Anthropic has launched Claude Fable 5, a new general-purpose AI model, alongside Claude Mythos 5, a more capable version reserved for selected cyber defence and infrastructure partners.
The company described Fable 5 as its most capable generally available model to date, with strong performance across software engineering, knowledge work, vision and scientific research. Anthropic said the model’s advanced capabilities pose misuse risks, particularly in cybersecurity and research biology.
To reduce those risks, Fable 5 includes additional safety classifiers designed to detect potential misuse, including attempts to bypass safeguards. When certain high-risk requests are detected, users may receive a response from Anthropic’s next-most-capable model, Claude Opus 4.8, rather than Fable 5.
Anthropic said the safeguards have been tuned conservatively and may sometimes block benign requests. According to the company, the fallback mechanism is triggered in less than 5% of sessions on average.
Claude Mythos 5 uses the same underlying model as Fable 5, but with some safeguards lifted in specific areas. Anthropic said it will initially deploy Mythos 5 through Project Glasswing, in collaboration with the US government, for a limited group of cyber defenders and critical software infrastructure providers.
The launch highlights a growing model governance approach in which access to frontier AI capabilities is tiered according to use case and risk. Anthropic said it plans to expand trusted access to Mythos 5 while continuing to refine safeguards for broader public use.
Why does it matter?
The release shows how frontier AI providers are increasingly linking capability deployment to access controls, model routing and domain-specific safeguards. As advanced systems become more useful for software engineering, cybersecurity and scientific research, companies face pressure to provide broad access while limiting misuse in dual-use areas. Anthropic’s split between Fable 5 and Mythos 5 reflects a wider governance question: who should receive access to the most capable AI systems, under what conditions, and with what oversight.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
The European Union Agency for Cybersecurity (ENISA) has published a report on Software Bill of Materials (SBOM) adoption, finding that the Cyber Resilience Act (CRA) is accelerating investment in software supply chain transparency across organisations. The report, titled ‘SBOM Adoption State of Play – 2026‘, analyses survey results gathered at the end of 2025.
The survey examined how organisations of different sizes and across multiple sectors are approaching SBOM adoption in response to the Cyber Resilience Act. ENISA said the regulation is transforming SBOMs from a voluntary software supply chain security practice into a mandatory requirement for products with digital elements placed on the EU market.
The report found that 78% of respondents had already begun implementing SBOMs, while 44% were in a pilot or limited deployment phase. ENISA also said 79% of organisations expect to reach the necessary SBOM maturity level by the time the Cyber Resilience Act becomes fully applicable in December 2027.
Organisations are investing in SBOM generation, automation, and integration into the software development lifecycle. Respondents cited benefits including risk reduction, cost avoidance, operational efficiency, regulatory compliance, contractual alignment and competitive advantage.
ENISA also identified barriers to the adoption of SBOMs at scale. Key challenges include achieving greater SBOM completeness, improving data quality, correlating vulnerabilities, obtaining SBOMs from suppliers and third parties, and developing the necessary internal expertise and staffing.
The report says further progress will depend on shared implementation practices, supplier transparency, workforce capabilities, and clearer integration of SBOMs into operational risk management. ENISA said organisations would also benefit from external support, including reference implementations, tool-selection guidance, conformance testing, standardised formats and clearer definitions of what constitutes a sufficiently complete SBOM.
Why does it matter?
Software supply chains have become a major cybersecurity concern as organisations increasingly rely on complex networks of open-source and third-party components. SBOMs provide visibility into the software components used within products, helping organisations identify vulnerabilities, assess risks and respond more effectively to security incidents.
The report highlights how the Cyber Resilience Act is driving a shift from voluntary software transparency practices to formal compliance requirements. The findings also illustrate that while adoption is progressing, organisations continue to face technical, organisational and supply-chain challenges that could influence the effectiveness of future software security efforts.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Cybersecurity researchers have demonstrated an AI-powered computer worm capable of identifying vulnerabilities, generating attack strategies and spreading autonomously across networks. The study suggests that advances in AI agents could enable a new class of adaptive cyber threats capable of operating with minimal or no direct human intervention.
The research, conducted by teams from the University of Toronto, Vector Institute, University of Cambridge, and ServiceNow, describes malware that uses large language models to tailor its behaviour to each target. Unlike traditional worms, the system can adapt its attack methods in real time instead of relying solely on pre-programmed exploits.
Testing in a controlled virtual environment showed the system could successfully compromise multiple machines and replicate across a simulated network over several days. The worm also operated without relying on cloud infrastructure, running AI models locally on infected systems and using those resources to support its operations.
Researchers warned that such capabilities could signal a shift towards what they describe as ‘autonomous generative adversaries’ and stressed the need for stronger detection systems, evaluation frameworks and governance mechanisms. While details were limited to reduce misuse risks, the authors said the findings reflect how rapidly AI-enabled cyber capabilities are evolving.
Why does it matter?
The research signals a shift in cyber risk from static, signature-based malware to autonomous systems capable of reasoning, adapting, and scaling attacks without human input.
As AI models become more capable and widely deployed, the line between tool and autonomous threat blurs, increasing pressure on cybersecurity systems, patching cycles, and regulation to keep up with real-time, evolving attacks.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
Canada’s Cyber Centre has warned that the FIFA World Cup 2026 will almost certainly attract cyber threat activity from cybercriminals, non-state actors and state-sponsored actors.
The tournament will run from 11 June to 19 July 2026 across Canada, the US and Mexico, with 104 matches in 16 cities. The Cyber Centre said the event’s global visibility, complex supporting infrastructure and broad ecosystem of suppliers and services create a large attack surface.
According to the bulletin, cybercriminals are expected to exploit public interest in the tournament through phishing, social engineering, ticket scams, fraudulent travel offers, fake livestreaming services, malicious apps and other forms of online fraud. The Cyber Centre cited research identifying more than 4,300 likely fraudulent domain registrations linked to the tournament as of August 2025.
Organisations connected to the event, including travel, hospitality, ticketing, broadcasting, telecommunications, utilities and transport providers, could also face ransomware, distributed denial-of-service attacks and website defacement. The Cyber Centre said attackers may target entities in the wider tournament ecosystem to maximise publicity, even when their targets are not part of the core World Cup infrastructure.
The bulletin also warned that threat actors are very likely to use the event for disinformation and influence activity, including campaigns involving AI-generated articles, images, videos and deepfakes. It found that there is roughly an even chance of disruptive state-sponsored cyber activity, depending on geopolitical tensions involving host nations or participating countries.
Canadian authorities urged fans, attendees, athletes, government officials and organisations linked to the tournament to strengthen cybersecurity practices and prepare for scams, disruptive attacks and information manipulation during the event.
Why does it matter?
The bulletin treats the World Cup as more than a sports event. It frames major tournaments as digitally dependent public safety environments involving ticketing systems, broadcasters, transport networks, hotels, mobile communications, local authorities and critical infrastructure. Cyber incidents during such events can cause financial loss, service disruption, data exposure, emergency communication risks and information manipulation, making cybersecurity part of event resilience and public trust.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Commission framed the initiative as a fundamental shift in the EU’s approach to technology, underpinned by the recognition that digital dependence is no longer a market inefficiency to be tolerated, but a strategic vulnerability to be corrected through legislation.
Commission President Ursula von der Leyen stated that Europe cannot afford to depend on others for the technologies that keep its hospitals running, its energy grids stable, and its services secure, calling on the EU to convert its research excellence, industrial base and single market into technological sovereignty.
The package is designed to broaden choice in core technologies for EU businesses, citizens and public administrations, and to position Europe to capture a larger share of a global semiconductor market projected to reach EUR 1.37 trillion by 2030, with AI-related components accounting for roughly 70% of that growth.
The timing reflects a specific convergence of pressures. The rapid spread of AI applications is driving a sharp increase in demand for data centre and cloud capacity that EU infrastructure cannot currently meet at scale. At the same time, longstanding dependence on non-EU suppliers for advanced semiconductor manufacturing, chip design and cloud services has become increasingly difficult to ignore as geopolitical tensions have demonstrated the economic risk of concentrated supply chains.
The 2022 US CHIPS and Science Act, generous subsidy regimes in Asia and tightening export controls on advanced semiconductor equipment have accelerated the global race for technological self-sufficiency, prompting Europe to adopt a more active industrial policy response.
Chips Act 2.0
The Chips Act 2.0 revises and expands the 2023 European Chips Act, which has mobilised more than EUR 52 billion in public and private investment, created an estimated 46,000 direct and indirect jobs and strengthened Europe’s research and innovation capacity in semiconductors. Despite this progress, the EU remains dependent on third countries for advanced chip manufacturing and semiconductor design.
The revised regulation is designed to accelerate Europe’s position across the entire semiconductor value chain, from raw materials and design to manufacturing and packaging, and to ensure that Europe captures a greater share of the growth in AI-related chip demand.
The proposal is structured around four objectives. On investment and competitiveness, the Act would cap permitting approvals at 12 months, introduce ‘Grand Challenges’ to support the development of strategically important chip types such as AI processors, and formalise Strategic Partnerships on Semiconductors with international allies.
To stimulate demand, it establishes Demand Accelerators to align new products with industry needs, expands innovation procurement, notably for European start-ups and scale-ups, and creates structural synergies with CADA to benefit from the data centre and AI Gigafactory buildout planned under that regulation.
On the supply side, the Act enables state aid for ‘First-of-a-Kind’ facilities not yet present in the Union, covering the full semiconductor value chain, designates strategic projects to unlock EU and member state co-investment, and creates a ‘Semiconductor Regions of Excellence’ label to attract investment at the regional level. To strengthen resilience, it establishes a business-to-business semiconductor supply chain platform and provides sector-specific guidance on risk assessment and mitigation.
The explicit linkage between Chips Act 2.0 and CADA reflects a deliberate industrial logic: European-made chips powering European cloud infrastructure, with demand from that infrastructure in turn supporting European chipmakers.
Cloud and AI Development Act
The Cloud and AI Development Act (CADA) forms a central part of the Commission’s AI Continent Action Plan and simultaneously addresses two structural problems: insufficient EU cloud and data centre capacity to meet AI-driven demand, and strategic dependence on a small number of non-EU cloud providers.
The Act is designed to facilitate and accelerate the deployment of sustainable cloud and data centre infrastructure, while ensuring the EU accelerates the rollout of cloud and AI in critical sectors and retains meaningful control over the infrastructure on which that rollout depends.
The Act focuses on three main areas. On research, development and innovation, it supports next-generation cloud and AI technologies, including frontier AI, industrial AI, and physical AI, introduces grand challenges to drive R&D efforts, and promotes adoption in strategic sectors through national cloud and AI strategies and new Experience and Acceleration Centres for AI in member states.
On capacity, it targets at least a tripling of EU data centre capacity within five to seven years, simplifies and accelerates permitting, and improves access to energy, land, water and financing. On sovereignty and autonomy, it establishes a single EU-wide sovereignty classification framework, promotes open source solutions as a tool for resilience, and introduces a common EU-level procurement framework for public administrations.
The sovereignty classification system merits particular attention. It introduces four assurance levels for cloud and AI services, to be applied by public sector bodies based on their own risk assessments. Level 1 requires data to be processed and stored within the EU. Level 2 requires providers to demonstrate independence from third countries and transparency over their software supply chain.
Level 3 requires providers to be owned and controlled from within the EU and to meet additional criteria including personnel citizenship, although the Commission retains the ability to recognise third-country providers at this level. Level 4 requires full transparency and control over the software supply chain with no third-country interference.
Cloud service providers seeking recognition under this framework must undergo an independent audit conducted by member state authorities. The framework is significant because it creates, for the first time, a legally grounded and progressive definition of what it means for a cloud service to be sovereign, moving the concept from political rhetoric to a procurement-relevant standard.
EU Open Source Strategy
The EU Open Source Strategy is the non-legislative pillar of the package most directly aimed at reducing dependence on proprietary, non-EU software. It places open source at the centre of the EU’s technological sovereignty approach, arguing that open ecosystems reduce supplier lock-in, increase transparency and give European developers and public administrations greater control over their digital infrastructure.
The strategy addresses a persistent structural weakness: the economic value generated by open source projects has historically been captured outside Europe, limiting the ability of European developers and companies to benefit fully from their own contributions.
The strategy is organised around four objectives. The first, Open Source for Tech Sovereignty, focuses on scaling the Open Internet Stack, a Commission-curated catalogue of EU-aligned open source solutions, and promoting alternatives to dominant proprietary products in areas such as cloud platforms, workplace tools, secure e-mail and decentralised social media.
The work will be carried out in cooperation with member states through the European Digital Infrastructure Consortium for Digital Commons. The second objective, Vibrant Open Source Ecosystem, targets start-up support through accelerators and procurement access, alongside a stewardship toolkit for critical open source assets and investment in digital skills across schools, universities, and civil services.
The third objective, Open Source in Public Administration, sets out procurement guidelines that favour open standards, reinforces the Commission’s Open Source Programme Office (OSPO) and the EU Public Sector OSPO Network, and seeks to embed openness and sovereignty-by-design in digital investment decisions across EU institutions and member states.
The fourth objective, Reinforced Standards and International Outreach, promotes EU open source developers and solutions internationally through the EU Tech Business Offer, supports uptake in partner countries and integrates open source communities into standardisation processes, including through a forthcoming revision of the EU Standardisation Regulation.
The strategy also intersects directly with the other package components. On semiconductors, it targets open hardware development through the Chips Joint Undertaking’s RISC-V programme. On AI, it supports the GenAI4EU initiative and promotes open source tooling for public sector AI adoption through the Apply AI Strategy.
On digital identity, it prioritises open source implementation of the European Digital Identity Wallet (EUDI Wallet) and the European Business Wallet. The strategy also interacts with the recently enacted Cyber Resilience Act (CRA), which imposes new security obligations on open source projects that have generated concern in the developer community. The Open Source Maintenance Instrument and critical dependency mapping exercises set out in the strategy are designed in part to address those obligations, though reconciling the CRA’s security requirements with the growth objectives of the strategy will be a key implementation challenge.
Strategic Roadmap for Digitalisation and AI in Energy
The Strategic Roadmap for Digitalisation and AI in Energy is the least legally binding element of the package but arguably the one that determines whether its ambitions are physically realisable. The targets set by CADA, particularly the goal of at least tripling EU data centre capacity within five to seven years, cannot be achieved without a corresponding expansion in reliable, affordable power supply.
Data centres are energy-intensive by nature, and the AI workloads they are increasingly required to process are even more demanding. The roadmap addresses this constraint by setting out how AI and digital technologies can improve the efficiency and flexibility of Europe’s energy systems while also enabling the energy infrastructure that these systems need.
The roadmap connects the package’s digital ambitions to the EU’s energy transition objectives, creating a mutually reinforcing relationship: cleaner, smarter energy systems create more viable conditions for data centre expansion, while AI-enabled demand management and grid optimisation tools reduce the cost and environmental impact of that expansion. The roadmap is also relevant as a governance document, since the deployment of AI in critical energy infrastructure raises its own questions about cybersecurity, data sovereignty and the concentration of control over systems on which entire economies depend.
Governance and policy implications
The Tech Sovereignty Package raises several governance issues that extend beyond its immediate legislative content. The most significant concerns the model it establishes for EU industrial policy. The package marks a clear departure from the long-standing assumption in EU competition policy that market mechanisms and trade openness are the primary tools for achieving efficient and innovative technology markets.
The explicit use of state aid for strategic semiconductor projects, the joint procurement frameworks in CADA and the deliberate promotion of EU-origin suppliers both in public procurement and sovereign cloud classification illustrate a greater role for public intervention in the technology sector. Whether the EU’s trading partners, particularly the United States and major Asian semiconductor producers, will treat these provisions as proportionate industrial policy or as market-distorting intervention is likely to become a significant diplomatic issue.
The package also has important implications for the governance of AI in Europe. It operates in parallel to the EU AI Act and the work of the EU AI Office, but addresses a different layer of the AI ecosystem. While the AI Act focuses on the risk profile and compliance obligations of AI systems once deployed, the Tech Sovereignty Package governs the infrastructure and supply chains that enable AI development in the first place.
The relationship between the two frameworks matters as decisions taken at the infrastructure layer, such as the cloud sovereignty level applied to a given public sector AI deployment, can have downstream consequences for compliance with AI Act requirements. The relationship between these frameworks will be an important area to monitor as implementation progresses.
A further coordination challenge arises internally. The package spans multiple policy domains and directorates-general within the Commission, including DG CONNECT for semiconductors, cloud and open source, and DG ENERGY for the energy roadmap.
It also interacts with DG COMP on State aid approvals and with DG TRADE on the trade implications of sovereignty-oriented procurement rules. Ensuring coherence across these areas during the legislative process, and subsequently during implementation, will require stronger-than-usual inter-institutional coordination.
Legislative process and upcoming milestones
The two legislative proposals, the Chips Act 2.0 and CADA, need to enter the ordinary legislative procedure, meaning they will be negotiated separately by the European Parliament and the Council of the European Union before trilogue negotiations between the two institutions and the Commission can begin.
Given the political and economic stakes involved, and the number of member states with competing interests in semiconductor investment locations and cloud market access, the negotiations are likely to be protracted. The original European Chips Act took approximately two years from proposal to final adoption, and CADA, which touches on the politically sensitive question of digital sovereignty vis-à-vis key trading partners, may encounter comparable friction.
Several near-term milestones are already in view. The Commission is expected to launch a call for AI Gigafactories in July 2026, following the European High Performance Computing Joint Undertaking (EuroHPC JU) Governing Board’s agreement in principle on 1 June 2026. AI Gigafactories are large-scale, purpose-built AI training facilities and represent one of the most concrete and immediately actionable elements of the broader AI infrastructure agenda.
Their deployment is intended to provide European researchers, start-ups and industry with access to the kind of computing capacity currently concentrated in the United States, and the July call will be an early test of the Commission’s ability to move from legislative ambition to operational delivery.
The Commission will also launch a consultation with member states, the European Investment Bank Group and other key stakeholders to design a European equity capacity at scale for financing tech sovereignty ambitions. This implies that the Commission does not believe grant funding and state aid alone will be sufficient to mobilise the investment required, and that a blended finance model, combining public equity with private capital, will be needed.
The EIB Group’s involvement points towards the kind of risk-sharing instruments it has used in other strategic sectors, although the specific structures and governance arrangements have yet to be designed through the consultation process.
Broader context
The package does not emerge in isolation. It sits within a cluster of interconnected EU strategic frameworks that have, over the past two to three years, progressively shifted the EU’s economic policy stance from market liberalisation towards what the Commission calls ‘open strategic autonomy’: the maintenance of trade openness where possible, combined with targeted interventionism to reduce strategic dependencies where necessary.
The Competitiveness Compass, adopted earlier in 2025 and drawing heavily on the 2024 Draghi report on European competitiveness, identifies reducing strategic dependencies as one of three pillars for restoring European economic dynamism. The Tech Sovereignty Package is the most operationally specific expression of that pillar to date.
The Economic Security Strategy, adopted in 2023, provided the risk-assessment framework within which the package sits, identifying advanced semiconductors, AI, quantum computing and biotechnology as the technological areas posing the most significant dual-use and strategic dependency risks for the EU. The Tech Sovereignty Package translates that risk assessment into concrete legislative and policy instruments, with semiconductors and AI infrastructure receiving the most direct regulatory attention.
The Commission’s AI Continent Action Plan, which positions Europe to become a global AI leader by focusing on computing infrastructure, data, skills, and adoption, provides the most direct policy antecedent for CADA in particular. The Tech Sovereignty Package fast-tracks the infrastructure ambitions of the Action Plan and adds the supply chain governance dimension that the Action Plan did not fully address.
Taken together, these documents represent a sustained and internally consistent shift in EU digital and industrial policy, one in which technological leadership is treated not merely as an economic aspiration but as a precondition for political and regulatory autonomy in an increasingly contested global technological order.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The process of developing a supplementary protocol to the UN Convention against Cybercrime has begun, with early state submissions already showing competing views over its scope and timing.
The Ad Hoc Committee Secretariat invited preliminary written inputs on the possible scope, objectives and structure of a draft protocol supplementary to the Convention, also known as the ‘Hanoi Convention’. The mandate follows UN General Assembly resolution 79/243, which asked the Committee to negotiate a draft protocol addressing, among other issues, additional criminal offences.
The United States questioned the exercise’s premise, arguing that discussions on a supplementary protocol are premature because the Convention has not yet entered into force and its implementation has not yet been tested. Washington called for the Committee first to address whether a protocol is needed at all before discussing its scope, objectives and structure.
Russia, by contrast, submitted a draft protocol text covering a broad range of offences, including terrorism financing, extremism, arms and drug trafficking, critical information infrastructure, unauthorised access to personal data and crimes involving AI. The proposal reflects a wider approach to criminalisation, including content-related offences that are likely to be contested by states concerned about overreach, legal certainty and human rights safeguards.
Other early submissions appear more cautious. Brazil, Nigeria, and Ecuador broadly support advancing the protocol process, while signalling the need to limit its scope and maintain attention to safeguards. Brazil warned against including offences where there is insufficient international consensus, while Ecuador proposed a structure that includes emerging offences, digital evidence, public-private cooperation, proportionality and human rights.
The early inputs point to a familiar divide in UN cybercrime negotiations: whether the treaty framework should remain focused on classical cybercrime, electronic evidence and criminal justice cooperation, or expand further into content-based offences, national security concerns and politically sensitive forms of online conduct.
Why does it matter?
A supplementary protocol could shape the evolution of the UN cybercrime framework after the adoption of the main Convention. If states use the protocol to add broad or content-related offences, the treaty system could move beyond core cybercrime and electronic evidence cooperation into areas with direct implications for freedom of expression, human rights safeguards, political speech, platform governance and state sovereignty. The early submissions suggest that those unresolved tensions are already resurfacing before the Convention has entered into force.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
In its latest fraud and scams advisory, the company said phishing attacks are becoming more sophisticated, with criminals using adversary-in-the-middle techniques and QR code phishing, also known as quishing, to steal credentials and bypass security measures.
The advisory also highlighted risks linked to cryptocurrency investment scams, malicious finance applications and police impersonation schemes. According to Google, scammers are using AI, social engineering and trusted digital services to deceive users, obtain money and collect sensitive information.
Google said its Trust & Safety teams are using AI tools, predictive analytics and policy enforcement to detect and disrupt fraudulent activity across its services. The company also pointed to measures such as stronger protections for session cookies, enforcement against deceptive crypto ads, monitoring of post-installation app behaviour and developer identity verification for apps installed on certified Android devices.
The company urged users to be cautious of unsolicited communications, unrealistic investment promises, unexpected QR codes and requests for personal or financial information.
Why does it matter?
The advisory shows how online fraud is becoming a cross-platform governance problem rather than a narrow cybersecurity issue. Scams now rely on trusted cloud services, mobile apps, messaging platforms, crypto infrastructure and impersonation of public authorities. That creates pressure on major technology companies to strengthen detection, app accountability and policy enforcement, while raising broader questions about consumer protection, platform responsibility and digital trust.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The US Treasury Department has acknowledged that cryptocurrency mixers may have lawful privacy uses, while warning that such tools remain vulnerable to abuse by illicit actors.
In a March 2026 report to Congress on innovative technologies to counter illicit finance involving digital assets, Treasury said lawful users may rely on mixers to protect sensitive financial information when transacting on public blockchains. The report said users may seek to conceal details about personal wealth, business payments, charitable donations or consumer spending habits.
Treasury distinguished between custodial digital asset services, including custodial mixers, and decentralised or non-custodial mechanisms that can operate without a central intermediary. Custodial services that accept and transmit value may be required to register with the Financial Crimes Enforcement Network as money services businesses, maintain records and file suspicious activity reports.
The report nevertheless stressed that criminals commonly use mixers, bridges and swaps to make illicit digital asset flows harder to trace. Treasury said mixing is frequently used by North Korea-linked cyber actors, money launderers, ransomware actors and darknet market participants.
Treasury also warned that stablecoins can form part of complex laundering processes involving mixers and other obfuscation techniques. According to the report, illicit actors may move stolen or fraud-linked assets through mixers and then swap them into stablecoins to break the traceable link to the original criminal activity.
The assessment was prepared under the GENIUS Act, which required the Treasury to examine innovative tools for countering illicit finance involving digital assets, including the role of mixers, tumblers and similar services.
Why does it matter?
The report shows the regulatory tension at the centre of digital asset policy: privacy tools can protect legitimate users on transparent public blockchains, but the same tools can also weaken AML/CFT controls, sanctions enforcement and law enforcement tracing. Treasury’s framing matters because future rules on mixers, DeFi, blockchain analytics and stablecoin compliance will need to balance financial privacy with security and illicit finance risks.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
Ofcom has urged online platforms to strengthen protections against illegal hate speech, abuse, threats and harassment ahead of the FIFA World Cup 2026. The UK regulator reminded technology companies that they have legal responsibilities under the Online Safety Act to reduce the risk of users encountering criminal content on their services.
The intervention follows concerns about abuse directed at players, coaches, officials and commentators during previous international tournaments. According to Ofcom, online attacks have frequently targeted individuals based on race, ethnicity, perceived sexual orientation and disability, causing significant personal and professional harm.
Under the UK’s Online Safety Act, platforms are required to operate effective reporting systems, maintain adequately resourced moderation teams and remove illegal content without undue delay. Ofcom stated that evidence of failures to meet these obligations during the tournament could be considered as part of its ongoing compliance assessments.
The regulator also highlighted a partnership established earlier this year with the UK Football Policing Unit, the Football Association, the Premier League, the English Football League, the Women’s Super League, the Professional Footballers’ Association and anti-discrimination organisation Kick It Out.
Major sporting events often lead to spikes in online abuse, particularly against athletes, officials and other high-profile figures. The scale and visibility of these events can amplify harmful behaviour and place additional pressure on platforms to enforce their content moderation policies effectively.
Ofcom’s intervention highlights how online safety regulation is increasingly being tested during major public events. The regulator’s warning also signals that compliance with the Online Safety Act will be assessed not only through policies on paper but through how platforms respond to real-world surges in harmful content.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
According to Albanese, Cook said the changes were partly inspired by Australia’s under-16 social media age restrictions and by Apple’s continuing research into the impact of social media on children.
Albanese said Australia was proud of its work to support a safer online environment for children and argued that other countries are now developing similar social media age restrictions.
Cook invited Albanese to visit Apple during his next trip to the United States to see the technology in action. Albanese said he intended to accept the invitation as Australia continues to consider how best to protect children online.
The Prime Minister said Australian parents had led the push for stronger protections and that the government was backing their efforts. He said more than 5 million under-16 accounts had already been removed, deactivated, or restricted.
Albanese said social media companies have a social responsibility and that Australia would continue holding them to account to help keep children safe.
Why does it matter?
The announcement highlights how national online safety rules can shape platform design beyond a country’s borders. Australia’s under-16 social media restrictions have been closely watched internationally, and Albanese is presenting Apple’s new child safety tools as evidence that regulatory pressure can push major technology companies towards stronger child protection features. The case also shows the growing link between device-level controls, platform accountability, age assurance, and children’s digital rights.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
