Digital identities

ESMA sets guidance for crypto perpetuals and CFDs

The European Securities and Markets Authority (ESMA) has clarified that many crypto-perpetual contracts, including those for Bitcoin and Ether, are likely to be classified as contracts for difference (CFDs).

Due to their leverage, complexity, and risk, these products should target a narrow audience, with distribution strategies aligned accordingly.

The announcement came as Kraken launched perpetual futures for ten tokenised assets, including major indices, gold, and top tech and crypto stocks. ESMA warned that mass marketing or promotions targeting inexperienced investors are inappropriate under its guidance.

Firms must ensure that derivatives falling within the CFD category comply with product intervention requirements. Requirements include leverage limits, risk warnings, margin close-outs, negative balance protection, and a ban on incentives or benefits.

Non-advised services must include an appropriateness assessment to protect investors from unsuitable offerings.

ESMA also emphasised the importance of identifying and managing conflicts of interest arising from these products. The statement seeks to ensure firms market and distribute leveraged crypto products responsibly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI misuse exposed as OpenAI details global disinformation and scam networks

OpenAI said criminal and state-linked groups misused ChatGPT for disinformation, scams and covert influence. Its latest threat report details coordinated account bans and highlights how AI tools are embedded within broader operational workflows rather than used in isolation.

One investigation linked accounts to Chinese law enforcement engaged in what were described as ‘cyber special operations’. Activities included planning influence campaigns, mass-reporting dissidents and drafting forged materials, with related efforts continuing through other tools despite model refusals.

The report also outlined a Cambodia-based romance scam targeting young men in Indonesia through a fake dating agency. Operators combined manual prompting with automated chatbots to sustain conversations and facilitate financial fraud, leading to account removals.

Separately, accounts tied to Russia’s ‘Rybar’ network used ChatGPT to draft and translate posts distributed across multiple platforms. OpenAI noted that campaign impact depended more on account reach and coordination than on AI-generated content alone.

Across China, Russia and parts of Southeast Asia, actors treated AI as one tool among many, alongside fake profiles, paid advertising and forged documents. OpenAI called for cross-industry vigilance, stressing the need to analyse behavioural patterns across platforms.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Meta AI flood of unusable abuse tips overwhelms US investigators

Investigators in the US say that AI used by Meta is flooding child protection units with large volumes of unhelpful reports, thereby draining resources rather than assisting ongoing cases.

Officers in the Internet Crimes Against Children network told a New Mexico court that most alerts generated by the company’s platforms lack essential evidence or contain material that is not criminal, leaving teams unable to progress investigations.

Meta rejects the claim that it prioritises profit, stressing its cooperation with law enforcement and highlighting rapid response times to emergency requests.

Its position is challenged by officers who say the volume of AI-generated alerts has doubled since 2024, particularly after the Report Act broadened reporting obligations.

They argue that adolescent conversations and incomplete data now form a sizeable portion of the alerts, while genuine cases of child sexual abuse material are becoming harder to detect.

Internal company documents disclosed at trial show Meta executives raising concerns as early as 2019 about the impact of end-to-end encryption on the firm’s ability to identify child exploitation and support investigators.

Child safety groups have long warned that encryption could limit early detection, even though Meta says it has introduced new tools designed to operate safely within encrypted environments.

The growing influx of unusable tips is taking a heavy toll on investigative teams. Officers in the US say each report must still be reviewed manually, despite the low likelihood of actionable evidence, and this backlog is diminishing morale at a time when they say resources have not kept pace with demand.

They warn that meaningful cases risk being delayed as units struggle with a workload swollen by AI systems tuned to avoid regulatory penalties rather than investigative value.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK enforces mandatory ETA as digital border era begins

Non-visa nationals are now barred from entering the UK, as the country has begun enforcing mandatory digital permission through the Electronic Travel Authorisation.

Travellers from 85 nations, including the US, Canada and France, must obtain an ETA before departure; otherwise, airlines will prevent them from boarding rather than allow last-minute checks at the border. The authorisation costs £16 and remains valid for two years or until a passport expires.

British and Irish citizens remain exempt but must present valid proof of status when travelling. Authorities say the scheme brings the UK into line with similar systems used by the US and the EU.

The Home Office emphasises that the measure strengthens border security and supports a modern, efficient entry process designed to benefit both visitors and the wider public.

A requirement that also applies to travellers passing through the UK to take connecting flights, reinforcing the shift toward a fully digital immigration system.

Over 19 million people have already used the ETA since its launch in 2023, generating significant revenue that is being reinvested in broader border improvements. Officials argue that the momentum paves the way for a future contactless border, supported by the steady transition from physical documents to eVisas.

From 26 February, Certificates of Entitlement will also be issued digitally, creating a single record that no longer expires with a passport.

Most ETA applications are processed automatically within minutes, allowing short-notice trips to remain possible. However, authorities still recommend applying up to 3 working days in advance to avoid delays for the small number of cases that require additional review.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Colorado targets AI chatbot safety

AI chatbots operating in Colorado would face new child safety and suicide prevention requirements under a bipartisan bill introduced in the Colorado legislature. Lawmakers say the measure addresses parents to concerns about harmful chatbot interactions.

House Bill 1263 would require companies to clearly inform children in Colorado that they are interacting with AI rather than a real person. Platforms would also be barred from offering engagement rewards to child users.

The proposal mandates reasonable safeguards to prevent sexually explicit content and to stop chatbots from encouraging emotional dependence, including romantic role-playing. Parental control options would also be required where services are accessible to children in Colorado.

Companies would need to provide suicide prevention resources when users express self-harm thoughts and report such incidents to the Colorado attorney general. Violations would be treated as consumer protection infractions, carrying fines of up to $1,000 per occurrence in Colorado.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

CarGurus data leak surfaces as ShinyHunters publishes archive

The ShinyHunters extortion group has published a 6.1GB archive, which it claims contains more than 12 million records stolen from CarGurus, a US-based automotive platform. Have I Been Pwned listed the dataset, reporting that roughly 3.7 million records appear to be new.

The exposed information includes email addresses, IP addresses, full names, phone numbers, physical addresses, user account IDs, and finance-related application data belonging to CarGurus users. Dealer account details and subscription information were also reportedly included in the archive.

CarGurus has not issued a public statement confirming a breach. However, Have I Been Pwned said it attempts to verify the authenticity of datasets before adding them to its database, suggesting a level of validation of the leaked material.

Security experts warn that the availability of the data could increase the risk of phishing. Users are advised to remain cautious of unsolicited communications and potential scams that may leverage the exposed personal information.

ShinyHunters has recently claimed attacks against multiple large organisations across telecoms, fintech, retail, and media. The group is known for using social engineering tactics, including voice phishing and malicious OAuth applications, to gain access to SaaS platforms and extract customer data.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

How multimodal sensing powers physical AI

Multimodal sensing allows physical AI systems to combine inputs such as vision, audio, lidar and touch to build situational awareness in real time. The approach enables machines to operate autonomously in complex physical environments.

The architecture typically includes input modules for individual sensors, a fusion module to combine relevant data, and an output module to generate actions. Applications range from robotics and autonomous vehicles to spatial AI systems navigating dynamic 3D spaces.

Fusion techniques vary by use case, from Bayesian networks for uncertainty management to Kalman filters for navigation and neural networks for robotic manipulation. The aim is to leverage complementary sensor strengths while maintaining reliability.

Implementation presents technical challenges including environmental noise filtering, calibration across time and space, and balancing redundant versus complementary sensing. Engineers must also manage tradeoffs in processing power, controllers and system design.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

National security concerns reshape US data policy

US policymakers are increasingly treating personal data as a dual use asset that carries both economic value and national security risks. Regulators have raised concerns about sensitive information, including geolocation data linked to military personnel.

Measures such as the Protecting Americans Data from Foreign Adversaries Act of 2024 and the Department of Justice Data Security Program aim to curb misuse by designated foreign adversaries. Both frameworks impose broad restrictions on cross border data transfers.

Experts warn that compliance remains complex and uncertain, with companies adapting in what one adviser described as a fog. Enforcement signals have already emerged, including a draft noncompliance letter from the Federal Trade Commission and litigation.

Organizations are being urged to integrate national security expertise into privacy and cybersecurity teams. Observers say early preparation is essential as selective enforcement risks increase under strict but evolving US data protection regimes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EDPS and regulators unite to address misuse of AI imagery across jurisdictions

The European Data Protection Supervisor (EDPS) and authorities from 61 jurisdictions issued a joint statement on AI-generated imagery, warning about tools that create realistic depictions of identifiable individuals without consent. The move underscores concerns over privacy, dignity and child safety.

Authorities said advances in AI image and video tools, especially when integrated into social media platforms, have enabled non-consensual intimate imagery, defamatory depictions, and other harmful content. Children and vulnerable groups are seen as particularly at risk.

The EDPS and the other signatories reminded organisations that AI content-generation systems must comply with applicable data protection and privacy laws. They stressed that creating non-consensual intimate imagery may constitute a criminal offence in many jurisdictions.

Organisations are urged to implement safeguards against misuse of personal data, ensure transparency about system capabilities and uses, and provide accessible mechanisms for swift content removal. Stronger protections and age-appropriate information are expected where children are involved.

Authorities signalled plans for coordinated responses, including enforcement, policy development and education initiatives. The EDPS and fellow signatories urged organisations to engage proactively with regulators and ensure innovation does not undermine fundamental rights.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Reddit hit with a major ICO penalty over children’s privacy failures

The UK’s Information Commissioner’s Office has fined Reddit £14.47 million after finding that the platform unlawfully used children’s personal information and failed to put in place adequate age checks.

The regulator concluded that Reddit allowed children under 13 to access the platform without robust age-verification measures, leaving them exposed to content they were not able to understand or control.

Although Reddit updated its processes in July 2025, self-declaration remained easy to bypass, offering only a veneer of protection. Investigators also found that the company had not completed a data protection impact assessment until 2025, despite a large number of teenagers using the service.

Concerns were heightened by the volume of children affected and the risks created by relying on inadequate age checks.

The regulator noted that unlawful data processing occurred over a prolonged period, and that children were at risk of viewing harmful material while their information was processed without a lawful basis.

UK Information Commissioner John Edwards said companies must prioritise meaningful age assurance and understand the responsibilities set out in the Children’s Code.

The ICO said it will continue monitoring Reddit’s current controls and expects online platforms to align with robust age-assurance standards rather than rely on weak verification.

It will coordinate its oversight with Ofcom as part of broader efforts to strengthen online safety and ensure under-18s benefit from high privacy protections by default.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.