Cybersecurity

Australia’s CEDA event to examine AI-generated threats and trust

The Committee for Economic Development of Australia (CEDA) will host an event in Brisbane examining the impact of AI-generated scams, synthetic media and the challenge of maintaining trust in digital environments. The discussion will focus on the economic and reputational risks posed by deepfakes, voice cloning, phishing campaigns and fraudulent online services.

The event, titled ‘The scam economy: How to manage AI-generated threats and build trust’, will examine how businesses can maintain trust with stakeholders when visual, audio, and written material can be generated or manipulated using AI. It will bring together communications, cyber, technology, finance, and policy experts.

The discussion comes ahead of the entry into force of Australia’s Scams Prevention Framework Act 2025 on 1 July. Under the new framework, banks, telecommunications providers and digital platforms will be required to take proactive steps to prevent, detect and respond to scam activity.

CEDA says the event will explore how businesses can manage the economic risks of AI-generated fraud as synthetic media becomes more accessible and harder to identify. The programme will be held at Pullman King George Square in Brisbane.

Why does it matter?

Advances in generative AI are making it easier and cheaper to create convincing fake content, including images, videos, voices and websites. These tools are increasingly being used in fraud schemes that target consumers, businesses and public institutions.

As AI-generated deception becomes more sophisticated, organisations face growing challenges in maintaining trust, verifying authenticity and protecting users from scams. The discussion reflects broader efforts by governments and industry to adapt regulatory and security frameworks to emerging AI-related risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU launches consultation on trusted flagger guidelines under the DSA

The European Commission has launched a public consultation on draft guidelines for trusted flaggers under the Digital Services Act, aiming to establish a clearer and more consistent framework for organisations that identify and report illegal online content.

Trusted flaggers are specialised entities whose notices about illegal content must be prioritised by online platforms under the DSA. Platforms remain responsible for assessing whether the reported content is illegal.

More than 70 trusted flaggers have already been designated across the EU, covering areas such as child sexual abuse material, intellectual property infringements, online fraud, financial scams, and online harassment.

The proposed guidelines clarify the criteria and procedures used by national Digital Services Coordinators to grant trusted flagger status. They also set out technical requirements for trusted flaggers and platforms when processing notices of illegal content.

The draft guidelines include safeguards intended to ensure that trusted flaggers remain independent, objective, and accountable while operating in full respect of freedom of expression. They also include measures to prevent misuse of the mechanism, including public annual transparency reports and procedures to suspend or revoke trusted flagger status.

The Commission is inviting feedback from platforms, trusted flaggers, applicants, researchers, civil society organisations, and other stakeholders until 26 June 2026. Following the consultation, the Commission plans to adopt the final guidelines in the second half of 2026.

Why does it matter?

Trusted flaggers are becoming an important procedural tool in the EU’s online safety framework. Clearer rules could improve the reporting and handling of illegal content while reducing fragmentation across member states. The safeguards are also important because prioritised notices must be balanced with accountability, transparency, and protection of freedom of expression.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Singapore and Japan launch mutual recognition of IoT cybersecurity labels

Singapore and Japan have launched mutual recognition of their cybersecurity labelling schemes for Internet of Things (IoT) under a Memorandum of Cooperation that entered into force on 1 June 2026. The arrangement covers Singapore’s Cybersecurity Labelling Scheme and Japan’s JC-STAR scheme.

The Memorandum of Cooperation was signed by Rahayu Mahzam, Singapore’s Minister of State for Digital Development and Information, and Ino Toshiro, Japan’s State Minister of Economy, Trade and Industry. The Cyber Security Agency of Singapore (CSA) and Japan’s Ministry of Economy, Trade and Industry agreed to recognise cybersecurity labels issued under either scheme.

IoT devices certified under either Japan’s JC-STAR scheme or Singapore’s Cybersecurity Labelling Scheme will be eligible for streamlined recognition in the other market. Covered products include smart home assistants, home automation and alarm systems, and IoT gateways and hubs that connect multiple devices.

Japan is the fifth country to establish such an arrangement with Singapore, following Finland, Germany, South Korea, and the United Kingdom. According to Singapore authorities, the arrangement is expected to support stronger cybersecurity practices for connected devices, reduce certification burdens for manufacturers, and increase consumer confidence in smart technologies.

The CSA launched the Cybersecurity Labelling Scheme in 2020. Since then, it has received applications for more than 1,000 products, including routers, smart lighting, and smart cameras.

Why does it matter?

Connected devices are increasingly used in homes, businesses, and critical services, making cybersecurity a growing concern for governments and consumers. Cybersecurity labelling schemes are designed to help buyers identify products that meet recognised security requirements while encouraging manufacturers to improve security practices.

By recognising each other’s certification schemes, Singapore and Japan are reducing regulatory barriers and promoting greater interoperability in cybersecurity standards. The agreement also reflects broader international efforts to strengthen trust and security in the rapidly expanding IoT ecosystem.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

G7 agrees on the first common principles on protecting children online

G7 digital ministers have agreed a shared set of principles for protecting children and young people from online harm for the first time, marking the first coordinated approach adopted by the group on the issue. The agreement, reached during talks in Paris, sets shared principles for addressing risks linked to harmful content, exploitation and the use of AI chatbots.

The principles call for stronger digital literacy, robust online safety practices by digital service providers and safety measures built into digital services from the start. The agreement also sets expectations for effective age assurance and closer cooperation between providers, children, parents and guardians.

Ministers also called for improved access to data and research on how digital services affect children’s well-being, including greater cooperation among platforms, researchers and families. UK Science and Technology Secretary Liz Kendall said: ‘The agreements we have reached today are an important step on that journey: outlining a shared approach to protecting our children, backing our small businesses to adopt AI, and ensuring AI is developed safely and responsibly.’

The G7 also reaffirmed its commitment to promoting trustworthy AI while continuing discussions on assessing and managing AI-related risks. Under France’s presidency, members agreed to continue discussions on a mutual understanding of AI risk assessment frameworks, including in relation to cyberattacks and chemical and biological capabilities.

Ministers also backed support for small and medium-sized enterprises to adopt AI through a tool developed with the Organisation for Economic Co-operation and Development (OECD). G7 members also agreed a Vision on AI Openness and committed to further work on AI-generated content detection, secure AI systems, trusted data flows, and resource-efficient digital and AI infrastructure.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Finland proposes rules for EU Cyber Resilience Act

The Finnish Government has proposed the approval of national provisions supplementing the EU Cyber Resilience Act, which sets cybersecurity requirements for products with digital elements.

The legislation will enter into force on 1 June 2026, with phased application aligned with the Cyber Resilience Act’s transitional periods during 2026 and 2027. The aim is to improve the cybersecurity of connected devices and software placed on the EU market.

The Cyber Resilience Act will be supplemented in Finland by a new national act on the cyber resilience of certain products and cybersecurity certification. The act covers supervision of product-related obligations, notification of conformity assessment bodies under the Cyber Resilience Act, administrative sanctions, and national provisions linked to the EU cybersecurity certification.

Market surveillance under the Cyber Resilience Act, along with the designation and supervision of notified bodies, will be assigned to the Finnish Transport and Communications Agency, Traficom. Market surveillance of high-risk AI systems will be carried out by the authorities responsible for supervising compliance with the AI Act, depending on the sector.

Conformity assessment bodies will be able to apply to Traficom from 11 June 2026 to be notified for assessment tasks under the Cyber Resilience Act. Bodies notified by Finland will be able to carry out conformity assessments across the EU member states within their area of competence.

Finland will also add a new chapter to the Act on Electronic Communications Services concerning the collection and disclosure of domain name registration data under the NIS2 Directive. The obligations will extend beyond .fi and .ax domains where the registrar or top-level domain registry is located in Finland, after a three-month transitional period.

The Government said the domain name provisions will complement Finland’s national implementation of NIS2 and improve the availability of registration data, making it easier to tackle illegal activity online.

Why does it matter?

Finland’s legislation shows how EU cybersecurity rules are being translated into national enforcement structures. The Cyber Resilience Act sets product security obligations at the EU level, but member states still need national provisions for supervision, notified bodies, sanctions, and certification. The added NIS2 domain registration rules also show how cybersecurity implementation is expanding beyond products into online infrastructure and data availability for enforcement.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

GCHQ outlines AI-driven cyber defence programme for protecting critical infrastructure

The UK’s signals intelligence agency GCHQ has announced plans to develop an AI-powered national cyber defence capability that would use autonomous software agents to identify and respond to cyber threats at machine speed. Speaking publicly, GCHQ director Anne Keast-Butler described the initiative as a ‘blueprint for a new national cyber defence capability’ to be operational within five years.

The programme would apply agentic AI to monitor and protect critical sectors including energy, water, healthcare, transport, and financial services. According to Keast-Butler, advances in AI are accelerating the discovery of software vulnerabilities, increasing pressure on defenders to identify and mitigate risks more quickly.

UK Security Minister Dan Jarvis had previously outlined the national cyber shield concept in April, noting that protecting critical infrastructure in an AI-enabled environment would require approaches beyond standard commercial security products. The Cabinet Office has since approached AI companies to contribute to the development of these capabilities.

GCHQ is separately integrating AI into its intelligence analysis workflows, including language translation and large-scale data processing.

Alongside the cyber defence announcement, Keast-Butler addressed two further technical priorities. On quantum computing, she noted that post-quantum encryption is now an active planning requirement rather than a future consideration, pointing to National Cyber Security Centre guidance on transitioning to quantum-resistant algorithms. On space, she observed that the volume of orbital infrastructure has grown substantially — over 10,000 new objects launched in three years — with GCHQ working to secure space-based systems that underpin data transmission globally.

GCHQ’s Mathematics directorate is developing new cryptographic methods suited to the post-quantum environment, building on the agency’s role in pioneering public-key cryptography in the 1970s.

Taken together, the announcements sketch a broader shift in how GCHQ positions its role. The announcements suggest a broader role for GCHQ, combining intelligence, cybersecurity, cryptography and infrastructure protection as part of the UK’s wider digital resilience strategy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Germany approves draft law expanding cyber defense powers for federal authorities

Germany’s federal cabinet has approved draft legislation that would expand cyber defence capabilities for three federal agencies, the Federal Office for Information Security (BSI), the Federal Criminal Police Office (BKA), and the Federal Police (Bundespolizei), as part of a broader effort to strenghten the country’s response to cyber threats.

Under the proposal, authorities would be able to block or disrupt software and server infrastructure used in cyberattacks, including systems located outside Germany. The BSI would also receive expanded authority to collect, store, and analyse data to detect activities indicative of attack preparation. Telecommunications providers and major digital platforms would be required to relay BSI warnings about identified threats directly to users.

The government describes the measures as ‘active cyber defence,’ arguing that they are intended to stop or disrupt ongoing attacks rather than conduct retaliatory cyber operations. Current practice involves redirecting attacks to isolated network areas; the new framework would instead authorize direct action against attacker-controlled systems.

According to the Federal Situation Report on Cybercrime 2025, presented by Federal Interior Minister Alexander Dobrindt and the Vice President of the Federal Criminal Police Office, Martina Link, Germany is among Europe’s most frequently targeted countries for cyberattacks.

Federal authorities in Germany have documented sustained campaigns against industrial companies, small and medium-sized enterprises, research institutions, government bodies, and political parties, with a portion attributed to state-affiliated actors.

The draft will now proceed to parliamentary debate. It requires a legislative vote before entering into force.

Why does it matter?

The proposal reflects a broader shift among governments toward more proactive cybersecurity strategies as cyberattacks become increasingly frequent and sophisticated. Rather than focusing solely on defending networks, authorities are seeking legal powers to disrupt malicious infrastructure before attacks cause significant harm.

The legislation also raises important questions about the scope of state cyber powers, oversight mechanisms, and the legal implications of taking action against infrastructure located outside national borders. If adopted, it would mark one of Germany’s most significant cybersecurity policy changes in recent years.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

NATO formalises cyber partnerships with Microsoft, Palo Alto Networks and ESET

NATO has announced strategic partnerships with Microsoft, Palo Alto Networks and ESET during the International Conference on Cyber Conflict (CyCon) in Tallinn, Estonia. The non-commercial agreements are intended to facilitate information sharing, the exchange of best practices and coordination on cyber incidents of mutual concern.

The partnerships follow a commitment made at the 2023 NATO Summit in Vilnius, where member states agreed to expand structured cooperation with private-sector cyber companies. Speaking at CyCon, NATO Assistant Secretary General for Cyber and Digital Transformation Jean Charles Ellermann-Kingombe said effective cyber defence depends on both technical capabilities and shared norms, particularly as attacks on critical infrastructure become more frequent and cyber threats evolve.

The three companies bring distinct capabilities: Microsoft operates one of the largest threat intelligence networks globally; Palo Alto Networks specialises in enterprise network and cloud security; and ESET is one of the major providers of endpoint protection with significant presence in Central and Eastern Europe.

The 2026 CyCon edition, themed ‘Securing Tomorrow,’ runs 26–29 May and convenes approximately 800 participants — including policymakers, technical experts, academics, and industry representatives — from 48 countries. The conference is organised annually by NATO’s Cooperative Cyber Defence Centre of Excellence, based in Tallinn.

Why does it matter?

Governments increasingly rely on cooperation with private-sector cybersecurity companies to identify threats, protect critical infrastructure and respond to cyber incidents. The partnership reflects NATO’s recognition that much of the expertise, threat intelligence and digital infrastructure relevant to cyber defence is operated by industry.

The agreements also signal a broader effort by the alliance to strengthen cyber resilience and improve coordination as cyber threats become more sophisticated and increasingly target both civilian and military systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

ENISA identifies risk zone sectors in EU cybersecurity assessment

The European Union Agency for Cybersecurity has released its 2026 NIS360 report, assessing the cybersecurity maturity and criticality of high-criticality sectors under the NIS2 Directive.

The report says cybersecurity maturity across the EU critical sectors has steadily improved as organisations respond to evolving policy requirements and cyber threats. Banking, electricity, and telecommunications remain among the most mature and critical sectors, while trust services, aviation, and financial market infrastructures have moved into the high maturity band.

Gas, road, maritime, and health strengthened their maturity within the moderate band, although ENISA says progress remains uneven across and within sectors. Factors behind the differences include skills shortages, sector-specific characteristics, and organisational size.

The report identifies a ‘risk zone’ covering sectors with lower-than-average maturity and criticality that exceeds their maturity. ENISA lists health, railway, maritime, ICT management services, space, public administrations, and drinking and wastewater as risk-zone sectors, while gas has started moving out of the category.

ENISA says improvements have been driven by cybersecurity legislation, increased political attention, information sharing, collaboration, and operational preparedness. Regulation, including the NIS2 Directive and the Digital Operational Resilience Act, has helped increase investment and encouraged organisations to address vulnerability management, business continuity, disaster recovery, and supply-chain risk.

The report also points to AI, supply-chain and third-party exposure, and geopolitical volatility as major dynamics shaping the cybersecurity environment. ENISA says AI can improve threat detection and response, but can also support more convincing social engineering, shorter exploitation timelines, and broader access to offensive capabilities.

Why does it matter?

The NIS360 report gives the EU policymakers a comparative view of where cybersecurity maturity is improving and where critical sectors remain underprepared. The risk-zone concept is especially useful because it identifies sectors whose importance to society and the economy exceeds their current level of cyber readiness. That makes the report relevant for NIS2 implementation, national supervision, investment priorities, and resilience planning across sectors such as health, public administration, transport, space, and water.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australian privacy concerns rise as trust in AI companies falls

The Office of the Australian Information Commissioner has released a major survey showing that privacy concerns are rising across Australia, while public trust in AI companies and social media remains extremely low.

The Australian Community Attitudes to Privacy Survey, conducted every three years, found that 87% of respondents are more concerned about privacy than they were five years ago. The survey examines Australians’ privacy attitudes and experiences, including how recent events have shaped public expectations.

Trust was especially low for emerging and data-intensive sectors. Only 4% of respondents said they trusted AI companies, while 3% said the same for social media. Trust also declined across the insurance, telecommunications, technology, retail, and real estate sectors, while remaining highest for health service providers and Australian Government agencies.

Launching the report at the Data Privacy & Consumer Protection Summit 2026, Australian Privacy Commissioner Carly Kind said Australians’ expectations about privacy continue to sharpen as the information ecosystem becomes more complex, data-intensive, and difficult to navigate.

The OAIC said privacy complaints have increased by 73% year to date. Kind said trust is uneven across sectors and that wariness of emerging technologies is increasing, particularly around fairness, accountability, and the practical ability to exercise rights.

The survey also found that 68% of Australians would be more likely to use digital services requiring personal information if they knew their data was handled fairly and responsibly. Another 92% said data collection could be acceptable under certain conditions, including a clear purpose, consent or opt-in, limited collection, and the ability to opt out of non-essential data collection.

Kind said Australians want greater transparency in understanding their privacy rights and how their information is used, adding that improving transparency would help safeguard a healthy, informed, and vibrant democracy.

Why does it matter?

The survey shows that trust is becoming a central barrier to digital adoption, especially for AI and social media services. While Australians are willing to share data under fair and transparent conditions, the very low levels of trust in AI companies suggest that privacy, accountability, and explainability will be critical for public acceptance of emerging technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.