Cybersecurity

UNICEF warns of AI risks to child online safety

UNICEF Vietnam has warned that rapid advances in AI are creating new risks for child online safety, including AI-generated child sexual abuse material and deepfakes.

The UNICEF Vietnam Representative, Silvia Danailov, issued a warning to mark International Children’s Day and Vietnam’s Month of Action for Children, which is held under the theme ‘Happy, safe and confident children in the digital world.’

Danailov said digital technologies can help children learn, connect, and develop future skills, but also create new forms of harm. She warned that generative AI can now be used to create highly realistic sexual images or videos of children without their knowledge or consent.

UNICEF, ECPAT, and INTERPOL research across 11 countries found that at least 1.2 million children reported that their images had been manipulated into sexually explicit deepfakes in the past year. Danailov said such harms can have lasting effects, even when images are digitally created, because children experience fear, shame, and loss of trust.

Nearly nine in ten children aged 12 to 17 in Vietnam are online, with many spending five to seven hours a day on the internet. Danailov said AI-driven risks add a new layer to existing challenges, such as cyberbullying and online exploitation, while also exposing inequalities between children who are supported online and those who are not.

Vietnam has strengthened its legal and policy framework, including a new government decree effective from 16 May 2026 that reinforces children’s right to privacy by prohibiting the disclosure of a child’s personal information without the child’s consent, when aged seven or older, and with the consent of their parents or caregivers.

The country has also approved the National Programme on Child Online Protection and Support for Development for 2026–2030, aimed at protecting children and empowering them as confident digital citizens through stronger legal frameworks, improved systems, education, and coordinated action.

UNICEF called for laws and enforcement to keep pace with technology, stronger child protection systems, safer platform design by technology companies, and better support for schools and families. Danailov also stressed that children must be heard and involved in creating safer digital environments.

Why does it matter?

The warning shows how generative AI is changing the landscape of child online safety. Children can now be harmed even without direct interaction with an offender, including through manipulated images and deepfake abuse. That makes child protection harder for families, schools, platforms, and regulators, and increases the need for safety-by-design, stronger reporting systems, legal safeguards, and trusted support channels for children.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK Ofcom sets out AI safety and innovation strategy

Ofcom has outlined its approach to enabling safe and secure AI adoption across the UK communications sectors it regulates and within its own work.

The regulator said its approach is technology-neutral and outcomes-based, aligning AI oversight with its wider mission of making communications work for everyone while supporting innovation and growth.

Ofcom’s report uses case studies to show how AI is already shaping regulatory work and the sectors it oversees. Planned and recent initiatives include building a pilot data lake to make spectrum licensing and online safety data more accessible, engaging with innovators to identify regulatory uncertainty, and assessing public trust in AI chatbots.

The regulator is also examining the impact of AI on telecoms customer experience, exploring AI deployment in broadcasting, assessing AI use in cybersecurity for telecommunications networks, and considering how AI could support network management and optimisation.

Alongside innovation support, Ofcom said it is monitoring AI-related risks and emerging harms. Its work includes guidance on technology-led mitigation against deepfakes, research into chatbot-related harms, and action to address risks posed by AI systems to users.

Ofcom said it coordinated with the AI Security Institute and the National Cyber Security Centre to brief stakeholders on the frontier AI cybersecurity implications following Anthropic’s preview of Claude Mythos, which caused concern. It also said it launched a formal investigation into X’s Grok chatbot.

The regulator is also piloting responsible AI use internally, including tools to support policy development, research, consultation processes, tracking of technical standards, and operational efficiency. Ofcom said it will take a safety-first approach and roll out internal AI tools only once it is confident they are safe and secure.

Why does it matter?

Ofcom’s approach shows how AI governance is becoming operational inside sector regulators, not only debated at the government level. The strategy links innovation support with risk monitoring across online safety, telecoms, broadcasting, cybersecurity, spectrum management, and consumer protection. It also shows regulators experimenting with AI in their own workflows while trying to maintain safety, accountability, and public trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

European Commission unveils roadmap for AI and digitalisation in energy

The European Commission has published a Strategic Roadmap for Digitalisation and AI in the Energy Sector, outlining how digital technologies could support a more resilient, competitive and secure European energy system.

The roadmap outlines how digital tools and AI could help consumers and businesses reduce energy costs through greater efficiency, smarter energy consumption and improved management of electricity demand. It also highlights the role of digital technologies in supporting the integration of renewable energy into electricity grids.

The Commission has structured the roadmap around three main priorities. These priorities include integrating data centres into energy systems in a sustainable manner, accelerating the deployment of digital and AI-enabled technologies such as smart meters and intelligent grid solutions, and establishing a framework for secure cross-border energy data sharing.

The Commission said the plan will also focus on cybersecurity, AI trust, digital skills and international cooperation. As part of the next phase, the Commission plans to support industry cooperation initiatives and launch the AI.grids community, which will focus on developing AI models for energy network management across the EU.

Why does it matter?

The energy sector is becoming increasingly dependent on digital technologies to manage growing electricity demand, integrate renewable energy sources and maintain grid stability. AI and advanced data analytics could help improve efficiency, reduce costs and support more flexible energy systems.

At the same time, greater digitalisation introduces new challenges related to cybersecurity, data governance and infrastructure resilience. The roadmap signals the EU’s intention to ensure that digital transformation in the energy sector supports both sustainability goals and long-term energy security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

European Central Bank warns banks to strengthen resilience as AI reshapes cyber threats

Europe’s banking sector must strengthen its operational resilience as AI transforms the cyber threat landscape and increases systemic risks, according to the European Central Bank (ECB). Speaking at a financial conference, Executive Board member Frank Elderson warned that technological disruption and geopolitical fragmentation are increasing pressure on financial infrastructure.

The ECB said Europe’s reliance on external providers for technology, energy and financial services creates vulnerabilities that could expose critical functions to operational disruptions. While banks remain financially stable, their ability to maintain critical services during cyberattacks or system failures has become key to long-term competitiveness and stability.

According to the ECB, AI is accelerating cyber risks by lowering barriers to sophisticated attacks, enabling faster identification of vulnerabilities and expanding the range of actors capable of conducting cyber operations. While supervisors have strengthened oversight through measures such as stress testing and the implementation of the Digital Operational Resilience Act (DORA), the ECB warned that cyber and operational risks continue to evolve rapidly.

Authorities are now urging banks to invest more heavily in systems, governance, and third-party risk management to ensure continuity of services under stress. The ECB emphasised that operational resilience should be viewed not only as a technical challenge but as a strategic priority for maintaining trust in financial services and supporting Europe’s wider economic transformation.

Why does it matter?

Financial stability increasingly depends not only on the financial health of banks but also on their ability to maintain critical services during cyber incidents, technology failures and operational disruptions.

As AI enables more sophisticated cyberattacks and financial institutions become more dependent on complex digital infrastructure and third-party providers, regulators are placing greater emphasis on operational resilience as a core component of financial stability, economic competitiveness and public trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Tech firms and law enforcement disrupt Southeast Asia scam networks

A major international operation involving Meta, Microsoft, Coinbase, Starlink, and law enforcement agencies from several countries has disrupted large-scale criminal scam networks operating across Southeast Asia.

The coordinated effort combined digital intelligence, financial investigations, platform enforcement, and real-world law enforcement action to target organised groups responsible for online fraud, investment scams, and other cyber-enabled crimes.

According to Meta, the operation removed more than 1.4 million fraudulent accounts, pages, and groups across Facebook and Instagram. Microsoft suspended around 20,000 malicious accounts linked to scam activity, while Coinbase froze more than $3 million in cryptocurrency assets associated with criminal operations.

Starlink also shut down thousands of internet terminals allegedly used by fraud operations, while law enforcement authorities arrested 63 individuals linked to scam centres.

The initiative brought together the US Department of Justice, the FBI, the US Secret Service, the Royal Thai Police, and law enforcement agencies from the UK, Australia, Canada and New Zealand.

Meta said intelligence sharing between technology companies and law enforcement helped identify additional scam locations and uncover previously unknown criminal networks operating across multiple jurisdictions.

Why does it matter?

The operation shows how online scam networks now rely on a full digital stack: social media accounts, messaging, cryptocurrency payments, connectivity infrastructure, and cross-border money movement. Disrupting these networks increasingly requires coordination between platforms, financial services, internet providers, and law enforcement. The case also highlights the link between digital fraud and physical scam compounds in Southeast Asia, where cybercrime operations often operate across multiple jurisdictions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

New Washington initiative targets legal frameworks for collective cyber defence

A new policy coalition has been launched in Washington to develop frameworks governing collaboration between government agencies and private companies on cyber operations, amid growing concerns that unresolved legal questions are limiting deeper cooperation.

Venable’s Center for Cybersecurity Policy and Law established the Cyber Operations Policy Coalition this week. The coalition aims to bring together industry representatives, government officials, legal experts, academics and civil society organisations to develop policy frameworks for collective cyber defence.

Corporate members include Microsoft, Lumen, Halcyon, Autonomous Cyber, and Voreas Labs. Non-corporate members span think tanks and academic institutions, including the Foundation for Defense of Democracies, the Cyber Threat Alliance, the Institute for Security and Technology, McCrary Institute for Cyber and Critical Infrastructure Security, and American University’s Tech, Law, and Security Program. The International Committee of the Red Cross and the Stimson Center participate as observers.

The coalition is coordinated by Stacy O’Mara and advised by a panel that includes former NSA Cybersecurity Director Rob Joyce, former CISA official Bryan Ware, and former Representative Jim Langevin.

During the launch event, current and former officials identified legal authorities, liability arrangements and operational rules as key areas requiring clarification before public-private cyber collaboration can expand at scale. Katie Sutton, assistant secretary of defence for cyber policy, noted that legal expertise would be central to closer integration, pointing to existing authority frameworks on both the government and industry sides.

Tonya Ugoretz, head of PwC’s Cyber & Risk Innovation Institute, highlighted the need for clearer liability frameworks to enable cyber operations without requiring case-by-case authorisation.

The initiative reflects the structure of the cyber domain, where much of the internet and critical infrastructure is privately owned, making companies both potential targets of cyberattacks and key partners in cyber defence efforts.

Several parallel developments add context to the coalition’s launch. The Joint Cyber Defense Collaborative, the CISA-led body for public-private cyber coordination, is mapping both defensive and potential offensive options for use in geopolitical crisis scenarios involving major infrastructure providers, according to JCDC deputy assistant director Matt Springer.

The US military has also more openly discussed offensive cyber operations in recent months, while Congress is considering a proposal for a dedicated cyber service branch.

The emergence of increasingly capable AI systems with cybersecurity applications has further expanded the range of technical, operational and legal questions facing policymakers.

Why does it matter?

Cybersecurity increasingly depends on cooperation between governments and private companies because much of the infrastructure targeted by cyberattacks is privately owned and operated. However, legal questions surrounding authority, liability and operational responsibilities remain unresolved in many jurisdictions.

The coalition reflects growing recognition that existing frameworks may not be fully suited to large-scale cyber defence efforts, particularly as geopolitical tensions, critical infrastructure threats and AI-enabled cyber capabilities increase. Its work could help shape future approaches to collective cyber defence and public-private cybersecurity cooperation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Australia issues guidance for government use of agentic AI

Australia’s Digital Transformation Agency (DTA) has issued an agentic AI addendum to its AI Technical Standard, providing guidance for government agencies exploring, developing or deploying agentic AI systems. The document provides best-practice guidance for agencies exploring, developing, or using agentic AI and states that existing requirements in the AI technical standard remain applicable.

The addendum says agentic AI systems may autonomously plan tasks, coordinate work, and trigger actions in real-world contexts. The addendum notes that agentic AI could improve the responsiveness, efficiency and consistency of public services, particularly in high-volume administrative environments, while also introducing new risks related to oversight, control and system behaviour.

The guidance defines agentic AI as systems capable of perceiving and interpreting their environment, maintaining an internal state, reasoning about objectives and autonomously executing actions within defined permissions and constraints. Agencies are advised to implement human oversight, operational safeguards, continuous evaluation processes and mechanisms that allow systems to be rolled back when necessary.

The addendum sets out guidance across the AI lifecycle, including governance and safeguards, memory management, workflow design, secure data exchange, technology selection, evaluation, tool integration, monitoring, and decommissioning. It also calls for clear human accountability, human-in-the-loop or human-on-the-loop oversight, auditable decision records, and orchestration layers.

The guidance recommends ongoing monitoring of agent behaviour, tool usage, memory functions, operational costs, latency, authorisations and changes in the operating environment. The addendum also recommends centralised oversight mechanisms, referred to as ‘control towers’, and calls for the secure decommissioning of agentic AI resources, including agents, associated data, memory stores, tools and system logs.

Why does it matter?

Agentic AI represents a shift from AI systems that generate outputs in response to prompts to systems capable of planning, coordinating tasks and taking actions with limited human intervention. While these capabilities could improve efficiency and service delivery, they also create new governance, accountability and security challenges.

Australia’s guidance reflects growing international efforts to establish safeguards for increasingly autonomous AI systems. The emphasis on human oversight, auditability and lifecycle governance highlights concerns that public-sector AI deployments must remain transparent, controllable and accountable as the technology evolves.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New Zealand’s NCSC warns frontier AI could amplify cybersecurity risks

New Zealand’s National Cyber Security Centre (NCSC) has issued guidance to help government agencies prepare for the cybersecurity implications of frontier AI systems. The advisory notes that frontier AI models may enable more advanced automation, reasoning and decision-making capabilities than previous generations of AI systems.

The guidance describes frontier AI as a dual-use technology, noting that the same capabilities that enhance cyber defence could also enable malicious actors to conduct cyber operations more quickly, at lower cost and on a larger scale. The NCSC warns that frontier AI could amplify risks associated with known vulnerabilities, legacy systems and poor cyber hygiene, creating what it describes as a ‘vulnerability storm’ for organisations.

According to the NCSC, organisations do not need access to the most advanced frontier AI models to strengthen their cyber resilience. Instead, it says effective readiness depends on existing cybersecurity mitigations and practices, including the New Zealand Information Security Manual, the NCSC Cyber Security Framework, Minimum Cyber Security Standards, and Protective Security Requirements.

The advisory urges government entities to treat several actions as immediate priorities, including reviewing compliance with existing standards, confirming executive accountability for frontier AI cyber risk, reviewing NCSC guidance, and identifying material gaps that AI-enabled threat actors could exploit.

The guidance also restates the NCSC Cyber Security Framework’s five functions: guide and govern, identify and understand, prevent and protect, detect and contain, and respond and recover. The advisory highlights a range of baseline cybersecurity measures, including risk management, security awareness, secure configuration, patch management, multi-factor authentication, least-privilege access controls, anomaly detection, data recovery and incident response planning.

Why does it matter?

Frontier AI is expected to increase the speed, scale and sophistication of cyber operations, potentially allowing attackers to identify vulnerabilities, automate exploitation and conduct campaigns more efficiently than before.

Rather than relying solely on new AI-specific defences, New Zealand’s guidance emphasises that strong cybersecurity fundamentals, including patching, access controls, monitoring and incident response, remain the most effective way to reduce risk. The advisory reflects a growing international view that AI is amplifying existing cyber challenges rather than replacing them with entirely new ones.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI and systemic risk analytics focus of Helsinki conference

The Bank of Finland and the European Systemic Risk Board are holding their 11th joint conference on AI and systemic risk analytics in Helsinki on 3 and 4 June.

The event focuses on how AI methods and new data sources can support financial stability analysis, while also creating new challenges for economies and financial markets.

The conference aims to present research on financial stability and systemic risk analysis using AI methods, novel techniques, and new data sources. Topics include the use of large language models and trustworthy AI, changing interdependencies in financial markets, cybersecurity and operational risks, and AI combined with quantum computing as a possible source of new systemic risks.

The programme also covers more traditional systemic risk analytics and macroprudential policy tools, including early-warning indicators, network and contagion analysis, macro stress-testing, big data analytics, market-based finance, and geopolitical risk modelling.

Speakers include Bank of Finland Governor and ESRB First Vice-Chair Olli Rehn, who will address systemic risk, resilience, and competitiveness in a changing technological landscape. Other sessions will examine systemic cyber risk in financial networks, AI and risk-taking in banking, generative AI in economics and finance research, and AI-related financial system interdependencies.

The hybrid conference will include keynotes, panel discussions, presentations, and poster sessions, with online participation available.

Why does it matter?

The conference shows that AI is becoming a financial stability issue, not only a tool for efficiency or market analysis. Central banks and systemic risk authorities are examining how AI can improve risk detection, stress testing, and data analysis, while also creating new vulnerabilities through cyber risk, operational dependencies, market interconnections, and potential herding behaviour.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU proposes Chips Act 2.0 to strengthen semiconductor ecosystem

The European Commission has proposed Chips Act 2.0, a new framework intended to strengthen Europe’s semiconductor ecosystem and build on the original European Chips Act.

The proposal aims to boost the EU’s competitiveness, technological sovereignty, and resilience while improving crisis preparedness in semiconductor supply chains. It forms part of the Commission’s wider European Technological Sovereignty Package, alongside the Cloud and AI Development Act, an Open Source Strategy, and a roadmap for digitalisation and AI in the energy sector.

The Commission says the EU remains structurally dependent on third countries for semiconductor design and manufacturing, including advanced and leading-edge chips needed for AI. It also points to gaps in crisis preparedness, noting that existing mechanisms rely heavily on voluntary information sharing outside crises and do not provide sufficient, timely supply-chain intelligence.

Chips Act 2.0 would support both mainstream and advanced semiconductors, including AI chips. Measures are expected to include stronger research and innovation support, faster permitting, supply-chain information tools, Semiconductor Regions of Excellence, skills investment, strategic projects, and innovation procurement.

The proposal also places greater emphasis on demand-side measures, including support for public procurement and industrial uptake of European semiconductor technologies. The Commission argues that stronger local demand can reinforce local supply, shorten supply chains, and better align European production capacity with the needs of strategic sectors.

The initiative complements the EU’s broader technological sovereignty agenda. The Commission says Chips Act 2.0 should help reduce strategic dependencies, improve security of supply, support industrial scale-up, and strengthen Europe’s role in semiconductor technologies needed for AI, cloud, defence, automotive, energy, and other critical sectors.

Why does it matter?

The Chips Act 2.0 shows how the EU is shifting from an emergency response to the global chip shortage to a broader semiconductor industrial strategy. The proposal links chip policy directly to AI competitiveness, cloud infrastructure, defence, energy, automotive supply chains, and technological sovereignty. Its emphasis on demand-side measures also matters: Europe is not only trying to attract semiconductor production, but also to create stronger domestic markets for European chip technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.