Cybersecurity

Council of Europe highlights role of democracy and AI governance in security

The Council of Europe has called for a legal and democratic framework for European security in its 2026 annual report, warning that the continent cannot separate security from democracy, human rights, and the rule of law.

Secretary General Alain Berset presented his 2026 annual report, titled ‘The New Democratic Pact for Europe in times of rupture’, to foreign ministers from the Council of Europe’s 46 member states during the Committee of Ministers session in Chişinău on 15 May.

The report states that Europe is increasing defence spending and argues that military measures alone cannot provide lasting security. Berset said democratic security depends on legal safeguards, resilient institutions, and public trust.

The report links Europe’s security challenges to Russia’s invasion of Ukraine, foreign information manipulation, and declining trust in democratic systems. It also stresses that safeguards for human rights and democratic principles must keep pace with rapid technological change, including digital technology and AI.

Berset argues that social rights, health, education, and institutional trust have too often been treated as ‘soft security’. He said security depends on public trust in institutions and resilient democratic systems.

The report presents the state of play of the New Democratic Pact for Europe, launched in 2025 to identify integrated responses to democratic backsliding and renew democratic governance across the continent. Its first consultation phase runs until December 2026.

The annual report is structured around six areas: countering information manipulation and disinformation; promoting social rights; defending equal rights and inclusion; safeguarding elections and democratic processes; supporting civic space and fundamental freedoms; and promoting positive use of digital technology and AI, including action against cyber-enabled threats.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

WEF highlights cybersecurity as a strategic economic priority in the AI era

The World Economic Forum said cybersecurity is rapidly evolving into a strategic economic and national security priority as AI systems, geopolitical tensions, and increasingly interconnected digital ecosystems reshape global cyber risks.

During the Annual Meeting on Cybersecurity 2026 held in Geneva, participants discussed how cyber threats are increasingly affecting economic activity, supply chains, financial systems, and critical infrastructure.

The forum said large-scale cyber incidents can disrupt national economies and critical infrastructure. The report referenced a major 2025 cyberattack that disrupted UK automotive production and reportedly contributed to weaker GDP growth, with estimated economic losses reaching approximately £1.9 billion.

WEF argued that organisations are increasingly abandoning compliance-driven cybersecurity models in favour of measurable resilience strategies focused on rapid recovery, operational continuity, incident response readiness, and stronger governance structures.

AI featured heavily throughout the discussions. The forum warned that attackers are using AI almost universally, allowing cyber operations to become faster, more autonomous, and more scalable. Leaders also highlighted emerging risks linked to agentic AI systems, software supply chain vulnerabilities, and quantum computing developments.

Participants stressed that cyber resilience now requires far broader coordination between governments, regulators, businesses, insurers, and infrastructure operators. Public-private cooperation, information-sharing systems, interoperable intelligence frameworks, and cross-border regulatory coordination were described as increasingly necessary to manage systemic cyber risks.

The discussions also focused on cyber-enabled fraud, scams, and online criminal operations that increasingly target both institutions and ordinary citizens across digital ecosystems. Experts argued that cybersecurity strategies must combine technological protection, digital literacy, public awareness, and platform-level safeguards instead of relying solely on reactive responses.

WEF concluded that cybersecurity is becoming inseparable from economic security and strategic stability in the AI era, with future resilience depending heavily on how effectively governments and industries align incentives, quantify cyber risk, and strengthen cooperation across interconnected systems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK’s Ofcom accepts X commitments on illegal hate and terror content moderation

Ofcom has accepted a series of public commitments from X aimed at strengthening protections for UK users against illegal hate speech and terrorist content under the Online Safety Act framework.

Under the commitments, X will review suspected illegal terrorist and hate content reported through its dedicated UK illegal content reporting tool within an average of 24 hours. As a backstop, the platform will review at least 85% of such reports within 48 hours. Ofcom said the targets, if met, would give UK users some of the strongest protections on X globally.

X is also committed to engaging external experts on reporting systems for illegal hate and terror content, following concerns from organisations that reports submitted to the platform were not always clearly acknowledged or acted on. The company also said it would withhold access to accounts reported for posting illegal terrorist content in the UK if it determines they are operated by or on behalf of a terrorist organisation proscribed in the UK.

Ofcom said X will submit quarterly performance data over the next 12 months so the regulator can monitor whether the platform is meeting its commitments. The regulator added that its broader compliance programme examining how major social media services handle illegal hate and terrorist material remains ongoing.

The announcement comes amid wider scrutiny of illegal hate content on major social media platforms. Ofcom said evidence gathered from civil society and expert organisations, including the Antisemitism Policy Trust, Tech Against Terrorism and Tell MAMA, indicates that such content persists on some of the largest social media sites.

Ofcom also noted that its investigation into X’s Grok remains ongoing, focusing on the company’s compliance with duties to deal with illegal content and the systems it has in place to do so.

Why does it matter?

The commitments show how the UK’s Online Safety Act is beginning to translate into concrete performance expectations for major platforms. Review-time targets, expert engagement and regular reporting to Ofcom could make illegal hate and terrorist content moderation more measurable. Still, the wider test will be whether X delivers these protections in practice and whether similar pressure is applied across other large platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Europe’s AI future increasingly depends on electricity and power infrastructure

A new opinion piece published by the World Economic Forum argues that the global AI race is rapidly shifting from software and models towards electricity generation, power infrastructure, and compute capacity.

The analysis by Lucy Yu, CEO for Centre for Net Zero, suggests that Europe’s future competitiveness in AI may depend less on research talent and more on whether the region can deliver clean and reliable energy fast enough to support expanding AI infrastructure.

The article highlights how the US and China continue to dominate the global AI ecosystem through massive investments in data centres, cloud infrastructure, and semiconductor capacity. Europe, meanwhile, faces growing concerns over digital dependence, particularly because US hyperscalers control most of the European cloud market while China maintains a leading position in AI patent filings and industrial deployment.

One of the central concerns involves the speed of infrastructure deployment. Grid connection timelines in some European markets can reportedly stretch close to a decade, while energy prices remain significantly higher than in the USA.

Such delays are already affecting investment decisions, with some operators reportedly bypassing congested electricity networks through direct links to gas-fired power plants, despite Europe’s broader net-zero objectives.

One more argument is that Europe’s challenge is not necessarily a shortage of renewable energy resources, but rather the inability to coordinate energy generation, electricity demand, and infrastructure deployment efficiently.

Offshore wind in the North Sea, southern European solar generation, and Scandinavian hydropower are identified as major strategic assets that remain underutilised because of fragmented infrastructure planning.

Large-scale data centres may help stabilise electricity systems by creating predictable demand patterns capable of improving grid utilisation and spreading infrastructure costs across greater consumption volumes.

Flexible AI data centres, battery systems, distributed energy resources, and AI-powered energy management systems are presented as possible solutions capable of reducing network strain and supporting cleaner electricity integration.

Lucy Yu’s analysis concludes that Europe still has an opportunity to compete in the next phase of AI development, but warns that the window is narrowing quickly. Without faster regulatory coordination, grid modernisation, and energy infrastructure reform, AI investment could increasingly shift towards regions capable of delivering power and compute capacity more rapidly.

Why does it matter?

The debate reflects a major structural shift in the global AI economy. Instead of competing only on algorithms and talent, countries are increasingly competing on access to electricity, semiconductor infrastructure, and data centre capacity. Decisions taken during the next few years could determine whether Europe becomes a major AI infrastructure hub or remains dependent on foreign cloud providers and external compute ecosystems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK committee urges stronger online safety protections

The UK Parliament’s Science, Innovation and Technology Committee has urged the government to strengthen online safety protections for young people, following evidence on proposals to restrict social media access for under-16s.

Committee Chair Dame Chi Onwurah wrote to Science, Innovation and Technology Secretary Liz Kendall and AI and Online Safety Minister Kanishka Narayan after an evidence session on age-based restrictions.

The committee said there is strong and consistent evidence of significant individual harms linked to social media use, alongside a growing body of evidence showing wider negative impacts. It said there is a clear need to protect people, especially young users, from those harms.

The letter argues that responsibility for preventing harm should not rest solely on young people or parents. It says government inaction on online safety is not an option and calls for stronger enforcement of existing age restrictions

The committee also urged the government to revisit its July 2025 report on social media misinformation. Although the government accepted almost all of the report’s conclusions, the committee said it rejected almost all recommendations for change. It is now calling for action on misinformation, harmful algorithms, and online harms in the new parliamentary session.

Dame Chi Onwurah said: ‘The status quo, where social media companies are neither accountable nor responsible for preventing harms, isn’t acceptable. It’s clear social media can cause real harm and more must be done to protect people, especially young users. If any other consumer product caused these harms, it would’ve been recalled or changed. Shouldn’t the same be true for social media services and design features?’

She added: ‘The government must urgently address gaps in the regulation, legislation and enforcement of online safety. It should revisit and adopt my committee’s previous recommendations on tackling misinformation and harmful algorithms and bring forward legislation to effectively tackle online harms in the new parliamentary session.’

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI governance priorities outlined by EU at UN dialogue

The European Union has called for the UN Global Dialogue on AI Governance to focus on responsible innovation, human rights, capacity-building and stronger interoperability between AI governance frameworks.

In a statement delivered on behalf of the EU and its member states, the bloc said the dialogue should examine AI’s social, economic, ethical, cultural, linguistic, technical and environmental implications. It also argued that responsible AI innovation should be framed not only as a risk-management challenge, but also as an opportunity for public benefit in areas such as education and government.

The EU urged participants to address who controls the data, compute and value chains behind AI systems. It also highlighted linguistic and cultural diversity, warning that AI systems trained mainly on a limited number of languages can produce less accurate and more costly outputs for speakers of underrepresented languages.

Capacity-building was presented as a core condition for effective AI governance, particularly for developing countries. The EU said countries and institutions need the skills, systems and human capacity to evaluate, question and deploy AI responsibly, while treating AI infrastructure as a matter of public interest rather than only market access or proprietary control.

The statement also identified agentic AI as an emerging governance frontier, arguing that such systems raise new questions around accountability, oversight and control that existing frameworks do not yet adequately address.

On safe and trustworthy AI, the EU called for greater compatibility between governance approaches to prevent regulatory arbitrage and support responsible cross-border deployment. It said trust should not rely only on self-assessment or voluntary disclosure, but also on auditability, traceability, validation mechanisms, certification approaches and evaluation frameworks for high-risk systems.

The EU also urged a human-centric, human rights-based approach grounded in international law. It identified AI-facilitated gender-based violence, harmful AI-generated content affecting children and older persons, manipulative algorithmic systems, data exploitation and AI-enabled surveillance as areas requiring dedicated attention.

The statement called for the UN dialogue to build on existing initiatives, including those led by UNESCO, ITU, UNDP, OHCHR, GPAI, the Council of Europe, the Hiroshima Process and AI summit processes. The EU also supported more interactive thematic sessions, continuity between dialogue editions and a co-chairs’ summary reflecting both converging and diverging views.

Why does it matter?

The EU statement shows how global AI governance debates are moving beyond broad principles towards questions of implementation, institutional capacity and interoperability between frameworks. By linking AI infrastructure, human rights, auditability and agentic AI, the EU is signalling that future international coordination will need to address both today’s deployment risks and the governance challenges posed by more autonomous systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ICO warns organisations about growing AI cyber threats

The UK Information Commissioner’s Office has warned that AI is enabling faster, more advanced and harder-to-detect cyberattacks, urging organisations to strengthen their defences against emerging threats.

In a blog post, the regulator highlighted risks such as AI-generated phishing emails, deepfake social engineering, automated vulnerability scanning, AI-powered malware, credential attacks, data poisoning and indirect prompt injection. The ICO said cybersecurity must be treated as a shared responsibility, with organisations expected to take proactive steps to protect the personal data they hold.

The ICO said strong foundational security measures remain essential, but should be reinforced with layered defences to counter AI-powered threats. It pointed to practical steps such as patching systems, restricting access through multi-factor authentication, applying least-privilege principles and managing supplier risks.

The recommendations also include monitoring systems for unusual activity, carrying out vulnerability scanning and penetration testing, and maintaining regularly tested incident response plans. The ICO said AI can also support cyber defence, but should operate within a clear framework of human oversight and accountability.

Organisations are further advised to minimise data collection, conduct regular data audits and train staff to recognise AI-powered social engineering attacks. The ICO said AI tools processing high-risk personal data should be supported by data protection impact assessments and appropriate safeguards.

Why does it matter?

The ICO’s warning links AI-powered cyber threats directly to data protection obligations. As attackers use AI to scale phishing, exploit vulnerabilities and impersonate trusted contacts, organisations are expected not only to improve technical security, but also to limit the personal data they hold, strengthen governance and prepare for faster-moving incidents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

CMA opens Strategic Market Status investigation into Microsoft business software

The UK Competition and Markets Authority has opened a Strategic Market Status investigation into Microsoft’s business software ecosystem, marking another major step in the country’s digital competition regime.

The investigation will examine Microsoft’s position across workplace software products widely used throughout the UK economy, including productivity software, personal computer and server operating systems, database management systems, security software and its growing AI assistant ecosystem, including Copilot. The CMA said more than 15 million commercial users across the UK rely on Microsoft’s software ecosystem.

Regulators will assess whether Microsoft has Strategic Market Status in business software and whether its position may limit customer choice. The CMA said it will examine concerns linked to product bundling, interoperability limits and default settings that could make it harder for businesses and public-sector organisations to switch providers or combine Microsoft tools with competing products.

The authority will also examine how competing AI services can integrate with Microsoft’s business software as workplace tools increasingly incorporate AI and agentic AI functions. The CMA said customers should be able to access software and AI services from a range of suppliers rather than being locked into a single ecosystem.

Cloud competition concerns are also linked to the probe. An SMS designation would allow the CMA to consider targeted interventions related to Microsoft’s software licensing practices, which were previously identified as reducing competition in cloud services.

The CMA will gather evidence from Microsoft, customers, rivals, challenger technology firms and other stakeholders before deciding whether to designate Microsoft with Strategic Market Status. The regulator said the investigation does not assume wrongdoing and that any future interventions would depend on the evidence and relevant legal tests.

Why does it matter?

The investigation shows how digital competition oversight is moving deeper into enterprise software, cloud infrastructure and AI-enabled workplace tools. As products such as Copilot become embedded in systems used by businesses and public services, regulators are increasingly treating interoperability, bundling and switching costs as strategic competition issues rather than narrow technical questions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK NAO guide sets AI oversight questions for public bodies

The UK National Audit Office has published a good practice guide for public sector organisations using AI, setting out questions for audit and risk assurance committees overseeing the planning, deployment and scaling of the technology.

The guide draws on NAO findings, the UK government’s AI Playbook and lessons from digital transformation programmes. It advises committees to assess whether organisations are clear on why they are using AI, what risks they need to manage and how responsible adoption will be assured. The NAO says the guide will evolve as AI continues to develop.

AI is already being used across government for fraud and error detection, imaging, document processing, operational management, research and monitoring, text generation, virtual assistants and coding support. The NAO notes that several of these uses may involve personal data, making governance, assurance and data protection especially important.

The guide warns that productivity gains from AI should not be assumed. AI may speed up individual tasks, but those gains do not automatically translate into organisation-wide savings, particularly where work still depends on approvals, governance processes or human judgement.

The NAO also highlights external risks from AI use, including increased demand on public services, more low-quality or repeated submissions, higher fraud risks, cyberattacks and attempts to extract sensitive data. Audit committees are advised to ensure organisations can anticipate, monitor and mitigate such risks.

Key areas for oversight include innovation, AI strategy, leadership and skills, data, security, pilots, scaling, guardrails and workforce culture. The guide says strong digital and AI strategies should be business-led, aligned with organisational priorities, backed by leadership support and supported by clear governance, funding and measurable objectives.

Data quality, accessibility and governance are presented as foundational risks, with weak data affecting model performance, bias, explainability and reliability. The NAO also warns that AI can increase exposure to operational and security risks, including data breaches, model manipulation, supply-chain risk and resilience problems.

Recommended guardrails include acceptable use policies, data protection controls, bias testing, human oversight of automated decisions and clear accountability for AI outcomes. The guide also urges organisations to plan for workforce changes, including new skills needs, role redesign, AI literacy, risks to entry-level learning, overreliance on automation and loss of institutional knowledge.

Why does it matter?

The guide shows that public-sector AI adoption is becoming an audit, governance and accountability issue, not only a technology project. By focusing on oversight questions, the NAO is pushing public bodies to test whether AI projects have clear objectives, reliable data, measurable benefits, security controls and safeguards for staff and citizens before they are scaled.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Google outlines AI-driven measures against online scams and fraud

Google has outlined new and existing measures to tackle online scams and fraud ahead of the second EMEA Anti-Scams and Fraud Summit, hosted by the Google Safety Engineering Centre in Zurich.

The company said the summit brings together representatives from governments, technology companies, consumer groups and academia to discuss collective responses to increasingly sophisticated scams. Google said its approach combines AI-driven protections across its products with wider cooperation involving industry and public authorities.

Google highlighted the use of AI-powered systems in services including Gmail, Chrome, Search, Ads and Phone by Google. The company said Gmail blocks more than 99.9% of spam, phishing and malware, while Search filters out hundreds of millions of spam-related pages daily. It also said its systems caught more than 99% of policy-violating ads before they reached users in 2025.

User-facing tools are also part of the company’s anti-scam strategy. Google pointed to Security Checkup, Passkeys, 2-Step Verification, Circle to Search and Google Lens as tools that can help users strengthen account protection and verify suspicious messages or content.

The company also highlighted public awareness and education initiatives, including Be Scam Ready, a game-based programme that uses simulated scam scenarios to help users recognise common tactics. Google said a previous Google.org commitment of $5 million is supporting anti-scam initiatives in Europe and the Middle East, including work by the Internet Society and Oxford Information Labs.

Google also referred to cooperation through the Global Signal Exchange, a threat-intelligence sharing platform for scams and fraud. As a founding partner, Google said it both contributes to and draws from the platform, which now stores more than 1.2 billion signals used to identify and disrupt criminal activity.

The company said it also works with law enforcement agencies, including the UK’s National Crime Agency, and participates in the Industry Accord Against Online Scams and Fraud. Google also pointed to legal actions against scam operations and botnets, including cases involving Lighthouse and BadBox.

Why does it matter?

Online scams are increasingly industrialised, cross-platform and supported by AI-enabled tactics, making them difficult to address through product-level security alone. Google’s approach shows how major technology companies are combining automated detection, user education, threat-intelligence sharing and law enforcement cooperation to respond to fraud. The wider policy issue is how much responsibility large platforms should bear for detecting and disrupting scams before they reach users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.