NCSC warns of growing cyber risks to critical infrastructure

Hostile state actors were linked to around three-quarters of cyber attacks affecting the UK’s critical national infrastructure over the past year, according to the head of the National Cyber Security Centre.

Speaking at the Royal United Services Institute’s Annual Security Lecture, NCSC CEO Dr Richard Horne said the agency managed more than 200 cyber incidents affecting critical national infrastructure and its supporting ecosystem in the year to May 2026.

Horne said around 75% of those incidents were believed to be linked to state actors. He warned that hostile states are increasingly targeting the systems that underpin essential services in the UK.

The NCSC chief said cybersecurity should not be treated only as a technical risk to be managed, but as an ongoing contest with capable adversaries. He urged executives and board members to improve resilience by understanding their exposure to threats, strengthening proven security fundamentals and ensuring organisations can continue operating and recover quickly after attacks.

Horne also warned that AI is likely to accelerate the threat. The NCSC assesses that by 2028, attackers will probably use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale across critical national infrastructure.

He said many serious incidents still occur because basic cybersecurity measures are not in place. The warning places legacy systems, board-level accountability and operational resilience at the centre of the UK’s critical infrastructure security debate.

Why does it matter?

The NCSC warning shows that cyber attacks on critical infrastructure are no longer just an operational IT risk. They are part of a wider geopolitical contest involving hostile states, essential services and national resilience. The AI warning makes the issue more urgent: if attackers can use AI to exploit known weaknesses in legacy systems at scale, organisations that have tolerated unresolved vulnerabilities may face attacks much faster and broader.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Google proposes a balanced approach to AI governance in the US

Google has published a policy paper proposing a two-track approach to AI governance in the United States, separating oversight of frontier AI models from rules for widely deployed AI applications.

The paper argues that AI policy should avoid what Google describes as a false choice between over-regulation and no regulation. Instead, the company calls for a pragmatic, evidence-based framework that treats the most advanced AI systems differently from everyday AI tools such as chatbots.

For frontier AI, Google proposes the creation of a Frontier AI Regulatory Organisation, or FARO. The industry-funded body would operate under federal oversight and develop standards for safety, security, incident reporting and transparency.

Google says FARO could set scientific benchmarks for frontier capabilities, particularly in areas such as cybersecurity and chemical, biological, radiological and nuclear risks. It could also oversee independent audits and require frontier AI companies to publish and follow safety frameworks before releasing highly capable models.

For widely deployed AI applications, Google argues that the federal government should rely mainly on existing legal frameworks, with targeted updates where needed. The paper says policy should focus on real-world harms and outputs rather than micromanaging AI development.

The company identifies several priority areas, including workforce preparedness, child safety, information integrity, copyright, privacy and energy infrastructure for data centres.

Google supports measures such as AI interaction guidelines for children, disclosures that chatbots are not sentient, rules for self-harm-related queries, watermarking and provenance standards for generative AI, privacy-enhancing technologies and workforce reskilling.

The paper presents the model as a way to address national security and consumer protection risks while preserving US leadership in AI development.

Why does it matter?

Google’s paper is a significant industry intervention in the US AI policy debate. Its two-track model reflects a broader governance trend: frontier AI is increasingly being treated as a national security and safety issue, while everyday AI applications are being handled through consumer protection, child safety, privacy, copyright and labour policy. The proposal could influence federal discussions, but it also reflects Google’s own regulatory preferences, including industry-funded oversight, confidential audit reports and reliance on existing law for many AI applications.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Canadian ministers to discuss Safe Social Media Act

Canadian Heritage will hold an in-person roundtable in Winnipeg on Bill C-34, the Safe Social Media Act, as the government continues public discussion on its proposed online safety framework.

The event will bring together Marc Miller, Minister of Canadian Identity and Culture and Minister responsible for Official Languages, and Adam van Koeverden, Secretary of State for Sport. Media representatives have been invited to attend the conclusion of the discussion, followed by an informal media availability.

The Safe Social Media Act was introduced on 10 June 2026 and would create new duties for social media services, AI chatbot services and other regulated online services. The government says the bill is intended to make platforms more responsible for addressing harmful content and creating safer online spaces, especially for children and young people.

The bill would enact the Digital Safety Act and establish the Digital Safety Commission of Canada. The proposed framework focuses on platform accountability, child protection, transparency and the prevention of online harms before they occur.

The legislation comes amid growing international debate over children’s access to social media, age restrictions, harmful content, platform design and the role of AI chatbots in online safety.

The Winnipeg roundtable signals continued government engagement with stakeholders as Bill C-34 moves through the parliamentary process.

Why does it matter?

Canada’s Safe Social Media Act is part of a wider global shift towards stronger online safety rules focused on children and young people. By covering social media services and AI chatbots, the bill reflects growing concern that harmful content, platform design and AI-driven interactions can affect child safety, mental health and exposure to exploitation. The proposed Digital Safety Commission would also create a new federal oversight structure for platform accountability.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU targets AWS and Azure under the DMA

The European Commission has informed Amazon and Microsoft of its preliminary view that their cloud computing services, Amazon Web Services and Microsoft Azure, should be designated as gatekeepers under the Digital Markets Act.

The move could extend the DMA’s reach into cloud infrastructure, a sector the Commission describes as critical to Europe’s digital economy and AI development.

The Commission opened market investigations into AWS and Azure in November 2025. It has now been provisionally concluded that both services act as important gateways between businesses and customers in the EU, despite not meeting the DMA’s standard quantitative thresholds.

According to the Commission, AWS and Azure benefit from large and established user bases, high switching costs, loyalty effects, broad cloud ecosystems and long-standing market positions. It also said their AI tool portfolios and partnerships are becoming increasingly important for cloud customers.

Amazon and Microsoft now have the opportunity to examine the investigation files and respond to the preliminary findings. If the Commission confirms its assessment, AWS and Azure would be designated as gatekeepers, and the companies would have six months to comply with DMA obligations.

The Commission said fair and competitive cloud markets are important for secure, sustainable and interoperable cloud services in Europe. It also linked the case to Europe’s wider technological sovereignty objectives, as cloud infrastructure underpins AI systems, enterprise software and public services.

Why does it matter?

The case shows how the EU competition policy is moving deeper into the infrastructure behind the AI economy. Cloud platforms are no longer just business services; they shape access to compute, data, AI tools, software ecosystems and switching options for companies and public institutions. If AWS and Azure are designated as DMA gatekeepers, the decision could affect cloud interoperability, customer lock-in and the balance of power between US hyperscalers and European cloud providers.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EDPB updates right to erasure case digest

The European Data Protection Board has updated its one-stop-shop case digest on the GDPR rights to erasure and to object.

The digest is based on final one-stop-shop decisions from the EDPB’s public register under Article 60 of the GDPR. It presents key decisions on a specific theme and provides aggregate findings from relevant cross-border cases.

The updated digest focuses on how data protection authorities assess the internal processes organisations use to comply with erasure requests and objections to processing.

It also lists frequent infringements and provides an overview of corrective measures issued by data protection authorities. Cases include objections to direct marketing and requests by individuals to delete accounts or online data profiles.

The update reflects hundreds of new one-stop-shop decisions adopted by data protection authorities since the original digest was finalised.

The digest was developed under the EDPB’s Support Pool of Experts programme, which supports cooperation among European data protection authorities by providing expertise and enforcement tools.

Why does it matter?

The right to erasure and the right to object are among the GDPR rights most directly used by individuals to control how organisations handle their personal data. The updated digest can help regulators and organisations understand how data protection authorities apply these rights in practice, especially in cross-border cases. It also supports more consistent GDPR enforcement by highlighting recurring infringements, procedural weaknesses and corrective measures.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Greek supercomputer DAEDALUS enters global supercomputer rankings

Greece’s DAEDALUS supercomputer has entered the international TOP500 and Green500 rankings, strengthening the country’s position in Europe’s high-performance computing landscape.

The system ranked 31st in the TOP500 list of the world’s most powerful supercomputers and 23rd in the Green500 list of energy-efficient systems. According to GRNET, DAEDALUS recorded a measured performance of 85.69 petaflops, making it the most powerful computing system ever ranked in Greece.

DAEDALUS is based on Hewlett Packard Enterprise architecture and uses NVIDIA GH200 accelerators. It also uses direct liquid cooling, combining high computing performance with energy efficiency.

The supercomputer and its data centre are located at the Lavrio Technological and Cultural Park of the National Technical University of Athens, inside the former Power Station building.

Once fully operational, DAEDALUS is expected to support researchers, universities, industry and public authorities working on demanding computational tasks. These include AI, cybersecurity, personalised healthcare, climate research, public administration and large-scale data analytics.

The system will also serve as the computational core of PHAROS, Greece’s national AI Factory under the European AI Factories initiative. Through PHAROS, Greece aims to expand access to AI infrastructure and support the development of AI applications across research, business and the public sector.

The project forms part of Greece’s wider digital transformation agenda and contributes to European efforts to strengthen technological capacity, AI infrastructure and digital sovereignty through high-performance computing.

Why does it matter?

DAEDALUS gives Greece strategic computing capacity for AI research, scientific modelling and public-sector digital transformation. Its role in PHAROS also links national supercomputing infrastructure to the EU’s AI Factories initiative, which aims to give researchers and companies access to advanced computing resources for AI development. The Green500 ranking matters as well, because Europe’s AI infrastructure push increasingly depends not only on raw performance, but also on energy efficiency and sustainable data-centre design.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Canadian cybersecurity agency warns AI is reshaping cyber threats

Canada’s Centre for Cyber Security has warned that frontier AI models are rapidly transforming the cyber threat landscape, reducing the time organisations have to detect, contain and respond to attacks.

According to the Cyber Centre, AI is enabling cybercriminals to identify vulnerabilities, automate complex attack chains and generate increasingly convincing phishing campaigns, deepfakes and voice impersonation attacks at unprecedented speed and scale.

The advisory follows a joint statement by the Five Eyes cybersecurity agencies urging organisations worldwide to strengthen cyber resilience before AI-enabled attacks evolve into major operational, financial and national security incidents.

The Cyber Centre also highlights internal risks associated with unapproved AI use, including the exposure of sensitive information and reliance on inaccurate or manipulated AI-generated outputs.

Rather than viewing AI solely as a source of risk, the Cyber Centre encourages organisations to integrate frontier AI into cybersecurity operations. AI can help identify vulnerabilities earlier in software development, strengthen secure-by-design practices, improve security monitoring and accelerate incident detection and response.

The guidance emphasises that fundamental cyber hygiene, including timely patching, phishing-resistant multi-factor authentication, network segmentation, centralised logging and regularly tested incident response plans, remains essential despite rapid advances in AI capabilities.

Why does it matter?

The guidance reflects a shift in cybersecurity from preparing for future AI risks to responding to immediate operational challenges. As frontier AI enables attackers to identify vulnerabilities, automate exploitation and produce more sophisticated phishing and social engineering campaigns, organisations may have less time to detect and contain incidents.

The advisory also reinforces an emerging consensus among the Five Eyes partners that AI should be treated as both a cyber risk and a defensive capability. Alongside robust governance and responsible AI use, organisations are increasingly expected to combine AI-enabled security tools with strong cyber hygiene, secure-by-design practices and resilient incident response capabilities to keep pace with a rapidly evolving threat landscape.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU targets cross-border crime cooperation

The European Commission has proposed new measures to strengthen EU cooperation against cross-border crime, organised criminal networks, terrorism and hostile actors.

The Commission said crime is becoming more sophisticated, international and digital, requiring closer cooperation between police, customs authorities, prosecutors and courts from the start of investigations through to final judgments.

The package would strengthen the roles of Europol and Eurojust, the EU agencies that support national authorities in cross-border criminal investigations and judicial cooperation.

For Europol, the proposal would enable faster and more automated information sharing to support real-time collaboration during investigations. It would also create Europol Support Offices, staffed by former Europol officers, to provide operational assistance to the EU countries.

The Commission also wants to establish a technology and innovation hub within Europol to map law enforcement capability needs across the EU and support the use of new tools against cross-border crime.

Eurojust would receive stronger operational powers, including the ability to act on its own initiative to identify links between cases. Its mandate would also expand into emerging areas of crime, including cybercrime and gender-based violence.

The package would strengthen cooperation between Europol, Eurojust and the European Public Prosecutor’s Office, while also expanding international cooperation with third countries.

The Commission is also proposing to update the European Investigation Order, the EU procedure for gathering evidence across borders in criminal cases. A new European Remote Participation Order would allow suspects, accused persons and victims to take part remotely in criminal court hearings from another EU country.

Why does it matter?

Cross-border crime is increasingly digital and difficult for national authorities to tackle on their own. The Commission’s proposal aims to make EU investigations faster and more coordinated by improving data sharing, evidence gathering and cooperation between police, prosecutors and courts. The cybercrime and technology-hub elements are especially relevant because law enforcement agencies need technical capacity, legal tools and cross-border coordination to respond to digital criminal networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU funds first regional hubs to protect undersea cables

The European Commission has announced funding for the first two Regional Cable Hubs in the Baltic and Mediterranean seas as part of a broader effort to strengthen the protection of Europe’s critical undersea infrastructure. The initiative aims to improve coordination in monitoring and responding to risks affecting submarine communication and energy cables.

Alongside the €5.8 million allocated to establish the hubs, the Commission has launched a €40 million funding call to expand Europe’s capacity to repair damaged submarine cables. The measures form part of the EU Action Plan on Cable Security, which aims to improve resilience against both physical and cyber threats affecting critical data and energy infrastructure.

The programme is intended to enhance the EU’s ability to detect incidents earlier and coordinate rapid responses across member states. Officials say the initiative will also strengthen cross-border cooperation among countries facing shared security challenges in strategically important maritime regions.

Executive Vice-President Henna Virkkunen said the project reflects Europe’s commitment to improving security and sovereignty by investing in stronger infrastructure resilience. The new hubs are expected to act as coordination centres for faster incident response, improved preparedness and enhanced situational awareness in the face of emerging threats.

Why does it matter?

Submarine cables are a critical component of modern digital and energy infrastructure, carrying the vast majority of international internet traffic while also supporting financial transactions, cloud services and cross-border energy connectivity. Disruptions to these networks can have immediate economic, security and operational consequences that extend far beyond the affected region.

The initiative also reflects a broader shift in European security policy. As concerns grow over geopolitical tensions, hybrid threats and infrastructure sabotage, the EU is increasingly treating undersea cables as strategic assets that require coordinated protection, monitoring and rapid repair capabilities. Strengthening resilience in these networks is becoming an important element of Europe’s broader agenda on digital sovereignty, critical infrastructure security and collective resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Spain moves closer to hosting one of Europe’s first AI gigafactories

Spain has taken another significant step in its effort to become a leading European hub for AI and advanced computing infrastructure.

The Council of Ministers has approved a €300 million voluntary contribution to the European High Performance Computing Joint Undertaking (EuroHPC), the body responsible for supporting Europe’s AI factories and the future development of AI gigafactories.

According to the Ministry for Digital Transformation and Public Administration, the contribution is a critical component of Spain’s bid to host one of the EU’s first AI gigafactories.

The government argues that access to large-scale computing infrastructure is becoming essential for researchers, universities, startups and businesses seeking to develop advanced AI systems and remain competitive in an increasingly AI-driven economy.

The investment builds on Spain’s existing role within Europe’s supercomputing ecosystem. The country already hosts AI factories at the Barcelona Supercomputing Center and the Galician Supercomputing Center, while the MareNostrum 5 supercomputer has supported projects ranging from genomic research to climate and digital twin initiatives.

The funding also aims to strengthen Spain’s position in quantum technologies, an area increasingly viewed as strategically important for Europe’s long-term technological autonomy.

The announcement reflects a wider European push to expand sovereign computing capabilities as demand for AI training infrastructure grows worldwide.

By seeking to host an AI gigafactory, Spain hopes to attract investment, support innovation, strengthen domestic technological capabilities and position itself as a central player in Europe’s next-generation AI ecosystem.

Why does it matter?

Access to large-scale computing infrastructure is becoming a strategic prerequisite for advanced AI development. Training frontier AI models, running large-scale simulations and supporting scientific research require computing resources that are increasingly concentrated among a small number of global technology providers. Spain’s investment seeks to strengthen both national and European capacity in this critical area.

The announcement also reflects the EU’s broader push for technological sovereignty. By expanding domestic AI and supercomputing infrastructure, Europe aims to reduce dependence on foreign computing resources, support innovation ecosystems and ensure that advanced technologies are developed within frameworks aligned with European values, regulations and industrial priorities. The competition to host AI gigafactories is therefore as much about economic competitiveness and strategic autonomy as it is about computing power.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!