Digital identities Archives | Digital Watch Observatory

Greece approves major digital governance and interoperability reforms

The Greek Parliament has approved a bill from the Ministry of Digital Governance and Artificial Intelligence to expand digital public services, reduce bureaucracy, and strengthen cybersecurity.

The legislation implements the EU rules on the cross-border automated exchange of supporting documents through the once-only principle, allowing citizens and businesses to avoid repeatedly submitting the same documents to public authorities across the EU.

Greece’s new framework establishes technical and operational measures enabling public authorities to retrieve official documents securely and automatically, with the user’s consent. The system will operate through the European interoperability infrastructure and in line with the EU data protection requirements.

The General Secretariat for Information Systems and Digital Governance will oversee technical coordination and implementation.

Beyond cross-border services, the legislation introduces several domestic digital initiatives. These include a Defective Vehicle Recall Registry to notify vehicle owners about critical safety issues, upgrades to the MyStreet application with electric vehicle charging points and emergency gathering locations, and a customer relationship management platform on gov.gr that will allow citizens to track public service requests through a single interface.

The bill also includes measures to accelerate the launch of more than 800 new public-sector interoperability services and strengthen protections against online fraud. A National Malicious Website Blocking List will be established through Greece’s National Cybersecurity Authority to support faster blocking of phishing websites, scam portals, and malicious online services.

Why does it matter?

The legislation shows how EU interoperability rules are being translated into national digital government reforms. Greece is combining the once-only principle for cross-border public services with domestic service integration, citizen-facing digital tools, and cybersecurity measures against online fraud. The result is a broader shift towards public administration built around automated document exchange, consent-based data retrieval, and shared digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft expands protections against AI-generated intimate imagery

Microsoft has announced new measures aimed at combating non-consensual intimate imagery (NCII), including both authentic and AI-generated content. The company says the changes are designed to make reporting easier for victims, improve detection of harmful content, and strengthen enforcement across Microsoft services.

The initiative comes as the US’s new Take It Down Act enters into force, creating additional legal protections against the distribution of intimate images without consent. Microsoft said both synthetic and authentic NCII can cause significant harm and should be addressed through a unified response.

As part of the update, Microsoft has introduced a redesigned reporting process that allows users to report both real and AI-generated intimate imagery through a simplified global reporting system. The company has also expanded its use of StopNCII.org technology, which creates privacy-preserving digital fingerprints of images to help identify and remove known abusive content across platforms.

Microsoft is further extending the use of validated StopNCII.org hashes across consumer services, including Teams Free, OneDrive and Xbox. The company says it will combine automated detection systems with human review processes while maintaining appeal mechanisms for users affected by moderation decisions.

The company also highlighted broader cooperation with governments, regulators and civil society groups. Microsoft expressed support for the US Take It Down Act, welcomed European efforts targeting AI-powered ‘nudification’ applications, and pointed to upcoming UK Online Safety Act requirements addressing illegal intimate imagery harms.

Why does it matter?

Advances in generative AI have made it easier to create realistic synthetic images, prompting governments and technology companies to strengthen measures against image-based abuse. The announcement reflects a broader trend toward treating AI-generated intimate imagery and authentic non-consensual content under similar safety, moderation and legal frameworks.

The move also highlights growing cooperation between technology companies, regulators and civil society organisations as policymakers develop new approaches to addressing AI-enabled harms online.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Papua New Guinea advances digital ID law

Papua New Guinea’s Ministry of Information and Communications Technology has begun drafting instructions and a proposed bill for digital identity and verifiable credentials legislation following the endorsement of the National Digital ID Policy.

ICT Minister Peter Tsiamalili Jr said the process marks a step towards a legal framework that will allow citizens to identify themselves securely and access trusted digital services.

The proposed legislation will support the national rollout of SevisPass, SevisWallet, SevisDEx, and other approved verifiable credentials. SevisWallet will allow citizens to register, hold, and present trusted digital credentials, while SevisDEx will enable secure, consent-based data exchange.

Tsiamalili said the government is moving from policy to implementation. He said SevisPass will verify identity, SevisWallet will hold and present trusted credentials, and SevisDEx will support secure data exchange based on user consent.

The minister urged banks, financial institutions, mobile network operators, telecommunications providers, government agencies, education institutions, and professional bodies to work with NICTA and the Department of ICT to complete technical, regulatory, and operational readiness by the end of July 2026.

The readiness process is intended to support electronic know-your-customer checks, SIM registration, secure onboarding, financial inclusion, and digital verification of credentials such as driver’s licences, police clearances, student and teacher IDs, education certificates, tax identification numbers, and superannuation records.

The ministry said relevant agencies, issuers, verifiers, and relying partners should align their systems and compliance pathways to support the rollout by July 2026.

Why does it matter?

Papua New Guinea’s move shows how digital identity systems are becoming foundational infrastructure for public services, financial inclusion, telecoms compliance, education records, and private-sector verification. By linking SevisPass, SevisWallet, and SevisDEx to verifiable credentials and consent-based data exchange, the planned law could shape how identity, trust, and interoperability are built into the country’s digital economy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European digital identity wallets and digital sovereignty discussed at EuroDIG 2026

Participants at EuroDIG 2026 discussed whether the European Digital Identity Wallet (EUDI Wallet) and the proposed EU business wallet could become foundational infrastructure for a more integrated European digital single market.

The session focused on reducing fragmentation in digital identity, trust, and cross-border administrative procedures across Europe. Speakers broadly supported the wallets as tools for simplification and interoperability, while also raising concerns about adoption, implementation, and Europe’s dependence on non-European digital infrastructure.

Nathan Meurens, CTO of EURid, framed the discussion around a central challenge for European integration: despite advances in the single market, digital trust and identity systems remain fragmented across member states.

Norbert Sagstetter, Head of Unit for Digital Identity and Trust at the European Commission, outlined the timeline and objectives of the updated European Digital Identity Framework. He said all EU member states will be required to offer a voluntary European Digital Identity Wallet by the end of 2026 under common technical and legal standards.

According to Sagstetter, the wallet is designed to allow citizens to identify themselves digitally, sign documents, and share verified attributes and official records under user control across both public and private services.

He described the wallet as a response to the growing role of private technology platforms in digital identity management. The framework, he said, aims to provide a citizen-controlled alternative governed by European law and supervised by public authorities.

Sagstetter also highlighted the concept of ‘electronic attestation of attributes,’ which could include digital versions of documents such as driving licences, educational credentials, certificates, and potentially health-related records.

The discussion also focused heavily on the proposed EU business wallet, which remains under negotiation.

Sagstetter argued that companies across Europe still face fragmented identification systems and inconsistent administrative procedures, particularly in cross-border interactions. The business wallet, he said, is intended to enable legally effective exchange of documents and interoperable communication between companies and public administrations.

Benjamin Knirsch of SMEunited said small and medium-sized enterprises continue to face duplicated reporting obligations, fragmented platforms, and repeated verification procedures across Europe. He argued that reusable verified company information and implementation of the once-only principle could significantly reduce administrative burdens for SMEs.

However, Knirsch warned that simplification would fail if interoperability remained partial or uneven. He criticised proposals that would exempt smaller municipalities from participation, arguing that SMEs often interact most frequently with local authorities.

Pedro Oliveira of BusinessEurope also supported the business wallet proposal, describing it as one of the few EU digital initiatives likely to create tangible, practical value for businesses.

Oliveira pointed to fragmented company registration and beneficial ownership systems as examples of existing inefficiencies the wallet could help address. He also suggested future links between the wallet and due diligence obligations, Know Your Customer procedures, product passport systems, and possible EU company identifiers.

Several participants stressed that successful implementation will depend on integrating the wallets with existing infrastructure rather than creating parallel systems.

Jaromir Talir of the Czech registry CZ.NIC described how domain registries have struggled for years with reliable registrant identification, particularly in the context of cybersecurity and regulatory requirements. Talir said large-scale EUDI wallet pilots involving domain registries have already demonstrated use cases including registrant verification, authentication, and proof-of-domain-ownership credentials.

He also noted that some countries, including France and Denmark, already operate wallet-like systems while full certification processes continue.

A major part of the discussion focused on digital sovereignty and Europe’s dependence on foreign technology infrastructure.

Sebastiano Toffoletti of the European DIGITAL SME Alliance warned that wallet deployment still depends heavily on US-controlled mobile operating systems and hyperscale cloud providers. He argued that Europe should not build critical identity infrastructure on systems it does not control.

Toffoletti also suggested that large-scale wallet adoption could help support broader adoption of European digital alternatives by creating new distribution channels for European services.

Other speakers responded that the framework itself remains technologically neutral and does not mandate any specific infrastructure provider.

Meurens argued that the wallet framework could operate on different infrastructures if Europe chose to develop them, while Talir noted that alternative implementations, such as web-based wallets, remain possible.

The discussion also addressed concerns that the wallet ecosystem could ultimately strengthen the role of major technology companies if implementation becomes concentrated among dominant providers.

Vittorio Bertola of Open-Xchange warned that Europe could face two separate risks. Either the wallet fails to achieve adoption, or it succeeds but becomes dependent on large non-European firms capable of operating identity services at scale.

Sagstetter defended the wallet’s public-private model, arguing that successful adoption will require both trusted public oversight and useful private-sector services. He also stressed that Europe is contributing actively to the development of international digital identity standards rather than simply adopting frameworks developed elsewhere.

Several participants emphasised that European digital sovereignty should remain open and collaborative rather than protectionist or isolationist.

Oliveira described the concept as ‘open sovereignty,’ while Meurens argued that reducing vendor lock-in through interoperability, open standards, and diversification should remain the primary objective.

The session concluded with broad agreement that the EUDI wallet and the business wallet could become important infrastructure for the European single market if they achieve interoperability, security, trust, and practical usability.

Participants also agreed that adoption will depend heavily on whether the wallets provide convenient and widely used everyday services while preserving privacy, user control, and legal certainty.

EuroDIG 2026 took place on 26 and 27 May at the Charlemagne Building of the European Commission in Brussels under the theme ‘European Voices for the Future of the Internet – Celebrating 20 Years of .eu and the Beginning of a New Internet Governance Era’.

Digital Watch Observatory followed EuroDIG 2026 through a dedicated event page, featuring session information and reporting from Brussels.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

YouTube expands AI transparency rules with automatic content detection

YouTube is updating its approach to AI-generated content by introducing more visible disclosure labels and new automatic detection systems designed to improve transparency for viewers and creators.

The update follows growing concerns around realistic synthetic media, manipulated videos, and generative AI tools across major digital platforms.

Under the revised system, labels for photorealistic or meaningfully AI-altered or generated content will appear directly below long-form videos and as overlays on Shorts. Less realistic, animated, or slightly altered content will continue to be disclosed in expanded video descriptions.

The company is also rolling out internal AI detection signals to identify AI-generated content when creators fail to disclose it themselves. If YouTube’s systems detect significant use of photorealistic AI, the platform may automatically apply a label.

Creators will still be able to update the disclosure status in YouTube Studio if they believe their content has been incorrectly identified as AI-generated. However, disclosures will remain permanent in some cases, including content created with YouTube’s own AI tools, such as Veo or Dream Screen, and content that contains C2PA metadata indicating that AI fully generated it.

YouTube said the updated labels are intended to balance transparency with creator control. The company also said that a disclosure label alone does not change how a video is recommended or whether it is eligible to earn money.

Why does it matter?

YouTube’s update reflects a broader shift towards platform-level governance of synthetic media and generative AI content. As realistic AI-generated video becomes easier to produce, platforms face growing pressure to make synthetic content more visible to users while preserving creator workflows and avoiding over-penalisation. The move also shows how provenance tools such as C2PA and automated detection systems are becoming part of mainstream content governance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

European Commission marks .eu anniversary with internet governance focus

The European Commission has marked the 20th anniversary of the .eu top-level domain, presenting it as a symbol of European identity online and an element of Europe’s technological sovereignty agenda.

The milestone was celebrated during the 2026 European Internet Governance Dialogue in Brussels, where policymakers, technical experts, businesses, civil society representatives, and other stakeholders discussed the future of global internet governance.

According to the Commission, .eu has grown into the fourth-largest country-code top-level domain in Europe, with 3.8 million registrations since its launch in April 2006. The EU officials described the domain as a symbol of European identity online and an example of resilient European digital infrastructure, noting that it has operated without a single outage for two decades.

The discussions also focused on Europe’s broader approach to internet governance, digital autonomy, and the reduction of strategic technological dependencies. Executive Vice-President Henna Virkkunen said Europe is at a pivotal moment where digital autonomy, reduced dependencies, and global leadership in internet governance must go hand in hand.

The Commission linked the anniversary to future EU initiatives, including the upcoming Technological Sovereignty Package, which it said would further support Europe’s vision for a decentralised and open internet where users, businesses, and governments have real alternatives and control over their digital future.

Officials also stressed the importance of ensuring that European values, including human rights, inclusivity, and competition, continue to shape the next decade of global internet governance.

Why does it matter?

The anniversary shows how domain governance and internet infrastructure are increasingly being linked to digital sovereignty and technological dependence. By framing .eu as part of Europe’s identity, resilience, and internet governance agenda, the Commission is connecting a long-standing country-code top-level domain to broader debates on autonomy, infrastructure, trust, and Europe’s role in shaping the future of the open internet.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Argentina launches AI ‘Digital Twin’ system for social policy simulations

Argentina’s Ministry of Human Capital has launched the ‘Digital Twin’ initiative, an AI-based system intended to simulate potential impacts of social policies before implementation. According to the government, the project is part of broader efforts to use data analysis and predictive tools in public policy planning.

The system is designed to model scenarios related to areas including poverty, subsidies, and human capital development using large-scale datasets. Officials said the initiative could support more anticipatory and data-informed policymaking processes.

The announcement by President Javier Milei was followed by public criticism related to promotional materials associated with the initiative. Opposition representatives have requested additional information concerning the project’s legal basis, data usage, and privacy safeguards.

Privacy specialists and analysts also raised concerns about governance frameworks, data aggregation, and potential profiling risks. The government has not yet publicly detailed oversight mechanisms or specific data protection standards linked to the initiative.

Why does it matter?

Argentina’s Digital Twin project reflects a broader global shift towards using AI to simulate and predict social and economic outcomes, potentially reshaping how governments design and test public policy. If effective, such systems could improve efficiency by allowing policymakers to model interventions before implementation, reducing costly or ineffective decisions.

At the same time, the initiative raises significant governance and civil liberties concerns, particularly around large-scale data aggregation and the potential for algorithmic profiling of citizens.

Without clear transparency, oversight, and privacy safeguards, predictive governance tools risk shifting from policy optimisation instruments into systems that enable expanded state surveillance and reduced accountability.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

EuroDIG 2026 to bring European internet governance voices to Brussels

EuroDIG 2026 will take place on 26 and 27 May at the Charlemagne Building of the European Commission in Brussels, bringing together Europe’s internet governance community for two days of discussions on the future of the digital environment.

The event will be hosted by EURid, the registry operator for the .eu domain name, with support from the European Commission, a longstanding institutional partner of EuroDIG. This year’s edition also marks 20 years of .eu domain, celebrating two decades of what organisers describe as a trusted European digital identity.

The overarching theme is ‘European Voices for the Future of the Internet – Celebrating 20 Years of .eu and the Beginning of a New Internet Governance Era’. Discussions are expected to address issues including openness, security, multistakeholder governance, and Europe’s digital policy priorities.

Over the past 18 years, EuroDIG has served as a European multistakeholder platform for discussions on internet governance and digital public policy. Outcomes from the discussions contribute to broader international internet governance processes, including the Internet Governance Forum.

Participants from government, civil society, academia, the technical community, business, and youth groups are expected to take part in the discussions. Sessions will address topics including AI, digital identity, information integrity, infrastructure resilience, digital sovereignty, and democracy online.

Digital Watch Observatory is following EuroDIG 2026 through a dedicated event page, featuring session information and reporting from Brussels.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

European Commission advances AI transparency code under EU AI Act

The European Commission’s AI Office has convened a new round of working group meetings and workshops on the forthcoming Code of Practice on Marking and Labelling of AI-Generated Content.

The discussions brought together providers of generative AI systems and models, technology companies, industry representatives, civil society organisations and academic experts. Feedback from the meetings will inform the third and final draft of the code, expected in early June.

The code is intended to support transparency obligations under the AI Act, including requirements linked to marking, labelling, disclosure and detectability of AI-generated content. It covers issues such as synthetic media, deepfakes and certain AI-generated text.

Working Group 1 focused on marking and detection obligations for providers, including a revised multi-layered approach, technical feasibility, benchmarking, compliance frameworks and possible third-party assessments. Industry participants raised concerns over compliance burdens, innovation and feasibility, while civil society and academic experts called for stronger safeguards in the public interest.

Working Group 2 examined disclosure obligations for deployers of generative AI systems, particularly deepfakes and certain AI-generated text. Discussions covered origin disclosure, user-facing labels, proportionality, governance measures, editorial control and the possible development of a uniform EU label.

Additional workshops explored how machine-readable marks, provenance data, visible labels, watermarking systems and an EU-wide icon could work together across the AI value chain. Participants also discussed coordination with other EU rules, including the Digital Services Act, while stressing the need to balance transparency, legal clarity, accessibility and innovation.

Why does it matter?

The code of practice will help determine how AI-generated content is marked, labelled and disclosed across the EU. Its development highlights the practical difficulty of turning transparency obligations into workable rules, particularly when regulators, companies and civil society disagree over technical feasibility, compliance costs, user experience and safeguards against deceptive synthetic media.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

ICO warns major platforms over lack of privacy-friendly age assurance

The UK Information Commissioner’s Office has warned that major platforms have not yet introduced viable and privacy-friendly age assurance measures to stop underage children from accessing services with minimum age limits.

The statement follows letters sent by the ICO in March to TikTok, Snapchat, Facebook, Instagram, YouTube, and X, calling on them to urgently review and strengthen measures to prevent underage children from accessing their services.

Responses from the platforms show that some services are taking, or considering, additional steps to protect children. However, the regulator said none had yet introduced new age assurance solutions that it considers both viable and privacy-friendly.

The ICO said it does not yet have confidence that appropriate measures are being put in place and raised concerns that underage children’s data is still being processed on platforms they should not be able to access.

The regulator warned that more progress is needed and said it is considering next steps, including formal investigations and sanctions. Platforms that set minimum age limits must have effective age assurance measures in place, it added.

The ICO said it will continue working closely with Ofcom, which enforces the Online Safety Act, to ensure underage users cannot access services that were not designed for them. It also said its response to the government’s ongoing consultation sets out how the ICO can act under data protection law.

Why does it matter?

The ICO’s warning shows that age assurance is becoming both a child safety and data protection issue. Platforms that set minimum age limits may face pressure not only to keep younger users away from unsuitable services, but also to avoid unlawfully processing children’s personal data when those users should not have access in the first place.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!