The meeting took place under the chairmanship of the Cypriot Presidency of the EU Council. The presidency also announced that Moldova had been granted observer status on the AI Board.
The European Commission presented its Tech Sovereignty Package, with a focus on the proposed Cloud and AI Development Act and its role in strengthening AI innovation, competitiveness and technological sovereignty in Europe.
The Board also reviewed the final version of the voluntary Code of Practice on labelling and marking AI-generated content. The code sets out practical steps to help providers and deployers of generative AI systems meet transparency obligations under the AI Act, which will apply from 2 August 2026.
Further discussions focused on the AI Act’s implementation architecture. The Commission presented the recently appointed Scientific Panel and AI Act Advisory Forum, which will support the Commission and the AI Board. Members also discussed progress in establishing national market surveillance authorities and endorsed additional documents prepared by an AI Board subgroup, which are expected to be published shortly.
Why does it matter?
The meeting shows the EU moving from AI Act adoption towards practical implementation. The discussion links several important pieces of the EU AI governance architecture: voluntary transparency tools, expert advisory bodies, national market surveillance authorities and broader industrial policy through the Tech Sovereignty Package. Together, these elements will shape how AI rules are coordinated, interpreted and enforced across the EU.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Canada has introduced the Safe Social Media Act, legislation that would establish new online safety requirements for social media platforms and certain AI chatbot services. Bill C-34 aims to make regulated services more accountable for addressing online harms before they occur.
The Safe Social Media Act would create a new legislative and regulatory framework through the proposed Digital Safety Act. Regulated services would be required to identify, assess and mitigate risks on their platforms, implement safety-by-design features, make user guidelines easily accessible, provide tools such as blocking and reporting mechanisms, and publish Digital Safety Plans.
The bill would prohibit children under the age of 16 from holding social media accounts. Social media services could seek an exemption if they demonstrate that sufficient safeguards for children are in place.
The Safe Social Media Act is organised around three core duties: a Duty to Protect Children, a Duty to Act Responsibly and a Duty to Make Certain Content Inaccessible. Social media services would be required to assess and mitigate risks associated with seven categories of harmful content, including child sexual victimisation, content inducing a child to self-harm, cyberbullying, hatred, violence, terrorism or violent extremism, and intimate content shared without consent.
Regulated social media services would also be required to make certain content inaccessible to users in Canada, including content that sexually victimises a child or revictimises a survivor, and intimate content communicated without consent, including sexualised deepfakes. The government said these categories can cause substantial and lasting harm even when a single item is shared.
Under the proposed legislation, AI chatbot services would be subject to a tailored Duty to Act Responsibly. The proposed requirements include mitigating the risk that chatbots communicate harmful content, being transparent about reporting thresholds in crisis situations, and reducing the risk of harmful chatbot behaviour.
The legislation would establish an independent Digital Safety Commission of Canada responsible for enforcing the framework, assessing compliance, conducting audits and inspections, issuing compliance orders and imposing administrative monetary penalties. The Commission would also handle certain complaints, develop guidance and support research on online safety best practices.
Why does it matter?
The Safe Social Media Act reflects a growing international shift towards preventative online safety regulation. Rather than focusing solely on the removal of illegal content after it appears, the proposed framework would require platforms and AI services to assess risks proactively and implement measures designed to reduce harm before it occurs.
The inclusion of AI chatbot services is particularly notable, as governments worldwide are increasingly examining the safety implications of generative AI systems. If adopted, the legislation could position Canada among the first countries to apply a comprehensive online safety framework that combines platform accountability, child protection measures and AI-specific obligations under a single regulatory regime.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The code is voluntary, but the underlying transparency obligations in Article 50 of the AI Act will apply from 2 August 2026. The Commission said the code is intended to help organisations implement those obligations in a consistent, practical and proportionate way.
The framework covers two main areas. Providers of generative AI systems are guided on marking and detecting AI-generated or manipulated audio, image, video and text content, including through machine-readable solutions where technically feasible. Deployers are guided on labelling deepfakes and AI-generated or manipulated text published to inform the public on matters of public interest.
Under the AI Act, users must also be informed when they are interacting with interactive AI systems, such as chatbots. The transparency requirements are intended to help people recognise when content has been generated or altered by AI and to reduce the risk of deception and manipulation.
The Commission has also published a set of the EU icons that deployers may use to label certain AI-generated content. The code does not replace the AI Act or future Commission guidelines on Article 50, which are expected before the transparency obligations begin to apply.
The Commission and the AI Board will now assess the code’s adequacy. If assessed positively, providers and deployers who sign the code may use its measures to help demonstrate compliance with the AI Act’s transparency rules.
Why does it matter?
The code is an important step in turning the AI Act’s transparency provisions into operational practice. Labelling and machine-readable marking rules could shape how platforms, AI providers, media organisations and other deployers handle synthetic text, images, audio and video. The measures are especially relevant for public-interest information, where undisclosed AI-generated or manipulated content can affect trust, elections, journalism and public debate.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Project Management Institute (PMI) has published a global standard for managing AI initiatives in portfolio, programme and project environments. The standard, titled ‘The Standard for Artificial Intelligence in Portfolio, Program, and Project Management‘, is intended to guide project, programme and portfolio teams delivering AI initiatives.
PMI said AI deployment within organisations is typically delivered through projects, including the development of AI systems, AI-enabled workflows and AI-powered products. The organisation said project professionals have lacked a dedicated framework for planning, governing and delivering AI transformation initiatives.
The standard establishes eight guiding principles, five performance domains and a lifecycle framework for designing, deploying and overseeing AI initiatives. PMI said the guidance is technology-agnostic and built around human-in-the-loop oversight at every stage.
The standard comes as governments and organisations continue to develop AI governance approaches, including risk-based regulation, transparency requirements, and accountability measures. PMI said the standard is intended to help project professionals integrate responsible AI governance into project delivery, from design and development through deployment and oversight.
The standard also addresses AI business cases, tool selection, AI-specific risk management, ethics oversight, and compliance with emerging requirements such as the EUAI Act and ISO 42001. PMI said the framework provides project leaders with a common language for aligning legal, audit, finance, technology and business teams around AI implementation objectives and governance requirements.
The standard is available as a free digital download for PMI members worldwide. Non-members can access the digital edition through purchase or PMI membership.
Why does it matter?
As organisations move from experimenting with AI to deploying it at scale, attention is increasingly shifting from technical development to implementation, governance and operational oversight. Many AI initiatives fail not because of technology limitations, but because of challenges related to project management, risk management, stakeholder alignment and organisational readiness.
PMI’s standard reflects the growing effort to operationalise AI governance by translating broad principles into practical project delivery processes. It also highlights how emerging regulatory frameworks, such as the EU AI Act, are influencing the way organisations plan, manage and oversee AI-enabled transformation initiatives.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Anthropic has launched Claude Fable 5, a new general-purpose AI model, alongside Claude Mythos 5, a more capable version reserved for selected cyber defence and infrastructure partners.
The company described Fable 5 as its most capable generally available model to date, with strong performance across software engineering, knowledge work, vision and scientific research. Anthropic said the model’s advanced capabilities pose misuse risks, particularly in cybersecurity and research biology.
To reduce those risks, Fable 5 includes additional safety classifiers designed to detect potential misuse, including attempts to bypass safeguards. When certain high-risk requests are detected, users may receive a response from Anthropic’s next-most-capable model, Claude Opus 4.8, rather than Fable 5.
Anthropic said the safeguards have been tuned conservatively and may sometimes block benign requests. According to the company, the fallback mechanism is triggered in less than 5% of sessions on average.
Claude Mythos 5 uses the same underlying model as Fable 5, but with some safeguards lifted in specific areas. Anthropic said it will initially deploy Mythos 5 through Project Glasswing, in collaboration with the US government, for a limited group of cyber defenders and critical software infrastructure providers.
The launch highlights a growing model governance approach in which access to frontier AI capabilities is tiered according to use case and risk. Anthropic said it plans to expand trusted access to Mythos 5 while continuing to refine safeguards for broader public use.
Why does it matter?
The release shows how frontier AI providers are increasingly linking capability deployment to access controls, model routing and domain-specific safeguards. As advanced systems become more useful for software engineering, cybersecurity and scientific research, companies face pressure to provide broad access while limiting misuse in dual-use areas. Anthropic’s split between Fable 5 and Mythos 5 reflects a wider governance question: who should receive access to the most capable AI systems, under what conditions, and with what oversight.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
The European Union Agency for Cybersecurity (ENISA) has published a report on Software Bill of Materials (SBOM) adoption, finding that the Cyber Resilience Act (CRA) is accelerating investment in software supply chain transparency across organisations. The report, titled ‘SBOM Adoption State of Play – 2026‘, analyses survey results gathered at the end of 2025.
The survey examined how organisations of different sizes and across multiple sectors are approaching SBOM adoption in response to the Cyber Resilience Act. ENISA said the regulation is transforming SBOMs from a voluntary software supply chain security practice into a mandatory requirement for products with digital elements placed on the EU market.
The report found that 78% of respondents had already begun implementing SBOMs, while 44% were in a pilot or limited deployment phase. ENISA also said 79% of organisations expect to reach the necessary SBOM maturity level by the time the Cyber Resilience Act becomes fully applicable in December 2027.
Organisations are investing in SBOM generation, automation, and integration into the software development lifecycle. Respondents cited benefits including risk reduction, cost avoidance, operational efficiency, regulatory compliance, contractual alignment and competitive advantage.
ENISA also identified barriers to the adoption of SBOMs at scale. Key challenges include achieving greater SBOM completeness, improving data quality, correlating vulnerabilities, obtaining SBOMs from suppliers and third parties, and developing the necessary internal expertise and staffing.
The report says further progress will depend on shared implementation practices, supplier transparency, workforce capabilities, and clearer integration of SBOMs into operational risk management. ENISA said organisations would also benefit from external support, including reference implementations, tool-selection guidance, conformance testing, standardised formats and clearer definitions of what constitutes a sufficiently complete SBOM.
Why does it matter?
Software supply chains have become a major cybersecurity concern as organisations increasingly rely on complex networks of open-source and third-party components. SBOMs provide visibility into the software components used within products, helping organisations identify vulnerabilities, assess risks and respond more effectively to security incidents.
The report highlights how the Cyber Resilience Act is driving a shift from voluntary software transparency practices to formal compliance requirements. The findings also illustrate that while adoption is progressing, organisations continue to face technical, organisational and supply-chain challenges that could influence the effectiveness of future software security efforts.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
UK communications regulator Ofcom has set out new crisis response measures aimed at helping online platforms respond when illegal content and content harmful to children spreads rapidly during emergencies.
The measures will be added to Ofcom’s Illegal Content Codes of Practice and Protection of Children Codes of Practice under the UK’s Online Safety Act. However, they must still complete the parliamentary process before taking effect.
Ofcom said ordinary content moderation systems may not be sufficient during exceptional events, such as public disorder, terrorist attacks, or other crises that lead to a sudden increase in harmful or illegal online activity. The regulator pointed to the violent riots that followed the 2024 Southport murders and the risk of terrorist attacks being livestreamed as examples of crises where online content can threaten public safety.
Under the measures, service providers should prepare and apply crisis protocols to manage significant increases in relevant illegal content or content harmful to children. Ofcom expects providers to deploy temporary response teams as soon as possible during a crisis, record key decisions and conduct post-crisis reviews to assess whether their response was effective.
Large platforms should also maintain dedicated communication channels for law enforcement agencies to share crisis-related information. Ofcom said the measures are intended to support faster and more coordinated public safety efforts during exceptional events.
The regulator consulted on crisis response protocols in 2025 and said further decisions on additional online safety measures are expected in autumn 2026.
Why does it matter?
The measures show how online safety regulation is moving from general content moderation duties towards operational crisis governance. In emergencies, platforms may face sudden spikes in illegal content, livestreamed harm or coordinated activity that ordinary moderation systems cannot manage quickly enough. Ofcom’s approach also formalises closer crisis-time coordination between large platforms and law enforcement, raising important questions about public safety, platform accountability, due process and safeguards under the UK Online Safety Act.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Commission framed the initiative as a fundamental shift in the EU’s approach to technology, underpinned by the recognition that digital dependence is no longer a market inefficiency to be tolerated, but a strategic vulnerability to be corrected through legislation.
Commission President Ursula von der Leyen stated that Europe cannot afford to depend on others for the technologies that keep its hospitals running, its energy grids stable, and its services secure, calling on the EU to convert its research excellence, industrial base and single market into technological sovereignty.
The package is designed to broaden choice in core technologies for EU businesses, citizens and public administrations, and to position Europe to capture a larger share of a global semiconductor market projected to reach EUR 1.37 trillion by 2030, with AI-related components accounting for roughly 70% of that growth.
The timing reflects a specific convergence of pressures. The rapid spread of AI applications is driving a sharp increase in demand for data centre and cloud capacity that EU infrastructure cannot currently meet at scale. At the same time, longstanding dependence on non-EU suppliers for advanced semiconductor manufacturing, chip design and cloud services has become increasingly difficult to ignore as geopolitical tensions have demonstrated the economic risk of concentrated supply chains.
The 2022 US CHIPS and Science Act, generous subsidy regimes in Asia and tightening export controls on advanced semiconductor equipment have accelerated the global race for technological self-sufficiency, prompting Europe to adopt a more active industrial policy response.
Chips Act 2.0
The Chips Act 2.0 revises and expands the 2023 European Chips Act, which has mobilised more than EUR 52 billion in public and private investment, created an estimated 46,000 direct and indirect jobs and strengthened Europe’s research and innovation capacity in semiconductors. Despite this progress, the EU remains dependent on third countries for advanced chip manufacturing and semiconductor design.
The revised regulation is designed to accelerate Europe’s position across the entire semiconductor value chain, from raw materials and design to manufacturing and packaging, and to ensure that Europe captures a greater share of the growth in AI-related chip demand.
The proposal is structured around four objectives. On investment and competitiveness, the Act would cap permitting approvals at 12 months, introduce ‘Grand Challenges’ to support the development of strategically important chip types such as AI processors, and formalise Strategic Partnerships on Semiconductors with international allies.
To stimulate demand, it establishes Demand Accelerators to align new products with industry needs, expands innovation procurement, notably for European start-ups and scale-ups, and creates structural synergies with CADA to benefit from the data centre and AI Gigafactory buildout planned under that regulation.
On the supply side, the Act enables state aid for ‘First-of-a-Kind’ facilities not yet present in the Union, covering the full semiconductor value chain, designates strategic projects to unlock EU and member state co-investment, and creates a ‘Semiconductor Regions of Excellence’ label to attract investment at the regional level. To strengthen resilience, it establishes a business-to-business semiconductor supply chain platform and provides sector-specific guidance on risk assessment and mitigation.
The explicit linkage between Chips Act 2.0 and CADA reflects a deliberate industrial logic: European-made chips powering European cloud infrastructure, with demand from that infrastructure in turn supporting European chipmakers.
Cloud and AI Development Act
The Cloud and AI Development Act (CADA) forms a central part of the Commission’s AI Continent Action Plan and simultaneously addresses two structural problems: insufficient EU cloud and data centre capacity to meet AI-driven demand, and strategic dependence on a small number of non-EU cloud providers.
The Act is designed to facilitate and accelerate the deployment of sustainable cloud and data centre infrastructure, while ensuring the EU accelerates the rollout of cloud and AI in critical sectors and retains meaningful control over the infrastructure on which that rollout depends.
The Act focuses on three main areas. On research, development and innovation, it supports next-generation cloud and AI technologies, including frontier AI, industrial AI, and physical AI, introduces grand challenges to drive R&D efforts, and promotes adoption in strategic sectors through national cloud and AI strategies and new Experience and Acceleration Centres for AI in member states.
On capacity, it targets at least a tripling of EU data centre capacity within five to seven years, simplifies and accelerates permitting, and improves access to energy, land, water and financing. On sovereignty and autonomy, it establishes a single EU-wide sovereignty classification framework, promotes open source solutions as a tool for resilience, and introduces a common EU-level procurement framework for public administrations.
The sovereignty classification system merits particular attention. It introduces four assurance levels for cloud and AI services, to be applied by public sector bodies based on their own risk assessments. Level 1 requires data to be processed and stored within the EU. Level 2 requires providers to demonstrate independence from third countries and transparency over their software supply chain.
Level 3 requires providers to be owned and controlled from within the EU and to meet additional criteria including personnel citizenship, although the Commission retains the ability to recognise third-country providers at this level. Level 4 requires full transparency and control over the software supply chain with no third-country interference.
Cloud service providers seeking recognition under this framework must undergo an independent audit conducted by member state authorities. The framework is significant because it creates, for the first time, a legally grounded and progressive definition of what it means for a cloud service to be sovereign, moving the concept from political rhetoric to a procurement-relevant standard.
EU Open Source Strategy
The EU Open Source Strategy is the non-legislative pillar of the package most directly aimed at reducing dependence on proprietary, non-EU software. It places open source at the centre of the EU’s technological sovereignty approach, arguing that open ecosystems reduce supplier lock-in, increase transparency and give European developers and public administrations greater control over their digital infrastructure.
The strategy addresses a persistent structural weakness: the economic value generated by open source projects has historically been captured outside Europe, limiting the ability of European developers and companies to benefit fully from their own contributions.
The strategy is organised around four objectives. The first, Open Source for Tech Sovereignty, focuses on scaling the Open Internet Stack, a Commission-curated catalogue of EU-aligned open source solutions, and promoting alternatives to dominant proprietary products in areas such as cloud platforms, workplace tools, secure e-mail and decentralised social media.
The work will be carried out in cooperation with member states through the European Digital Infrastructure Consortium for Digital Commons. The second objective, Vibrant Open Source Ecosystem, targets start-up support through accelerators and procurement access, alongside a stewardship toolkit for critical open source assets and investment in digital skills across schools, universities, and civil services.
The third objective, Open Source in Public Administration, sets out procurement guidelines that favour open standards, reinforces the Commission’s Open Source Programme Office (OSPO) and the EU Public Sector OSPO Network, and seeks to embed openness and sovereignty-by-design in digital investment decisions across EU institutions and member states.
The fourth objective, Reinforced Standards and International Outreach, promotes EU open source developers and solutions internationally through the EU Tech Business Offer, supports uptake in partner countries and integrates open source communities into standardisation processes, including through a forthcoming revision of the EU Standardisation Regulation.
The strategy also intersects directly with the other package components. On semiconductors, it targets open hardware development through the Chips Joint Undertaking’s RISC-V programme. On AI, it supports the GenAI4EU initiative and promotes open source tooling for public sector AI adoption through the Apply AI Strategy.
On digital identity, it prioritises open source implementation of the European Digital Identity Wallet (EUDI Wallet) and the European Business Wallet. The strategy also interacts with the recently enacted Cyber Resilience Act (CRA), which imposes new security obligations on open source projects that have generated concern in the developer community. The Open Source Maintenance Instrument and critical dependency mapping exercises set out in the strategy are designed in part to address those obligations, though reconciling the CRA’s security requirements with the growth objectives of the strategy will be a key implementation challenge.
Strategic Roadmap for Digitalisation and AI in Energy
The Strategic Roadmap for Digitalisation and AI in Energy is the least legally binding element of the package but arguably the one that determines whether its ambitions are physically realisable. The targets set by CADA, particularly the goal of at least tripling EU data centre capacity within five to seven years, cannot be achieved without a corresponding expansion in reliable, affordable power supply.
Data centres are energy-intensive by nature, and the AI workloads they are increasingly required to process are even more demanding. The roadmap addresses this constraint by setting out how AI and digital technologies can improve the efficiency and flexibility of Europe’s energy systems while also enabling the energy infrastructure that these systems need.
The roadmap connects the package’s digital ambitions to the EU’s energy transition objectives, creating a mutually reinforcing relationship: cleaner, smarter energy systems create more viable conditions for data centre expansion, while AI-enabled demand management and grid optimisation tools reduce the cost and environmental impact of that expansion. The roadmap is also relevant as a governance document, since the deployment of AI in critical energy infrastructure raises its own questions about cybersecurity, data sovereignty and the concentration of control over systems on which entire economies depend.
Governance and policy implications
The Tech Sovereignty Package raises several governance issues that extend beyond its immediate legislative content. The most significant concerns the model it establishes for EU industrial policy. The package marks a clear departure from the long-standing assumption in EU competition policy that market mechanisms and trade openness are the primary tools for achieving efficient and innovative technology markets.
The explicit use of state aid for strategic semiconductor projects, the joint procurement frameworks in CADA and the deliberate promotion of EU-origin suppliers both in public procurement and sovereign cloud classification illustrate a greater role for public intervention in the technology sector. Whether the EU’s trading partners, particularly the United States and major Asian semiconductor producers, will treat these provisions as proportionate industrial policy or as market-distorting intervention is likely to become a significant diplomatic issue.
The package also has important implications for the governance of AI in Europe. It operates in parallel to the EU AI Act and the work of the EU AI Office, but addresses a different layer of the AI ecosystem. While the AI Act focuses on the risk profile and compliance obligations of AI systems once deployed, the Tech Sovereignty Package governs the infrastructure and supply chains that enable AI development in the first place.
The relationship between the two frameworks matters as decisions taken at the infrastructure layer, such as the cloud sovereignty level applied to a given public sector AI deployment, can have downstream consequences for compliance with AI Act requirements. The relationship between these frameworks will be an important area to monitor as implementation progresses.
A further coordination challenge arises internally. The package spans multiple policy domains and directorates-general within the Commission, including DG CONNECT for semiconductors, cloud and open source, and DG ENERGY for the energy roadmap.
It also interacts with DG COMP on State aid approvals and with DG TRADE on the trade implications of sovereignty-oriented procurement rules. Ensuring coherence across these areas during the legislative process, and subsequently during implementation, will require stronger-than-usual inter-institutional coordination.
Legislative process and upcoming milestones
The two legislative proposals, the Chips Act 2.0 and CADA, need to enter the ordinary legislative procedure, meaning they will be negotiated separately by the European Parliament and the Council of the European Union before trilogue negotiations between the two institutions and the Commission can begin.
Given the political and economic stakes involved, and the number of member states with competing interests in semiconductor investment locations and cloud market access, the negotiations are likely to be protracted. The original European Chips Act took approximately two years from proposal to final adoption, and CADA, which touches on the politically sensitive question of digital sovereignty vis-à-vis key trading partners, may encounter comparable friction.
Several near-term milestones are already in view. The Commission is expected to launch a call for AI Gigafactories in July 2026, following the European High Performance Computing Joint Undertaking (EuroHPC JU) Governing Board’s agreement in principle on 1 June 2026. AI Gigafactories are large-scale, purpose-built AI training facilities and represent one of the most concrete and immediately actionable elements of the broader AI infrastructure agenda.
Their deployment is intended to provide European researchers, start-ups and industry with access to the kind of computing capacity currently concentrated in the United States, and the July call will be an early test of the Commission’s ability to move from legislative ambition to operational delivery.
The Commission will also launch a consultation with member states, the European Investment Bank Group and other key stakeholders to design a European equity capacity at scale for financing tech sovereignty ambitions. This implies that the Commission does not believe grant funding and state aid alone will be sufficient to mobilise the investment required, and that a blended finance model, combining public equity with private capital, will be needed.
The EIB Group’s involvement points towards the kind of risk-sharing instruments it has used in other strategic sectors, although the specific structures and governance arrangements have yet to be designed through the consultation process.
Broader context
The package does not emerge in isolation. It sits within a cluster of interconnected EU strategic frameworks that have, over the past two to three years, progressively shifted the EU’s economic policy stance from market liberalisation towards what the Commission calls ‘open strategic autonomy’: the maintenance of trade openness where possible, combined with targeted interventionism to reduce strategic dependencies where necessary.
The Competitiveness Compass, adopted earlier in 2025 and drawing heavily on the 2024 Draghi report on European competitiveness, identifies reducing strategic dependencies as one of three pillars for restoring European economic dynamism. The Tech Sovereignty Package is the most operationally specific expression of that pillar to date.
The Economic Security Strategy, adopted in 2023, provided the risk-assessment framework within which the package sits, identifying advanced semiconductors, AI, quantum computing and biotechnology as the technological areas posing the most significant dual-use and strategic dependency risks for the EU. The Tech Sovereignty Package translates that risk assessment into concrete legislative and policy instruments, with semiconductors and AI infrastructure receiving the most direct regulatory attention.
The Commission’s AI Continent Action Plan, which positions Europe to become a global AI leader by focusing on computing infrastructure, data, skills, and adoption, provides the most direct policy antecedent for CADA in particular. The Tech Sovereignty Package fast-tracks the infrastructure ambitions of the Action Plan and adds the supply chain governance dimension that the Action Plan did not fully address.
Taken together, these documents represent a sustained and internally consistent shift in EU digital and industrial policy, one in which technological leadership is treated not merely as an economic aspiration but as a precondition for political and regulatory autonomy in an increasingly contested global technological order.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The Greek government has marked the sixth anniversary of gov.gr by presenting new figures on the platform’s use and outlining the next phase of public sector digitalisation.
At an event organised by the Ministry of Digital Governance and Artificial Intelligence, officials highlighted the expansion of Greece’s digital public services. They presented a new unified customer relationship management system for citizens and businesses.
According to the ministry, gov.gr now offers more than 2,257 digital services and has been used by over 9 million citizens. More than 431 million documents and certificates have been issued through the platform since its launch. At the same time, the digitisation and simplification of 20 selected procedures is estimated to generate annual savings of €312 million.
The new CRM infrastructure is intended to consolidate interactions between citizens, businesses and public services into a single environment. Requests and cases submitted through gov.gr, Citizens’ Service Centres and call centres will be tracked in one place, allowing users to follow their status and receive updates on the service handling the case and its expected completion.
The CRM project is being implemented under Greece’s National Recovery and Resilience Plan, ‘Greece 2.0’, with financing from the EU’s NextGenerationEU programme. Officials said the system is intended to reduce bureaucracy, improve transparency and make public administration more consistent across different service channels.
Why does it matter?
The move points to a shift in digital government from putting individual services online towards building an integrated public service infrastructure. If implemented effectively, a unified CRM system could make interactions with the state more traceable and coordinated, while also raising important questions about interoperability, data governance, service accountability and citizens’ access to public administration across digital and non-digital channels.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
UNESCO’s Information for All Programme (IFAP) convened an orientation meeting on 20 May to brief stakeholders on its activities and priorities in an increasingly complex digital and information environment. The meeting took place as the Programme marks its 25th anniversary in 2026.
IFAP Chair Ambassador Salih Abdullah said the anniversary presents an opportunity to strengthen the Programme’s role as a global platform for policy dialogue and standard-setting in the digital era. He linked IFAP’s mission to UNESCO’s wider goal of ensuring access to information and supporting inclusive knowledge societies.
UNESCO said the endorsement of IFAP’s Manual of Operations by the 13th IFAP Council represents a significant milestone for the Programme. The manual is intended to guide the revitalisation of IFAP National Committees and support the translation of the ‘Information for All’ mandate into national policies and local initiatives.
Guilherme Canela De Souza Godoi, UNESCO’s Director for Digital Inclusion, Policies and Transformation, and IFAP Secretary, said IFAP is positioned to guide Member States as the world aligns with the UNGlobal Digital Compact and the WSIS+20 review. He also emphasised the Programme’s role in advancing digital public goods, human rights and inclusive digital development.
The meeting also addressed the need to strengthen engagement across IFAP National Committees, working groups, experts, and partners. UNESCO encouraged Member States to establish IFAP National Committees and submit nominations for IFAP Working Groups in accordance with the procedures outlined in the Manual of Operations.
More than 80 delegates participated, including representatives of UNESCO Member States, the IFAP Council and Bureau, IFAP Working Groups and National Committees, experts, and partners. The IFAP 35th Bureau meeting is scheduled for 17 June 2026.
Why does it matter?
As governments and international organisations seek to implement the UN Global Digital Compact and prepare for the WSIS+20 review process, questions of digital inclusion, access to information and digital governance are becoming increasingly important.
IFAP provides a longstanding multistakeholder platform for addressing these issues and promoting inclusive knowledge societies. Strengthening national participation and coordination mechanisms could help countries translate global digital policy objectives into practical national initiatives and capacity-building efforts.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
