Sustainable development

IAPP updates US state breach notification resource as legal differences persist

The International Association of Privacy Professionals (IAPP) has updated its US State Breach Notification Chart, a resource that summarises state breach notification laws across the United States. In an analysis published on 26 March, the IAPP says the revised chart highlights both nationwide coverage and continuing variation in how states define personal information, apply harm thresholds, and trigger reporting duties.

According to the IAPP, all 50 states, the District of Columbia, Guam, Puerto Rico, and the US Virgin Islands now have breach notification laws. California enacted the first state law in 2002, which took effect in 2003, while Alabama was the last state to adopt such a law in 2018. The IAPP says the result is a de facto nationwide framework, but one marked by significant differences across jurisdictions.

A central point in the analysis is that breach notification laws generally use a narrower definition of personal information than more recent comprehensive privacy laws. The IAPP says the original purpose of breach notification was to alert people to the risks of identity theft and financial fraud after a data breach, so laws tend to focus on identifiers such as names combined with Social Security numbers, driver’s licence details, or financial account credentials.

The article contrasts narrower statutes with broader ones. Hawaii’s law is described as among the narrowest, while Illinois and California are presented as having broader definitions that can extend to medical information, health insurance details, biometric data, genetic data, and, in California’s case, some automated licence plate recognition data.

Even so, the IAPP says many state breach laws still do not cover large categories of digital information, such as browsing history, cookie data, IP addresses, cell phone numbers, purchasing records, or complete financial transaction histories where account credentials were not compromised.

Exemptions and scope also vary. The IAPP says most breach notification laws apply broadly to businesses and often to nonprofit organisations, while privacy laws tend to contain more exclusions. The article notes that some states cover state and local government entities directly, while California has a separate breach notification law for governmental bodies. The IAPP also says its chart is focused on laws applicable to the private sector.

Encryption safe harbours appear across the state laws, according to the analysis, with some states also recognising redaction or other protections that render data unreadable or unusable. Attorney general notification requirements also differ. The IAPP says 34 state laws require notice to the state attorney general once certain thresholds are met, with thresholds ranging from 250 affected residents in North Dakota and Oregon to 1,000 in many other states, while some states, such as Connecticut and New York, require notice regardless of the number affected.

Harm thresholds are another area of divergence. The IAPP says about 30 state laws include a harm standard, meaning notice may not be required unless the breach caused, or is likely to cause, harm to affected individuals.

The article describes substantial differences in wording across states, with some referring to ‘reasonable likelihood’ of harm, others to ‘material risk,’ ‘substantial economic loss,’ or misuse of the data, while some states, including California, Georgia, Illinois, Massachusetts, Minnesota, North Dakota, and Texas, require no harm showing at all.

The practical effect, the IAPP argues, is that organisations holding data on residents of multiple states face a complex compliance problem. A data element that triggers notice in one state may not do so in another, and the article says reconciling the different harm standards is effectively impossible. The analysis notes that some organisations may decide to notify if there is doubt, while others may choose to notify only where clearly required.

The IAPP concludes that the absence of a preemptive federal breach notification law leaves entities to navigate overlapping but inconsistent state rules. Its updated chart is presented as a tool to help practitioners track those differences and build awareness of how US state breach notification laws continue to evolve.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

National security rules to prioritise UK contracts in AI, steel and shipbuilding

The UK government has announced new procurement guidance that will treat shipbuilding, steel, AI, and energy infrastructure as critical to national security, with departments directed to prioritise British businesses where necessary to protect national security. The press release was published on 26 March by the Cabinet Office and its Minister, Chris Ward.

According to the government, the new approach is intended to respond to recent supply-chain fragility and strengthen domestic capacity in sectors it describes as vital to national security. The guidance is presented as the first clear framework for how departments can protect the UK’s economic security and build resilience in the four named sectors.

Additional measures in the package go beyond sector prioritisation. The government says departments will either use British steel or provide a justification if steel is sourced from overseas, linking the change to the UK Steel Strategy launched the previous week. Officials also say the reforms support the government’s Modern Industrial Strategy and follow the publication of the National Security Strategy.

Procurement reform is another part of the package. Under a new Public Interest Test, departments will be asked to assess whether outsourced service contracts worth more than £1 million could be delivered more effectively in-house. The government says the test will cover more than 95% of central government contracts by value.

Community impact is also being built into the contracting framework. Departments will be required to publish and report annually on a specific social value goal for contracts above £5 million, which the government says will cover more than 90% of central government contracts by value. Companies bidding for public contracts are also being encouraged to include commitments on local jobs, skills, and apprenticeships.

The press release also says a new suite of AI tools has been developed to streamline the commercial process. Contract terms will be simplified, and additional business information will be integrated into a central platform, with the stated aim of reducing repeated submissions by smaller businesses bidding for multiple contracts.

Chris Ward said: ‘This Government is backing British businesses and the working people who power them. These reforms are about using the full weight of Government spending to support British jobs, protect our national security and grow our economy.’ He added: ‘Whether you make steel in Scunthorpe, build ships on the Clyde or run a small tech firm in the Midlands, this Government is on your side.’

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

India AI governance faces court, privacy and cyber pressures

An opinion article published by the International Association of Privacy Professionals says India’s data protection and AI governance environment is facing growing pressure as compliance work around the Digital Personal Data Protection Act (DPDPA) unfolds, court challenges continue, and regulators widen oversight into new sectors. The piece, published on 26 March, is labelled as an opinion article and includes an editor’s note stating that the IAPP is policy neutral and publishes contributed opinion pieces to reflect a broad spectrum of views.

The article says several legal and regulatory developments are unfolding simultaneously. One example cited is a public interest litigation filed before India’s Supreme Court by journalist Geeta Seshu and the Software Freedom Law Centre, India, challenging parts of the DPDPA on constitutional and rights-related grounds. According to the piece, the Supreme Court later issued a notice to the Government of India on 12 March.

Concerns outlined in the article include the absence of journalistic exemptions, the lack of compensation for data breach victims when penalties are imposed to the government, broad state powers to exempt departments from the law, and questions about the independence of the Data Protection Board given the government’s control over appointments. The article notes that similar petitions had already been filed, but says this was the first time the court issued notice to the government.

The article also turns to proceedings before the Kerala High Court involving privacy concerns about biometric and personal data collected through Digi Yatra, a not-for-profit foundation that operates airport passenger-processing infrastructure in India. According to the piece, a public interest litigation filed by C R Neelakandan asked for a temporary restraint on the sharing of collected personal data and its commercial use without proper authorisation.

The article says the Kerala High Court issued notice to the Digi Yatra Foundation and sought clarification from the government on whether the Data Protection Board had been established to oversee such matters.

Alongside the litigation, the opinion piece points to government efforts to show legal preparedness for AI-related risks. It says Electronics and Information Technology Minister Ashwini Vaishnaw outlined existing safeguards during the ongoing parliamentary session, referring to the Information Technology Act, the DPDPA, and subordinate rules, along with published guidelines on AI governance, toy safety, harmful content, awareness-building measures, and cyber safety.

Cybersecurity developments also feature in the article. It says the Indian Computer Emergency Response Team, working with the SatCom Industry Association, issued guidelines on 26 February for space, including satellite communications. According to the piece, the framework is intended to strengthen resilience in India’s space ecosystem.

It applies to covered entities, including government agencies, satellite service providers, ground station operators, terminal equipment vendors, and private space entities. Incident reporting within six hours and annual audits are among the measures described.

A further section of the article draws on Thales’ 2026 Data Threat Report. The piece says 64% of surveyed organisations in India identified AI-driven transformation as their biggest security risk, while 55% said they had to deal with reputational damage caused by AI-generated misinformation. It also says 65% reported deepfake-driven attacks, 35% had a complete view of their data, and 36% could fully classify their data.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Meta unveils TRIBE v2 brain modelling AI

TRIBE v2 is a next-generation AI model introduced by Meta, designed to simulate how the human brain responds to complex stimuli such as images, sounds and language. The system functions as a digital twin of neural activity, enabling high-speed and high-resolution predictions of brain responses.

Built on data from over 700 volunteers, TRIBE v2 analyses fMRI recordings to predict brain responses to media such as videos, podcasts, and text. The model improves significantly on previous approaches, offering higher accuracy and the ability to generalise across new subjects, tasks, and languages.

Meta says the system could enable brain studies without human participants in every experiment, potentially accelerating research into neurological conditions. The approach may also support future AI development by incorporating principles derived from neuroscience.

Alongside the launch, Meta has released a research paper, model code, and interactive demo under a non-commercial licence to encourage wider exploration and collaboration in neuroscience and AI research.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Mistral AI launches open-source voice model for enterprises

Mistral AI has introduced a new open-source text-to-speech model designed to power voice assistants and enterprise applications, rather than relying on proprietary solutions.

The model, named Voxtral TTS, marks the company’s entry into the competitive voice AI market alongside players such as OpenAI and ElevenLabs.

Voxtral TTS supports nine languages, including English, French, German, Spanish, and Arabic, allowing organisations to deploy multilingual voice systems across different markets.

The Mistral AI model is designed to operate efficiently on devices such as smartphones, laptops, and even wearables, reducing infrastructure costs rather than relying on large-scale cloud systems.

It can replicate custom voices using only a few seconds of audio, capturing accents and speech patterns while maintaining consistency across languages.

The system is optimised for real-time performance, delivering rapid response times and enabling applications such as live translation, dubbing, and customer engagement tools.

Built on a compact architecture, it balances efficiency with high-quality output, aiming to produce natural-sounding speech instead of robotic voice synthesis. Earlier releases of transcription models suggest a broader strategy to develop a full suite of voice technologies.

Looking ahead, Mistral AI plans to expand towards end-to-end multimodal systems capable of handling audio, text, and image inputs within a single platform.

The company’s focus on open-source development and customisation is intended to attract enterprises seeking flexible solutions, positioning its technology as an alternative to closed ecosystems in the growing voice AI market.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Search Live in Google expands to over 200 countries

Google has expanded its Search Live feature globally, making it available in more than 200 countries and territories where AI Mode is supported. The tool enables users to interact with Search through real-time voice and camera-based conversations.

The upgrade is powered by Gemini 3.1 Flash Live, a new audio and voice model designed to deliver more natural and intuitive interactions. The model supports multiple languages, enabling users to communicate with Search in their preferred language across regions.

Search Live is designed for situations where typing is inconvenient, allowing users to ask questions aloud and receive audio responses within the Google app. Follow-up queries can be made instantly, with results supplemented by relevant web links.

Camera integration through Google Lens adds visual context, enabling Search to interpret real-world objects and provide step-by-step guidance or suggestions. The rollout is part of Google’s broader effort to make search more interactive, accessible, and useful in everyday tasks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

HP reveals advanced AI devices and workflow tools at Imagine 2026

HP has announced a broad set of AI-focused products and workplace tools at HP Imagine 2026, presenting the update as part of a wider effort to simplify work across PCs, collaboration devices, security systems, and workflow platforms.

In a press release published on 24 March, HP said the new portfolio includes AI PCs, collaboration tools, workstations, printers, and software intended for hybrid work and on-device AI use.

HP says the update includes a new intelligence layer called HP IQ, which it describes as a system designed to orchestrate work across AI PCs, workplace devices, and meeting spaces through local AI and proximity-based connectivity.

The company also announced new EliteBook devices, workstation updates, and workflow automation changes through its Workforce Experience Platform and Build Workspace capabilities.

Several sections of the release focus on on-device AI. According to the company, HP IQ will debut on the next generation of EliteBook X G2 AI PCs and will support features such as prompt-based assistance, document analysis, note organisation, and meeting support.

The release also says NearSense is intended to help devices discover, connect, and collaborate, including through file sharing and one-click joining of conference room meetings.

Security is another central theme in the release. HP says it has introduced what it describes as the world’s first hardware solution to stop physical TPM bypass attacks, using a cryptographically bound link between the TPM and CPU.

The company also said it is expanding capabilities in HP Wolf Security and introducing HP Wolf Pro Security Next Gen Antivirus, as well as physical intrusion detection designed to protect memory if a device chassis is opened.

The announcement also includes new printers and document tools. HP says the LaserJet Pro 4000 and 4100 series, and the LaserJet Enterprise 5000 and 6000 series, are intended to support AI-powered document processing and quantum-resistant security. The release also highlights scanning shortcuts, editable OCR, reduced management time, and a design intended to improve serviceability.

For higher-performance users, the company says it is launching a new generation of Z workstations and mobile workstations. The release refers to systems such as the Z8 Fury, Max Side Panel for Z8 Fury and Z4 workstations, and updated mobile workstation models. Advanced AI development, visual effects, and simulation workloads are among the uses cited in the announcement.

Beyond enterprise work, the release also extends the same AI and device strategy into gaming. New HyperX and OMEN products are part of the announcement, including desktops, a gaming and modular ecosystem, and expanded AI game support through OMEN Gaming Hub and OMEN AI.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UNESCO advances regional AI in education observatory

A UNESCO-led public–private initiative is advancing the establishment of a Regional AI in Education Observatory for Latin America and the Caribbean. The project aims to strengthen education systems through the ethical and inclusive application of AI technologies.

A roundtable held at UNESCO Headquarters in Paris brought together more than 50 stakeholders from government, academia, industry, and civil society. Participants included universities, development banks, and research institutions providing technical expertise and regional knowledge.

The observatory will act as a shared regional infrastructure supporting evidence-based policy, teacher training, and capacity development. Focus areas include tackling foundational learning challenges in reading and mathematics while ensuring responsible AI integration in classrooms.

The initiative will be officially launched on 14 April 2026 at ECLAC headquarters in Santiago, Chile. Organisers emphasise the need for regional cooperation to guide AI adoption in education, promoting equity, innovation, and long-term learning improvements.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Oracle expands Oracle AI Database with new agentic AI tools

Oracle has announced new agentic AI capabilities for Oracle AI Database, presenting them as tools for building, deploying, and scaling production-grade AI applications that work with business data across operational databases and analytic lakehouses. The company says the new features are available across multicloud and on-premises environments.

According to Oracle, the announcement concerning Oracle AI Database centres on bringing AI and data together within the database so that agents can securely access real-time enterprise data where it resides. Oracle also says customers can choose AI models, agentic frameworks, open data formats, and deployment platforms, while Oracle Exadata users can use Exadata Powered AI Search for high-volume, multi-step agentic workloads.

Oracle’s new product set includes Oracle Autonomous AI Vector Database, which the company says is intended to simplify vector-based application development while preserving the broader database features of Oracle AI Database. Oracle says the service is available in limited capacity through the Oracle Cloud free tier or a low-cost developer tier, with one-click upgrade to full capabilities as requirements expand.

The company also introduced the Oracle AI Database Private Agent Factory, described as a no-code agent builder that can run in public clouds or on-premises without requiring customers to share data with third parties. Oracle says the service includes pre-built agents such as a Database Knowledge Agent, a Structured Data Analysis Agent, and a Deep Data Research Agent. Oracle Unified Memory Core was also announced as a way to store context for AI agents across vector, JSON, graph, relational, text, spatial, and columnar data, all in a single engine with consistent transactions and security.

A separate part of the announcement focuses on what Oracle describes as AI data risk reduction. Oracle says Deep Data Security applies end-user-specific access rules within the database, so that each user or AI agent acting on a user’s behalf can only see the data the user is allowed to access.

Besides the Oracle AI Database, Oracle also announced Private AI Services Container for customers that want to run private model instances without sharing data with third-party AI providers, including in air-gapped environments. Trusted Answer Search was presented as a method for providing answers based on previously created reports rather than relying directly on large language model responses.

Open standards and interoperability form another part of Oracle’s pitch. Oracle says Vectors on Ice adds native support for vector data stored in Apache Iceberg tables, enabling unified search across database and data-lake content. Oracle also announced an Autonomous AI Database MCP Server to allow external AI agents and MCP clients to access Autonomous AI Database capabilities without custom integration code or manual security administration.

Juan Loaiza, executive vice president of Oracle Database Technologies, said: ‘The next wave of enterprise AI will be defined by customers’ ability to use AI in business-critical production systems to safely deliver breakthrough innovations, insights, and productivity.’ He added: ‘With Oracle AI Database, customers don’t just store data, they activate it for AI. By architecting AI and data together, we help customers quickly build and manage agentic AI applications that can securely query and act on real-enterprise data with stock exchange-level robustness in every leading cloud and on-premises.’

Steven Dickens, CEO and principal analyst at HyperFRAME Research, said: ‘In the era of agentic AI, a unified memory core is essential for agents to maintain context across diverse data types, such as vector, JSON, graph, columnar, spatial, text, and relational, without the latency or staleness of external syncing.’

Dickens added: ‘Only Oracle AI Database delivers this in a single, mission-critical engine with concurrent transactional and analytical processing, high availability, and ironclad security, enabling real-time reasoning over live business data. Organisations without this foundation will struggle with fragmented, unreliable agents, while those leveraging Oracle gain a decisive edge in scalable AI deployment.’

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.