Cybersecurity

UK government launches cyber resilience measures amid AI-related risks

The UK Department for Science, Innovation and Technology has warned that cyber threats are becoming more frequent and complex, with AI contributing to faster and more scalable attacks. Digital Minister Baroness Lloyd of Effra said cyber resilience is increasingly important for national security and economic stability.

According to the government’s Cyber Security Breaches Survey, 43% of businesses reported experiencing a cyber breach or attack during the past year. The minister said AI tools are making some cyber capabilities more accessible by automating tasks such as vulnerability detection and reconnaissance.

The government also encouraged technology providers to adopt a ‘secure by design’ approach and referred to existing cybersecurity guidance frameworks.

The Department additionally announced a £90 million cyber resilience fund intended to support businesses, including SMEs and NHS suppliers. The government said a broader National Cyber Action Plan is expected later this summer.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

FTC targets nudify tools over TAKE IT DOWN Act compliance

The US Federal Trade Commission has sent warning letters to 12 websites offering so-called ‘nudify’ tools, expanding its enforcement of the TAKE IT DOWN Act.

The law requires covered platforms to provide a process for people to request the removal of intimate photos or videos shared online without consent, and to remove that content within 48 hours of a valid request.

The letters were sent to companies offering tools that can take a clothed image of a person and generate non-consensual sexualised images by removing clothing. According to the FTC, the companies appear to be violating the law by failing to provide a process for victims to request the removal of non-consensual intimate images from their platforms.

FTC Chairman Andrew N. Ferguson said platforms ‘no longer have any excuses’ and must comply with their obligations under the TAKE IT DOWN Act or face consequences.

The letters urge the companies to comply with the law immediately. Platforms that fail to do so could face FTC legal action and civil penalties of up to $53,088 per violation.

The action follows the FTC’s start of TAKE IT DOWN Act enforcement on 19 May. Ahead of the deadline, Ferguson sent letters to major platforms, including Alphabet, Amazon, Apple, Meta, Microsoft, Reddit, Snapchat, TikTok and X, reminding them of their compliance obligations.

The FTC has also issued business guidance on compliance with the law, which was signed in May 2025 and gave companies one year to meet its requirements.

Why does it matter?

The warning letters show how the FTC is applying the TAKE IT DOWN Act directly to AI-powered nudify tools, not only mainstream social media platforms. The action reflects growing concern that generative AI can make image-based sexual abuse easier to create and distribute at scale, while placing stronger legal pressure on platforms to give victims a fast removal process.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Switzerland advances National Cyberstrategy implementation

Switzerland has reported progress in implementing its National Cyberstrategy, with more than 90 projects underway and new measures addressing the role of AI in cybersecurity.

The Federal Council was informed of the 2025 implementation report. The implementation report was prepared by the National Cyberstrategy Steering Committee together with the National Cyber Security Centre. The report tracks work across five objectives:

  • Empowering the public
  • Securing digital services and critical infrastructure
  • Managing cyberattacks
  • Combating cybercrime
  • Strengthening international cooperation

The report identifies AI as an important area influencing both cybersecurity risks and defensive capabilities. The report describes measures related to AI-assisted cyber threats, AI-supported cyberdefence, research projects, and public awareness activities.

The report also refers to regulatory safeguards linked to Switzerland’s ratification of the Council of Europe Convention on AI. The report frames those steps as part of a broader response to the growing importance of AI in cybersecurity.

According to the report, the National Cyber Security Centre has received 222 reports since mandatory reporting requirements for cyberattacks on critical infrastructure entered into force in April 2025. Authorities say the reports improve national cyber situational awareness and support coordinated responses to threats.

The report also highlights developments involving sector-specific cybersecurity centres, information-sharing initiatives, and vulnerability management programmes. Switzerland also continued its federal bug bounty programme and other vulnerability management initiatives.

Capacity-building programmes include the Cyber-Defence Campus Fellowship, the Cyber Startup Challenge, and the national S-U-P-E-R.ch awareness campaign. The report also notes information-sharing work through Cyber-CASE, Cyber-STRAT, and NEDIK to support faster handling of digital crimes.

International activities included participation in cyber diplomacy and capacity-building initiatives linked to Geneva Cyber Week and UN and OSCE processes.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore and Google expand partnership on frontier AI deployment

Google and Singapore’s Ministry of Digital Development and Information have announced an expanded National AI Partnership to accelerate the deployment of frontier AI across the economy and public sector.

The partnership builds on earlier collaboration between Google and Singapore’s digital authorities and aims to support healthcare innovation, scientific research, workforce development, enterprise transformation and AI governance. The Ministry said the initiative supports Singapore’s National AI Strategy by deploying AI at scale for economic growth and public good.

A major focus is on healthcare and life sciences. Google DeepMind is exploring collaboration with Singapore’s public health clusters on AI co-clinician research, including systems that could support doctors and patients during care journeys under the clinical authority of physicians.

Google DeepMind will also work with the National Research Foundation to train local researchers on agentic AI tools for science, while Google and A*STAR will collaborate on AI-enabled tools for scientific research and analysis in materials and life sciences. The partnership also includes work on a Gemma-powered running assistant for blind and low-vision athletes, in collaboration with SG Enable.

Education and workforce development are another pillar. Google has enabled advanced AI features in Google Workspace for Education for educators from primary schools to junior colleges, while the Ministry of Education and Google will expand collaboration on teacher training, upskilling and AI-supported teaching and learning.

The partnership also covers enterprise transformation and AI governance. Google Cloud’s Forward Deployed Engineers will support Singapore-based companies working on agentic enterprise transformation, while Singapore agencies and Google are testing how ‘computer use’ AI agents behave in real-world settings through an AI Agents Sandbox.

Singapore and Google will also collaborate on AI safety, including the development of multimodal and multilingual safety benchmarks with IMDA and MLCommons. The work is intended to support responsible AI deployment that reflects local languages, cultures and governance needs.

Why does it matter?

The partnership shows how frontier AI is moving from experimentation into national deployment strategies. Singapore is using public-private collaboration to test AI in healthcare, research, education, enterprise workflows and governance, while also building safeguards around agentic systems and multilingual safety. The initiative could strengthen Singapore’s position as a regional AI hub, yet its impact will depend on how effectively these tools are governed in sensitive areas such as healthcare, education and public-sector services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Snap, YouTube, TikTok and Meta settle Kentucky school district lawsuit

At mid-May, Snap, YouTube and TikTok have reached a settlement in a lawsuit brought by the Breathitt County School District in Kentucky. The school district alleged that social media platforms contributed to learning disruption, mental health concerns, and additional financial pressures on schools.

Terms of the settlement have not been disclosed. Meta remained a defendant in the same litigation and was scheduled to proceed to trial on June 15th. However, on May 21st, the company also reached a settlement. The case is one of a broader series of lawsuits involving social media platforms and alleged harms affecting minors and schools.

This follows earlier related cases settled by Snap and TikTok. The companies have faced multiple lawsuits related to alleged harms associated with social media use. In a separate case, a jury awarded damages to a plaintiff in litigation involving Google and Meta. Meta has also recently been ordered to pay $375 million in a separate case brought by New Mexico’s attorney general.

Beyond seeking monetary awards of $60 millions, plaintiffs and state authorities have also called for changes to platform design and online safety measures affecting minors. Additional lawsuits involving social media platforms and youth safety issues remain ongoing in US courts.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore and Google strengthen collaboration on AI innovation and digital governance

Google and Singapore’s Ministry of Digital Development and Information have announced an expanded National AI Partnership designed to accelerate the deployment of frontier AI technologies across the country’s economy and public sector.

The initiative builds on earlier collaboration between Google and Singapore’s digital authorities and aims to support healthcare innovation, scientific research, workforce development, enterprise transformation, and AI governance. Officials said the partnership aligns with Singapore’s National AI Strategy and broader ambitions to position the country as a global AI hub.

A major focus of the collaboration involves healthcare and life sciences. Google DeepMind is exploring AI co-clinician systems with Singapore’s public healthcare sector, examining how AI agents could support doctors and patients throughout medical treatment and decision-making processes.

Google DeepMind will also collaborate with the National Research Foundation to train researchers on agentic AI systems designed to accelerate scientific discovery. Additional partnerships with the Agency for Science, Technology and Research will focus on AI-enabled research and secure cloud-based scientific analysis tools.

The agreement also expands AI deployment in education. Google and Singapore’s Ministry of Education plan to strengthen educator training programmes and integrate AI-powered teaching support tools across schools. Officials said the partnership aims to improve digital learning capabilities while supporting broader AI workforce readiness initiatives.

Singapore and Google additionally announced plans to collaborate on AI safety, governance, and cybersecurity frameworks. A joint initiative involving Cyber Security Agency of Singapore and other agencies is examining how AI agents interact with real-world digital systems and how governance rules should evolve around autonomous AI technologies.

Officials described the partnership as part of a wider effort to deploy frontier AI responsibly while supporting economic growth, public services, and digital transformation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

CNIL reports record complaints and data breaches

The French data protection authority CNIL reported a record year in 2025 for complaints, fines and data breach notifications, while preparing for new responsibilities under the EU AI Act.

CNIL received 20,150 complaints in 2025, up 10% from 2024. The complaints covered issues linked to work, commerce, real estate, social networks and data breaches, with around 1,900 complaints directly concerning breaches.

The authority also received 6,167 data breach notifications, an increase of 9.5% from 2024. Hacking accounted for one in two reported incidents, while cybersecurity failures represented one-third of investigations and nearly 30% of sanctions.

In total, CNIL carried out 323 investigations and issued 259 corrective measures, including 83 sanctions worth nearly €487 million. Two major sanctions accounted for a large share of the total, while the simplified procedure introduced in 2022 allowed faster action in less complex cases.

Cybersecurity will become an even bigger enforcement focus in 2026, with CNIL planning to devote 50% of its controls and enforcement actions to data security. Checks will focus on organisations affected by breaches, those subject to complaints and sectors processing large volumes of sensitive or highly personal data.

The report also highlights CNIL’s role in supporting professionals and public authorities. In 2025, it processed 539 health authorisation applications, handled 1,351 professional advice requests, delivered 90 opinions on draft laws or regulatory texts and launched seven public consultations.

On AI, CNIL is already designated to monitor prohibited uses under the EU AI Act and is expected to become the market surveillance authority for certain high-risk AI systems, including in biometrics, migration, law enforcement, employment and education.

The authority also published AI resources for designers and developers, developed a traceability tool for open-source AI models and joined the PANAME project with ANSSI, Inria and PEReN to test whether AI models process personal data.

Why does it matter?

CNIL’s annual report shows how data protection enforcement is increasingly shaped by cybersecurity and AI. Record breach notifications and complaints point to growing pressure on organisations to secure personal data, while CNIL’s future AI Act responsibilities place the authority at the centre of France’s oversight of prohibited and high-risk AI systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU publishes draft guidance on high-risk AI classification under AI Act

The European Commission has opened a public feedback period on draft guidance related to high-risk AI systems under the EU AI Act.

The draft guidance is intended to help providers and deployers determine whether AI systems fall within the Act’s high-risk category. The document includes examples illustrating how classification criteria may apply in different situations.

Under the AI Act, high-risk classification applies to specified AI use cases that may affect health, safety, or fundamental rights. According to the Commission, the guidance is intended to support consistent interpretation of the rules before compliance obligations take effect.

The document has been made available through the AI Act Single Information Platform. Stakeholders, including businesses, public authorities, researchers, civil society organisations, and citizens, may submit comments until 23 June 2026. The Commission said additional guidance related to high-risk AI obligations is expected at a later stage.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

eSafety Commissioner and Sport Integrity Australia focus on online harms in sport

Australia’s eSafety Commissioner and Sport Integrity Australia have launched a joint initiative focused on online safety in sport.

The Online Safety in Sport Summit brought together representatives from sporting organisations, government agencies, researchers, law enforcement, and technology companies. The discussions focused on cyberbullying, online harassment, and harmful digital behaviour affecting athletes and sporting communities.

During the summit, Australia’s eSafety Commissioner Julie Inman Grant said harmful behaviour linked to sport increasingly occurs across social media, messaging applications, and online communities.

Research presented during the summit, titled ‘The Digital Sideline’, found that nearly one in five children participating in organised sport reported experiencing cyberbullying related to sporting activities.

Officials in Australia said that many reported online harms involved peers, including teammates and competitors, and occurred through private messages and group chats.

Participants highlighted the importance of prevention measures, early intervention, and cooperation between sporting organisations, regulators, and technology companies.

Why does it matter?

Online abuse within sport is becoming an increasingly significant policy and governance issue as digital platforms reshape athlete visibility, fan interaction, and youth participation. Cyberbullying, online harassment, and hate speech can affect mental health, athlete safety, participation rates, and broader social cohesion.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

FTC begins TAKE IT DOWN Act enforcement

The US Federal Trade Commission has begun enforcing the TAKE IT DOWN Act, requiring covered platforms to remove non-consensual intimate images and known identical copies within 48 hours of a valid request.

The FTC enforces Section 3 of the law, which sets a 19 May 2026 deadline for covered platforms to create a process allowing victims and survivors to request the removal of intimate photos or videos shared online without their consent.

As part of its enforcement role, the agency has launched TakeItDown.ftc.gov, a website where victims and survivors can submit complaints about platforms that fail to act on valid removal requests or have not created a removal process.

FTC Chairman Andrew N. Ferguson said the law gives families recourse against digital exploitation and extortion, particularly where children are affected. He added that ‘in the age of AI, anyone can be targeted’, making protections against abuse especially urgent.

The FTC has also published guidance for consumers whose non-consensual intimate images are posted online and separate guidance for businesses on complying with the law.

Ahead of the enforcement deadline, Ferguson sent letters to major platforms, including Alphabet, Amazon, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok and X, reminding them of their obligations under the TAKE IT DOWN Act.

Why does it matter?

The law gives victims of non-consensual intimate image abuse a faster route to removal and gives the FTC a direct enforcement role when platforms fail to comply. Its importance has grown with the spread of AI-generated sexual abuse material and deepfake tools, which can make intimate image abuse easier to create, copy and distribute at scale.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.