Digital cooperation

Cyber Resilience Act signals a major shift in EU product security

EU regulators are preparing to enforce the Cyber Resilience Act, setting core security requirements for digital products in the European market. The law spans software, hardware, and firmware, establishing shared expectations for secure development and maintenance.

Scope captures apps, embedded systems, and cloud-linked features. Risk classes run from default to critical, directing firms to self-assess or undergo third-party checks. Any product sold beyond December 2027 must align with the regulation.

Obligations apply to manufacturers, importers, distributors, and developers. Duties include secure-by-design practices, documented risk analysis, disclosure procedures, and long-term support. Firms must notify ENISA within 24 hours of active exploitation and provide follow-up reports on a strict timeline.

Compliance requires technical files covering threat assessments, update plans, and software bills of materials. High-risk categories demand third-party evaluation, while lower-risk segments may rely on internal checks. Existing certifications help, but cannot replace CRA-specific conformity work.

Non-compliance risks fines, market restrictions, and reputational damage. Organisations preparing early are urged to classify products, run gap assessments, build structured roadmaps, and align development cycles with CRA guidance. EU authorities plan to provide templates and support as firms transition.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Revision 2 of the WSIS+20 outcome document released

A revised version of the WSIS+20 outcome document – Revision 2 was published on 3 December by the co-facilitators of the intergovernmental process. Below is a section-by-section overview of the main changes compared to the previous version, Revision 1 (rev1).

Introduction

  • A clarification that the participation of governments and other stakeholders in achieving the WSIS goals needs to be not only equitable, but also meaningful.(4)
  • A recognition of the efforts of the UN Technology Banks for the Least Development Countries in strengthening STI capacities of least developed countries. (10) 
  • A new commitment to ‘ catalysing women’s economic agency’. (11)
  • A highlight of the importance of applying a human-centric approach through the lifecycle of digital technologies. (13)

ICT for development

  • Some language was removed in the paragraph about DPGs and DPIs. There is no longer a reference to DPGs doing no harm, empowering individuals to use tech for development, and facilitate digital cooperation and investment. And the sentence about the resilient, safe, inclusive and interoperable DPIs is removed; instead, the paragraph notes that, along with multiple models of DPIs, there are also multiple definitions. (17)

Closing digital divides

  • The title of the section was changed from bridging digital divides to closing them, reflecting the emphasis that was placed on closing divides in rev1. 
  • A new recognition that digital divides pose particular challenges for developing countries. (20)
  • An addition in the paragraph about access for persons with disabilities calling for the integration of accessibility-by-design principles in digital development. (22)
  • An inclusion of North-South, South-South, and triangular cooperation as a  modality to strengthen international cooperation to address financial and other constraints impeding the achievement of digital inclusion. (25)
  • A clarification that the internet and digital services need to become both fully accessible and affordable.(27)
  • Updates regarding key connectivity and access figures. 

The digital economy

  • In the paragraph about the impact of digital technologies on work, a previous reference to governments being concerned about safeguarding employment rights and welfare is now removed. (33)

Social and economic development

  • A recognition of the role of the UN System in e-government development. (35)
  • An inclusion of digital content within the sphere of cultural heritage in the paragraph which urges stakeholders to recognise the importance of preserving such heritage. (38)
  • New language about the need for greater international cooperation to promote digital inclusion and digital literacy, including capacity building and financial mechanisms to ensure progress towards achieving the SDGs. (40)

Environmental impacts

  • In the paragraph in which concern is expressed about the use of critical mineral resources, previous language about such concerns also including equitable access to such resources is now removed. There is new language highlighting the importance of responsible mining and processing practices. (43)
  • A new paragraph now tackles e-waste, bringing back language that appeared in the zero draft, but was removed in rev1. At its core, this paragraph calls on all stakeholders to improve data gathering, facilitate collaboration in safe and efficient waste management, including sharing of technology and best practices. (44)

The enabling environment for digital development

  • A reference to the importance of ensuring that stakeholders are able to play a part in the development and harmonisation of standards is now removed. (47) However, the call to ensure that decision-making, governance and standardisation processes enable full and active participation by all stakeholders (5) is maintained. 
  • The call for UN regional commissions, other regional organisations, and the CSTD to share experiences on the enabling environment and support the development of policy guidance, technical assistance, and capacity building is now expanded to also include WSIS Action Line facilitators.(52)

Building confidence and security in the use of ICTs

  • A clarification that building confidence and security in the use of ICTs should be consistent not with human rights, but with international human rights law. (53)
  • A new paragraph brings back language from the Zero Draft about recognising the need to counter and address all forms of violence occurring or amplified by the use of technology, along with hate speech, discrimination, misinformation and disinformation, cyberbullying, child sexual exploitation and abuse, and outlining a commitment to establish robust risk mitigation and redress measures. (56) (The same language also appears in the Global Digital Compact)

Financial mechanisms

  • The paragraph calling on the UN Secretary-General to consider the establishment of a task force to consider future financial mechanisms for digital development is revised to: clarify that the task force would examine such mechanisms (as opposed to considering them); clarify that the Secretary-General would consider such a task force ‘within existing mandates and resources and in coordination with WSIS action lines facilitators and other relevant UN entities’, and a note that the task force would build on and complement ongoing financing initiatives and mechanisms involving all stakeholders. (66)

Human rights and ethical dimensions of the Information Society

  • New language is introduced calling on business enterprises, including
  • surveillance technology companies and companies responsible for social media platforms, to respect human rights in line with the Guiding Principles on Business and Human Rights. (75) (A call on the private sector to apply the Guiding Principles also appears in another paragraph – 70.)

Artificial intelligence

  • Some changes were made to the paragraph about AI capacity building (84), which now uses exact language from the Global Digital Compact.
  • The request to establish an AI research programme is now addressed to the UN Inter-Agency Working Group on AI (it was addressed to the Secretary-General in previous texts), and there is a clarification that the fellowship would be dedicated to increasing AI research expertise. (85) Similarly, the request to launch an AI capacity building fellowship is now also addressed to the same working group.(86)
  • A reference to the Secretary-General’s Report on financing options for AI capacity building (which was introduced in rev.1) is now removed.(87)

Internet governance

  • Several changes were made to paragraphs about the Internet Governance Forum (IGF):
    • There is a new recognition of the work of the IGF’s Multistakeholder Advisory Group. (98)
    • The paragraph in which member states decide to make the IGF a permanent forum of the UN now includes language about the continuation of the forum;s secretariat being ensured by the UN Department of Economic and Social Affairs, and about the forum having a ‘stable and sustainable basis with appropriate staffing and resources, in accordance with UN budgetary procedures’ (100). This is also reflected in the request for the Secretary-General to now submit a proposal for the General Assembly (during its current 80th session) to ensure sustainable funding for the Forum, combining a mix of core UN funding and voluntary contributions (previous language merely included a request for the Secretary-General to make proposals concerning future funding for the forum). (103) (At the moment, the IGF is funded solely from extra-budgetary sources.)

The development of the WSIS framework

  • Some changes in nuance in the paragraph welcoming the establishment of the Office for Digital and Emerging Technologies (ODET) regarding its role to facilitate (previous language: strengthen) UN system-wide coordination on digital cooperation, working ‘closely’ (added language) with existing mechanisms. (109)

Follow-up and review

  • The language recognising the role of ECOSOC is changed from ‘overseeing the system-wide follow-up of the implementation of WSIS outcomes, including the alignment of WSIS implementation with that of the Global Digital Compact’ to ‘overseeing the system-wide follow-up of the implementation of WSIS outcomes, including the need for avoiding duplication and ensuring coherence of WSIS implementation with that of the GDC’. (123)
  • The report that the Secretary-General is requested to submit on progress in the implementation and follow-up to the WSIS outcomes – and which also incorporated updates on GDC implementation – is now expected on a biennial basis (no longer annual). And there is a clear request for CSTD and ECOSOC to consider the report. (124)

There were no major changes in the section on capacity development, data governance, and monitoring and measurement.



CJEU tightens duties for online marketplaces

EU judges have ruled that online marketplaces must verify advertisers’ identities before publishing personal data. The judgment arose from a Romanian case involving an abusive anonymous advertisement containing sensitive information.

In this Romanian case, the Court found that marketplace operators influence the purposes and means of processing and therefore act as joint controllers. They must identify sensitive data before publication and ensure consent or another lawful basis exists.

Judges also held that anonymous users cannot lawfully publish sensitive personal data without proving the data subject’s explicit agreement. Platforms must refuse publication when identity checks fail or when no valid GDPR ground applies.

Operators must introduce safeguards to prevent unlawful copying of sensitive content across other websites. The Court confirmed that exemptions under E-commerce rules cannot override GDPR accountability duties.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI and automation need human oversight in decision-making

Leaders from academia and industry in Hyderabad, India are stressing that humans must remain central in decision-making as AI and automation expand across society. Collaborative intelligence, combining AI experts, domain specialists and human judgement, is seen as essential for responsible adoption.

Universities are encouraged to treat students as primary stakeholders, adapting curricula to integrate AI responsibly and avoid obsolescence. Competency-based, values-driven learning models are being promoted to prepare students to question, shape and lead through digital transformation.

Experts highlighted that modern communication is co-produced by humans, machines and algorithms. Designing AI to augment human agency rather than replace it ensures a balance between technology and human decision-making across education and industry.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Legal sector urged to plan for cultural change around AI

A digital agency has released new guidance to help legal firms prepare for wider AI adoption. The report urges practitioners to assess cultural readiness before committing to major technology investment.

Sherwen Studios collected views from lawyers who raised ethical worries and practical concerns. Their experiences shaped recommendations intended to ensure AI serves real operational needs across the sector.

The agency argues that firms must invest in oversight, governance and staff capability. Leaders are encouraged to anticipate regulatory change and build multidisciplinary teams that blend legal and technical expertise.

Industry analysts expect AI to reshape client care and compliance frameworks over the coming years. Firms prepared for structural shifts are likely to benefit most from long-term transformation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

ChatGPT users gain Jira and Confluence access through Atlassian’s MCP connector

Atlassian has launched a new connector that lets ChatGPT users access Jira and Confluence data via the Model Context Protocol. The company said the Rovo MCP Connector supports task summarisation, issue creation and workflow automation directly inside ChatGPT.

Atlassian noted rising demand for integrations beyond its initial beta ecosystem. Users in Europe and elsewhere can now draw on Jira and Confluence data without switching interfaces, while partners such as Figma and HubSpot continue to expand the MCP network.

Engineering, marketing and service teams can request summaries, monitor task progress and generate issues from within ChatGPT. Users can also automate multi-step actions, including bulk updates. Jira write-back support enables changes to be pushed directly into project workflows.

Security updates sit alongside the connector release. Atlassian said the Rovo MCP Server uses OAuth authentication and respects existing permissions across Jira and Confluence spaces. Administrators can also enforce an allowlist to control which clients may connect.

Atlassian frames the initiative as part of its long-term focus on open collaboration. The company said the connector reflects demand for tools that unify context, search and automation, positioning the MCP approach as a flexible extension of existing team practices.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

FCA begins live AI testing with UK financial firms

The UK’s Financial Conduct Authority has started a live testing programme for AI with major financial firms. The initiative aims to explore AI’s benefits and risks in retail financial services while ensuring safe and responsible deployment.

Participating firms, including NatWest, Monzo, Santander and Scottish Widows, receive guidance from FCA regulators and technical partner Advai. Use cases being trialled range from debt resolution and financial advice to customer engagement and smarter spending tools.

Insights from the testing will help the FCA shape future regulations and governance frameworks for AI in financial markets. The programme complements the regulator’s Supercharged Sandbox, with a second cohort of firms due to begin testing in April 2026.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AstraZeneca backs Pangaea’s AI platform to scale precision healthcare

Pangaea Data, a health-tech firm specialising in patient-intelligence platforms, announced a strategic, multi-year partnership with AstraZeneca to deploy multimodal artificial intelligence in clinical settings. The goal is to bring AI-driven, data-rich clinical decision-making to scale, improving how patients are identified, diagnosed, treated and connected to therapies or clinical trials.

The collaboration will see AstraZeneca sponsoring the configuration, validation and deployment of Pangaea’s enterprise-grade platform, which merges large-scale clinical, imaging, genomic, pathology and real-world data. It will also leverage generative and predictive AI capabilities from Microsoft and NVIDIA for model training and deployment.

Among the planned applications are supporting point-of-care treatment decisions and identifying patients who are undiagnosed, undertreated or misdiagnosed, across diseases ranging from chronic conditions to cancer.

Pangaea’s CEO said the partnership aims to efficiently connect patients to life-changing therapies and trials in a compliant, financially sustainable way. For AstraZeneca, the effort reflects a broader push to integrate AI-driven precision medicine across its R&D and healthcare delivery pipeline.

From a policy and health-governance standpoint, this alliance is important. It demonstrates how multimodal AI, combining different data types beyond standard medical records, is being viewed not just as a research tool, but as a potentially transformative element of clinical care.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UNESCO launches AI guidelines for courts and tribunals

UNESCO has launched new Guidelines for the Use of AI Systems in Courts and Tribunals to ensure AI strengthens rather than undermines human-led justice. The initiative arrives as courts worldwide face millions of pending cases and limited resources.

In Argentina, AI-assisted legal tools have increased case processing by nearly 300%, while automated transcription in Egypt is improving court efficiency.

Judicial systems are increasingly encountering AI-generated evidence, AI-assisted sentencing, and automated administrative processes. AI misuse can have serious consequences, as seen in the UK High Court where false AI-generated arguments caused delays, extra costs, and fines.

UNESCO’s Guidelines aim to prevent such risks by emphasising human oversight, auditability, and ethical AI use.

The Guidelines outline 15 principles and provide recommendations for judicial organisations and individual judges throughout the AI lifecycle. They also serve as a benchmark for developing national and regional standards.

UNESCO’s Judges’ Initiative, which has trained over 36,000 judicial operators in 160 countries, played a key role in shaping and peer-reviewing the Guidelines.

The official launch will take place at the Athens Roundtable on AI and the Rule of Law in London on 4 December 2025. UNESCO aims for the standards to ensure responsible AI use, improve court efficiency, and uphold public trust in the judiciary.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI model boosts accuracy in ranking harmful genetic variants

Researchers have unveiled a new AI model that ranks genetic variants based on their severity. The approach combines deep evolutionary signals with population data to highlight clinically relevant mutations.

The popEVE system integrates protein-scale models with constraints drawn from major genomic databases. Its combined scoring separates harmful missense variants more accurately than leading diagnostic tools.

Clinical tests showed strong performance in developmental disorder cohorts, where damaging mutations clustered clearly. The model also pinpointed likely causal variants in unsolved cases without parental genomes.

Researchers identified hundreds of credible candidate genes with structural and functional support. Findings suggest that AI could accelerate rare disease diagnoses and inform precision counselling worldwide.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.