Cybersecurity

UN Cybercrime Convention Protocol talks reveal competing visions

The process of developing a supplementary protocol to the UN Convention against Cybercrime has begun, with early state submissions already showing competing views over its scope and timing.

The Ad Hoc Committee Secretariat invited preliminary written inputs on the possible scope, objectives and structure of a draft protocol supplementary to the Convention, also known as the ‘Hanoi Convention’. The mandate follows UN General Assembly resolution 79/243, which asked the Committee to negotiate a draft protocol addressing, among other issues, additional criminal offences.

The United States questioned the exercise’s premise, arguing that discussions on a supplementary protocol are premature because the Convention has not yet entered into force and its implementation has not yet been tested. Washington called for the Committee first to address whether a protocol is needed at all before discussing its scope, objectives and structure.

Russia, by contrast, submitted a draft protocol text covering a broad range of offences, including terrorism financing, extremism, arms and drug trafficking, critical information infrastructure, unauthorised access to personal data and crimes involving AI. The proposal reflects a wider approach to criminalisation, including content-related offences that are likely to be contested by states concerned about overreach, legal certainty and human rights safeguards.

Other early submissions appear more cautious. Brazil, Nigeria, and Ecuador broadly support advancing the protocol process, while signalling the need to limit its scope and maintain attention to safeguards. Brazil warned against including offences where there is insufficient international consensus, while Ecuador proposed a structure that includes emerging offences, digital evidence, public-private cooperation, proportionality and human rights.

The early inputs point to a familiar divide in UN cybercrime negotiations: whether the treaty framework should remain focused on classical cybercrime, electronic evidence and criminal justice cooperation, or expand further into content-based offences, national security concerns and politically sensitive forms of online conduct.

Why does it matter?

A supplementary protocol could shape the evolution of the UN cybercrime framework after the adoption of the main Convention. If states use the protocol to add broad or content-related offences, the treaty system could move beyond core cybercrime and electronic evidence cooperation into areas with direct implications for freedom of expression, human rights safeguards, political speech, platform governance and state sovereignty. The early submissions suggest that those unresolved tensions are already resurfacing before the Convention has entered into force.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Google highlights rising online scam threats

Google has warned that online scams remain a major global challenge, citing estimates that fraud losses could reach nearly $580 billion in 2025.

In its latest fraud and scams advisory, the company said phishing attacks are becoming more sophisticated, with criminals using adversary-in-the-middle techniques and QR code phishing, also known as quishing, to steal credentials and bypass security measures.

The advisory also highlighted risks linked to cryptocurrency investment scams, malicious finance applications and police impersonation schemes. According to Google, scammers are using AI, social engineering and trusted digital services to deceive users, obtain money and collect sensitive information.

Google said its Trust & Safety teams are using AI tools, predictive analytics and policy enforcement to detect and disrupt fraudulent activity across its services. The company also pointed to measures such as stronger protections for session cookies, enforcement against deceptive crypto ads, monitoring of post-installation app behaviour and developer identity verification for apps installed on certified Android devices.

The company urged users to be cautious of unsolicited communications, unrealistic investment promises, unexpected QR codes and requests for personal or financial information.

Why does it matter?

The advisory shows how online fraud is becoming a cross-platform governance problem rather than a narrow cybersecurity issue. Scams now rely on trusted cloud services, mobile apps, messaging platforms, crypto infrastructure and impersonation of public authorities. That creates pressure on major technology companies to strengthen detection, app accountability and policy enforcement, while raising broader questions about consumer protection, platform responsibility and digital trust.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Crypto mixers gain recognition in US Treasury assessment

The US Treasury Department has acknowledged that cryptocurrency mixers may have lawful privacy uses, while warning that such tools remain vulnerable to abuse by illicit actors.

In a March 2026 report to Congress on innovative technologies to counter illicit finance involving digital assets, Treasury said lawful users may rely on mixers to protect sensitive financial information when transacting on public blockchains. The report said users may seek to conceal details about personal wealth, business payments, charitable donations or consumer spending habits.

Treasury distinguished between custodial digital asset services, including custodial mixers, and decentralised or non-custodial mechanisms that can operate without a central intermediary. Custodial services that accept and transmit value may be required to register with the Financial Crimes Enforcement Network as money services businesses, maintain records and file suspicious activity reports.

The report nevertheless stressed that criminals commonly use mixers, bridges and swaps to make illicit digital asset flows harder to trace. Treasury said mixing is frequently used by North Korea-linked cyber actors, money launderers, ransomware actors and darknet market participants.

Treasury also warned that stablecoins can form part of complex laundering processes involving mixers and other obfuscation techniques. According to the report, illicit actors may move stolen or fraud-linked assets through mixers and then swap them into stablecoins to break the traceable link to the original criminal activity.

The assessment was prepared under the GENIUS Act, which required the Treasury to examine innovative tools for countering illicit finance involving digital assets, including the role of mixers, tumblers and similar services.

Why does it matter?

The report shows the regulatory tension at the centre of digital asset policy: privacy tools can protect legitimate users on transparent public blockchains, but the same tools can also weaken AML/CFT controls, sanctions enforcement and law enforcement tracing. Treasury’s framing matters because future rules on mixers, DeFi, blockchain analytics and stablecoin compliance will need to balance financial privacy with security and illicit finance risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Ofcom warns platforms over online abuse ahead of FIFA World Cup 2026

Ofcom has urged online platforms to strengthen protections against illegal hate speech, abuse, threats and harassment ahead of the FIFA World Cup 2026. The UK regulator reminded technology companies that they have legal responsibilities under the Online Safety Act to reduce the risk of users encountering criminal content on their services.

The intervention follows concerns about abuse directed at players, coaches, officials and commentators during previous international tournaments. According to Ofcom, online attacks have frequently targeted individuals based on race, ethnicity, perceived sexual orientation and disability, causing significant personal and professional harm.

Under the UK’s Online Safety Act, platforms are required to operate effective reporting systems, maintain adequately resourced moderation teams and remove illegal content without undue delay. Ofcom stated that evidence of failures to meet these obligations during the tournament could be considered as part of its ongoing compliance assessments.

The regulator also highlighted a partnership established earlier this year with the UK Football Policing Unit, the Football Association, the Premier League, the English Football League, the Women’s Super League, the Professional Footballers’ Association and anti-discrimination organisation Kick It Out.

The initiative aims to strengthen information sharing and support preventative measures against online abuse targeting individuals across the football ecosystem.

Why does it matter?

Major sporting events often lead to spikes in online abuse, particularly against athletes, officials and other high-profile figures. The scale and visibility of these events can amplify harmful behaviour and place additional pressure on platforms to enforce their content moderation policies effectively.

Ofcom’s intervention highlights how online safety regulation is increasingly being tested during major public events. The regulator’s warning also signals that compliance with the Online Safety Act will be assessed not only through policies on paper but through how platforms respond to real-world surges in harmful content.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Australia welcomes Apple child online safety tools

Australian Prime Minister Anthony Albanese has welcomed Apple’s new online safety controls for children, saying Apple CEO Tim Cook briefed him on the announcement.

According to Albanese, Cook said the changes were partly inspired by Australia’s under-16 social media age restrictions and by Apple’s continuing research into the impact of social media on children.

Albanese said Australia was proud of its work to support a safer online environment for children and argued that other countries are now developing similar social media age restrictions.

Cook invited Albanese to visit Apple during his next trip to the United States to see the technology in action. Albanese said he intended to accept the invitation as Australia continues to consider how best to protect children online.

The Prime Minister said Australian parents had led the push for stronger protections and that the government was backing their efforts. He said more than 5 million under-16 accounts had already been removed, deactivated, or restricted.

Albanese said social media companies have a social responsibility and that Australia would continue holding them to account to help keep children safe.

Why does it matter?

The announcement highlights how national online safety rules can shape platform design beyond a country’s borders. Australia’s under-16 social media restrictions have been closely watched internationally, and Albanese is presenting Apple’s new child safety tools as evidence that regulatory pressure can push major technology companies towards stronger child protection features. The case also shows the growing link between device-level controls, platform accountability, age assurance, and children’s digital rights.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

WhatsApp seeks contempt order against NSO over spyware targeting

WhatsApp has asked a US court to hold NSO Group in contempt, alleging that the spyware company violated a permanent injunction barring it from targeting WhatsApp and its users.

The company said it disrupted spear-phishing attempts linked to NSO after investigating user reports. According to WhatsApp, the activity involved malicious links that sought to redirect users to external websites outside the messaging platform.

WhatsApp also said it identified and removed test accounts and groups created on its service as part of the suspected NSO-linked activity. The company is sharing threat indicators to help users and researchers check whether targeting attempts may have occurred across WhatsApp, text messages, email, or other channels.

The latest filing follows WhatsApp’s earlier legal victory against NSO. The company said a court found that NSO violated federal and state anti-hacking laws and issued a permanent injunction barring NSO from targeting WhatsApp and its users.

WhatsApp described commercial spyware as a national security threat, arguing that surveillance-for-hire firms target not only messaging services but also browsers, operating systems, and other applications.
The company said the targets reported for such tools include journalists, government officials, military personnel, and humanitarian organisations. It also warned against easing US restrictions on NSO, which remains on the US government’s Entity List.

WhatsApp said it is contributing to the Spyware Accountability Initiative, which supports organisations working on forensic research, user support, and advocacy against spyware.

Why does it matter?

The case shows how legal orders against spyware companies may still require active technical monitoring and enforcement. WhatsApp’s contempt request also keeps pressure on the commercial spyware industry, where surveillance tools can move across platforms, devices, browsers, and operating systems. The story matters for encrypted communications because it shows that protecting users depends not only on encryption, but also on legal accountability, threat intelligence, vulnerability research, and support for civil society targets.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

European Commission welcomes the new G7 cybersecurity declaration

The European Commission has welcomed a new G7 Cybersecurity Working Group Declaration aimed at strengthening international cooperation in response to growing cyber threats.

Adopted under France’s G7 Presidency, the declaration calls for coordinated action to address cybersecurity challenges associated with quantum computing, AI, telecommunications infrastructure, and the protection of small and medium-sized enterprises (SMEs).

One of the declaration’s central priorities is accelerating the transition to post-quantum cryptography. As quantum computing capabilities continue to advance, governments and industry are being urged to accelerate preparations for new encryption standards capable of resisting future quantum attacks. The declaration describes migration to quantum-resistant encryption as an urgent cybersecurity priority that organisations should begin addressing now.

AI is another major focus of the declaration. The G7 declaration recognises that AI can both strengthen and threaten cybersecurity. Concerns include AI-enabled cyberattacks, model manipulation, data breaches, and software vulnerabilities.

The European Commission noted that it is preparing an action plan on AI and cybersecurity to help Member States and businesses address emerging risks while strengthening Europe’s cyber resilience.

The declaration also emphasises the importance of resilient telecommunications infrastructure and stronger protection for SMEs. Building on initiatives such as the NIS2 Directive and the Cyber Resilience Act, the EU said it will continue working with international partners to strengthen cybersecurity standards, protect critical infrastructure and support organisations facing increasingly sophisticated cyber threats.

Why does it matter?

The declaration reflects growing international recognition that cybersecurity challenges are increasingly transnational and require coordinated responses. Emerging technologies such as AI and quantum computing are creating new opportunities for innovation, but also introducing new vulnerabilities that could affect governments, businesses and critical infrastructure.

The emphasis on post-quantum cryptography is particularly significant, as organisations worldwide face the long-term challenge of protecting sensitive data against future quantum-enabled attacks. The declaration also highlights the growing importance of international cooperation in building cyber resilience and securing digital ecosystems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

US unveils new strategy to accelerate AI adoption in national security

The Trump administration has issued a new National Security Presidential Memorandum aimed at accelerating the adoption of AI across the US national security apparatus.

According to the White House, the framework is intended to ensure that military personnel, intelligence professionals and national security agencies have access to advanced AI systems while maintaining accountability and operational control.

The memorandum directs federal agencies to expand the use of commercial and open-source AI technologies in support of national security missions. It also calls for investment in next-generation secure computing infrastructure capable of supporting increasingly advanced AI models and computational workloads.

The memorandum also proposes the creation of an AI National Security Strategic Reserve, bringing together leading non-governmental experts to support national security priorities.

The new framework places emphasis on accountability, reliability and command authority. The White House emphasised that agency leaders and military commanders will remain accountable for decisions and operations supported by AI systems.

Why does it matter?

AI is increasingly viewed as a strategic capability across defence, intelligence, cybersecurity and military planning. Governments are investing heavily in AI systems that can enhance analysis, decision support, operational planning and threat detection.

The memorandum signals Washington’s intention to accelerate the integration of AI into national security operations while maintaining human oversight and accountability. It also reflects broader geopolitical competition over advanced technologies, as major powers seek to secure advantages in AI-driven security capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Spain calls for United Nations Action on children’s digital rights

Spain has proposed the creation of a permanent multilateral working group within the UN to strengthen the regulation of digital environments and improve protections for children online.

The proposal was presented by Minister of Youth and Childhood, Sira Rego, during a ministerial roundtable at the Global Alliance of Pioneer Countries to End Violence Against Children in Turin.

According to Rego, stronger international cooperation is needed to regulate digital environments and protect children’s rights in response to abuses by major technology platforms. She said protecting children online requires regulations, rules, and control mechanisms that safeguard their rights and freedoms.

The proposal builds on earlier Ibero-American ministerial discussions on youth and childhood, during which countries agreed to establish an Ibero-American Observatory for the Well-being of Children, with a focus on protecting minors in digital environments. Spain is now proposing a similar approach within the UN framework.

A central element of Spain’s position is algorithmic transparency. Rego said algorithms are not neutral systems and can affect children’s ability to exercise their rights. She argued that such systems should be auditable and subject to democratic oversight by public authorities.

Alongside regulatory measures, Spain is advancing a National Strategy for Digital Environments to improve digital literacy among children, adolescents, and families. The strategy will combine education, pedagogical tools, and content creation to help protect children’s rights in digital spaces.

Why does it matter?

Spain’s proposal reflects growing pressure for international coordination on children’s digital rights. National rules alone often struggle to address platforms that operate across borders and use algorithmic systems that shape what children see, how they interact, and how their data is used. A UN-level working group could provide child online safety with a more permanent multilateral forum, especially on platform accountability and algorithmic transparency.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Microsoft urges stronger biosecurity safeguards as AI transforms biotechnology

Microsoft has argued that rapid advances in AI and biotechnology are creating new biosecurity challenges that require stronger safeguards and closer cooperation between governments, industry, and the scientific community.

The company said AI is accelerating scientific discovery across areas such as healthcare, drug development, and materials science, while also increasing concerns about accidental harm and deliberate misuse of biological technologies.

Microsoft identifies a growing convergence between general-purpose AI models, specialised biological design tools, laboratory automation systems, and agentic AI technologies. The company argues that these capabilities can accelerate legitimate research but also complicate the biosecurity policy landscape.

A central focus of Microsoft’s recommendations is nucleic acid synthesis screening. The company describes synthetic DNA providers as a critical checkpoint in the biotechnology ecosystem because they are often where digital biological designs are translated into physical materials.

Microsoft said current DNA synthesis screening practices remain largely voluntary and unevenly applied across providers. It warned that gaps in screening become more consequential as AI-enabled biological design tools become more powerful.

The company pointed to its Paraphrase Project, which stress-tested existing screening systems against AI-designed biological sequences. Microsoft said the project showed where safeguards could fail and how they could be improved through responsible disclosure, red teaming, and rapid deployment of fixes.

Microsoft also highlighted growing bipartisan attention to biosecurity in the United States, including a 2025 executive order on biological research safety and the proposed Biosecurity Modernization and Innovation Act. The company said stronger screening requirements, conformity assessments, enforcement mechanisms, and public-private collaboration could help reduce risk while sustaining scientific innovation.

Why does it matter?

AI is becoming part of the biotechnology research pipeline, from biological design tools to automated laboratories. Microsoft’s intervention shows that AI safety debates are expanding beyond model behaviour and content safeguards into the physical infrastructure of science, including DNA synthesis providers, laboratory workflows, technical standards, and biosecurity screening. The key policy question is how to preserve scientific openness while preventing AI-enabled misuse of biological capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.