Digital standards

CMA opens Strategic Market Status investigation into Microsoft business software

The UK Competition and Markets Authority has opened a Strategic Market Status investigation into Microsoft’s business software ecosystem, marking another major step in the country’s digital competition regime.

The investigation will examine Microsoft’s position across workplace software products widely used throughout the UK economy, including productivity software, personal computer and server operating systems, database management systems, security software and its growing AI assistant ecosystem, including Copilot. The CMA said more than 15 million commercial users across the UK rely on Microsoft’s software ecosystem.

Regulators will assess whether Microsoft has Strategic Market Status in business software and whether its position may limit customer choice. The CMA said it will examine concerns linked to product bundling, interoperability limits and default settings that could make it harder for businesses and public-sector organisations to switch providers or combine Microsoft tools with competing products.

The authority will also examine how competing AI services can integrate with Microsoft’s business software as workplace tools increasingly incorporate AI and agentic AI functions. The CMA said customers should be able to access software and AI services from a range of suppliers rather than being locked into a single ecosystem.

Cloud competition concerns are also linked to the probe. An SMS designation would allow the CMA to consider targeted interventions related to Microsoft’s software licensing practices, which were previously identified as reducing competition in cloud services.

The CMA will gather evidence from Microsoft, customers, rivals, challenger technology firms and other stakeholders before deciding whether to designate Microsoft with Strategic Market Status. The regulator said the investigation does not assume wrongdoing and that any future interventions would depend on the evidence and relevant legal tests.

Why does it matter?

The investigation shows how digital competition oversight is moving deeper into enterprise software, cloud infrastructure and AI-enabled workplace tools. As products such as Copilot become embedded in systems used by businesses and public services, regulators are increasingly treating interoperability, bundling and switching costs as strategic competition issues rather than narrow technical questions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Norway and Romania expand EEA cooperation with anti-disinformation funding

Romania and Norway have signed a new EEA and Norway Grants agreement that introduces dedicated cooperation measures against disinformation, reflecting growing European concerns over information manipulation, democratic resilience and geopolitical instability.

Norwegian Foreign Minister Espen Barth Eide signed the agreement in Bucharest alongside Romania’s Minister for European Investments and Projects, Dragoș Pîslaru. The agreement forms part of the wider 2021-2028 EEA and Norway Grants framework, which supports social, economic and institutional development across Europe.

The new cooperation programme will fund initiatives aimed at strengthening resilience against disinformation through partnerships involving public institutions, specialist communities and civil society organisations in both countries.

The agreement also supports broader programmes covering justice and police cooperation, green transition projects, energy efficiency, and measures designed to strengthen the rights and living conditions of Roma communities.

Romania will receive €596.3 million under the current funding cycle, making it the second-largest beneficiary after Poland. Norway, Iceland and Liechtenstein together provide €3.268 billion through the EEA and Norway Grants programme, with Norway contributing approximately 97% of the overall funding.

Why does it matter?

The agreement shows how disinformation is becoming part of broader European cooperation on democratic resilience and institutional capacity, not only a media or platform issue. By funding partnerships between public institutions, expert communities and civil society, the programme links information integrity with governance, security and social cohesion at a time of heightened geopolitical pressure in Europe.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Poland launches campaign to boost business cybersecurity awareness

Poland’s Ministry of Digital Affairs has launched a campaign to encourage entrepreneurs and management teams to take a more active role in protecting their companies from cyber threats.

The campaign, titled ‘Build your company’s digital security click by click’, is aimed at businesses and senior decision-makers. The ministry says its main goal is to encourage firms to address cybersecurity at both organisational and operational levels.

The campaign stresses that cybersecurity is no longer solely the responsibility of IT departments but is a key part of responsible business management. The ministry points to growing risks such as phishing and ransomware as digital technology becomes central to company operations.

According to the ministry, effective cybersecurity depends on three pillars: knowledge, processes and people. The campaign encourages firms to analyse risks, develop incident response procedures, train employees regularly and use official guidance available through cyber.gov.pl.

A separate focus is placed on medium-sized and large companies subject to requirements under Poland’s national cybersecurity system. The ministry says firms in key sectors should understand obligations related to risk management, incident reporting and the protection of information systems.

The campaign also calls on company leaders to integrate cybersecurity into business strategy, including through security policies, investment in skills and the development of a culture of responsibility across organisations.

Why does it matter?

The campaign reflects a broader shift in cybersecurity policy from technical protection towards organisational responsibility. By targeting business leaders, Poland is emphasising that cyber resilience depends not only on tools, but also on governance, staff training, incident response and compliance with national cybersecurity obligations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

G7 working group advances cybersecurity approach for AI systems

The German Federal Office for Information Security published guidance developed by the G7 Cybersecurity Working Group outlining elements for a Software Bill of Materials for AI. The document aims to support both public and private sector stakeholders in improving transparency in AI systems.

The guidance builds on a shared G7 vision introduced in 2025 and focuses on strengthening cybersecurity throughout the AI supply chain. It sets out baseline components that should be included in an AI SBOM to better track and understand system dependencies.

The document outlines seven baseline building blocks that should form part of an AI Software Bill of Materials (SBOM for AI), designed to improve visibility into how AI systems are built and how their components interact across the supply chain.

At the foundation is a Metadata cluster, which records information about the SBOM itself, including who created it, which tools and formats were used, when it was generated, and how software dependencies relate to one another.

The framework then moves to System Level Properties, covering the AI system as a whole. This includes the system’s components, producers, data flows, intended application areas, and the processing of information between internal and external services.

A dedicated Models cluster focuses on the AI models embedded within the system, documenting details such as model identifiers, versions, architectures, training methods, limitations, licenses, and dependencies. The goal is to make the origins and characteristics of models easier to trace and assess.

The document also introduces a Dataset Properties cluster to improve transparency into the data used throughout the AI lifecycle. It captures dataset provenance, content, statistical properties, sensitivity levels, licensing, and the tools used to create or modify datasets.

Beyond software and data, the framework includes an Infrastructure cluster that maps the software and hardware dependencies required to run AI systems, including links to hardware bills of materials where relevant.

Cybersecurity considerations are grouped under Security Properties, which document implemented safeguards such as encryption, access controls, adversarial robustness measures, compliance frameworks, and vulnerability references.

Finally, the framework proposes a Key Performance Indicators cluster that includes metrics related to both security and operational performance, including robustness, uptime, latency, and incident response indicators.

According to the paper, the objective is to provide practical direction that organisations can adopt to enhance visibility and manage risks linked to AI technologies. The framework is intended to support more secure development and deployment practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

IPC New South Wales’ Generative AI guidance targets privacy risks in Australia

The Information and Privacy Commission New South Wales, has issued guidance for public sector agencies in Australia on managing privacy risks associated with the use of generative AI tools.

The guide states that the Privacy and Personal Information Protection Act 1998 applies to the handling of personal information through generative AI tools. It is intended to help agencies understand and comply with privacy obligations when adopting tools such as ChatGPT, Gemini, Claude, Perplexity, and Copilot.

Generative AI can support workplace tasks such as drafting, editing, document analysis, research, translation, transcription, and process automation. However, the IPC warns that these tools can create privacy risks when prompts, uploaded files, or outputs include personal or health information.

The guide highlights risks including unexpected use or disclosure of personal information, cross-border data transfers, unauthorised disclosure, data breaches, extended retention of personal information, generation of new personal information, inaccurate or discriminatory outputs, and loss of transparency or data subject control.

Some generative AI providers may collect customer data, including prompts, uploaded files, and outputs, to train or improve their models, according to the IPC. Agencies should assess whether personal or health information uploaded to a generative AI service may be processed offshore or used for purposes beyond the original collection purpose.

Recommended measures include privacy impact assessments, updates to privacy management plans and data breach response policies, clear public notices, consent where required, acceptable use policies for staff, training, pre-deployment testing, third-party vendor assessments, and data residency in Australia where possible.

Human review is also presented as an important safeguard, especially where generative AI outputs inform decisions affecting individuals’ access to services, opportunities, or benefits. The IPC urges agencies to avoid a ‘set and forget’ approach and continuously monitor generative AI use, governance, culture, and emerging privacy risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

China expands AI education strategy through global learning platform

China has launched a global AI education service platform to expand cross-border access to digital learning resources and support the integration of AI into education.

The initiative was announced during the 2026 World Digital Education Conference in Hangzhou and forms part of a broader upgrade to Smart Education of China, a digital education platform now accessible in around 220 countries and regions.

Chinese authorities said the upgraded platform will support cross-border sharing of educational resources and expand international services. New features include a lifelong learning hub and a Chinese language learning community.

The conference also saw the release of a report outlining China’s policy progress and practical experience in smart education. An AI education initiative was also unveiled, calling for better use of AI to support well-rounded and sustainable human development.

The initiative also urged stronger efforts to bridge the global digital divide by using smart education platforms to share high-quality resources and digital tools.

Why does it matter?

The launch shows how AI education is becoming part of digital infrastructure strategy, not only classroom reform. By linking AI tools, online learning resources and international access through a state-backed platform, China is positioning digital education as an area of both domestic development and global cooperation. It also points to wider competition over who builds the platforms, standards and learning ecosystems that will shape AI literacy and future workforce skills.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

AI’s economic impact could redefine jobs and productivity trends

AI is increasingly being viewed as a potential general-purpose technology, similar to electricity, computers and the internet, with the capacity to reshape economies over time, according to Bank of Canada External Deputy Governor Michelle Alexopoulos.

Speaking at the Ottawa Economics Association and Canadian Association for Business Economics Spring Policy Conference, Alexopoulos said technological change usually unfolds gradually. Still, some innovations spread across industries and transform the wider economy. AI has developed over the past decades, but recent advances have accelerated adoption among people and businesses.

If AI becomes a general-purpose technology, it could eventually reshape jobs, improve productivity and make businesses more competitive, potentially leading to higher wages, lower costs for consumers and reduced inflationary pressure. Alexopoulos cautioned that forecasts will change as new information becomes available, but said AI’s potential effects on productivity, inflation and the labour market cannot be ignored.

Global uptake is expanding, though unevenly. Investment in AI data centres has risen sharply, particularly in the United States, while constraints such as power generation capacity and skills shortages continue to affect adoption. In Canada, adoption is gaining momentum but remains uneven across sectors, with some businesses saying AI does not yet meet their needs or that workers lack the required skills.

Early signs of modest productivity gains are emerging, as AI may allow economies to produce more goods and services without requiring people to work harder. Because productivity affects estimates of future economic growth, the Bank of Canada sees AI’s potential impact as relevant to monetary policy.

Labour-market effects remain mixed. Alexopoulos noted that some large technology firms have linked recent job cuts to AI, and studies show weaker hiring in highly exposed roles such as entry-level coding and customer service. However, she said the evidence so far does not show large-scale job losses, but rather that AI is transforming work tasks instead of replacing people.

Why does it matter?

AI’s possible emergence as a general-purpose technology could affect productivity, wages, inflation and labour demand over time. The Bank of Canada’s framing matters because it links AI adoption directly to macroeconomic policy, rather than just to business innovation. The central question is whether AI raises productivity broadly enough to support growth and lower costs, or whether uneven adoption deepens gaps between firms, sectors and workers.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

UK backs stronger cooperation on AI and frontier technologies at OSCE

The UK has highlighted both the opportunities and risks linked to frontier technologies during a high-level conference organised by the Organization for Security and Co-operation in Europe in Geneva.

Speaking at the event, UK Tech Envoy Sarah Spencer said AI could support early warning and early action in humanitarian crises, but could also amplify misinformation and instability if misused or deployed without adequate safeguards.

Spencer said responsible governance of frontier technologies requires partnerships between states, institutions, industry and civil society, arguing that such cooperation matters more than individual products in building inclusive, responsible and sustainable digital ecosystems.

She also highlighted the OSCE’s role in fostering dialogue on frontier technologies, reducing misunderstandings and supporting anticipatory approaches to governance. The UK said it was ready to support efforts to ensure technological progress contributes to a safer, more secure and more humane future.

The conference, titled ‘Anticipating technologies – for a safe and humane future’, brought together participants to discuss how emerging technologies are affecting security, stability and international cooperation.

Why does it matter?

The statement places AI and other frontier technologies within a security and diplomacy context, rather than treating them only as innovation issues. It highlights growing concern that emerging technologies can support humanitarian and development goals, but also create risks for misinformation, conflict escalation and strategic stability if governance and cooperation lag behind deployment.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU Commission reviews Android DMA rules on interoperability

The European Commission is consulting third parties on proposed measures requiring Alphabet to ensure effective interoperability between Google Android and AI services under the Digital Markets Act.

The draft measures focus on AI services’ access to key Android capabilities, including wake-word activation, contextual data, integration with applications, and access to hardware and software resources needed for reliable and responsive services.

The Commission opened proceedings in January 2026 to specify how Alphabet should comply with DMA interoperability obligations for features relevant to AI services. Its proposed measures cover invocation, context, actions on apps and the operating system, access to resources, and general requirements such as free access, documented frameworks and APIs, technical assistance and reporting.

Stakeholders were asked to comment on the effectiveness, completeness, feasibility and implementation timelines of the proposed measures, particularly from the perspective of AI service providers and Android device manufacturers.

Input from Alphabet and interested third parties may lead to adjustments before the Commission adopts a final decision-making the measures legally binding. The Commission is expected to adopt that decision by 27 July 2026.

Why does it matter?

The case shows how the DMA is being applied to the emerging competitive landscape for AI assistants and mobile operating systems. If third-party AI services need access to Android features such as wake words, contextual data, app actions and on-device resources to compete effectively, interoperability rules could shape which AI tools reach users and how much control gatekeepers retain over mobile AI ecosystems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Meta tests compromise plan in EU WhatsApp AI access dispute

European Commission officials are examining whether Meta’s policy on access to WhatsApp for AI providers may raise competition concerns in the European Economic Area.

Changes to the WhatsApp Business Solution terms are at the centre of the investigation, particularly as they affect how third-party AI providers can offer services on the platform. The Commission is assessing whether the policy could limit access for competing AI services and reduce choice for users and businesses.

Messaging platforms are becoming important distribution channels for AI-powered services. As chatbots and AI assistants become more integrated into everyday communication tools, access to widely used platforms such as WhatsApp may become an important factor in competition between providers.

Commission officials have said they will examine whether Meta’s conduct complies with the EU competition rules. Opening an investigation does not mean that the Commission has reached a conclusion or found an infringement.

The broader EU scrutiny of large digital platforms is increasingly focused on how access to infrastructure, services and user ecosystems is managed as AI tools become more widely adopted.

Why does it matter?

Competition questions are expanding into AI distribution channels. Messaging platforms can shape which AI services reach users and businesses at scale, making access rules an important part of the emerging AI market. The outcome could influence how major platforms design access policies for third-party AI providers while regulators seek to preserve competition and user choice.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Diplo chatbot can make mistakes. Consider checking important information.