Cybersecurity

European consortium launches SHIELD-6G project to develop cybersecurity capabilities for future 6G networks

A consortium of 19 organisations from across Europe has launched SHIELD-6G (Scalable, Hybrid, and Intelligent End-to-End Defense for 6G Networks), a research and innovation project aimed at developing cybersecurity technologies for future 6G communications networks.

The project is coordinated by University College Dublin and brings together universities, research institutes, telecommunications operators, technology companies, and small and medium-sized enterprises from 10 European countries, including Ireland, Spain, Finland, France, the Netherlands, Italy, Greece, Latvia, Estonia, and Türkiye.

According to the consortium, SHIELD-6G will focus on developing a cyber threat intelligence platform designed for future 6G environments. The platform is intended to support the detection, analysis, and response to cyber threats, including previously unknown vulnerabilities and attacks.

The project will explore several technology areas, including AI-based threat detection and response, federated learning for privacy-preserving data processing, digital twin technologies for security testing, and explainable AI approaches intended to improve transparency in cybersecurity operations.

Researchers will evaluate the technologies through use cases in healthcare, smart manufacturing, and maritime communications. These sectors are expected to rely increasingly on advanced connectivity and automated digital systems, creating new cybersecurity requirements.

The initiative is funded through the European Union’s Horizon Europe programme under the Smart Networks and Services Joint Undertaking (SNS JU), which supports research and innovation activities related to future communication networks and services.

According to the project description, SHIELD-6G is expected to contribute to the development of automated network security capabilities, real-time threat detection and mitigation mechanisms, and approaches to compliance and auditing. The consortium also plans to contribute to ongoing discussions on 6G standardisation.

Commenting on the launch, Madhusanka Liyanage of University College Dublin said future communication networks will require security and resilience measures capable of supporting increasingly critical digital services. He said the project aims to develop cybersecurity capabilities that can help protect those services while supporting the broader development of future connectivity infrastructure.

SHIELD-6G is one of several projects funded under the SNS JU programme that aim to advance research on 6G technologies and related cybersecurity challenges as Europe prepares for the next generation of digital communications networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU court clarifies age verification rules for pornographic websites

The Court of Justice of the European Union (CJEU) has clarified the conditions under which EU Member States may require age verification for users of pornographic websites and restrict the rebroadcasting of information about certain roadside checks.

The ruling concerns joined cases involving WebGroup Czech Republic, NKL Associates and Coyote System. The cases were referred by France’s Council of State and concerned French measures requiring pornographic websites to verify users’ ages and allowing restrictions on geolocation driving assistance services that rebroadcast information about certain roadside checks.

The companies argued that the measures breached the country-of-origin principle under the Directive on electronic commerce. Under that principle, information society services are generally governed by the laws of the Member State in which the provider is established.

The Court found that the contested measures, including age verification requirements, fall within the directive’s coordinated field and that applying them to providers established in other Member States constitutes a restriction on the free movement of the services concerned. However, it said the directive allows such restrictions under certain conditions.

The CJEU said Member States may impose measures on providers established elsewhere in the EU where necessary for recognised objectives such as public policy, public security, or public safety. According to the Court, protecting minors through age verification may constitute a public policy objective, while restrictions on rebroadcasting information about certain roadside checks may be justified on public security grounds.

The Court said such measures must be proportionate and targeted at specific information society services that actually prejudice those objectives. Except in urgent cases, the Member State taking the measure must first ask the provider’s Member State of establishment to act and must notify the European Commission and that Member State before adopting the measure.

The ruling means an EU Member State may require providers established in another Member State to introduce age verification systems to prevent minors from accessing pornographic websites, provided the directive’s conditions are met. The referring French court must determine whether the national age verification measures satisfy those conditions.

The Court also addressed liability for information stored and rebroadcast by online services. It said a provider cannot rely on the hosting liability exemption if it has knowledge of or control over the information. Control can exist when a provider uses an algorithm to determine the conditions, methods and priority according to which information is rebroadcast.

The decision therefore clarifies both the limits of the e-commerce country-of-origin principle and the circumstances in which algorithmic control over content distribution may affect platform liability.

Why does it matter?

The ruling provides important guidance on how EU Member States can pursue online safety objectives while respecting the Digital Single Market’s country-of-origin principle. In particular, it confirms that age verification requirements aimed at protecting minors may be applied to providers established in other Member States, provided procedural safeguards and proportionality requirements are met.

The judgement also has broader implications for platform governance and intermediary liability. By highlighting the relevance of algorithmic control in determining whether a provider can benefit from hosting liability exemptions, the Court contributes to ongoing debates about platform responsibility, content moderation and the legal consequences of algorithm-driven content distribution.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UNIDIR launches platform for AI peace and security policy

UNIDIR, Switzerland, and Pakistan will host a pre-launch briefing for the Institute’s Centre of Excellence on AI, Peace and Security in Geneva on 17 June 2026.

The briefing will take place at the Palais des Nations ahead of the centre’s formal launch later the same day. It will bring together stakeholders involved in the governance of AI and international security.

UNIDIR said the Centre of Excellence on AI, Peace and Security is being established at a critical moment for global AI governance, as AI increasingly reshapes international peace and security dynamics. The centre is intended to serve as a permanent platform for consolidating knowledge, connecting stakeholders and maintaining continuity between multilateral processes and global discussions on AI and international security.

The platform aims to promote greater continuity and coherence across international AI governance initiatives. It will also promote inclusive global engagement and provide practical, evidence-based policy guidance, resources, and capacity-building support.

According to UNIDIR, the goal is to strengthen international cooperation on the governance of AI in peace and security contexts, amid growing urgency and complexity.

The pre-launch briefing will introduce the centre as a platform for multistakeholder engagement and actionable knowledge generation. Participants will also be invited to express interest in supporting the centre, joining its Forum and contributing to future activities.

Speakers will include Dr Giacomo Persi Paoli, Head of UNIDIR’s Security and Technology Programme; Reto Wollenmann, Senior Advisor on AI and International Security at Switzerland’s Federal Department of Foreign Affairs; and Husham Ahmed, Counsellor at the Permanent Mission of Pakistan to the UN in Geneva.

The briefing will also include an overview of the centre’s governance structure and ways for states and other stakeholders to engage through its Forum. The event will be moderated by Dr Yasmin Afina, Researcher in UNIDIR’s Security and Technology Programme.

Why does it matter?

AI is becoming an increasingly important factor in international peace and security, influencing areas ranging from military applications and cyber operations to information integrity, crisis management and strategic stability. As discussions on AI governance expand across multiple international forums, there is growing demand for mechanisms that can provide continuity, expertise and coordination between policy processes.

The new UNIDIR centre seeks to fill that gap by creating a permanent platform for research, dialogue and capacity-building. By bringing together governments, international organisations, industry, academia and civil society, it could help promote more inclusive and evidence-based approaches to governing AI in security contexts, particularly for countries with limited resources or technical expertise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Western Balkans schools explore AI in education with UNESCO and UNICEF support

Educators from across the Western Balkans gathered in Sarajevo to discuss the rapid rise of AI in education and its implications for teaching and learning. The regional conference brought together more than 80 teachers and practitioners from Bosnia and Herzegovina, Croatia, Serbia and Slovenia.

Supported by UNESCO, UNICEF, the French Institute and the Croatian Cultural Society ‘Napredak’, the event focused on both the opportunities and risks associated with AI adoption in education. Discussions covered ethical use of AI, data protection, safeguarding learner well-being and maintaining educational integrity in digital environments.

Workshops provided hands-on training in AI tools, allowing participants to explore how the technology can be used responsibly and effectively in classroom settings. UNESCO also introduced multilingual resources on AI in education, aimed at improving access to practical guidance and best practices across the region.

The initiative highlighted a shared priority among educators: ensuring that AI supports human-centred learning while teachers remain central to delivering effective, inclusive and equitable education.

Why does it matter?

The integration of AI into education systems marks a structural shift in how learning is designed, delivered and evaluated, with implications that extend beyond classrooms into labour markets and civic participation. As governments and institutions experiment with AI tools, the key challenge is ensuring that efficiency gains do not come at the expense of equity, privacy and critical thinking.

Regional cooperation and shared ethical frameworks, such as those promoted by UNESCO, are therefore essential for preventing fragmented adoption and widening digital divides, while helping education systems remain adaptable, inclusive and centred on human development in an increasingly automated environment.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Canada enacts cybersecurity legislation to protect critical infrastructure

Canada has strengthened its national cybersecurity framework after Bill C-8, the Act Respecting Cyber Security (ARCS), received Royal Assent.

The legislation is designed to strengthen the security of critical infrastructure and telecommunications networks that support essential services across Canada.

The new law amends the Telecommunications Act by making security an explicit policy objective and granting the government additional powers to require action against threats targeting telecommunications systems.

The legislation also establishes the Critical Cyber Systems Protection Act, creating a regulatory framework for designated operators in the finance, telecommunications, energy and transportation sectors.

Under the new framework, organisations responsible for critical systems will be required to implement enhanced cybersecurity measures, report significant cyber incidents and comply with new security obligations. The government of Canada argues that the measures are necessary as cyber threats continue to increase in both frequency and sophistication.

While amendments to the Telecommunications Act take effect immediately, implementation of the Critical Cyber Systems Protection Act will occur gradually through a phased approach. Canadian officials said the legislation will help strengthen national resilience, protect sensitive information and support the uninterrupted operation of essential services.

Why does it matter?

The legislation reflects a growing international shift towards mandatory cybersecurity requirements for operators of critical infrastructure. Governments increasingly view cyber resilience as a matter of national security, particularly as cybercriminal groups and state-linked actors target sectors whose disruption could have significant economic and societal consequences.

The new framework also signals a move from voluntary cybersecurity practices towards enforceable obligations. By requiring organisations to strengthen security measures, report incidents and comply with regulatory requirements, Canada is seeking to improve visibility into cyber threats and reduce risks to essential services and national infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

US FTC reveals record losses from imposter scams in 2025

The US Federal Trade Commission said consumers reported losing $3.5 billion to imposter scams in 2025, nearly tripling from 2020.

The FTC said imposter scams were the most reported fraud category last year, accounting for nearly one in three fraud reports. Consumers were targeted through text messages, phone calls, email, social media, search engine results and other channels.

Some of the costliest scams began with fake security alerts that often appeared to come from banks. Victims were persuaded to move money to ‘protect’ it, with losses often limited only by the funds they had available.

Consumers reported losing nearly $1 billion to business impersonators in 2025, with the highest losses linked to bank impersonators. Reported losses to government impersonators reached about $920 million, up from $789 million in 2024.

The figures form part of a wider rise in reported fraud losses. The FTC said consumers reported losing about $16 billion to all types of fraud in 2025, the highest figure on record and around 25% higher than in 2024.

The data were released as the FTC, the Department of Justice, the Department of Health and Human Services and members of the Elder Justice Coordinating Council launched the Never Ever campaign. The public-private campaign aims to raise awareness of government and business imposter scams, including scams affecting older adults.

The FTC also pointed to its 2024 Impersonation Rule, which gives the agency stronger tools to pursue scammers impersonating government agencies and businesses. Since the rule was finalised, the FTC said it has brought a dozen enforcement actions and obtained more than $70 million in redress for consumers.

Why does it matter?

Imposter scams exploit trust in digital communications, financial institutions and government services. Fake bank alerts, official-looking messages and multi-channel fraud campaigns can push consumers to act quickly and transfer money before they verify the request. The FTC’s response shows how consumer protection is increasingly combining fraud data, enforcement tools and public education to address digital trust risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EDPS warns Shadow AI creates hidden data protection risks

The European Data Protection Supervisor (EDPS) has warned that Shadow AI can create hidden data protection and breach risks when employees use unauthorised AI tools without organisational approval. The warning was published in a blog post by EDPS Wojciech Wiewiórowski on 15 June 2026.

The EDPS said Shadow AI can include tools such as generative AI chatbots, coding assistants and automated note-taking applications. While employees may use them as shortcuts to improve productivity, unauthorised AI tools can bypass data protection and security safeguards.

According to the EDPS, data entered into unapproved AI tools can fall into a regulatory and compliance blind spot. Unauthorised tools may lack formal agreements governing the legal basis for processing, data retention periods and safeguards for international data transfers.

The EDPS also warned that Shadow AI can create a transparency gap, making it difficult for organisations to determine where information is stored, how it is processed or whether it is used to train AI models. Such tools can also introduce security vulnerabilities, including automated meeting recorders joining meetings without oversight from IT security teams.

The blog post argues that organisations should address these risks proactively rather than attempting to ignore or prohibit them outright. Instead, they should adopt proactive AI governance policies that define authorised AI use, establish data classification rules and set approval processes for new technologies.

The EDPS said policies should be backed by technical controls and monitoring, including blocking unapproved AI domains, enforcing data loss prevention rules and restricting the installation of unauthorised AI software. The EDPS also recommended that organisations provide approved AI platforms that are secure, compliant and capable of meeting employees’ operational needs.

The EDPS said reducing Shadow AI risks requires cooperation between data protection officers, IT departments, security teams and business functions. The aim, it said, is to protect data subject rights and institutional information while enabling responsible AI adoption.

Why does it matter?

Shadow AI turns everyday workplace AI use into a data protection and cybersecurity issue. Employees may use unauthorised tools to save time, but organisations can lose visibility over personal data, legal compliance, retention, international transfers and model training.

The warning also shows that responsible AI adoption depends on more than staff guidance. Organisations need approved AI tools, technical controls, monitoring and cooperation between data protection, IT, security and business teams to reduce breach risks without blocking useful innovation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OAIC finds American Express breached privacy rules

Australia’s privacy regulator has found that American Express Australia interfered with a complainant’s privacy by failing to take reasonable steps to protect personal information from unauthorised access.

The Office of the Australian Information Commissioner published a summary report of the determination in the matter of ‘BAM’ and American Express Australia Limited, rather than the full determination, after considering confidentiality claims and potential harms linked to disclosure of sensitive information.

Australian Privacy Commissioner Carly Kind found that American Express Australia breached Australian Privacy Principle 11.1 under the Privacy Act 1988. The case followed a lengthy investigation into insider security risk within a financial institution.

The OAIC said insider security risk remains a significant but frequently overlooked threat to organisations and to individuals whose personal information they hold. It said the risk is particularly important in sectors such as financial services, where organisations store large volumes of personal information.

Under the determination, American Express Australia must compensate the complainant for economic loss, non-economic loss and complaint-related expenses. It must also issue a written apology acknowledging the interference with privacy.

The company must implement technical controls across relevant systems to restrict employee access to specific customer information, including for vulnerable or high-profile customers. It must also introduce account-level access logging and action logging across relevant systems that remain in operation.

The OAIC said the determination underscores the role of ICT access controls in protecting personal information from unauthorised access by employees.

Why does it matter?

The determination shows that privacy protection is not only about preventing external cyberattacks or data breaches. Organisations also need internal controls that restrict, monitor and log employee access to customer information. For financial institutions and other data-rich sectors, insider risk is now clearly a privacy compliance issue, not just an internal security or HR problem.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic AI restrictions reignite debate over AI sovereignty

US government restriction on foreign access to Anthropic’s Fable 5 and Mythos 5 models has triggered broader concerns about AI sovereignty among American allies. The move has raised questions about whether governments and companies outside the United States can reliably depend on frontier AI systems controlled by US firms and subject to national security restrictions.

The directive reportedly required Anthropic to prevent non-American users, including foreign nationals working inside the company, from accessing the models. Anthropic responded by suspending access more broadly, stating that this was the only practical way to comply with the directive.

The immediate dispute centres on concerns that Fable 5 could be jailbroken and used beyond its intended safeguards. However, the broader impact extends beyond one company or one model. Governments, security agencies and companies that had secured access to Anthropic’s most advanced systems reportedly saw those permissions withdrawn overnight.

The Anthropic cutoff has been particularly sensitive for US allies. Reports indicate that the restrictions extended even to partners in the Five Eyes intelligence alliance, including Australia, the UK, Canada and New Zealand. The UK’s AI Security Institute, which has played a leading role in testing and evaluating advanced models, was also reportedly affected.

The episode has strengthened arguments that countries may need greater sovereign AI capabilities rather than relying heavily on frontier models controlled by foreign providers. For allies, the question is not only whether they can access advanced AI systems today, but whether that access can be withdrawn suddenly because of US policy decisions, export controls or national security interventions.

The episode also highlights a difficult policy trade-off for the United States. The United States has a strategic lead in frontier AI and may seek to prevent the most capable systems from being misused or accessed by adversaries. Yet applying broad restrictions to allies and foreign employees could damage trust, disrupt research and push other countries to accelerate domestic AI development.

For middle powers, building AI sovereignty will not be straightforward. Training frontier models requires advanced chips, large-scale compute infrastructure, talent and capital, all of which remain concentrated in a small number of countries and firms. Restrictions on chip exports could also limit the ability of allies to build independent alternatives.

The dispute, therefore, points to a wider geopolitical shift in AI governance. As frontier AI models become more capable, access to them is increasingly being treated as a matter of national security. That could force governments to rethink procurement, cloud dependence, AI testing partnerships and long-term strategies for technological sovereignty.

Why does it matter?

The episode illustrates how access to advanced AI systems is becoming a strategic issue rather than simply a commercial service. As frontier models become increasingly important for research, cybersecurity, defence, innovation and economic competitiveness, governments are beginning to view access controls through the lens of national security and geopolitical influence.

The case also highlights a growing tension between AI leadership and international trust. While countries may seek to restrict access to powerful systems to prevent misuse, abrupt limitations affecting allies can encourage efforts to build domestic AI capabilities and reduce dependence on foreign providers. As a result, debates about AI sovereignty, technological autonomy and strategic resilience are likely to become increasingly central to digital policy worldwide.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU extends Cybersecurity Reserve support to Ukraine

Ukraine can now activate emergency EU cyber support during significant or large-scale cybersecurity incidents after the Council of the European Union approved its inclusion in the EU Cybersecurity Reserve.

The Reserve, managed by the European Union Agency for Cybersecurity, provides incident response services from trusted private-sector providers to help contain and mitigate major cyber incidents.

The European Commission said the decision reflects closer EU-Ukraine cooperation and forms part of wider efforts to strengthen preparedness, rapid response and shared expertise against evolving cyber threats.

The move also aligns with the EU’s strategic digital partnership agenda and follows Moldova’s inclusion in the Cybersecurity Reserve in 2024 under the Cyber Solidarity Act.

European Commission Executive Vice-President Henna Virkkunen said Ukraine’s inclusion strengthens collective cyber defences and reaffirms European solidarity at a time of persistent cyber threats.

Why does it matter?

Ukraine’s inclusion in the Cybersecurity Reserve extends EU cyber crisis support to a country facing sustained cyber pressure linked to geopolitical conflict. The decision shows how the EU is using the Cyber Solidarity Act and related mechanisms not only for internal resilience, but also for strategic partnerships. It also strengthens the role of ENISA-coordinated incident response services and trusted private providers in Europe’s wider cyber crisis management framework.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.