Digital standards

European Commission delays tech sovereignty package again

The European Commission has postponed the presentation of its tech sovereignty package until 3 June, following several earlier delays. The publication had previously been scheduled for 25 March, 15 April and 27 May.

According to Euractiv, the package is expected to include the proposed Cloud and AI Development Act and Chips Act 2. The initiatives are intended to support digital infrastructure development and strengthen Europe’s semiconductor sector. The measures are also expected to encourage data centre investment and semiconductor manufacturing within the EU.

The latest postponement follows comments from the US ambassador to the EU concerning potential trade implications of European digital regulation. Euractiv additionally reported uncertainty regarding a proposed EU open-source strategy previously linked to the package.

The European Commission did not comment publicly on the latest delay.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU consultation closes on AI energy measurement

The European Commission has moved forward with work on measuring the energy consumption and emissions of AI models and systems, as part of preparations for a possible AI energy measurement framework under the EU AI Act.

The targeted consultation forms part of a Commission-procured study on measuring and promoting energy-efficient and low-emission AI in the European Union. Responses will help refine the study, contribute to a measurement framework for the AI Act’s energy-related objectives and support the design of a potential AI energy and emissions label.

The process focuses on how to measure energy use across the AI lifecycle, including development and training, as well as operational use and inference. The Commission says a comprehensive picture of AI’s energy efficiency and carbon footprint requires data on computational resources, electricity consumption and hardware details.

Under Annex XI of the AI Act, providers of general-purpose AI models must document known or estimated energy consumption as part of their technical documentation obligations. The consultation, therefore, targets developers and deployers of general-purpose AI models and AI systems, as well as component and service suppliers.

Stakeholders were asked about the accessibility of data needed to assess AI energy consumption and emissions, as well as the suitability of different AI performance indicators. The Commission said the aim is to develop a robust and practical industry-informed framework for measuring AI energy consumption and efficiency.

The AI Office will publish a summary of the consultation results based on aggregated data, with respondents not directly quoted.

Why does it matter?

AI’s growing energy demand is becoming a regulatory and environmental policy concern, especially as general-purpose AI models require substantial computing resources for training and inference. A common EU framework for measuring AI energy use and emissions could make environmental impacts more visible, support future transparency obligations and help compare systems more consistently. A possible AI energy and emissions label would also push sustainability into AI governance alongside safety, transparency and accountability.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Union reviews platform power in third annual Digital Markets Act report

The European Commission has published its first formal review of the Digital Markets Act, assessing how the regulation is affecting large online platforms and digital market competition across the European Union.

The review says the DMA has already produced visible changes in some areas, including greater user choice through third-party app stores and prompts allowing users to select browsers or search engines. However, it also points to continuing challenges in implementation and enforcement.

Enforcement has become a central part of the assessment. In April 2025, Apple was fined €500 million for blocking developers from directing users to cheaper purchasing options, while Meta was fined €200 million over its ‘consent or pay’ model. Both companies are appealing the decisions.

The Commission also highlighted ongoing compliance and procedural difficulties. According to the review, investigations are taking around twice as long as the 12-month target, while legal procedures are being used to slow compliance.

The assessment raises broader questions about whether the DMA should eventually cover fast-growing areas such as AI tools and cloud platforms. The review presents the regulation as an evolving framework whose long-term impact will depend on consistent enforcement and adaptation to new market realities.

Why does it matter?

The review indicates that the Digital Markets Act is transitioning from establishing rules to a more challenging phase of enforcement. Initial changes suggest that the law is starting to influence the behaviour of platforms. However, delays, appeals, and uncertainties regarding AI and cloud services demonstrate that the European Union’s digital competition framework will need to continuously adapt as the power of platforms shifts into new areas of the digital economy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

European Commission advances AI transparency code under EU AI Act

The European Commission’s AI Office has convened a new round of working group meetings and workshops on the forthcoming Code of Practice on Marking and Labelling of AI-Generated Content.

The discussions brought together providers of generative AI systems and models, technology companies, industry representatives, civil society organisations and academic experts. Feedback from the meetings will inform the third and final draft of the code, expected in early June.

The code is intended to support transparency obligations under the AI Act, including requirements linked to marking, labelling, disclosure and detectability of AI-generated content. It covers issues such as synthetic media, deepfakes and certain AI-generated text.

Working Group 1 focused on marking and detection obligations for providers, including a revised multi-layered approach, technical feasibility, benchmarking, compliance frameworks and possible third-party assessments. Industry participants raised concerns over compliance burdens, innovation and feasibility, while civil society and academic experts called for stronger safeguards in the public interest.

Working Group 2 examined disclosure obligations for deployers of generative AI systems, particularly deepfakes and certain AI-generated text. Discussions covered origin disclosure, user-facing labels, proportionality, governance measures, editorial control and the possible development of a uniform EU label.

Additional workshops explored how machine-readable marks, provenance data, visible labels, watermarking systems and an EU-wide icon could work together across the AI value chain. Participants also discussed coordination with other EU rules, including the Digital Services Act, while stressing the need to balance transparency, legal clarity, accessibility and innovation.

Why does it matter?

The code of practice will help determine how AI-generated content is marked, labelled and disclosed across the EU. Its development highlights the practical difficulty of turning transparency obligations into workable rules, particularly when regulators, companies and civil society disagree over technical feasibility, compliance costs, user experience and safeguards against deceptive synthetic media.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK expands regulatory and infrastructure plans for digital finance

The Bank of England plans to publish draft rules for systemic stablecoins in June, as part of the UK’s broader digital asset regulatory framework.

Deputy Governor Sarah Breeden outlined the plans during the City Week conference in London.

According to officials, regulators are reviewing earlier proposals following industry feedback related to compliance and market impact. The proposals may include limits on overall stablecoin issuance and requirements for banks issuing stablecoins through separate legal entities.

Authorities are also considering branding requirements intended to distinguish stablecoins from insured bank deposits.

Breeden also referred to growing institutional interest in tokenised financial markets and distributed ledger-based settlement systems.

Several financial institutions, including HSBC, Euroclear, and London Stock Exchange Group, are expected to participate in the UK’s digital securities sandbox later this year.

Alongside private-sector initiatives, the Bank of England is also upgrading its Real-Time Gross Settlement infrastructure and exploring pilot projects involving tokenised government debt instruments. Authorities additionally aim to extend settlement operating hours toward near-continuous availability by the early 2030s.

Why does it matter? 

The UK’s push to regulate stablecoins and support tokenized finance highlights how major economies are increasingly competing to become leading hubs for digital financial innovation.

Decisions taken by the Bank of England could influence how traditional banking, payments, and capital markets evolve globally as governments and institutions move toward blockchain-based financial infrastructure.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

UK authorities issue guidance on frontier AI cyber risks in finance

The Bank of England, the Financial Conduct Authority (FCA), and HM Treasury published a joint statement on cybersecurity and operational resilience risks linked to frontier AI models.

According to the statement, current frontier AI models can perform certain cyber-related tasks at high speed and scale, potentially increasing operational and security risks if misused.

UK authorities said regulated firms should strengthen governance, vulnerability management, third-party risk oversight, and recovery capabilities. The statement also referred to the use of automated and AI-supported defensive measures in cybersecurity operations.

The guidance highlighted risks associated with third-party services, open-source software, and legacy systems. According to the statement, boards and senior management should maintain awareness of frontier AI-related operational and cyber risks.

The authorities said they will continue monitoring frontier AI developments and engage with industry through the Cross Market Operational Resilience Group (CMORG). The statement also references guidance published by the UK National Cyber Security Centre (NCSC) on vulnerability management and AI-related cyber risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Global experts gather for CPDP 2026

The CPDP Conference 2026 has released its detailed programme, outlining a multi-day agenda of panels, workshops and cultural sessions focused on AI, data protection and digital governance. The conference will run from 19 to 22 May 2026, bringing together global experts across policy, academia and industry.

Across the programme, a wide range of panels and debates will explore key themes including AI regulation, digital governance, workplace data rights and platform power. Alongside panels and discussions, there will also be short movies and workshops offering conference topics in different formats.

Workshops are scheduled throughout each day, with structured breaks including coffee sessions and lunch intervals offering networking moments for participants. Topics range from AI in healthcare and advertising to digital conflict, governance under pressure and privacy-preserving technologies.

The programme also includes specialised tracks and cultural sessions, such as film screenings and artistic discussions on algorithmic systems, alongside academic panels and policy debates. The event will conclude after a final series of workshops and sessions on 22 May in Brussels, Belgium.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK proposes stronger streaming rules under new Ofcom standards

Ofcom has proposed new content and accessibility standards for major streaming platforms operating in the UK, expanding regulatory oversight across the rapidly growing on-demand media sector. The draft framework follows powers introduced through the Media Act and would align streaming services more closely with traditional broadcast television standards.

The proposed rules would apply to major platforms including Netflix, Amazon and Disney. Ofcom said audiences increasingly expect consistent protections regardless of whether content is viewed through conventional television or streaming services.

The draft Code includes requirements covering harmful or offensive material, fairness and privacy protections, and due impartiality and accuracy for news content. Additional safeguards for minors would also apply, alongside stronger expectations around contextual warnings and viewer information.

Ofcom also proposed new accessibility obligations for streaming providers. Under the draft rules, platforms would need to subtitle 80% of catalogue content, provide audio description for 10%, and provide signing for 5%. The regulator said that more than 18 million people with hearing or sight conditions could benefit from improved accessibility standards across streaming platforms.

Why does it matter?

The proposals signal a major shift in how digital media platforms are regulated in the UK, extending broadcast-style obligations into streaming ecosystems for the first time. The measures could influence global debates around platform accountability, online safety, accessibility standards, and regulatory convergence between traditional media and digital services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

ICO warns organisations about growing AI cyber threats

The UK Information Commissioner’s Office has warned that AI is enabling faster, more advanced and harder-to-detect cyberattacks, urging organisations to strengthen their defences against emerging threats.

In a blog post, the regulator highlighted risks such as AI-generated phishing emails, deepfake social engineering, automated vulnerability scanning, AI-powered malware, credential attacks, data poisoning and indirect prompt injection. The ICO said cybersecurity must be treated as a shared responsibility, with organisations expected to take proactive steps to protect the personal data they hold.

The ICO said strong foundational security measures remain essential, but should be reinforced with layered defences to counter AI-powered threats. It pointed to practical steps such as patching systems, restricting access through multi-factor authentication, applying least-privilege principles and managing supplier risks.

The recommendations also include monitoring systems for unusual activity, carrying out vulnerability scanning and penetration testing, and maintaining regularly tested incident response plans. The ICO said AI can also support cyber defence, but should operate within a clear framework of human oversight and accountability.

Organisations are further advised to minimise data collection, conduct regular data audits and train staff to recognise AI-powered social engineering attacks. The ICO said AI tools processing high-risk personal data should be supported by data protection impact assessments and appropriate safeguards.

Why does it matter?

The ICO’s warning links AI-powered cyber threats directly to data protection obligations. As attackers use AI to scale phishing, exploit vulnerabilities and impersonate trusted contacts, organisations are expected not only to improve technical security, but also to limit the personal data they hold, strengthen governance and prepare for faster-moving incidents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

CMA opens Strategic Market Status investigation into Microsoft business software

The UK Competition and Markets Authority has opened a Strategic Market Status investigation into Microsoft’s business software ecosystem, marking another major step in the country’s digital competition regime.

The investigation will examine Microsoft’s position across workplace software products widely used throughout the UK economy, including productivity software, personal computer and server operating systems, database management systems, security software and its growing AI assistant ecosystem, including Copilot. The CMA said more than 15 million commercial users across the UK rely on Microsoft’s software ecosystem.

Regulators will assess whether Microsoft has Strategic Market Status in business software and whether its position may limit customer choice. The CMA said it will examine concerns linked to product bundling, interoperability limits and default settings that could make it harder for businesses and public-sector organisations to switch providers or combine Microsoft tools with competing products.

The authority will also examine how competing AI services can integrate with Microsoft’s business software as workplace tools increasingly incorporate AI and agentic AI functions. The CMA said customers should be able to access software and AI services from a range of suppliers rather than being locked into a single ecosystem.

Cloud competition concerns are also linked to the probe. An SMS designation would allow the CMA to consider targeted interventions related to Microsoft’s software licensing practices, which were previously identified as reducing competition in cloud services.

The CMA will gather evidence from Microsoft, customers, rivals, challenger technology firms and other stakeholders before deciding whether to designate Microsoft with Strategic Market Status. The regulator said the investigation does not assume wrongdoing and that any future interventions would depend on the evidence and relevant legal tests.

Why does it matter?

The investigation shows how digital competition oversight is moving deeper into enterprise software, cloud infrastructure and AI-enabled workplace tools. As products such as Copilot become embedded in systems used by businesses and public services, regulators are increasingly treating interoperability, bundling and switching costs as strategic competition issues rather than narrow technical questions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.