border commerce and attract investment. The focus on cybersecurity, consumer protection and skills also shows that fintech growth depends not only on new products, but on trust, regulation and institutional capacity.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!