Cybersecurity

OECD warns on cybersecurity regulation fragmentation

The Organisation for Economic Co-operation and Development (OECD) has published a policy paper warning that growing fragmentation in cybersecurity regulation is increasing compliance burdens, weakening international cooperation, and potentially diverting resources away from core security work.

The paper, ‘Towards international coherence of cybersecurity regulations’, examines how diverging rules across jurisdictions and sectors are creating a complex regulatory landscape for governments and businesses. It says fragmentation can stem from differing national security priorities, sector-specific frameworks, legacy rules, protectionist measures, crisis-driven policymaking, overlapping mandates, and the absence of shared definitions.

According to the OECD, the consequences include higher compliance costs, duplicated reporting and documentation, weaker cross-border cooperation, distorted market incentives, and reduced trust in regulatory systems. Small and medium-sized enterprises may be especially affected because they often lack the financial and human resources to manage overlapping obligations.

The paper warns that fragmented rules can divert financial, human, and managerial resources from practical cybersecurity measures towards administrative adaptation and legal alignment. It says the growing complexity of cybersecurity regulation is itself becoming a challenge to stronger cybersecurity.

The OECD also highlights the rapid expansion of cybersecurity-related regulation in Europe. Its annex maps enacted and proposed EU legislation with cybersecurity provisions since 2020, covering areas such as incident reporting, security-by-design, critical infrastructure, data protection, digital services, and operational resilience.

The report also maps existing efforts to improve coherence at domestic, regional, bilateral, and multilateral levels. Examples include the US NIST Cybersecurity Framework, the EU initiatives linked to NIS2, bilateral cooperation, mutual recognition mechanisms, and international technical standards.

The OECD concludes that regulatory fragmentation is becoming a systemic challenge and says it is well placed to support dialogue, strengthen the evidence base, and help develop practical tools for more coherent cybersecurity regulation across jurisdictions.

Why does it matter?

The paper highlights a central tension in cybersecurity policy: more regulation can improve resilience, but poorly coordinated rules can also create duplication, raise costs, and divert resources away from practical risk reduction. For companies operating across borders, coherent reporting, shared definitions, and better regulatory alignment could become as important as the rules themselves.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU adopts unified cyber incident reporting templates under NIS2

The NIS Cooperation Group has adopted common templates for cybersecurity incident reporting across the EU, marking a step towards more harmonised compliance requirements for companies subject to the NIS2 Directive.

The templates were adopted during the group’s 39th plenary meeting in Cyprus and are intended to provide a uniform format for reporting cyber incidents across member states. The NIS Cooperation Group brings together the EU member states, the European Commission, and the EU Agency for Cybersecurity (ENISA) as part of wider EU cybersecurity coordination efforts.

According to the Commission, the standardised templates are designed to reduce administrative burdens and simplify compliance for companies required to report cybersecurity incidents under NIS2. The move also aligns with broader EU efforts to create a single-entry point for incident reporting under the proposed Digital Omnibus initiative.

The Commission now plans to adopt the templates through an implementing act, which would make them mandatory for all member states. The EU officials say harmonised reporting fields should reduce fragmentation, simplify reporting obligations, and help strengthen cybersecurity resilience across the bloc.

Why does it matter?

Cybersecurity reporting requirements across Europe have often created complexity for companies operating in multiple jurisdictions. Common templates could reduce duplication, make reporting procedures more predictable, and improve coordination between national authorities. The move also fits into the EU’s broader push to simplify digital compliance while strengthening cyber resilience under NIS2.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

New OECD measure compares AI and job capabilities

The OECD has published a new framework designed to assess how closely current AI capabilities align with the requirements of different occupations.

The paper, ‘The OECD AI Exposure Measure‘, maps OECD AI Capability Indicators to occupations and introduces an AI Capability Gap Index. According to the OECD, the framework is intended to support analysis of potential AI impacts on work, skills, education, and labour-market policy.

The framework compares AI capabilities with occupational requirements across nine domains: language, social interaction, problem-solving, creativity, metacognition and critical thinking, knowledge, learning and memory, vision, manipulation, and robotic intelligence. Occupations with smaller capability gaps are considered more exposed to current AI capabilities, while larger gaps indicate a greater distance between AI systems and occupational requirements.

The OECD emphasised that the measure is not intended as a prediction of automation or job loss. It measures potential exposure to current AI capabilities, while actual labour-market effects will also depend on adoption, costs, task structure, regulation, organisational uptake, and social choices.

The report found that occupations involving routine information processing and administrative tasks currently show the highest levels of AI exposure. Office and administrative support occupations record the lowest total gap index, followed by production, food preparation and serving, and sales-related occupations.

Occupations relying more heavily on judgement, social interaction, interpretation, and non-standardised physical activity showed larger capability gaps.

The paper also noted that different forms of AI may affect occupations differently depending on whether work relies more on reasoning, communication, robotics, or physical interaction.

The OECD said the framework could support future task-level analysis, scenario modelling, and country-specific assessments of AI-related labour-market change. Future work may extend the approach to task-level analysis, scenario applications, macroeconomic modelling, and country-level assessments.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

BEREC to present Digital Networks Act assessment

The Body of European Regulators for Electronic Communications (BEREC) will hold a public debriefing on 10 June 2026 in Brussels to present its final assessment of the Digital Networks Act proposal and the outcomes of its latest plenary meetings.

The event will take place at the IRG Secretariat and will be held in a hybrid format, allowing both in-person and online participation. BEREC Chair Marko Mismas of AKOS Slovenia will present the assessment with Working Group Co-Chairs and take questions from stakeholders.

The debriefing will also cover key outcomes from BEREC’s 67th plenary meetings, including updates on ongoing work and upcoming initiatives. The full agenda will be published on BEREC’s website after the plenary meetings.

BEREC experts will also introduce a newly launched public consultation on further draft guidance on 5G network slicing, prepared by the Open Internet Working Group.

The event is aimed at policymakers, industry stakeholders, and other interested parties following the evolving EU regulatory framework for electronic communications. Participants can submit questions in advance via the registration form, while online participants will be able to use a Q&A chat function during the livestream.

Why does it matter?

BEREC’s assessment will feed into the debate over the EU’s future telecoms framework, including how regulators approach network investment, competition, open internet rules, and emerging technical practices such as 5G network slicing. The debriefing also offers stakeholders an opportunity to engage directly with regulators before the Digital Networks Act debate advances further.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

NSW privacy survey highlights concern over AI and data breaches

Australia’s NSW Privacy Commissioner has published the latest biennial survey on community attitudes towards privacy, highlighting strong public concern over data breaches and the use of AI and automated decision-making by government agencies.

The Information and Privacy Commission’s 2026 Community Attitudes Survey provides an indicative picture of public views in New South Wales on privacy rights, data breaches, access to personal information, and government use of emerging technologies. For the first time, the survey also includes findings on AI and automated decision-making.

The survey found that 70% of respondents were concerned about the NSW government’s use of AI and automated decision-making technologies in public decisions. It also found that 99% of respondents considered the NSW Government’s protection of personal information important, the highest result recorded in the survey. Just under 75% were aware that they could access and amend their personal information, apply for a review, or make a complaint with a NSW Government agency.

Concern about data breaches was also high, with 84% to 91% of respondents worried about deliberate hacking, inappropriate sharing, accidental release, and unauthorised access to personal information. Among respondents affected by a breach, 53% had contact information compromised, while 44% had identification information compromised.

Privacy Commissioner Sonia Minutillo said the findings showed that the public places a high value on privacy and is concerned about the risks posed by data breaches and new technologies. She said NSW public sector agencies could strengthen trust by implementing robust governance frameworks for the use of personal information and maintaining strong privacy practices.

The IPC said it will use the results to identify ways to support agencies and the community, and to inform its forward work under the Privacy Proactive Regulatory Initiatives Program.

Why does it matter?

The findings point to a growing trust challenge for public-sector AI deployment. As governments expand the use of AI and automated decision-making, public confidence will depend not only on technical safeguards but also on privacy governance, transparency, and clear avenues for people to access, amend, or challenge the use of their personal information.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU and Mexico strengthen cooperation against crypto-related money laundering

Mexico and the European Union have agreed to expand cooperation on addressing money laundering involving cryptocurrencies and digital assets. The announcement was made during the 8th EU-Mexico summit, where both sides also advanced discussions on a modernised trade agreement.

Officials highlighted concerns regarding the use of digital assets in cross-border illicit financial activities linked to organised crime. The discussions focused on improving coordination related to identifying and disrupting suspected illicit financial flows.

The cooperation forms part of broader EU-Mexico engagement covering trade, investment, security, and digital policy. Both parties said they intend to continue dialogue and cooperation on evolving financial crime risks linked to the digital economy.

Why does it matter? 

The agreement reflects a broader shift towards coordinated international enforcement against crypto-enabled financial crime, where illicit flows are increasingly moving across multiple jurisdictions with limited friction.

Strengthened cooperation between major regions like the EU and Mexico is intended to reduce enforcement gaps that criminal networks have been able to exploit.

It also signals how digital assets are becoming a central focus in global security and trade diplomacy, not just financial regulation. By linking anti-money laundering efforts with wider economic and strategic agreements, both sides are treating crypto-related crime as part of the broader challenge of safeguarding the integrity of the digital financial system.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

New Zealand child agencies urge rights-based approach to online safety

Children’s organisations in New Zealand have called for online safety debates to focus on children’s rights, evidence, and young people’s experiences online.

The recommendations were outlined in a joint resource published by the Children’s Monitoring Group, ‘Making the online world safe for children’, which sets out how Aotearoa New Zealand could respond to online harm without relying solely on access restrictions.

The resource acknowledges concerns related to online harms, including bullying, exploitation, violence, and misinformation. The organisations argued that access restrictions alone may not address broader online safety challenges and could shift responsibility toward children and families instead of platforms.

The document recommends stronger platform accountability measures involving prevention, reporting, and removal of harmful content.

Additional recommendations include reviewing online safety legislation, establishing an independent regulator, and expanding digital citizenship education.

Children’s Commissioner Dr Claire Achmad said online safety discussions should consider children’s rights to participation, protection, and access. She also noted that online spaces can play an important role for children seeking community participation and social connection.

Save the Children New Zealand’s Jacqui Southey argued that platform accountability and evidence-based policy approaches should remain central to online safety efforts. She called for child-centred legislation based on platform accountability, independent oversight, and evidence of what works.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Consumer groups file DSA complaints against Meta, TikTok and Google

Consumer organisations have filed complaints against Meta, TikTok, and Google over alleged failures to address financial scam advertising on their platforms.

The complaints were submitted by the European Consumer Organisation (BEUC) and partner organisations to the European Commission and national authorities under the Digital Services Act. According to research cited by the organisations, nearly 900 suspected fraudulent advertisements were identified across 13 countries between December 2025 and March 2026.

The groups said a relatively small proportion of reported content was removed, while many notices were allegedly rejected or received no response. Consumer organisations argued that the reported moderation response may leave users exposed to large volumes of potentially fraudulent advertising content.

BEUC and partner organisations are calling for investigations into whether the platforms are complying with Digital Services Act obligations related to systemic risks and harmful content.

The organisations also urged regulators to consider enforcement measures if non-compliance is identified, arguing that current moderation efforts are insufficient to mitigate systemic risks linked to online financial fraud.

Why does it matter? 

The case highlights a broader issue of how effectively large online platforms can be held accountable for systemic risks such as financial scams. When reported fraudulent ads remain online at scale, it raises questions about whether existing regulatory tools are strong enough to protect consumers in practice.

It also puts pressure on enforcement bodies to move beyond complaint handling and ensure meaningful, consistent compliance across the digital advertising ecosystem.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

United Kingdom and Australia tighten alliance on AI security risks

The United Kingdom and Australia are deepening cooperation on AI security through a new partnership between the UK AI Security Institute and the Australian AI Safety Institute.

Under a Memorandum of Understanding, the two institutes will share information on frontier AI capabilities, collaborate on AI evaluation practices and exchange research findings. The UK government said the partnership will focus partly on how advanced AI systems could be used in cyberattacks, as well as how they can strengthen defensive capabilities.

The agreement will also support staff exchanges between the two institutes, strengthening day-to-day collaboration. UK officials said the partnership reflects the need for trusted international cooperation as AI systems evolve quickly and create new security and safety risks.

The UK’s AI Minister Kanishka Narayan is expected to sign the agreement with Australia’s Assistant Minister for Science, Technology and the Digital Economy, Andrew Charlton, during a meeting in Canberra. Narayan said no country can address fast-moving AI risks alone, particularly in cybersecurity.

The announcement follows research from the UK AI Security Institute showing that advanced AI systems are rapidly improving their ability to carry out complex cyberattacks, creating opportunities for both attackers and defenders. The UK said the institute’s frontier AI research continues to inform policymaking to protect businesses, critical infrastructure, and the public.

Why does it matter?

The partnership shows how AI security is becoming a matter of international coordination, especially as frontier models develop stronger cyber capabilities. By sharing research, evaluation methods and staff expertise, the UK and Australia are trying to reduce blind spots in oversight and develop more consistent approaches to testing fast-moving AI systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

European Commission marks 10 years of GDPR

The European Commission has marked ten years since the General Data Protection Regulation (GDPR) entered into force across the European Union.

The GDPR entered into force on 24 May 2016 and established a common data protection framework across EU member states, and introduced rules governing the collection and processing of personal data. According to the European Commission, the regulation strengthened individuals’ rights regarding how personal data is collected, processed, corrected, deleted, and shared.

The framework applies to organisations ranging from small businesses to multinational technology companies. Authorities across the EU have also issued significant penalties in cases involving non-compliance with the regulation.

The GDPR has influenced privacy and data protection discussions internationally and contributed to wider adoption of similar regulatory approaches.

The Commission linked the GDPR to broader EU digital regulation efforts, including the Digital Services Act, the Digital Markets Act, and the AI Act. According to the Commission, these measures address issues including platform accountability, competition, and AI governance.

The Commission also referenced online child protection initiatives, including work on age verification and cyberbullying prevention. It said the EU’s approach reflects the principle that the online world should serve people.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.