Cybersecurity

Atos launches digital sovereignty offering for AI and regulated environments

Atos Group has launched an integrated digital sovereignty offering, designed to help organisations retain control and accountability over their data, infrastructure and digital operations.

The proposition combines capabilities across cloud, cybersecurity, AI and digital workplace services. It draws on Atos and Eviden expertise, including fully European data encryption products from Eviden.

Sovereignty is embedded by design across existing portfolios, with graduated levels tailored to each customer’s workloads. Open standards and interoperability sit at the core, aiming to reduce vendor lock-in.

The offering targets regulated sectors including the public sector, defence, financial services and healthcare. Atos Group digital sovereignty leader Michael Kollar said the initiative helps organisations ‘turn sovereignty into an operational capability.’

The launch complements the recent introduction of Atos Sovereign Agentic Studios, which focused on moving AI deployments into production under sovereign control.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UN experts warn of growing risks from digital surveillance and AI misuse

UN human rights experts have raised concerns about the global expansion of digital surveillance technologies and their impact on fundamental freedoms, warning that current practices risk undermining democratic participation and civic space.

In a joint statement, the experts said that surveillance tools are increasingly used in ways that may be incompatible with international human rights standards. They noted that such technologies are often deployed against civil society, journalists, political opposition, and minority groups, contributing to what they described as a ‘chilling effect’ on freedom of expression and dissent.

The experts highlighted the growing use of advanced technologies, including AI, in areas such as law enforcement, counter-terrorism, and border management. They said that, without adequate legal safeguards, these tools can enable large-scale monitoring, predictive profiling, and the amplification of bias, potentially leading to disproportionate targeting of individuals and groups.

According to the statement, digital surveillance systems are part of broader ecosystems that involve collaboration among governments, private companies, and data intermediaries. These interconnected systems can expand state surveillance capabilities and increase the complexity of assessing their impact on human rights.

The experts also pointed to the role of legal frameworks, noting that broadly defined laws on national security, extremism, and cybercrime may contribute to the misuse of surveillance technologies. Such measures, they said, can affect the work of civil society organisations and other actors operating in the public sphere.

To address these challenges, the experts called for stronger safeguards, including clearer limits on surveillance practices, risk-based regulation of AI systems, and improved oversight mechanisms. They emphasised the importance of human rights impact assessments throughout the lifecycle of digital technologies, as well as the need for accountability and access to remedies in cases of harm.

Why does it matter?

The statement also highlighted the importance of data protection, system testing, and validation to reduce risks associated with digital surveillance tools. It called on governments to align national legislation with international human rights standards and ensure independent oversight of surveillance activities.

The experts further suggested that international cooperation may be needed to address cross-border implications, including the potential development of a binding international framework governing digital surveillance technologies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cyberattack on Itron exposes risks to global energy infrastructure systems

Itron has confirmed a cyber intrusion affecting parts of its internal systems, drawing attention to growing vulnerabilities across digital infrastructure linked to essential utility services. In a regulatory filing, the company said an unauthorised third party gained access to certain systems before the activity was contained and removed.

The US energy technology company said it has not identified any compromise of customer-hosted systems, suggesting that the incident may be limited to internal operations for now. At the same time, the lack of detail on the attack method, including whether ransomware was involved, underscores the uncertainty that still surrounds the breach.

As a provider of connected technologies for utilities serving more than 110 million homes and businesses, Itron sits within infrastructure that supports electricity, water, and gas services at scale. That makes the incident significant beyond the company itself, even if operational disruption appears limited so far.

Itron said it activated its cybersecurity response plan, notified law enforcement, and implemented contingency measures, including reliance on backups, to maintain continuity. The company also said operations have continued in all material respects while the investigation remains ongoing.

While services appear largely unaffected at this stage, the filing suggests the full scope of the breach has not yet been determined. The case reflects the growing pressure on infrastructure technology providers to strengthen cyber resilience as threats increasingly target the digital systems underpinning essential services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

The Philippines and South Korea launch a major cybersecurity centre project

The Department of Information and Communications Technology in the Philippines has formalised a major cybersecurity partnership with South Korea, securing funding and technical support to establish a National Cyber Security Centre to strengthen the country’s digital defences.

The agreement, supported by the Korea International Cooperation Agency, has been described by Philippine officials as the largest cybersecurity cooperation project of its kind in the country.

The initiative is intended to create a central hub for cyber threat monitoring, incident response, and coordinated defence, while also improving information security management across government systems. The programme is backed by a US$25.6 million grant over five years, reflecting the growing urgency of responding to increasingly sophisticated cyber threats affecting infrastructure and public services.

Beyond infrastructure, the project also aims to strengthen national capacity through training and workforce development, helping build a larger pool of cybersecurity professionals. Philippine authorities have stressed that cybersecurity now extends beyond technical systems and increasingly affects public trust, economic stability, and everyday digital activity.

The agreement with South Korea points to a broader effort to strengthen the Philippines’ resilience as a digital economy, with stronger institutional safeguards against evolving cyber risks and a longer-term commitment to secure digital transformation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UNIDIR highlights the security implications of the shift from classical to quantum technologies

The United Nations Institute for Disarmament Research (UNIDIR) has outlined the evolution of digital technologies from early internet systems to emerging quantum capabilities, highlighting their growing impact on global systems and security.

In its analysis, UNIDIR traces the progression from dial-up connectivity and classical computing to advanced technologies such as AI and quantum computing, noting that innovation cycles are accelerating and becoming increasingly interconnected. The organisation states that the transition to quantum technologies represents a significant shift in how data is processed, stored and secured.

Unlike classical systems, quantum computing introduces new capabilities that could transform fields ranging from scientific research to communications.

However, UNIDIR warns that these advances also present risks, particularly in cybersecurity. Quantum technologies could challenge existing encryption methods and expose vulnerabilities in digital infrastructure, with implications for governments, businesses and critical systems.

The analysis also links emerging technologies to broader geopolitical dynamics, noting that competition over technological leadership is becoming a key factor in international security. As digital and physical systems converge, technological developments are increasingly shaping strategic stability.

Why does it matter?

UNIDIR emphasises the need for forward-looking governance, international cooperation and policy coordination to manage these challenges. It calls for stronger dialogue among states and stakeholders to ensure that technological progress supports global security rather than undermines it.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU cybersecurity certification framework gains momentum after Cyprus event

The European Commission and the European Union Agency for Cybersecurity (ENISA) have stepped up efforts to strengthen cybersecurity certification across the EU during the European Cybersecurity Certification Week held in Cyprus. The event brought together policymakers, industry representatives, and national authorities to support the implementation of a more unified certification framework.

Discussions focused on advancing the EU Cybersecurity Certification Framework under the Cybersecurity Act, as well as its interactions with related legislation, including the Cyber Resilience Act, the NIS2 Directive, and the Cyber Solidarity Act. The initiative reflects a broader effort to harmonise standards and strengthen trust in digital products and services across member states.

Progress was also reported on two certification schemes currently under development. One concerns European Digital Identity Wallets, aiming to set high security requirements to protect citizens’ credentials, while the other focuses on Managed Security Services, particularly incident response capabilities under the Cyber Solidarity Act.

Participants also reviewed the peer assessment mechanism intended to support consistent implementation across member states. That process, already underway, is designed to promote equivalent cybersecurity standards throughout the EU and reduce the risk of fragmented national approaches.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

ENISA updates cybersecurity assessment framework for the EU Member States

The European Union Agency for Cybersecurity has released an updated version of its National Cybersecurity Capabilities Assessment framework, designed to help countries evaluate the maturity of their cybersecurity strategies and implementation progress.

The revised tool provides a structured approach for identifying strengths, weaknesses, and areas requiring further development.

The framework, known as NCAF 2.0, is intended for policymakers and government officials responsible for national cybersecurity planning. It enables authorities to track progress at both strategic and operational levels while improving understanding of how effectively national strategies are being implemented.

Aligned with key EU legislation, including the NIS2 Directive, the updated framework supports coordination across Member States by offering a shared reference point for capability assessment.

It also facilitates peer review processes and encourages the exchange of best practices in cybersecurity governance.

Why does it matter?

The tool gives EU Member States a consistent way to measure and improve cybersecurity readiness, reducing fragmentation across national approaches.

By identifying gaps and aligning strategies with frameworks like NIS2, it strengthens collective resilience against cross-border cyber threats. The shared methodology also improves coordination, enabling faster learning and more coordinated responses to evolving cyber risks across the EU.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

CISA publishes FIRESTARTER malware report and updates directive

The US Cybersecurity and Infrastructure Security Agency has published a malware analysis report on FIRESTARTER, a malware affecting Cisco Firepower and Secure Firewall products running Adaptive Security Appliance or Firepower Threat Defense software. At the same time, CISA updated Emergency Directive 25-03 with new required actions for Federal Civilian Executive Branch agencies.

CISA said the report was co-sealed with the UK’s National Cyber Security Centre and is intended to help organisations detect and respond to FIRESTARTER. The agencies assess that an advanced persistent threat actor exploited CVE-2025-20333 and CVE-2025-20362 in Cisco ASA firmware to gain initial access and deploy the malware on affected devices.

The report also says FIRESTARTER enabled post-patching persistence. CISA stated that firmware patching on compromised devices did not necessarily remove an existing threat actor.

The updated directive requires affected federal agencies to identify specified Firepower and Secure Firewall devices, collect forensic data, and apply new vendor-provided updates. CISA also urged organisations using the affected Cisco products to review the report and implement the recommended mitigations.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ECON adopts Business Wallets opinion and highlights cybersecurity risks

Members of the European Committee of the Regions’ Commission for Economic Policy adopted a draft opinion on European Business Wallets at their meeting, while also addressing cybersecurity, industrial policy, defence, AI, and state aid issues.

ECON members stressed that European Business Wallets should be simple, user-friendly, and cost-effective, particularly for SMEs, micro-enterprises, and start-ups operating across borders. They also backed a ‘once-only’ principle allowing businesses to submit data a single time and reuse it across different administrative procedures.

The draft opinion also calls for awareness-raising, clear guidance, financial support, technical assistance, and training for local administrations facing new obligations.

Rapporteur Branislav Zacharides, Mayor of Vrútky, stated:

The deployment of the Business Wallets will entail new administrative obligations for public authorities, which can be especially burdensome for smaller municipalities. We therefore call on the European Commission and Member States to provide adequate technical capacity-building and financial support so that the Wallets can deliver real added value.

Members also addressed the upcoming Cybersecurity Review and the Digital Networks Act, warning that new responsibilities linked to digital resilience and connectivity could put pressure on regional and local administrations, especially those with limited resources and technical expertise. They called for financial support, training, and capacity-building to help authorities meet those requirements.

ECON members also discussed the EU Defence Industry Transformation Roadmap and the Industrial Accelerator Act, stressing the need for a place-based approach to defence and industrial acceleration policies. They argued that local and regional authorities should help shape investment priorities and industrial strategies, rather than merely implement them.

The meeting also included a discussion of gender bias in AI and a review of the General Block Exemption Regulation on state aid. ECON members warned that broader state-aid flexibilities could have uneven territorial and competition effects, risking the widening of regional disparities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Frontier AI changes cyber risk calculations, New Zealand warns

New Zealand’s National Cyber Security Centre has warned that frontier AI models are likely to change the cyber threat landscape by increasing malicious actors’ ability to discover and exploit software vulnerabilities at greater speed and scale.

The guidance states that frontier AI models have already demonstrated the ability to identify vulnerabilities in software products. At the same time, it notes that defenders should consider where AI can support their own work, including checking in-house code for vulnerabilities and strengthening software before it is deployed into production.

Also, the guidance refers to a recent Anthropic report on Mythos Preview, which describes it as an agentic model capable of autonomously completing a series of tasks. According to the NCSC, Anthropic says the model can identify zero-day vulnerabilities in code and turn them into working exploits.

At the same time, the NCSC stresses that effective security controls remain the best line of defence as new vulnerabilities continue to be discovered. It recommends that organisations review their security posture to ensure it remains fit for purpose, and that appropriate methods to detect and contain malicious activity are in place across networks.

Senior leaders are urged to review how vulnerabilities are identified and managed, including patching, disclosure, supplier assurance, incident response, and protections for critical systems. For developers, the guidance recommends using frontier AI models cautiously in code reviews, patching frequently, reducing attack surfaces, applying defence-in-depth, and monitoring closely for signs of compromise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.