Consumer protection

Crypto crackdown intensifies in Kazakhstan over illegal exchanges

Kazakhstan’s financial regulator has warned that several major cryptocurrency exchanges are operating without the licences required under the country’s current digital asset framework, reinforcing its strict authorisation regime.

The Astana Financial Services Authority identified prominent platforms, including HTX, Bitget, OKX, and MEXC, as operating without the necessary permits. Under existing rules, only entities licensed within the Astana International Financial Centre are allowed to provide regulated digital asset services.

Authorities stressed that international popularity does not exempt platforms from complying with local law. They also warned that unauthorised exchanges can expose users to financial losses, data breaches, and fraudulent schemes, and urged the public to verify platforms through the official register of licensed firms. AFSA’s website currently shows a regulated ecosystem with dozens of authorised entities across the AIFC framework.

The warning comes amid broader enforcement efforts as Kazakhstan tries to formalise its crypto sector while positioning itself as a regulated regional hub for digital assets. In parallel, law enforcement agencies have reported wider crackdowns on illegal crypto activity, including shadow exchanges and money-laundering networks.

Why does it matter?

Kazakhstan’s tightening enforcement shows a broader push to bring crypto activity into a more formal and supervised market structure. By restricting unlicensed platforms and steering users towards authorised entities, the authorities are trying to reduce exposure to financial crime, improve market transparency, and build credibility for Kazakhstan’s ambition to become a regulated regional digital asset hub.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

Tax season phishing scams surge with fake government sites

Cybercriminal activity tends to intensify during tax-return season, as taxpayers face tighter deadlines and share sensitive financial information. A recent Kaspersky analysis highlights the growing use of fake tax authority websites, phishing emails, and malicious downloads designed to steal personal and banking data.

Attackers are impersonating official revenue services across multiple countries, creating convincing portals that mimic government branding and online tax services. Victims are often prompted to enter login credentials, payment details, or download files containing malware aimed at compromising devices or extracting sensitive information.

Crypto holders are also being targeted through fake compliance portals and fraudulent regulatory notices. These schemes try to trick users into revealing wallet recovery phrases or linking digital wallets, which can lead to full asset theft once access is granted.

AI adds another layer of risk. Kaspersky warns that users who upload tax documents or personal financial data to unverified AI platforms may expose confidential information to leakage, misuse, or further fraud. More broadly, AI is also making phishing and impersonation campaigns easier to scale and harder to detect.

Security experts recommend relying only on official tax channels, checking websites and email sources carefully, avoiding unsolicited downloads, and using secure storage and trusted protection tools when handling tax documents.

Why does it matter?

Tax-season phishing campaigns show how financial data is increasingly being treated as a high-value target for cybercrime. As tax systems, digital finance, crypto assets, and AI tools overlap more closely, a single successful scam can lead not only to immediate financial loss but also to identity theft, device compromise, and broader damage to trust in digital services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

New Chinese rules restrict digital promotion of financial products

China has introduced new online marketing rules for financial products, further tightening its long-standing restrictions on cryptocurrency-related activity. The new framework limits the promotion of financial products to licensed entities and treats digital currency trading and issuance as illegal financial activity.

Issued by the People’s Bank of China and seven other regulators, the Administrative Measures for Online Marketing of Financial Products will take effect on 30 September 2026. The rules extend responsibility to platforms, intermediaries, and content creators who promote or facilitate financial products online.

Any assistance in promoting or facilitating prohibited financial activity may now be treated as participation in illegal finance, expanding enforcement beyond direct trading bans. In practice, that broadens the focus from financial products themselves to the wider digital promotion layer, including online displays, traffic generation, and other forms of internet-based marketing support.

Authorities say the measures are intended to protect consumers by limiting misleading or aggressive online promotion, including livestream marketing and viral investment content. In that sense, the rules are not only about crypto, but about tighter control over how financial products are marketed in digital environments.

The policy also reinforces China’s existing position, dating back to 2021, when regulators declared all cryptocurrency transactions illegal, while pushing enforcement deeper into the digital advertising and distribution layers of financial markets.

Why does it matter?

Stronger oversight of online financial promotion shows that crypto-related advertising is increasingly being treated as a regulatory risk category, not just a marketing issue. The Chinese move also points to a broader trend in which regulators are extending scrutiny beyond financial products themselves to the digital channels, influencers, and platforms that help distribute them.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

UK’s FCA steps up enforcement on crypto

The UK’s Financial Conduct Authority has led its first coordinated crackdown on illegal crypto trading, targeting firms operating without authorisation. The action forms part of wider efforts to enforce compliance in the sector.

According to the Authority, the operation involved identifying and taking action against companies that unlawfully promoted or offered crypto services. The move aims to protect consumers from potential risks.

The regulator stated that illegal crypto promotions can expose users to financial harm and undermine market trust. It emphasised the importance of ensuring firms meet regulatory requirements before operating.

The Authority said the crackdown reflects a stronger enforcement approach to unauthorised crypto activity, with further action expected to support market integrity in the UK.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UNESCO launches regional observatory on AI in education in Latin America and the Caribbean

UNESCO has launched a new regional platform on AI in education for Latin America and the Caribbean, aiming to help governments respond to both a deep learning crisis and the rapid spread of AI tools in schools and universities.

Called the Observatory on Artificial Intelligence in Education for Latin America and the Caribbean, the initiative was launched on 14 April in Santiago, Chile, during the 2026 Forum of the Countries of Latin America and the Caribbean on Sustainable Development.

UNESCO presents the Observatory as the first regional platform anchored in the UN system dedicated to AI in education in Latin America and the Caribbean. It is designed as a multistakeholder mechanism bringing together the region’s 33 ministries of education, along with universities, research centres, teachers, and strategic partners, to generate evidence, strengthen capacities, and support public decision-making on how AI should be used in education.

The initiative is being framed as a response to two pressures at once. UNESCO says the region faces a serious learning crisis, while AI tools are spreading rapidly through classrooms and education systems, with uneven guidance and limited institutional preparedness. In that context, the Observatory is meant to support more context-specific policy development, stronger teacher training, and classroom-tested innovation within ethical frameworks, rather than leaving AI adoption to fragmented local experimentation.

That gives the launch a significance beyond a standard education technology initiative. The core argument is not simply that AI should be introduced into schools, but that governments need a shared regional capacity to shape its use. UNESCO sums that up with a simple principle: AI should not govern education; education should govern AI.

The Observatory is being developed with a broad coalition of regional and international partners, including the Development Bank of Latin America and the Caribbean, Chile’s National Centre for Artificial Intelligence, the Regional Centre for Studies on the Development of the Information Society, ECLAC, the Ceibal Foundation, Fundación Santillana, Tecnológico de Monterrey, ProFuturo, the Universidad del Desarrollo in Chile, and the International Research Centre on Artificial Intelligence. Its advisory council also includes the OECD, the Organisation of Ibero-American States, experts from Harvard University, and the UN Independent International Scientific Panel on AI.

Why does it matter?

The story shows UNESCO moving from broad principles on ethical AI to a more concrete regional governance model. Rather than issuing another general call for responsible AI in education, it is trying to build an institutional platform that can connect evidence, policy, teacher capacity, and public oversight across Latin America and the Caribbean.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ADR deadline falls for European Commission digital consumer redress tool

The European Commission is required, by 20 April 2026, to develop a user-friendly digital interactive tool providing information on consumer redress, including the use of alternative dispute resolution in cross-border disputes, under Directive (EU) 2025/2647.

According to the directive, the tool must also include links to information on consumer rights, host the lists of alternative dispute resolution entities and notified ADR contact points, and link to their websites. Where available, it must include direct links to ADR complaint forms.

The same provision requires the tool to include a machine translation function, which must be made available free of charge to ADR entities and ADR contact points. The Commission is also required to promote the tool and ensure its technical maintenance.

The directive says the tool aims to help consumers identify appropriate redress options for their specific case, especially in cross-border situations, and to support them in taking the appropriate action.

The recitals state that the additional functions of the tool, including direct links to complaint forms and the machine translation function, should be available as soon as possible, no later than 20 April 2026. Member States are to apply the measures from 20 September 2028.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ESMA signals end of MiCA transition period as EU crypto enforcement tightens

The EU’s crypto rulebook is moving into a more decisive enforcement stage, with the European Securities and Markets Authority (ESMA) issuing a fresh warning ahead of the end of transitional periods under the Markets in Crypto-Assets Regulation (MiCA).

ESMA says the transition will expire across the EU on 1 July 2026, after which firms providing crypto-asset services to EU clients without MiCA authorisation will be in breach of EU law and must stop offering such services.

Rather than announcing a new rule, ESMA’s statement clarifies what supervisors expect in the final stretch before the deadline. Unauthorised crypto-asset service providers must have credible and immediately executable wind-down plans in place, including arrangements for offboarding clients and transferring assets to an authorised provider or a self-hosted wallet. By 1 July 2026, those plans must already have been implemented.

ESMA also expects authorised providers to prepare for client migration from unauthorised platforms before the deadline, including through robust onboarding procedures and compliance with anti-money laundering and counter-terrorist financing requirements.

National competent authorities are expected to verify wind-down plans, take action against unauthorised providers, and scrutinise migration strategies to prevent firms from continuing business as usual after the transition ends.

The statement also sharpens the message to firms outside the EU. ESMA says third-country entities are not permitted to provide MiCA services to EU investors or solicit EU clients, except in the narrow case of reverse solicitation. It also warns against outsourcing or delegation arrangements that would allow unauthorised non-EU entities to continue serving EU clients indirectly.

For users, ESMA’s message is straightforward: protections under MiCA depend on dealing with an authorised EU entity, not simply a familiar brand name.

Investors are being urged to verify whether their provider appears in ESMA’s interim MiCA register and, where necessary, move assets to an authorised provider or a self-hosted wallet.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

South Korea’s Fair Trade Commission closes consultation on domestic agent rules for foreign platforms

South Korea’s Fair Trade Commission closes its public consultation on proposed amendments to the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce, including new rules on domestic agents for certain overseas businesses.

According to the Fair Trade Commission, an overseas business without an address or place of business in South Korea would be required to designate a domestic agent if it meets at least one of three criteria: sales in the previous year exceeding ₩1 trillion, an average of more than 1 million domestic consumers accessing the cyber mall each month in the three months immediately preceding the end of the previous year, or a Fair Trade Commission request to submit reports and materials.

The proposed rules would also require overseas businesses, once a domestic agent is designated, to submit the agent’s name, address, telephone number, and email address to the Fair Trade Commission in writing without delay and to disclose that information on the first screen of the cyber mall they operate.

The Fair Trade Commission also says the amendments would establish business suspension standards for violations of the domestic agent obligation. According to the proposal, a first violation would lead to a three-month business suspension, a second violation to six months, and a third violation to 12 months.

In the same legislative notice, the Fair Trade Commission also proposed reducing the scope of identity information that platforms facilitating person-to-person transactions must verify for individual sellers, from five items to two: telephone number and email address.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australian authorities warn of data exploitation through social media platforms

Social media and messaging services pose growing security and privacy risks, with personal data used to build profiles for fraud, espionage, or social engineering. Even routine posts may contribute to broader data collection and unintended exposure.

Platforms typically collect extensive user and device data under evolving privacy policies, sometimes storing it across jurisdictions with varying legal protections. Such conditions increase the risks to identity theft, reputational harm, and the misuse of aggregated personal information.

The Australian Government advises organisations to restrict access to official accounts, train staff, and enforce clear policies on what can be shared. It also highlights the importance of breach response procedures to maintain operational security.

For individuals, the Government guidance recommends limiting exposure of personal data, using privacy settings, avoiding unknown contacts, and applying strong authentication.

Regular updates, careful app permissions, and device security measures are also encouraged to reduce cyber risks.

Strengthening awareness and applying consistent security practices reduces vulnerability and supports more resilient organisational systems in an increasingly interconnected digital environment.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

FBI reports billions lost to crypto and AI scams

The Federal Bureau of Investigation reports that cyber-enabled crimes cost Americans nearly $21 billion in 2025, according to its latest Internet Crime Report. The Internet Crime Complaint Center recorded more than 1 million complaints, marking a rise from the previous year.

Investment fraud, phishing, extortion, and tech support scams remained the most common threats, with older adults reporting disproportionately high losses. Individuals over 60 accounted for approximately $7.7 billion in losses, reflecting a sharp year-on-year increase.

Cryptocurrency-related fraud was the most financially damaging category, with losses exceeding $11 billion across more than 180,000 complaints. The report also highlighted emerging risks linked to AI, including deepfake identities, voice cloning, and fabricated media used to manipulate victims.

The FBI has expanded initiatives such as Operation Level Up to identify ongoing scams and reduce losses, while emphasising early reporting and awareness measures. Officials say scammers increasingly use psychological pressure and realistic digital impersonation to deceive victims.

Rising losses highlight how rapidly evolving digital fraud techniques are outpacing public awareness, with crypto and AI tools making scams more scalable and convincing.

Strengthening detection, reporting, and education will be critical to reducing financial harm and improving resilience against increasingly sophisticated online crime networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.