Cybercrime accounts for one in five crimes in Spain

Spain recorded 488,426 cybercrimes in 2025, accounting for 19.8% of all reported crime, according to the Spanish Ministry of Interior’s latest Cybercrime Report. The figure shows a 5.1% increase from 2024, demonstrating the growing threat of digital crime nationwide.

Computer fraud and online scams continued to dominate cybercrime, accounting for nearly nine in ten reported offences with 429,677 cases. Internet-related forgery increased by 11.3% to 21,690 cases, while sexual offences rose by 21% and illegal access or interception offences surged by 40.7%, highlighting the growing diversity of cybercriminal activity.

The number of cybercrime victims reached 383,285, up 9.3% from 2024. People aged 51 to 65 were the most frequently targeted, particularly through credit card fraud and travel cheque scams, accounting for 146,737 victims. Although most victims were male, the types of cybercrime varied considerably across age groups and demographics.

Critical infrastructure operators experienced 90 cyberattacks in 2025, a 43.8% decrease from the previous year. The transport sector accounted for 42.2% of incidents, followed by the information and communications technology sector with 15.5%.

Why does it matter?

The report shows that cybercrime has become a mainstream form of criminal activity, accounting for nearly one in five reported offences in Spain. The continued growth in fraud, online scams and unauthorised access highlights how digital crime is evolving alongside greater reliance on online services by individuals, businesses and public institutions.

Although attacks on critical infrastructure declined, the overall increase in cybercrime and victim numbers suggests that law enforcement and cybersecurity authorities will need stronger investigative capabilities, cross-border cooperation and preventive measures to keep pace with increasingly sophisticated digital threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

European Commission panel recommends social media restrictions for under-13s

A special panel convened by the European Commission has recommended restricting access to social media and other high-risk digital services for children under 13, arguing that platforms should prove they are safe before minors are allowed to use them.

The report was prepared by the co-chairs of the Special Panel on Child Safety Online, Prof. Dr. Jörg M. Fegert and Dr. Maria Melchior, whom European Commission President Ursula von der Leyen appointed in March 2026 to advise on child safety online and possible age restrictions for social media.

The panel met three times between March and June 2026 to examine scientific evidence on the impact of social media and digital environments on minors, review existing EU and national rules, and develop recommendations to better protect and empower children online.

The report uses the term ‘social media+’ to describe social media and other digital services that expose minors to potentially harmful features, including addictive design, infinite scroll, autoplay, recommender systems, persistent notifications, AI companions, video games and video-sharing platforms.

The co-chairs argue that providers, not children or parents, should bear the burden of demonstrating that their services are safe by design and appropriate for young users. Until then, they recommend restricting access for children under 13, while allowing member states to introduce additional precautionary measures for older adolescents if needed.

The recommendations also call for proportionate age-assurance systems, stronger safety-by-design requirements, limits on addictive platform features, more effective complaints mechanisms for minors and stronger enforcement of existing EU legislation, including the Digital Services Act, GDPR and AI Act.

The report also urges the EU to close legislative gaps on child sexual abuse online by adopting permanent obligations requiring providers to prevent, detect, report and block abuse, including in interpersonal communications.

Beyond restrictions, the report emphasises digital empowerment through stronger media literacy for children, parents, teachers and caregivers, greater participation by young people in policymaking, improved parental guidance, increased support for civil society organisations and helplines, and more investment in offline activities such as sports, arts and youth spaces.

The report concludes that protecting children online requires an ecosystem-wide approach involving regulators, digital service providers, educators, parents, caregivers and children themselves. It argues that children’s rights should apply online just as they do offline, balancing protection with opportunities to learn, participate and communicate.

Why does it matter?

The report could significantly influence future EU policy on children’s access to digital services, platform design and online safety. By recommending a default restriction for children under 13 and placing responsibility on providers to demonstrate that their services are safe, it shifts the debate away from parental responsibility towards platform accountability.

Although the recommendations are not legally binding, they are likely to inform future discussions on the Digital Services Act, the AI Act and wider EU child protection policies. If adopted, they could reshape how online platforms design services for younger users across Europe.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK brings major cloud providers under financial oversight

The UK government has designated Microsoft, Google Cloud, Amazon Web Services (AWS) and Oracle as Critical Third Parties (CTPs), bringing the major cloud providers under direct financial regulatory oversight for the first time.

From 13 July 2026, the four companies will come under direct oversight by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), with the aim of strengthening the operational resilience of the UK financial system.

The new regime reflects the financial sector’s growing dependence on cloud infrastructure. Regulators will be able to assess the resilience of critical services, gather operational information and require providers to address risks that could disrupt banking, insurance or financial market infrastructure.

The oversight applies only to services considered systemically important to the financial sector, rather than to the companies’ wider commercial operations.

The UK government described the framework as a proportionate, risk-based approach designed to reduce the likelihood of widespread service disruptions affecting millions of consumers and businesses. It also said additional technology providers could be designated in the future if they meet the statutory threshold for systemic importance.

Microsoft, Google Cloud, AWS and Oracle all welcomed the framework, saying they would comply with the new requirements and continue supporting the resilience of the UK’s financial sector.

Why does it matter?

The designation marks a significant shift in financial regulation by extending direct oversight beyond banks and financial institutions to the technology providers that underpin critical financial services. As cloud infrastructure becomes increasingly central to banking, payments and financial markets, regulators are treating operational resilience as a systemic issue rather than solely a commercial responsibility.

The UK’s approach could also influence regulators in other jurisdictions. As financial institutions become more dependent on a small number of hyperscale cloud providers, governments may increasingly seek direct oversight of technology companies whose services have become essential to the stability of critical sectors.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Greece launches €10 million call to accelerate municipal digital transformation

The Greek Ministry of Digital Governance and Artificial Intelligence has launched a €10 million funding programme to accelerate digital transformation across 35 municipalities, supporting the modernisation of local public services and digital infrastructure.

Municipalities in Greece will be able to develop and upgrade digital public services, citizen request management platforms and mobile applications. The programme also supports projects in civil protection, crisis management, telemedicine, remote care for vulnerable groups and digital tourism, including interactive maps, virtual and augmented reality applications, and the digitisation of historical and cultural archives.

The programme also places a strong emphasis on cybersecurity, the long-term sustainability of digital services and the resilience of municipal information systems.

According to the ministry, the initiative forms part of Greece’s broader strategy to build more resilient, modern and citizen-centred municipalities by investing in digital infrastructure tailored to local needs.

Why does it matter?

The programme reflects Greece’s continued effort to extend digital transformation beyond central government and strengthen the digital capabilities of local authorities. By investing in public services, cybersecurity, telemedicine and smart city applications, the initiative aims to improve service delivery while supporting more resilient and connected communities.

It also highlights the growing role of municipalities in national digital strategies. As local governments increasingly deliver services through digital platforms, investment in secure infrastructure and modern public administration is becoming an important part of broader digital transformation efforts across Europe.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU-Australia Digital Dialogue focuses on AI and online safety

The EU and Australia have reaffirmed their digital partnership during the third EU-Australia Digital Dialogue, advancing cooperation on AI, cybersecurity, digital policy and secure infrastructure.

The online meeting was co-chaired by Renate Nikolay, Deputy Director-General for Communications Networks, Content and Technology at the European Commission, and Helen Wilson, Deputy Secretary of the Science and Technology Group at Australia’s Department of Industry, Science and Resources.

Discussions covered critical technologies, secure connectivity and digital infrastructure, cybersecurity, online safety and data policy. The two sides also exchanged views on their respective priorities for AI infrastructure, AI capabilities and AI safety.

The dialogue also addressed secure international connectivity and the importance of resilient digital infrastructure. Both sides reviewed progress on online safety cooperation, with particular attention to protecting children online.

The EU and Australia agreed to continue discussions across these areas and explore further opportunities for collaboration, including through Australia’s association with the EU’s Horizon Europe research programme.

Why does it matter?

The dialogue reflects the growing strategic importance of digital partnerships between like-minded countries. As AI, cybersecurity, digital infrastructure and data governance become central to economic competitiveness and national security, international cooperation is increasingly focused on aligning policies as well as developing joint research and technology initiatives.

The reference to Horizon Europe also highlights the practical dimension of the partnership. Beyond policy discussions, cooperation could expand into collaborative research, innovation and technology development, strengthening ties between the EU and Australia’s digital ecosystems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OECD warns AI could affect trust in official statistics

The OECD has warned that generative AI is changing how people access official statistics, creating new challenges for data quality, context and public trust.

In a blog published by the OECD Centre on Well-being, Inclusion, Sustainability and Equal Opportunity, Romina Boarini and Cameroon Tiati A Biscene argue that citizens, journalists and policymakers increasingly obtain official statistics through chatbots and AI assistants rather than directly from national statistical institutes or government websites.

According to the OECD, this lengthens the chain between data producers and users. As statistics pass through AI systems and other digital intermediaries, important context, including reference periods, revision notes, methodological caveats and source attribution, can be lost.

The blog notes that AI can make official statistics easier to discover and understand, particularly for non-specialist audiences. However, it warns that AI-generated summaries often obscure how information has been selected, interpreted and simplified before reaching users.

The OECD also highlights several data quality risks. AI systems may fail to recognise when official statistics have been revised, corrected or withdrawn, while retrieval quality depends heavily on how well statistical information is structured and machine-readable. Poorly organised data can therefore increase the risk of inaccurate or misleading outputs.

The report also raises concerns about representativeness. General-purpose AI systems are trained on vast amounts of online content, but abundance does not guarantee representative data. As a result, AI-generated or synthetic representations of populations may fail to reflect real-world conditions accurately.

Access is another concern. Although official statistics remain publicly available, meaningful access may increasingly depend on private AI assistants, paid interfaces and concentrated digital infrastructure, potentially making a public good less accessible in practice.

The OECD argues that national statistical institutes may need to expand their role by making datasets more structured and machine-readable, monitoring how statistics are reformulated by AI systems, developing standards for unofficial data sources and preserving the institutional independence that underpins public trust.

Why does it matter?

The OECD’s warning highlights that official statistics can remain accurate at source yet become misleading once AI systems summarise, simplify or detach them from their original context. As more people rely on AI assistants rather than official websites, preserving context and source attribution will become increasingly important for maintaining trust in public data.

The findings also suggest that national statistical institutes will need to adapt to an AI-mediated information environment by designing datasets not only for human users but also for AI systems that increasingly act as intermediaries between governments and the public.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Canada funds AI mining innovation projects

Canada has announced CAD 6.7 million in federal funding for two AI-enabled mining innovation projects aimed at improving critical minerals extraction and ecological restoration.

The two projects, worth a combined CAD 19.8 million, are led by Novamera Inc. of Oakville, Ontario, and Koonkie Canada Inc. of Vancouver, British Columbia. Funding is being provided through Canada’s Digital Technology Cluster (DIGITAL).

Novamera will receive CAD 3.8 million for a CAD 10.9 million project to advance its Surgical Mining technology, which combines subsurface imaging, AI, robotics and conventional drilling equipment to access mineral deposits with greater precision.

The technology is designed to enable more targeted extraction of critical minerals, including copper and rare earth elements. According to the government, the project will help move the technology from development towards commercial deployment.

Koonkie will receive CAD 2.9 million for a CAD 8.9 million project to develop an AI-powered mine restoration platform. The system will combine environmental DNA analysis, soil health data, remote sensing and Indigenous ecological knowledge to monitor biodiversity and ecological recovery.

Project partners estimate the platform could shorten ecological restoration timelines by five to ten years while reducing restoration costs by up to 40% compared with conventional approaches.

The projects are expected to create up to 35 jobs and maintain a further 37. The government said the investments support Canada’s broader strategy to strengthen critical mineral supply chains, advance clean technologies and improve industrial competitiveness.

Industry Minister Mélanie Joly said the investments would help Canadian companies develop and deploy technologies that improve the precision of critical minerals extraction, support responsible resource development and strengthen mine restoration.

Why does it matter?

Critical minerals such as copper and rare earth elements are essential for AI infrastructure, semiconductors, batteries and clean energy technologies, making mining innovation an increasingly important part of national industrial strategies. AI is also expanding beyond mineral exploration into operational efficiency and environmental management, helping companies improve resource recovery while reducing environmental impacts.

The projects illustrate how governments are using AI to strengthen both the competitiveness and sustainability of critical mineral supply chains. By combining automation, environmental monitoring and Indigenous knowledge, Canada is positioning digital technologies as a key component of responsible resource development.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

CISA shares lessons from GitHub credential exposure

CISA has published details of an internal CISA incident response triggered after an investigative reporter alerted the agency to Amazon AWS GovCloud keys and other internal information exposed in a public GitHub repository.

The agency said the information was identified by a security researcher whose company continuously scans public code repositories. The repository was not part of CISA’s official GitHub environment but belonged to a contractor’s personal GitHub account.

According to CISA, its Office of the Chief Information Officer immediately took the repository offline and preserved it for forensic analysis. The agency also suspended its development environment, reset affected credentials and revoked the contractor’s system access.

The investigation found that the contractor had uploaded copies of a CISA build and deployment repository to a personal GitHub account while attempting to build cloud infrastructure independently. The repository contained infrastructure-as-code, build scripts, administrator credentials and build credentials.

Forensic analysis found no evidence that the exposed credentials had been used outside CISA environments and no customer or mission data was compromised.

CISA subsequently rotated all credentials associated with environments where the contractor had administrator privileges, expanded repository allow and deny lists, and restricted users’ ability to upload code to public repositories before restoring the development environment.

The agency said the incident reinforced the value of taking external vulnerability reports seriously, applying Zero Trust principles to development environments and maintaining detailed logging that enabled rapid investigation.

It also identified several areas for improvement, including stricter controls over public repositories, better secrets detection, clearer GitHub and cloud incident response playbooks, simpler reporting channels for security researchers, stronger development environment guardrails and more mature cryptographic key management.

CISA also said organisations should maintain clear reporting channels for incidents affecting their own environments and publish reporting instructions in multiple locations rather than relying solely on a security.txt file.

The agency said publishing its own incident response experience is intended to help other organisations strengthen their security practices and improve preparedness for similar incidents.

Why does it matter?

The incident illustrates how easily sensitive credentials can be exposed through routine developer workflows and personal code repositories, even within organisations responsible for cybersecurity. It also highlights the importance of rapid detection, credential rotation and strong access controls when managing cloud infrastructure.

By publicly documenting both its response and the lessons learned, CISA is encouraging organisations to treat incident reporting, secrets management, Zero Trust architecture and developer governance as integral parts of software security rather than afterthoughts.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft expands AI-powered Windows security

Microsoft is expanding its Windows security strategy by using AI to accelerate vulnerability discovery, analysis and remediation across its software development process. The company says AI is helping security teams identify potential issues faster across large codebases, shortening the time between discovering vulnerabilities and protecting customers.

The updated approach combines AI-powered security analysis tools with Microsoft’s multi-model agentic scanning systems to detect vulnerabilities, validate findings and prioritise high-confidence risks. Microsoft is also integrating AI into its engineering workflows to help developers investigate issues, recommend fixes and improve testing while maintaining human oversight throughout the process.

Microsoft said faster vulnerability detection will be matched by rigorous update validation to preserve reliability and compatibility across devices and applications. The company is also investing in automated patching, vulnerability management and deployment tools that help organisations apply security updates more efficiently.

As AI strengthens both cyber defence and offensive capabilities, Microsoft says it aims to reduce risk by combining faster vulnerability detection, responsible remediation and stronger security foundations across the Windows ecosystem.

Why does it matter?

AI is accelerating both cyberattacks and cyber defence, making speed an increasingly important factor in vulnerability management. As attackers use AI to identify and exploit weaknesses more quickly, software developers are under growing pressure to shorten the time between vulnerability discovery and remediation.

Microsoft’s approach reflects a broader shift towards continuous, AI-assisted security engineering rather than periodic security updates. By embedding AI throughout the software development lifecycle while retaining human oversight, the company is signalling how large technology providers may adapt software security to an increasingly AI-driven threat landscape.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot

Greece begins parliamentary debate on EU AI Act implementation

Greece has introduced a draft law to implement the EU AI Act, becoming one of the first EU member states to establish a comprehensive national governance framework for enforcing the regulation.

The legislation aims to promote the safe, trustworthy and human-centred use of AI while protecting fundamental rights and supporting innovation, entrepreneurship and economic competitiveness.

The draft law designates the Hellenic Data Protection Authority as the national market surveillance authority and national contact point under the AI Act, while assigning the Hellenic Telecommunications and Post Commission as the notifying authority.

It also establishes an Artificial Intelligence Coordination and Know-how Centre to provide technical expertise to regulators, alongside a unified complaints mechanism and an administrative sanctions framework to support enforcement.

To encourage responsible innovation, the proposal introduces an AI regulatory sandbox, allowing startups and small and medium-sized enterprises to test AI applications under regulatory supervision.

The legislation also creates a Unified Registry of Public Artificial Intelligence Systems to strengthen transparency and accountability, while expanding the role of Greece’s AI Observatory in monitoring implementation of the National AI Strategy.

According to the Ministry of Digital Governance, the framework follows the AI Act’s risk-based approach by applying oversight measures proportionate to the risks posed by different AI systems.

The proposal builds on Greece’s broader AI strategy, including the creation of the Special Secretariat for Artificial Intelligence and Data Governance, with the aim of balancing innovation, economic development and the protection of fundamental rights.

Why does it matter?

Greece is positioning itself among the first EU member states to translate the AI Act into operational national institutions and enforcement mechanisms. By establishing supervisory authorities, a regulatory sandbox and governance structures ahead of key implementation deadlines, the country aims to provide greater legal certainty for businesses while supporting responsible AI innovation.

The legislation also illustrates how the AI Act will increasingly be implemented through national institutions rather than EU bodies alone. As other member states develop their own enforcement frameworks, differences in implementation could shape how consistently the regulation is applied across the European Union.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!