Singapore proposes Digital Infrastructure Bill to strengthen cloud security

Singapore has launched a public consultation on a proposed Digital Infrastructure Bill that would establish a comprehensive regulatory framework for major cloud computing services and data centres.

Published jointly by the Ministry of Digital Development and Information and the Infocomm Media Development Authority (IMDA), the draft legislation aims to strengthen the resilience and security of critical digital infrastructure while introducing mandatory environmental sustainability standards for data centre operations.

The Bill recognises digital infrastructure as a foundation of Singapore’s digital economy, supporting services ranging from digital banking and e-commerce to cloud platforms and public administration. Unlike earlier amendments to the Cybersecurity Act, which focused primarily on cyber risks, the proposal extends regulatory oversight to operational resilience, business continuity, disaster recovery and environmental sustainability.

A central feature is a new licensing regime for major foundational digital infrastructure (FDI) providers. Cloud providers generating at least S$100 million annually from Singapore-based customers through Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) offerings would require a major FDI licence.

Cloud and colocation data centres with a critical IT load of at least 10 megawatts serving third parties would also fall within the regime. Licensed providers will be required to implement robust physical security and cybersecurity measures, maintain business continuity and disaster recovery plans, and report cybersecurity incidents and service disruptions to IMDA.

The Bill also establishes a separate licensing regime for data centres with a critical IT load of at least 3 megawatts. In addition to operational capability, applicants would be assessed against energy efficiency, water efficiency and broader sustainability criteria.

Beyond operational capability, applicants will be assessed on energy efficiency, water efficiency and broader sustainability considerations. Licensed operators will initially need to comply with facility-level Power Usage Effectiveness (PUE) requirements, while the legislation enables future regulations covering IT equipment efficiency and water consumption.

Singapore’s Green Data Centre Roadmap and previous voluntary industry standards will therefore evolve into legally enforceable baseline requirements across the sector.

IMDA would receive broad enforcement powers, including the authority to grant, suspend and revoke licences, issue binding codes of practice, conduct investigations and impose financial penalties. The Bill also proposes amendments to Singapore’s Cybersecurity Act to ensure consistency across the country’s digital infrastructure framework. Public consultation remains open until 22 July 2026.

Why does it matter?

The proposed legislation reflects a growing shift in how governments view digital infrastructure. As cloud computing and data centres become increasingly critical to AI, financial services and public administration, policymakers are expanding regulation beyond cybersecurity to include operational resilience, business continuity and environmental sustainability.

Singapore’s approach could also serve as a model for other digital hubs. By combining resilience requirements, licensing, cyber oversight and sustainability obligations within a single regulatory framework, the Bill illustrates how governments are adapting infrastructure governance to support the rapid growth of cloud services and AI-driven computing.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU launches Cybersecurity Skills Coalition EDIC

The European Commission and participating member states have launched the Cybersecurity Skills Coalition European Digital Infrastructure Consortium to strengthen cybersecurity skills across the EU.

The consortium, known as CSC-EDIC, will support the implementation of the EU Cybersecurity Skills Academy, a flagship initiative launched by the Commission in 2023.

Announced during Digital Skills EU Days 2026, the consortium will be based in Athens. Greece, Cyprus, Austria, Croatia and Slovenia are founding members, while Czechia and Poland have joined as observers. Other member states will be able to join later.

The Commission said CSC-EDIC will develop and deliver tailored cybersecurity training programmes, measure cybersecurity skills gaps and serve as the secretariat for the Industry-Academia Network.

Working with ENISA, the consortium will also support cyber resilience in critical sectors, particularly the healthcare sector. Planned activities include an EU-wide attestation scheme for cybersecurity skills, career pathways and micro-credentials.

The initiative has received a €3.1 million grant from the Digital Europe Programme to support its initial governance, staffing and operations.

The Commission said the Cybersecurity Skills Academy has already secured 26 industry pledges, helping train more than 900,000 cybersecurity professionals. Ten partnerships have also been established through the Industry-Academia Network.

Why does it matter?

Europe’s cybersecurity workforce shortage affects the resilience of governments, businesses and critical sectors such as healthcare. CSC-EDIC gives member states a formal structure to pool resources, coordinate training and align skills development with EU cyber priorities. The initiative also shows how the EU is treating cybersecurity capacity as part of digital infrastructure, rather than solely as a labour-market issue.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK and Germany deepen AI safety cooperation

The United Kingdom and Germany have agreed to strengthen cooperation on AI safety and security, expanding collaboration on advanced AI evaluation, cybersecurity risks and research into frontier AI systems.

Both governments described AI as one of the most consequential technologies of the era, offering significant economic and societal benefits while creating new security risks that require closer international cooperation.

The cooperation builds on the UKGermany Strategic Science and Technology Partnership, a priority initiative under the UK-Germany Friendship and Bilateral Cooperation Treaty signed last year.

Under the partnership, the UK’s Department for Science, Innovation and Technology and AI Security Institute will work alongside Germany’s Federal Ministry for Digital Transformation and Government Modernisation, the Federal Ministry of the Interior and the German AI Safety and Security Institute.

The partners will deepen institutional cooperation by sharing best practices in AI evaluation, aligning research priorities and exchanging expertise. The collaboration will also examine the cybersecurity implications of advanced AI systems and contribute to the international evidence base on AI safety.

Germany’s Minister Dr Wildberger said the cooperation is open by design and reflects Germany’s position as an EU member state, including the role of the EU AI Office under the EU AI Act. He said the work is intended to be consistent with each country’s engagement with other partners.

UK Secretary Liz Kendall said the UK and Germany are natural partners on AI safety and security because their scientific communities are connected and their security interests are closely aligned.

She said the statement reflects a shared determination to ensure the public benefits from advanced AI while risks are rigorously understood and managed.

The partnership adds to a growing international network of public-sector AI safety institutions. Both governments said their work is intended to complement broader international initiatives while contributing new research and practical experience.

Why does it matter?

The agreement reflects a broader shift in AI governance from national initiatives to international cooperation. As advanced AI systems become more capable, governments are increasingly pooling expertise to improve model evaluation, understand emerging risks and develop common approaches to AI safety and security.

The partnership also reinforces the growing connection between AI governance and cybersecurity. By coordinating research, sharing technical expertise and aligning institutional capabilities, the UK and Germany aim to strengthen preparedness for frontier AI risks while supporting the responsible development and deployment of advanced AI technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Mauritius unveils fintech strategy to boost digital finance growth

Mauritius has launched its National Fintech Strategy 2026–2030, a roadmap aimed at strengthening digital finance, innovation and financial inclusion.

The strategy was developed by the Ministry of Financial Services and Economic Planning with technical support from the UN Economic Commission for Africa and input from public and private-sector stakeholders.

The government says the strategy is intended to position Mauritius as Africa’s trusted fintech hub while supporting sustainable growth and the wider digital transformation of financial services.

The roadmap focuses on six areas: regulation and innovation, digital infrastructure and cybersecurity, skills development, market growth, international cooperation and consumer protection.

Implementation will run until 2030 and will be overseen through a dedicated governance framework. Planned targets include shorter licensing approval times, expanded digital onboarding, stronger digital infrastructure and training more than 5,000 people each year in specialised fintech skills.

Officials said the strategy responds to the growing role of digital technologies in finance, including digital payments, digital assets, regulatory technology and cross-border financial services.

UNECA said the initiative could support fintech development in Mauritius and offer lessons for other African countries seeking to build more inclusive and competitive digital finance ecosystems.

Why does it matter?

Mauritius’ strategy reflects a wider African policy trend: governments are trying to move fintech from fragmented innovation into structured national development plans. Stronger digital finance ecosystems can expand access to financial services, support small businesses, improve cross-border commerce and attract investment. The focus on cybersecurity, consumer protection and skills also shows that fintech growth depends not only on new products, but on trust, regulation and institutional capacity.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

CISA launches critical infrastructure security partnership

The US Cybersecurity and Infrastructure Security Agency has launched a new advisory framework to strengthen public-private cooperation on critical infrastructure security and resilience.

The initiative, called the Alliance of National Councils for Homeland Operational Resilience, or ANCHOR-CI, is designed to improve information sharing between government and industry and broaden participation across critical infrastructure sectors.

CISA said the framework builds on lessons from the Critical Infrastructure Partnership Advisory Council while expanding engagement to a wider range of public and private stakeholders.

ANCHOR-CI will provide forums for federal, state, local, tribal and territorial officials to engage with critical infrastructure owners, operators and other organisations with responsibilities for cybersecurity, physical security and resilience.

The framework will allow participants to discuss the threat environment, identify vulnerabilities and develop recommendations for securing more resilient critical infrastructure and cyberspace.

CISA will manage the governance of councils established under ANCHOR-CI, including sector, cross-sector, industry and regional councils.

The launch comes as critical infrastructure operators and public authorities face growing pressure from ransomware, cyberespionage and other threats affecting essential services.

Why does it matter?

Critical infrastructure security depends on cooperation between government agencies and the private-sector operators that own or manage many essential services. ANCHOR-CI is important because it creates a new structure for sharing sensitive information, coordinating resilience planning and giving sector stakeholders a formal way to advise the government. The framework could be especially relevant for cyber threats that cross sectors, such as ransomware, supply-chain compromise and attacks on water, energy, transport or communications systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Bank of England warns agentic AI threatens financial stability

Bank of England Deputy Governor Sarah Breeden has warned that rapidly advancing AI capabilities, particularly agentic AI systems capable of autonomously carrying out complex sequences of actions, pose growing risks to financial stability.

Breeden noted that open-source AI models may trail the most advanced proprietary models by only four to eight months. She warned that delays in applying security patches can allow attackers to reverse engineer newly disclosed vulnerabilities, echoing the Five Eyes cybersecurity agencies’ assessment that the relevant timeline for AI-enabled cyber threats is measured in months rather than years.

Turning to financial markets, Breeden warned that AI trading agents responding to similar prompts or market signals could reinforce one another during periods of stress, amplifying volatility. She also cautioned that autonomous systems could drift from their original objectives or from broader public policy goals.

She said the Bank of England is working with the Bank for International Settlements Innovation Hub and Germany’s Bundesbank to simulate how different agent designs could contribute to herd behaviour. The work also explores safeguards comparable to market circuit breakers or kill switches that could halt AI-driven trading if faulty models threatened financial stability.

Breeden also highlighted the implications of agentic AI for payments, where autonomous systems could increasingly initiate transactions on behalf of users. She said this raises questions about consent, authorisation, liability for erroneous payments and interoperability as different organisations develop competing technical standards. The Bank is leading a public-private initiative to design the next generation of UK retail payments infrastructure with these emerging use cases in mind.

Breeden concluded by calling for stronger international cooperation, arguing that AI presents cross-border systemic risks comparable to those exposed during the global financial crisis. She suggested that the shared technology dependencies underpinning advanced AI warrant closer international coordination among financial authorities.

Why does it matter?

The speech reflects a growing shift in financial regulation from focusing on AI adoption to preparing for systemic AI risks. By highlighting autonomous decision-making, cyber threats and market dynamics, the Bank of England is signalling that agentic AI presents challenges that extend beyond individual firms to the stability of the financial system as a whole.

It also illustrates how central banks are beginning to rethink financial infrastructure for an AI-enabled economy. Questions around autonomous payments, liability, market safeguards and international coordination suggest that existing regulatory frameworks may need to evolve as AI agents become more capable of acting independently across financial markets and payment systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Anthropic redeploys Claude Fable 5

Anthropic will restore global access to Claude Fable 5 after the US government lifts export controls on the model.

The company said the controls were applied on 12 June to Claude Fable 5 and Claude Mythos 5, requiring access restrictions for foreign nationals inside and outside the United States. Anthropic suspended access to both models for all users because it said it had no reliable way to verify nationality in real time.

Anthropic said the controls were lifted on 30 June. Fable 5 will become available globally from 1 July on the Claude Platform, Claude.ai, Claude Code and Claude Cowork, with access on AWS, Google Cloud and Microsoft Foundry to be restored as quickly as possible.

Access to Mythos 5 has been restored only for a set of US organisations following government approval. Anthropic said Fable 5 and Mythos 5 share the same underlying model, but Fable 5 has stronger safeguards for general use, while Mythos 5 has fewer safeguards and is limited to trusted partners working on defensive cybersecurity.

The export control directive followed a report by Amazon researchers describing a method for bypassing Fable 5 safeguards. Anthropic said the reported behaviour involved identifying software vulnerabilities and, in one case, producing code showing how a vulnerability could be exploited.

The company said its review found that the technique did not expose unique Mythos-level cyber capabilities. It has trained an improved safety classifier to block the behaviour described in the report, and said blocked requests will be redirected to Claude Opus 4.8.

Anthropic also called for a shared industry framework to assess the severity of AI jailbreaks. It said it is working with Amazon, Microsoft, Google and other Glasswing partners on criteria including capability gain, breadth of capability gain, ease of weaponisation and discoverability.

The company said it is expanding cooperation with the US government on frontier AI security, including pre-release evaluation, faster information sharing and joint research on safeguards.

Why does it matter?

The case shows how frontier AI releases are becoming part of national security and export-control policy, especially when models have advanced cybersecurity capabilities. Anthropic’s response also highlights a broader governance gap: governments and companies still lack a shared standard for judging when a jailbreak is minor, serious or urgent enough to justify intervention. The outcome could influence how advanced AI models are tested, released and restricted across borders.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UNICEF urges child-focused AI governance

UNICEF has called for child rights to be placed at the centre of AI governance, warning that children are adopting AI technologies faster than adults while safeguards struggle to keep pace. Ahead of the first Global Dialogue on AI Governance, UNICEF said AI is already reshaping childhood worldwide, creating significant opportunities alongside new risks.

Based on data from 10 countries, UNICEF estimates that at least 20 million children have used AI, with adoption rates in many cases more than three times higher than among adults.

More than 2 million children, or one in 10, said they use AI for advice on things that worry them. An estimated 13 million children reported using AI to support learning and homework.

UNICEF warned that governance frameworks, including safeguards for children, are failing to keep pace with rapid AI adoption. The organisation said children are more exposed to AI systems, business models and data practices, while having less power to avoid or challenge them.

UNICEF said most AI governance frameworks do not adequately prioritise children’s interests, despite young people being among those most likely to experience the long-term consequences of today’s policy decisions. While AI can support learning, creativity and play, evidence on its effects on cognitive development, emotional well-being and exposure to harm is still emerging.

The organisation also highlighted children’s own concerns. Across the 10 countries surveyed, one-third worried about AI being used for scams or misinformation, while one-quarter feared their images or videos could be manipulated into sexually explicit deepfakes. UNICEF warned that too many AI systems are reaching children without adequate safeguards.

UNICEF called on governments, the private sector and partners to embed child rights in global AI governance, with a particular focus on safety and protection.

The organisation urged investment in research on AI’s impact on children’s development and wellbeing, stronger laws and corporate accountability to stop AI-enabled sexual exploitation and abuse, and AI systems designed with maximum safety and transparency.

UNICEF called on governments and technology companies to embed children’s rights into AI governance through stronger legal protections, corporate accountability and safety-by-design. It also urged greater investment in research, AI literacy for children and caregivers, and digital infrastructure to reduce inequalities in access. According to UNICEF, decisions made today will shape children’s safety, privacy, wellbeing and opportunities for decades to come.

Why does it matter?

Children are becoming some of the earliest and most frequent users of AI, yet governance frameworks, research and safety measures remain underdeveloped. As AI increasingly influences how children learn, communicate and seek information, gaps in protection could expose them to misinformation, exploitation, privacy risks and harmful content during critical stages of development.

The report also reinforces a broader shift in AI governance towards rights-based policymaking. By arguing that children’s interests should be considered from the design stage through deployment and regulation, UNICEF is framing child protection not as a niche issue but as a core principle for trustworthy AI.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK ATOC says social media ban is not enough

The UK Alliance Tackling Online Child Sexual Exploitation and Abuse has welcomed the UK government’s plan to ban social media use by children under 16, while warning that the measure alone will not stop online child sexual abuse.

The alliance said age restrictions on mainstream social media platforms could reduce some risks. Still, children may move to less regulated digital spaces, including encrypted messaging services, gaming platforms and other online environments where grooming, sexual extortion and abuse can continue.

UK ATOC called for a broader, system-wide response focused on prevention, stronger platform accountability and safer-by-design digital services. It said governments, regulators, technology companies and online service providers share responsibility for reducing opportunities for abuse before harm occurs.

The alliance proposed a package of technical, legislative and regulatory measures. These include stronger safeguards in end-to-end encrypted environments, robust age-assurance systems, mandatory safer-by-design principles, stronger enforcement under the Online Safety Act and clearer regulation of AI chatbots and companion services.

It also called for device-level nudity detection, upload prevention for known child sexual abuse material and measures to address livestreamed abuse, grooming and sexual extortion.

UK ATOC welcomed the government’s plan to introduce nudity-detection tools on children’s devices, describing it as an important additional safeguard.

The statement reflects a wider concern that age bans may reduce children’s exposure to some mainstream platforms, but cannot replace a comprehensive child-safety framework across the broader digital ecosystem.

Why does it matter?

The UK debate shows the limits of age-based social media bans as a child-safety tool. Online child sexual exploitation and abuse can move across platforms, devices, encrypted services, gaming environments and AI-enabled systems. UK ATOC’s response therefore shifts the focus from access restrictions alone towards prevention, safer design, platform duties and technical safeguards that address how abuse actually happens across digital services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Singapore strengthens cyber resilience against AI threats

Singapore’s Cyber Security Agency (CSA) has outlined new and ongoing initiatives to strengthen national cyber resilience as AI reshapes the cyber threat landscape.

The measures are detailed in the Singapore Cyber Landscape 2025/2026 report, which reviews cybersecurity trends and the country’s response to evolving digital threats.

CSA said AI is reshaping the global cyber threat environment by enabling attackers to operate with greater speed, scale and sophistication. The agency said agentic AI is a particular concern because autonomous systems could automate parts of the cyber kill chain, compressing attacks that once unfolded over days into hours.

The agency cited Anthropic’s Mythos and the misuse of OpenClaw, an open-source agentic AI framework, as examples of how AI can accelerate vulnerability research, exploit development and cyberattack preparation.

At the same time, CSA said AI can strengthen cyber defence by improving threat detection, accelerating incident response and helping organisations identify vulnerabilities more quickly. As AI systems become more widely deployed across enterprise networks and critical infrastructure, however, they are also becoming attractive targets, making secure AI deployment an increasing priority.

To support secure AI adoption, CSA has published Guidelines on Securing AI Systems and a Companion Guide for system owners. It also released a discussion paper on securing agentic AI systems in October 2025 and said it will continue working with international partners on AI security standards.

The report also highlights how AI is changing the tactics of phishing and scam operations. CSA said attackers can use AI to generate convincing phishing lures at scale, produce realistic voice clones and video deepfakes, and create tools that can bypass multi-factor authentication.

CSA also warned that AI is making phishing and scam campaigns more convincing through voice cloning, video deepfakes and large-scale generation of personalised phishing messages. Despite these growing capabilities, reported phishing cases fell by 21% in 2025 to around 4,800 incidents.

Singapore has also launched the pilot National Simulated Scams Exercise, supported by the Ministry of Home Affairs. The exercise simulated AI-enabled government official impersonation scam calls to help the public recognise and respond to emerging scam tactics.

CSA said the number of infected infrastructure units detected in Singapore rose sharply to 284,300 in 2025, a 142% increase from 2024. The increase was driven mainly by persistent malicious infrastructure activity and improved detection of infected botnet devices.

The agency said weakly secured consumer Internet-of-Things devices and unpatched firmware continue to create opportunities for botnet operators. To address this, all residential routers sold in Singapore must meet Cybersecurity Labelling Scheme Level 2 requirements by the end of 2027.

Ransomware also remained a significant threat, with reported cases rising slightly from 159 in 2024 to 165 in 2025. CSA said small- and medium-sized enterprises remained disproportionately affected due to lower cybersecurity maturity and limited resources.

To support SMEs, CSA backed the Cyber Resilience Centre, which provides cybersecurity health checks and recovery assistance after incidents. Eligible SMEs can also receive co-funding for cybersecurity advisory services through the CISO-as-a-Service programme.

One of the year’s most significant incidents involved an attempted intrusion by the APT group UNC3886 targeting Singapore’s four largest telecommunications operators. CSA said the attack was contained through Operation CYBER GUARDIAN without disruption to services or evidence of customer data being compromised.

CSA is also requiring critical information infrastructure owners to attain Cyber Trust mark certification by the end of 2027. The requirement is intended to extend good cybersecurity practices across broader enterprise environments that support critical infrastructure operations.

In 2025, Singapore also conducted its largest Exercise Cyber Star, involving close to 500 participants from CSA, the Singapore Armed Forces’ Digital and Intelligence Service and critical infrastructure owners across 11 sectors.

CSA said it has expanded Cyber Essentials and Cyber Trust mark certifications to include mandatory cloud and AI security requirements. More than 800 organisations had attained at least one Cyber Essentials certification as of early 2026.

The agency is also advancing Singapore’s National Quantum-Safe initiative, working with industry, academia and international partners to raise awareness of quantum risks, support migration planning and accelerate adoption of quantum-safe technologies.

CSA said Singapore will continue investing in cybersecurity capabilities, strengthening partnerships and supporting secure adoption of emerging technologies in an AI-driven threat landscape.

Commissioner of Cybersecurity and CSA Chief Executive David Koh said Singapore must ‘lock down, find first, and fix fast’ as AI and quantum technologies reshape cyber risks. He said the response must be continuous, with government, industry and citizens working together to ensure digital innovation develops alongside trust and security.

The report illustrates how Singapore is treating cybersecurity as a continuous national resilience effort encompassing AI, critical infrastructure, ransomware, online scams and future quantum threats.

Why does it matter?

Singapore’s strategy reflects a growing shift from reactive cybersecurity towards continuous cyber resilience. Rather than addressing individual threats in isolation, the government is integrating AI security, critical infrastructure protection, scam prevention, cybersecurity certification and quantum readiness into a coordinated national strategy.

The report also illustrates how AI is changing cybersecurity on both sides of the equation. While attackers are using AI to accelerate phishing, malware development and vulnerability exploitation, governments are increasingly deploying AI to strengthen cyber defence, making secure AI deployment and governance central components of national cybersecurity policy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!