Canada’s CSE expands cyber defence amid growing threats

The Communications Security Establishment Canada (CSE) has published its 2025-2026 Annual Report, detailing the activities of the agency and the Canadian Centre for Cyber Security between April 2025 and March 2026 as cyber threats continued to grow in scale and complexity.

During the reporting period, the Canadian Centre for Cyber Security responded to more than 3,200 cybersecurity incidents affecting federal institutions and critical infrastructure. It also issued 25 alerts, 995 advisories and more than 97,000 notifications through the National Cyber Threat Notification System to 1,363 subscribed organisations.

CSE also took direct action against ten of the ransomware groups causing the greatest harm to Canada and its allies, while completing 1,772 supply chain risk assessments to strengthen cyber resilience across government. During the year, the agency received 13 ministerial authorisations, including four supporting foreign cyber operations.

The report highlights how recent defence investments are supporting work on secure digital infrastructure, stronger cyber defence capabilities, AI, post-quantum cryptography and deeper collaboration with trusted international partners.

Minister of National Defence David J. McGuinty said the report demonstrates the importance of CSE’s work to Canada’s security and economic well-being. Chief of CSE Caroline Xavier noted that the agency will mark its 80th anniversary in 2026 and said recent investments are providing the tools needed to address an increasingly complex threat environment.

Why does it matter?

The report illustrates how national cybersecurity agencies are shifting from responding to isolated incidents to maintaining continuous operations against increasingly sophisticated digital threats. Activities ranging from ransomware disruption to supply chain assessments demonstrate the expanding role of cyber defence in protecting governments and critical infrastructure.

The emphasis on AI, post-quantum cryptography and secure digital infrastructure also signals Canada’s long-term approach to cybersecurity. By investing in emerging technologies while strengthening cooperation with allies, CSE is preparing for a threat environment in which cyber resilience is closely tied to national security, economic stability and technological competitiveness.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU approves simplified AI rules under Omnibus VII

The Council of the European Union has given its final approval to a regulation that simplifies parts of the EU’s AI framework as part of the broader ‘Omnibus VII’ package to reduce regulatory complexity.

The updated rules revise the implementation timeline for high-risk AI systems, postponing full application until December 2027 for standalone systems and August 2028 for AI systems integrated into regulated products. The regulation also strengthens safeguards by explicitly prohibiting AI-generated non-consensual sexual content, including manipulated intimate imagery and AI-generated child sexual abuse material.

Additional changes aim to reduce administrative burdens and improve legal clarity. Deadlines for establishing AI regulatory sandboxes have been extended to August 2027, transparency obligations for AI-generated content have been streamlined, and the regulation clarifies the division of responsibilities between EU and national authorities while reducing overlap with sector-specific legislation.

The framework also clarifies the division of responsibilities between EU and national authorities and introduces mechanisms to avoid overlap with sector-specific legislation.

EU officials said the reforms will improve legal certainty, support innovation and promote more consistent implementation across member states while preserving safeguards for fundamental rights in the development and deployment of AI systems.

Why does it matter? 

The reforms illustrate the EU’s effort to move from adopting AI legislation to making it easier to implement in practice. By extending compliance deadlines, reducing administrative complexity and clarifying supervisory responsibilities, the Union aims to encourage AI innovation without weakening protections for fundamental rights.

The package also reflects a more pragmatic phase of EU AI governance. Rather than rewriting the AI Act, policymakers are refining its implementation to improve legal certainty for developers and users while maintaining strict rules for high-risk and harmful AI applications.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

NVIDIA and Palantir expand sovereign AI for US government

Palantir has announced a new sovereign AI capability built on NVIDIA’s open-source Nemotron models, enabling US government agencies and critical infrastructure operators to deploy, customise and continuously improve AI models within highly secure environments.

The platform combines NVIDIA Nemotron open models with Palantir’s Sovereign AI Operating System, allowing organisations to retain full control over their data, model weights and deployment infrastructure.

The system is designed for air-gapped and highly regulated environments where sensitive information cannot be connected to external networks.

Agencies will be able to train AI models using their own operational data, retain ownership of the resulting models and continuously improve performance through internal feedback loops.

The deployment is supported by NVIDIA AI Enterprise and Palantir’s Artificial Intelligence Platform (AIP), Foundry, Ontology and Apollo platforms.

NVIDIA said the initiative reflects the growing importance of open AI models for government and enterprise development, arguing that they offer greater transparency, customisation and lower deployment costs than proprietary alternatives.

The company also highlighted the role of open models in strengthening AI adoption across sectors including defence, healthcare, energy, transportation and public administration.

Why does it matter?

The announcement reflects the growing importance of sovereign AI, as governments and operators of critical infrastructure seek to deploy advanced AI systems without relying on externally hosted services or relinquishing control over sensitive data. Open models combined with secure, self-managed infrastructure offer an alternative approach for organisations with strict security and regulatory requirements.

The partnership also highlights the strategic role of open foundation models in the evolving AI ecosystem. As competition intensifies between proprietary and open AI approaches, governments are increasingly viewing customisable, locally deployable models as critical assets for national security, digital sovereignty and public-sector modernisation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Chief AI Officers to lead AI adoption across Australian government

Australian public service agencies are formalising the appointment of Chief AI Officers (CAIOs) to guide the safe, strategic and coordinated use of AI across government.

Under the APS AI Plan, all non-corporate Commonwealth entities must appoint a senior leader as Chief AI Officer by 30 June 2026. Corporate Commonwealth entities and Commonwealth companies are strongly encouraged to make similar appointments.

The role is intended to help agencies adopt and use AI, particularly generative AI, as the technology reshapes government operations, public service delivery and internal processes.

Chief AI Officers will complement, rather than replace, AI Accountable Officials. While Accountable Officials focus on governance, compliance and risk management, CAIOs will lead strategic adoption, organisational transformation and AI capability building.

The government said CAIOs should provide strategic leadership rather than focus primarily on technical implementation. Their responsibilities include identifying high-value AI use cases, building staff capability, championing responsible adoption and ensuring AI is deployed safely and effectively.

CAIOs will work across technology, data, policy, cybersecurity, privacy and human resources functions, while collaborating with counterparts across the Australian Public Service and the Department of Finance’s AI Delivery and Enablement team.

Chief AI Officers will also collaborate across the Australian Public Service, including with other CAIOs and the AI Delivery and Enablement function in the Department of Finance.

The government said AI should be viewed as a general-purpose capability rather than a conventional technology upgrade, reflecting its potential to transform multiple areas of public-sector work.

The CAIO role is intended to help agencies move from experimentation to more systematic and responsible adoption. It is also designed to support a whole-of-organisation view of AI risks and opportunities.

The AI Delivery and Enablement team has developed an information pack to support agencies in appointing CAIOs, along with a blog for newly appointed leaders.

A wide range of agencies have already appointed Chief AI Officers. The published list includes major departments, regulators, integrity bodies, health and research agencies, cultural institutions, security agencies and service delivery organisations.

A wide range of organisations have already appointed CAIOs, including major government departments, regulators, law enforcement bodies, research organisations and service delivery agencies such as the Department of Finance, Home Affairs, Treasury, the Australian Federal Police, Services Australia and the Australian Electoral Commission.

The appointments of Chief AI Officers reflect a broader effort to coordinate AI adoption across government while maintaining attention to safety, privacy, cybersecurity, governance and public value.

Why does it matter?

Australia’s initiative reflects a broader shift from experimental AI projects to coordinated, organisation-wide adoption across the public sector. By establishing dedicated AI leadership roles, the government is seeking to embed strategic oversight while ensuring that innovation is balanced with governance, privacy, cybersecurity and public accountability.

The creation of Chief AI Officers also highlights the growing recognition that AI adoption is an organisational transformation challenge rather than solely a technical one. As governments integrate AI into public services, dedicated leadership is becoming increasingly important to coordinate implementation, build capability and ensure AI delivers public value responsibly.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Malaysia adopts AI-centred digital strategy to 2030

Malaysia has launched the Malaysia Digital Action Plan 2030 (MD2030), a national roadmap that places the Ministry of Digital at the centre of efforts to achieve the country’s ambition of becoming an AI-driven nation by 2030.

Unveiled by Prime Minister Anwar Ibrahim, the strategy aims to transform Malaysia from a consumer of technology into a producer of homegrown digital innovation through a coordinated, whole-of-government approach.

The five-year plan sets national priorities across economic growth, digital public services, infrastructure, talent development, cybersecurity and AI innovation. It is built around seven strategic pillars covering government, the economy, infrastructure, talent, society, trust and security, and innovation.

MD2030 also aligns existing national initiatives, including the Malaysia Digital Economy Blueprint and the National Fourth Industrial Revolution Policy, while supporting the country’s broader economic agenda.

Implementation will be coordinated by the Ministry of Digital in collaboration with agencies including the National AI Office, the Malaysia Digital Economy Corporation, CyberSecurity Malaysia, GovTech Malaysia and MyDIGITAL Corporation.

The government said the strategy will prioritise responsible AI governance, digital trust, AI readiness, smart public services, digital inclusion and the development of domestic AI capabilities across government, business and society.

Why does it matter?

MD2030 positions AI as a core driver of Malaysia’s economic development, public-sector modernisation and long-term competitiveness. By combining AI governance, cybersecurity, digital infrastructure, skills development and innovation within a single national framework, the government is pursuing a coordinated approach to digital transformation rather than isolated technology initiatives.

The strategy also reflects intensifying regional competition to build sovereign AI capabilities. As Southeast Asian countries expand investment in AI infrastructure, talent and governance, Malaysia is seeking to strengthen its domestic innovation ecosystem while promoting trusted and responsible AI adoption across the economy.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

OECD maps AI and citizen participation

The OECD has published a report examining how AI could support citizen participation and democratic innovation while highlighting the safeguards needed for its responsible use.

The report, Artificial Intelligence and the Future of Citizen Participation, was approved and declassified by the OECD Public Governance Committee on 22 June 2026. It was produced as part of the OECD Public Governance Reviews series in collaboration with the Bertelsmann Stiftung.

The report says public participation can help governments design better policies and strengthen trust. It cites OECD trust findings showing that people who feel they have a say in government decisions are far more likely to report high trust in government.

The OECD notes that governments have long relied on digital technologies, including online platforms and civic tech tools, to expand public participation. AI represents the next stage of this evolution, with governments increasingly experimenting with tools for consultation, deliberation, communication and policy analysis.

The report is based on desk research and analysis of 50 AI use cases in participation processes from 22 OECD member and partner countries. It proposes a typology to help public officials and practitioners understand where AI tools may be useful and what challenges they may address.

Based on an analysis of 50 AI use cases from 22 OECD member and partner countries, the report proposes a typology covering nine categories of AI applications, including information development, sense-making, translation, transcription, virtual assistance, moderation, facilitation, simulation and participation architecture.

These tools can support both front-office activities, where citizens interact directly with government, and back-office activities, where public administrations design, analyse and manage processes internally.

According to the OECD, AI could make participation processes more accessible and efficient by helping governments analyse large volumes of public input, improve communication, reduce administrative costs and broaden participation.

Sense-making tools can help analyse large amounts of text submitted during consultations. Translation and transcription tools can make processes more accessible across languages and formats, while virtual assistants can help people navigate information about citizen participation opportunities.

AI can also support moderation and facilitation. The report says such tools may help prevent spam, hate speech or manipulation in online discussions, and could support live deliberation by identifying common ground or structuring debate.

However, the OECD cautions against treating AI as a simple fix for democratic challenges. It says technology alone cannot solve problems such as weak links between participation processes and actual policy decisions.

The report also highlights ethical, operational and societal risks, including algorithmic bias, opaque decision-making, hallucinations, cybersecurity threats, digital exclusion and declining public trust if AI systems are poorly designed or deployed.

The OECD also highlights the risks of inaction, noting that governments may miss valuable opportunities if they avoid AI tools even when they could be applied responsibly.

The report says governments should establish guardrails for AI use in citizen participation, including transparency, compliance with democratic values, protection of civic space, attention to data divides and low-tech alternatives for citizens with limited digital access.

It also calls for stronger enablers, including AI literacy, skills development, citizen engagement in the design and governance of AI systems, open standards where appropriate, and support for scaling successful pilots.

The OECD concludes that most public-sector use of AI in citizen participation remains experimental. It argues that lasting benefits will depend on transparent governance, human oversight and continued efforts to strengthen democratic participation beyond technology alone.

Why does it matter?

Governments are increasingly exploring AI as a way to make public participation more accessible, scalable and responsive. The OECD’s report shows that AI can support consultation, deliberation and policy analysis, but only when accompanied by safeguards that protect transparency, inclusion and democratic accountability.

The report also reinforces a broader shift in AI governance from technical capability to institutional design. By emphasising human oversight, civic participation, digital inclusion and democratic values, the OECD argues that AI should enhance, not replace, the processes that underpin public trust and democratic decision-making.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia doubles penalties and expands eSafety powers under social media age law

The Australian Government has introduced legislation to strengthen enforcement of its minimum age law for social media platforms, expanding the powers of the eSafety Commissioner and significantly increasing penalties for non-compliance.

The reforms are intended to strengthen oversight of platforms operating in Australia that fail to prevent users under the age of 16 from accessing their services.

Under the proposed legislation, the eSafety Commissioner would receive enhanced information-gathering powers, including the authority to compel platforms and relevant third parties, such as age assurance providers and app stores, to provide documents and evidence demonstrating compliance.

The reforms would also substantially increase penalties for failing to comply with information requests and for systemic breaches of the legislation.

The government said millions of accounts belonging to users under 16 have already been removed, deactivated or restricted since the law entered into force.

However, the government argues that some major platforms continue to do only the minimum required, prompting the need for stronger enforcement powers and greater regulatory accountability.

Why does it matter?

The reforms mark a shift from establishing online child safety rules to enforcing them more aggressively. By expanding the eSafety Commissioner’s investigative powers and increasing penalties, Australia is signalling that platforms will face greater accountability if they fail to implement effective age assurance measures.

The legislation also reinforces Australia’s position as one of the most active jurisdictions in regulating children’s online safety. Its approach could influence other countries considering stronger enforcement mechanisms for age verification, platform responsibility and the protection of minors in digital environments.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

KIDZONET joins IWF to strengthen child online safety

KIDZONET has joined the Internet Watch Foundation (IWF), strengthening its efforts to protect children online through network-level safeguards.

The company provides child online safety services to telecommunications operators, internet service providers, governments and schools, helping them create safer digital environments without requiring users to install additional software or configure applications.

Through its membership, KIDZONET will integrate the IWF URL List and Non-Photographic Image (NPI) URL List, enabling its partners to identify and block confirmed webpages containing child sexual abuse material more quickly and accurately.

The collaboration reflects a broader move towards embedding child protection directly into internet infrastructure rather than relying solely on platform-level moderation.

By combining KIDZONET’s network-level protection with IWF’s specialist intelligence, the partnership aims to reduce access to criminal content, disrupt its distribution and strengthen protections for children across the digital ecosystem.

Why does it matter?

The partnership highlights a growing shift towards infrastructure-based approaches to online child protection. By integrating verified intelligence directly into telecommunications and internet networks, organisations can prevent access to child sexual abuse material before users encounter it, complementing platform-level moderation and law enforcement efforts.

It also demonstrates the importance of collaboration between specialist organisations and network providers. Combining trusted threat intelligence with network-level filtering can improve the speed and consistency of blocking illegal content while strengthening the broader digital ecosystem’s ability to combat online child sexual exploitation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Australian audit highlights governance gaps in public-sector AI

The Australian National Audit Office has found that IP Australia’s use of AI in the patent rights process is largely effective, while calling for stronger cybersecurity governance, monitoring and strategic oversight.

Auditor-General Report No. 43 of 2025–26 examined whether IP Australia has effective arrangements to support AI adoption in the patent rights process. IP Australia administers intellectual property rights, including patents, trade marks, design rights and plant breeders’ rights.

The agency deployed its first AI tool for patent examination in 2018 and now uses four AI tools in the process. The tools are designed to provide examiners with information to support better decisions, rather than to decide patent applications themselves.

The ANAO said IP Australia has been an early adopter of AI and has progressively improved its governance arrangements. The agency has introduced an AI governance policy, risk-scaled assessment mechanisms and clearer enterprise accountability roles.

However, the audit found that strategic oversight of AI implementation and related benefits is not yet fully established. It said IP Australia’s AI inventory, committee roles and use-case ownership remain works in progress.

Monitoring and reporting were assessed as only partly effective. The ANAO said benefits have been inconsistently defined and measured, making it harder to demonstrate the ongoing effectiveness of AI tools and manage emerging risks.

The ANAO made two recommendations, urging IP Australia to review cybersecurity governance controls for AI and establish clearer risk-based monitoring and reporting arrangements. IP Australia agreed to both recommendations.

The audit said public-sector agencies should regularly reassess AI governance frameworks as they move from experimentation to wider use.

Why does it matter?

The audit shows how AI is moving from experimentation into routine public-sector decision support. IP Australia’s experience points to the benefits of AI in improving efficiency and quality, but also shows that governance must evolve as tools become embedded in official processes. Cybersecurity, accountability, monitoring and measurable benefits are becoming central to responsible AI use in government.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore launches Online Safety Commission for online harms

Singapore’s Online Safety Commission has begun operations, giving victims of online harms a dedicated channel to seek faster support and redress.

The commission was established to support the office of the Commissioner of Online Safety under the Online Safety (Relief and Accountability) Act 2025. Specified provisions on statutory torts under the Act also came into effect on 29 June 2026.

In its first phase, the commission will support victims affected by five categories of online harm: online harassment, including online sexual harassment, doxxing, online stalking, intimate image abuse and image-based child abuse.

Victims of online harassment and online stalking are generally expected to report harmful content to the relevant platform first. If the platform fails to respond promptly or provides an inadequate response within 24 hours, the platform may be reported to the commission. More serious harms, including doxxing and image-based abuse, can be reported directly.

Where there is reason to suspect that online harm has occurred, the Commissioner may issue directions to the person who posted the content, the administrator of the online space or the platform hosting it. These directions may require access to harmful content to be disabled or an account to be restricted. Non-compliance is a criminal offence.

Singapore is also introducing court-based remedies through statutory torts. Victims may bring civil claims against communicators, administrators, or platforms that fail to meet the duties set out in the law. For intimate image abuse and image-based child abuse, courts must award at least $5,000 for each image or recording if the claim succeeds.

The commission will also work with community partners that can provide counselling and practical support to victims and families.

Why does it matter?

Singapore’s Online Safety Commission provides victims of online harms with a dedicated institutional route for faster relief, rather than leaving them to rely solely on platform complaint systems or lengthy court processes. The model combines administrative directions, platform duties, community support and civil remedies. It is especially relevant for image-based abuse, doxxing and child safety, where rapid content restriction and victim support can be critical.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot