Economic

Campaign highlights risks of profit-driven digital platforms

A global campaign led by the Norwegian Consumer Council (NCC) has drawn attention to the decline in quality across digital platforms, a phenomenon widely referred to as ‘enshitification’, in which services deteriorate over time as companies prioritise monetisation over user experience.

The initiative has gained momentum through a viral video and coordinated advocacy efforts across multiple regions.

Inshitification is a term coined by journalist Cory Doctorow that describes a pattern in which platforms initially serve users well, then shift towards extracting value from both users and business partners.

In practice, it often results in increased advertising, paywalls, and reduced functionality, with platforms leveraging user dependence to introduce less favourable conditions.

More than 70 advocacy groups across the EU, the US and Norway have urged policymakers to take stronger action, arguing that declining competition and market concentration allow platforms to degrade services without losing users.

Network effects and high switching costs further limit consumer choice, making it difficult to move to alternative platforms even when dissatisfaction grows.

Existing frameworks, such as the Digital Markets Act and the Digital Services Act, aim to address some of these issues by promoting interoperability, transparency, and accountability.

However, experts argue that enforcement remains too slow and insufficient to deter harmful practices, suggesting that stronger regulatory intervention will be necessary to restore balance between consumers, platforms, and competition in the digital economy.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Ofcom tightens online safety enforcement across major platforms

Enforcement of the Online Safety Act intensifies in 2026, with regulators pushing stronger age verification across social media, gaming, messaging, and adult platforms. Significant progress has been reported in the adult sector, with most major pornography services now using age assurance or restricting UK access.

Ofcom has issued new expectations for major children’s platforms, including stricter age verification, stronger protections against grooming, safer feeds, and tighter product testing. The regulator has warned that further enforcement action may follow if compliance is not met.

New obligations are also being introduced, including a requirement from April 2026 for services to report child sexual exploitation and abuse content to the National Crime Agency.

Providers are being instructed to keep risk assessments up to date and adapt to evolving regulatory guidance, including upcoming consultations and expanded reporting duties.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU investigates cyber attack targeting Commission websites

The European Commission has confirmed a cyber-attack targeting its cloud infrastructure hosting the Europa.eu services, with authorities acting swiftly to contain the incident and prevent disruption to public access.

The attack was identified on 24 March, prompting immediate mitigation measures to secure systems and maintain service continuity.

Preliminary findings indicate that some data may have been accessed from affected websites, although the full scope of the incident remains under investigation.

The Commission has begun notifying the relevant EU entities that may be affected, while continuing efforts to assess the extent of the breach and strengthen safeguards.

Officials confirmed that internal systems were not affected, limiting the overall impact of the attack.

Monitoring efforts remain ongoing, with additional security measures being implemented to protect data and infrastructure, rather than relying solely on existing defences. The Commission has also committed to analysing the incident to improve its cybersecurity capabilities.

The attack comes amid growing cyber and hybrid threats targeting European institutions and critical services.

Existing frameworks, including the NIS2 Directive and the Cyber Solidarity Act, aim to strengthen resilience and coordination across member states, supporting a more unified response to large-scale cyber incidents across the EU.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Cryptocurrency political donations banned under new Canada bill

Canada’s Liberal government has introduced Bill C-25 to prohibit cryptocurrency and other non-cash instruments from being used as political donations. The measure covers all registered parties, candidates, leadership, and nomination contests, and third-party advertisers, tightening campaign finance rules.

The proposal reverses a 2019 framework that had allowed limited crypto contributions under strict conditions, though uptake remained minimal and no major party reported receiving such donations in recent federal elections.

Authorities argue that pseudo-anonymous blockchain transactions make it difficult to verify the true source of funds, raising concerns about traceability and foreign interference risks.

Under the new rules, any prohibited donation must be returned, destroyed, or converted and forwarded to the Receiver General within 30 days. Enforcement includes fines of up to twice the illegal contribution’s value, reaching CA$25,000 for individuals and CA$100,000 for corporations.

Bill C-25 also revives provisions from the earlier Bill C-65, which collapsed in 2025 after Parliament was prorogued. The updated law aligns with UK restrictions and expands election oversight powers, including measures against deepfakes and foreign interference.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK regulator targets misleading online reviews in new crackdown

The Competition and Markets Authority has launched new investigations into five companies as part of a wider crackdown on fake and misleading online reviews, targeting practices that shape consumer decisions rather than reflect genuine customer experiences.

The cases involve Autotrader, Feefo, Dignity, Just Eat and Pasta Evangelists across sectors, including car sales, food delivery and funeral services.

CMA is examining whether negative reviews were suppressed, ratings inflated, or incentives offered in exchange for positive feedback without disclosure.

Concerns also extend to moderation practices and whether review systems provide a complete and accurate picture of customer experiences, rather than favouring reputational or commercial interests. No conclusions have yet been reached on whether consumer law has been breached.

Online reviews play a central role in consumer behaviour, influencing significant levels of spending across the UK economy.

Research indicates that a large majority of consumers rely on reviews when making purchasing decisions, raising concerns that misleading content can distort markets and undermine trust, particularly as AI makes it harder to detect fabricated reviews.

The investigations form part of a broader enforcement effort under the Digital Markets Competition and Consumers Act 2024, which introduced stricter rules on fake and misleading reviews.

Authorities aim to improve transparency and accountability across digital platforms, with potential penalties reaching up to 10% of global turnover for companies found to have breached consumer protection laws.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU and Japan strengthen digital partnership in ICT Dialogue

The European Commission and Japan have reinforced their digital cooperation through the 31st the EU–Japan ICT Dialogue held in Tokyo, focusing on advancing shared priorities in emerging technologies instead of pursuing separate national strategies.

A meeting that forms part of the broader EU–Japan Digital Partnership, which aims to deepen collaboration in key areas of the digital economy.

Discussions covered a wide range of topics, including AI, cybersecurity, and secure connectivity infrastructure such as submarine cables and Arctic networks.

Both sides also explored developments in 5G and 6G technologies, alongside emerging solutions like quantum key distribution, highlighting the importance of secure and resilient communication systems in an evolving digital landscape.

The dialogue also emphasised cooperation between the EU AI Office and AI Safety Institute, as well as joint efforts in research, innovation, and international standardisation.

These initiatives aim to align regulatory approaches and technological development rather than create fragmented global frameworks.

By strengthening collaboration across critical digital sectors, the EU and Japan seek to enhance technological resilience and promote secure, interoperable systems.

The ongoing partnership reflects a shared commitment to shaping global digital standards while supporting innovation and economic growth in both regions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

WTO Ministerial: Members diverge on digital trade outcomes

At the 14th WTO Ministerial Conference in Yaoundé, Cameroon, two parallel tracks concerning digital trade took centre stage, each with distinct outcomes. The first was the long-standing moratorium on customs duties on electronic transmissions, a temporary ban renewed every two years since 1998, which expires on March 31, since members were unable to agree on a new extension.

The second was the plurilateral Agreement on Electronic Commerce concluded in 2024 by the Joint Statement Initiative on e-commerce (JSI), aiming to establish digital trade rules, including a prohibition on e-commerce duties. While the moratorium lapsed without a multilateral consensus, a coalition of countries decided to move forward with implementing the plurilateral e-commerce agreement.

Moratorium on customs duties on electronic transmissions

The Ministerial Conference concluded without a final declaration and without an agreement on the moratorium, leading to its lapse on March 31. Negotiators were unable to reach a consensus on the length of a new extension, with differing views among members preventing a deal.

The outcome also meant that a broader set of discussions on WTO reform, which had been politically linked to the approval of the moratorium, remained unresolved. Discussions on both fronts, as well as about the future of the Work Programme on e-commerce (WPEC), are expected to continue at the next General Council meeting in May.

At the heart of the impasse were differing perspectives on how long the moratorium should be extended. While some members, particularly the US, sought a longer-term solution, others have traditionally advocated a shorter renewal, reflecting a desire for caution given the rapid pace of technological change and the need to preserve policy flexibility for the future.

During MC14, Brazil was the leading voice, emphasising the importance of caution in light of developments such as AI and 3D printing, suggesting that a shorter extension with room for review would allow members to reassess as the digital landscape evolves. Efforts to find a middle ground ultimately fell short as time ran out.

This is not the first time that the moratorium lapses; it happened at the 1999 Seattle ministerial, before the moratorium was reinstated at Doha two years later. The current expiry of the moratorium does not mean tariffs will automatically be imposed.

Still, it creates policy space for some countries to consider introducing tariffs if they are not bound by trade agreements that prohibit customs duties on electronic transmissions.

Plurilateral Agreement on E-commerce will be implemented on an interim basis

A coalition of 66 WTO members announced they would move forward with implementing the JSI e-commerce agreement through interim arrangements. Australia, Japan, and Singapore, serving as co-convenors, confirmed that the pact, which aims to facilitate digital trade and prohibit duties on e-commerce transactions, will enter into force once 45 members have formally notified their acceptance.

In the meantime, JSI members will continue to seek inclusion of the Agreement under the WTO legal architecture. Upon the entry into force, the signatories of the Agreement, which excludes major economies, such as the United States, Brazil, and India, will be bound by a moratorium on customs duties on electronic transmissions, offsetting some of the impact of the expiry of the WTO-wide moratorium.

The initiative received support from WTO Director-General Ngozi Okonjo-Iweala, who noted that participating economies are helping establish a shared regulatory framework that can lower costs and unlock new opportunities. However, the path for other plurilateral efforts remains uncertain, as India registered dissent against the incorporation of the agreement achieved within another plurilateral negotiation, on Investment Facilitation for Development, into the WTO rulebook.

The country argued that incorporating such frameworks into the WTO rulebook risks eroding the organisation’s foundational principles. It asked for a discussion of guardrails and legal safeguards before integrating any specific plurilateral outcome into the WTO.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot 

AI and digital transformation take focus at Eurasian meeting

An expanded meeting of the Eurasian Economic Union Intergovernmental Council was held in Shymkent under Kazakhstan’s chairmanship, bringing together leaders to discuss economic integration, digital transformation and technological development.

Prime Minister Olzhas Bektenov said Kazakhstan will prioritise the introduction of AI across the Union’s activities, alongside efforts to strengthen digital ecosystems and regulatory cooperation among member states.

Participants discussed the use of AI in areas including customs administration, logistics, industry and agriculture, as well as a proposal to develop an integrated AI-based platform to coordinate cargo flows and improve transport efficiency.

The meeting also addressed digital governance measures, including transitioning veterinary and phytosanitary certification fully to electronic formats to improve transparency in trade and reduce administrative barriers.

Leaders emphasised the role of digital solutions and AI in supporting industrial cooperation, innovation and market integration, with decisions from the meeting aimed at strengthening economic resilience and advancing digital transformation across the region.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot 

India strengthens digital economy with AI and media initiatives

India has launched three initiatives to expand AI adoption, digital content creation and access to broadcasting services. The programme focuses on building an AI-skilled workforce and strengthening the country’s digital ecosystem.

A national AI skilling initiative aims to train 15,000 creators and media professionals through partnerships with Google and YouTube. The programme covers generative AI, prompting and advanced tools, supporting future-ready skills in media and creative industries.

The government also introduced MyWAVES, a platform within WAVES OTT that enables users to create, upload and share content. Designed for user-generated content, it supports multiple formats and multilingual participation across India.

Access to broadcasting has been simplified through in-built satellite tuners and an advanced programme guide in television sets. The update removes the need for set-top boxes, improving affordability and expanding reach, particularly in remote areas.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot 

IAPP updates US state breach notification resource as legal differences persist

The International Association of Privacy Professionals (IAPP) has updated its US State Breach Notification Chart, a resource that summarises state breach notification laws across the United States. In an analysis published on 26 March, the IAPP says the revised chart highlights both nationwide coverage and continuing variation in how states define personal information, apply harm thresholds, and trigger reporting duties.

According to the IAPP, all 50 states, the District of Columbia, Guam, Puerto Rico, and the US Virgin Islands now have breach notification laws. California enacted the first state law in 2002, which took effect in 2003, while Alabama was the last state to adopt such a law in 2018. The IAPP says the result is a de facto nationwide framework, but one marked by significant differences across jurisdictions.

A central point in the analysis is that breach notification laws generally use a narrower definition of personal information than more recent comprehensive privacy laws. The IAPP says the original purpose of breach notification was to alert people to the risks of identity theft and financial fraud after a data breach, so laws tend to focus on identifiers such as names combined with Social Security numbers, driver’s licence details, or financial account credentials.

The article contrasts narrower statutes with broader ones. Hawaii’s law is described as among the narrowest, while Illinois and California are presented as having broader definitions that can extend to medical information, health insurance details, biometric data, genetic data, and, in California’s case, some automated licence plate recognition data.

Even so, the IAPP says many state breach laws still do not cover large categories of digital information, such as browsing history, cookie data, IP addresses, cell phone numbers, purchasing records, or complete financial transaction histories where account credentials were not compromised.

Exemptions and scope also vary. The IAPP says most breach notification laws apply broadly to businesses and often to nonprofit organisations, while privacy laws tend to contain more exclusions. The article notes that some states cover state and local government entities directly, while California has a separate breach notification law for governmental bodies. The IAPP also says its chart is focused on laws applicable to the private sector.

Encryption safe harbours appear across the state laws, according to the analysis, with some states also recognising redaction or other protections that render data unreadable or unusable. Attorney general notification requirements also differ. The IAPP says 34 state laws require notice to the state attorney general once certain thresholds are met, with thresholds ranging from 250 affected residents in North Dakota and Oregon to 1,000 in many other states, while some states, such as Connecticut and New York, require notice regardless of the number affected.

Harm thresholds are another area of divergence. The IAPP says about 30 state laws include a harm standard, meaning notice may not be required unless the breach caused, or is likely to cause, harm to affected individuals.

The article describes substantial differences in wording across states, with some referring to ‘reasonable likelihood’ of harm, others to ‘material risk,’ ‘substantial economic loss,’ or misuse of the data, while some states, including California, Georgia, Illinois, Massachusetts, Minnesota, North Dakota, and Texas, require no harm showing at all.

The practical effect, the IAPP argues, is that organisations holding data on residents of multiple states face a complex compliance problem. A data element that triggers notice in one state may not do so in another, and the article says reconciling the different harm standards is effectively impossible. The analysis notes that some organisations may decide to notify if there is doubt, while others may choose to notify only where clearly required.

The IAPP concludes that the absence of a preemptive federal breach notification law leaves entities to navigate overlapping but inconsistent state rules. Its updated chart is presented as a tool to help practitioners track those differences and build awareness of how US state breach notification laws continue to evolve.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.