Consumer protection

UK Ofcom sets out AI safety and innovation strategy

Ofcom has outlined its approach to enabling safe and secure AI adoption across the UK communications sectors it regulates and within its own work.

The regulator said its approach is technology-neutral and outcomes-based, aligning AI oversight with its wider mission of making communications work for everyone while supporting innovation and growth.

Ofcom’s report uses case studies to show how AI is already shaping regulatory work and the sectors it oversees. Planned and recent initiatives include building a pilot data lake to make spectrum licensing and online safety data more accessible, engaging with innovators to identify regulatory uncertainty, and assessing public trust in AI chatbots.

The regulator is also examining the impact of AI on telecoms customer experience, exploring AI deployment in broadcasting, assessing AI use in cybersecurity for telecommunications networks, and considering how AI could support network management and optimisation.

Alongside innovation support, Ofcom said it is monitoring AI-related risks and emerging harms. Its work includes guidance on technology-led mitigation against deepfakes, research into chatbot-related harms, and action to address risks posed by AI systems to users.

Ofcom said it coordinated with the AI Security Institute and the National Cyber Security Centre to brief stakeholders on the frontier AI cybersecurity implications following Anthropic’s preview of Claude Mythos, which caused concern. It also said it launched a formal investigation into X’s Grok chatbot.

The regulator is also piloting responsible AI use internally, including tools to support policy development, research, consultation processes, tracking of technical standards, and operational efficiency. Ofcom said it will take a safety-first approach and roll out internal AI tools only once it is confident they are safe and secure.

Why does it matter?

Ofcom’s approach shows how AI governance is becoming operational inside sector regulators, not only debated at the government level. The strategy links innovation support with risk monitoring across online safety, telecoms, broadcasting, cybersecurity, spectrum management, and consumer protection. It also shows regulators experimenting with AI in their own workflows while trying to maintain safety, accountability, and public trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

France fines Shein over consumer protection breaches

France’s consumer watchdog has imposed two administrative fines on companies linked to Shein after finding consumer protection and environmental disclosure breaches on the retailer’s French website.

The Directorate General for Competition, Consumer Affairs and Fraud Control said an investigation carried out in 2025 on fr.shein.com found failures linked to the right of withdrawal, environmental product information, and order confirmation requirements.

Infinite Styles Ecommerce Co Limited, the seller of Shein-branded products on the French site, was fined €5.76 million. The investigation found that consumers were unable to cancel purchases under the legally required withdrawal procedures. It also found missing information on product traceability and the presence of plastic microfibres in certain textile products.

The watchdog said consumers must be informed when textiles containing more than 50% synthetic fibres release plastic microfibres into the environment during washing.

A second company, Infinite Styles Services Co Limited, which operates fr.shein.com, was fined €16.73 million for non-compliant order confirmations. The DGCCRF said confirmations sent to consumers were missing mandatory information, including the price of goods, delivery dates or deadlines, seller identity and contact details, legal guarantees, mediation options, and withdrawal forms and rights.

French authorities said the missing information weakened consumer protection by making it harder for customers to exercise rights such as cancelling purchases or seeking refunds.

Why does it matter?

The penalties show how consumer protection enforcement is increasingly targeting cross-border e-commerce platforms over both purchasing rights and environmental transparency. For fast-fashion platforms, compliance is no longer only about prices and delivery terms, but also about product traceability, withdrawal rights, order documentation, and disclosures on environmental impact.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

US SEC outlines roadmap for market growth, digital assets and investor protection

The US Securities and Exchange Commission (SEC) has released a draft strategic plan outlining its priorities for the coming years, with a focus on investor protection, market efficiency and capital formation.

The agency is seeking public feedback on the proposal, which also highlights the growing importance of digital assets and emerging technologies within the financial system.

Under the plan, the SEC aims to modernise its regulatory framework by supporting innovation while maintaining market integrity. Among its objectives is the development of a clearer and more consistent regulatory approach to digital assets and distributed ledger technologies, with the aim of providing businesses and investors with greater certainty.

The regulator also intends to strengthen engagement with market participants and review existing rules to improve compliance and effectiveness. The draft plan states that enforcement should focus on fraud, market manipulation and violations of existing laws, rather than relying on expansive interpretations of regulatory authority.

Technology modernisation is also a key component of the strategy, including plans to upgrade legacy systems and expand the use of technologies such as AI and blockchain. According to the SEC, these improvements could enhance oversight capabilities, reduce operational costs, and improve efficiency across the agency.

Why does it matter?

The SEC plays a central role in regulating the world’s largest capital market, making its approach to digital assets and emerging technologies influential beyond the United States. Greater regulatory clarity could affect how businesses develop blockchain-based services, how investors engage with digital assets and how other jurisdictions shape their own regulatory frameworks.

The proposal also signals a broader shift towards integrating AI and advanced technologies into financial supervision, reflecting growing efforts by regulators to adapt to increasingly digital and technology-driven markets.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Hong Kong details rules on online advertisements

Hong Kong’s government has said existing laws cover deceptive online advertisements, including scam-related content, misleading trade practices, and false claims in regulated sectors.

The written reply was issued in the Legislative Council on 3 June in response to a question about pop-up advertisements, programmatic advertising, and AI deepfake scams.

The government said the Trade Descriptions Ordinance prohibits false or misleading descriptions of goods or services, including in advertisements and on online platforms. Traders engaging in bait advertising or other prohibited conduct can face up to five years in prison and a fine of HK$500,000.

The reply also said online advertisements involving deception may fall under the Theft Ordinance. Fraud carries a maximum penalty of 14 years in prison, while obtaining property by deception carries a maximum penalty of 10 years.

Advertisements for specific sectors, including real estate, education, securities, and banking, are also subject to separate laws prohibiting false or misleading claims.

Hong Kong police have been working with online platform operators and conducting regular online patrols. In 2025, police asked social media platforms to remove or review more than 116,000 scam-related pages or accounts.

The government also pointed to Scameter and Scameter+, its scam and pitfall search tools. New features introduced in October 2025 use AI to analyse suspicious website links and web page screenshots reported by the public, and to detect potential scam domain names. Within five months, the tools proactively identified more than 900 fraudulent webpages, while Scameter+ issued more than 320,000 alerts in the first quarter of 2026.

Why does it matter?

The reply shows how Hong Kong is using existing consumer protection, fraud, and sector-specific laws to address online advertising risks, rather than introducing a dedicated online advertising regime for now. The inclusion of AI deepfake scams and AI-assisted Scameter+ detection also highlights how online advertising, platform governance, fraud prevention, and automated enforcement tools are increasingly interconnected.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Japan finalises rules for cryptoasset service intermediaries

Japan’s Financial Services Agency has finalised regulatory amendments linked to the 2025 revision of the Payment Services Act, creating a new intermediary category for electronic payment instruments and cryptoasset services.

The amendments, which enter into force on 1 June 2026, establish rules for the newly created electronic payment instrument and cryptoasset service intermediary business. The framework sets out registration application requirements, information that must be clearly explained or provided to users, prohibited conduct, user protection measures, and record-keeping obligations.

The new category allows intermediaries to provide certain electronic payment instruments and cryptoasset-related services without operating as full electronic payment instrument service providers or cryptoasset exchange service providers. The structure is intended to support intermediary activity while maintaining user protection and oversight requirements.

The wider amendment package also develops rules for electronic payment instruments and cryptoassets, including the scope of assets that may be subject to domestic holding orders for electronic payment instrument service providers and cryptoasset exchange service providers.

The FSA also finalised related provisions on funds transfer services, banks, insurance companies and their subsidiaries, and other required amendments. Public consultation on the relevant cabinet orders, cabinet office orders, notices and guidelines drew 259 comments from 62 individuals and organisations.

The amendments form part of Japan’s ongoing effort to refine its digital finance framework as cryptoassets, stablecoin-related services, payment intermediaries, and traditional financial institutions become increasingly interconnected.

Why does it matter?

Japan’s new intermediary category shows how regulators are creating more tailored frameworks for different roles in digital asset services. Rather than treating every participant as a full exchange or electronic payment instrument service provider, the framework gives intermediaries a defined route into the market while preserving registration, conduct, disclosure, and user protection requirements.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Brazil raises compliance bar for virtual asset companies

Brazil’s Central Bank has introduced a new requirement for virtual asset service providers seeking authorisation to operate in the country.

From 1 June 2026, companies applying to operate as sociedades prestadoras de serviços de ativos virtuais, or SPSAVs, must submit a reasonable assurance report issued by an independent auditor registered with Brazil’s securities regulator, the Comissão de Valores Mobiliários.

The audit requirement is intended to assess whether applicants have adequate compliance and control structures in place. Reviews will focus on anti-money laundering and counter-terrorist financing measures, including governance arrangements, client verification procedures, internal risk controls, and mechanisms to prevent misuse of virtual asset services.

The measure builds on Brazil’s broader virtual asset regulatory framework, established under Law No. 14,478 of 2022 and further developed through Central Bank resolutions issued in 2025. Those rules created a dedicated category for virtual asset service providers and placed their authorisation and supervision under the Central Bank.

The Central Bank said the new audit requirement is designed to strengthen security and efficiency in Brazil’s financial system while supporting the development of the country’s virtual asset market. The measure is also intended to align supervision with stronger standards for governance, transparency, internal controls, and financial crime prevention.

The additional requirement is expected to increase compliance costs for applicants, but it also signals that Brazil is moving towards more structured and bank-like oversight of crypto service providers.

Why does it matter?

Brazil’s move shows how crypto regulation is shifting from basic registration towards deeper supervisory checks. By requiring independent assurance over compliance controls before authorisation, the Central Bank is placing greater emphasis on AML/CFT, governance, client protection, and operational integrity. For virtual asset firms, market access will increasingly depend not only on business activity but also on whether internal controls can withstand external review.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Australia’s CEDA event to examine AI-generated threats and trust

The Committee for Economic Development of Australia (CEDA) will host an event in Brisbane examining the impact of AI-generated scams, synthetic media and the challenge of maintaining trust in digital environments. The discussion will focus on the economic and reputational risks posed by deepfakes, voice cloning, phishing campaigns and fraudulent online services.

The event, titled ‘The scam economy: How to manage AI-generated threats and build trust’, will examine how businesses can maintain trust with stakeholders when visual, audio, and written material can be generated or manipulated using AI. It will bring together communications, cyber, technology, finance, and policy experts.

The discussion comes ahead of the entry into force of Australia’s Scams Prevention Framework Act 2025 on 1 July. Under the new framework, banks, telecommunications providers and digital platforms will be required to take proactive steps to prevent, detect and respond to scam activity.

CEDA says the event will explore how businesses can manage the economic risks of AI-generated fraud as synthetic media becomes more accessible and harder to identify. The programme will be held at Pullman King George Square in Brisbane.

Why does it matter?

Advances in generative AI are making it easier and cheaper to create convincing fake content, including images, videos, voices and websites. These tools are increasingly being used in fraud schemes that target consumers, businesses and public institutions.

As AI-generated deception becomes more sophisticated, organisations face growing challenges in maintaining trust, verifying authenticity and protecting users from scams. The discussion reflects broader efforts by governments and industry to adapt regulatory and security frameworks to emerging AI-related risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore and Japan launch mutual recognition of IoT cybersecurity labels

Singapore and Japan have launched mutual recognition of their cybersecurity labelling schemes for Internet of Things (IoT) under a Memorandum of Cooperation that entered into force on 1 June 2026. The arrangement covers Singapore’s Cybersecurity Labelling Scheme and Japan’s JC-STAR scheme.

The Memorandum of Cooperation was signed by Rahayu Mahzam, Singapore’s Minister of State for Digital Development and Information, and Ino Toshiro, Japan’s State Minister of Economy, Trade and Industry. The Cyber Security Agency of Singapore (CSA) and Japan’s Ministry of Economy, Trade and Industry agreed to recognise cybersecurity labels issued under either scheme.

IoT devices certified under either Japan’s JC-STAR scheme or Singapore’s Cybersecurity Labelling Scheme will be eligible for streamlined recognition in the other market. Covered products include smart home assistants, home automation and alarm systems, and IoT gateways and hubs that connect multiple devices.

Japan is the fifth country to establish such an arrangement with Singapore, following Finland, Germany, South Korea, and the United Kingdom. According to Singapore authorities, the arrangement is expected to support stronger cybersecurity practices for connected devices, reduce certification burdens for manufacturers, and increase consumer confidence in smart technologies.

The CSA launched the Cybersecurity Labelling Scheme in 2020. Since then, it has received applications for more than 1,000 products, including routers, smart lighting, and smart cameras.

Why does it matter?

Connected devices are increasingly used in homes, businesses, and critical services, making cybersecurity a growing concern for governments and consumers. Cybersecurity labelling schemes are designed to help buyers identify products that meet recognised security requirements while encouraging manufacturers to improve security practices.

By recognising each other’s certification schemes, Singapore and Japan are reducing regulatory barriers and promoting greater interoperability in cybersecurity standards. The agreement also reflects broader international efforts to strengthen trust and security in the rapidly expanding IoT ecosystem.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission fines Temu €200 million under DSA

The European Commission has imposed a €200 million fine on Temu after finding that the online marketplace breached obligations under the Digital Services Act by failing to properly assess and mitigate systemic risks linked to illegal products sold to consumers in the EU.

According to the Commission, Temu’s 2024 risk assessment did not meet DSA requirements because it relied on general information about the wider e-commerce sector rather than evidence specific to its own platform. Regulators also found that the company significantly underestimated the likelihood that the EU consumers would encounter illegal or unsafe products.

The investigation drew on mystery shopping exercises and information from customs and market surveillance authorities. Findings included chargers that failed basic safety requirements and baby toys that contained chemicals above legal limits or presented choking hazards.

Regulators also criticised Temu for failing to sufficiently assess how recommender systems and influencer promotion programmes could contribute to the spread of illegal products on the platform.

Temu must now submit a detailed action plan explaining how it will address the shortcomings identified by the Commission. The plan will be reviewed with the European Board for Digital Services before implementation requirements are set. Failure to comply could lead to additional penalties under the DSA.

The decision is part of a wider Commission investigation into Temu, including issues related to potentially addictive design, recommender systems, and data access for researchers.

Why does it matter?

The fine marks one of the most significant enforcement actions under the Digital Services Act against a major online marketplace. It shows that the DSA is being used not only to address illegal content, but also to require platforms to assess and reduce consumer safety risks linked to illegal and unsafe goods. The case reinforces the EU’s focus on proactive risk management by very large online platforms, including how marketplace design, recommendations, and influencer promotion can amplify the reach of harmful products.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

ChatGPT down as users report login and conversation issues

OpenAI reported two resolved incidents affecting ChatGPT on 29 May, following user reports of issues with conversations, logins, and account creation.

The first incident affected users trying to log in or create an account. OpenAI classified the issue as degraded performance affecting ChatGPT and APIs. The company began investigating at 03:12 a.m., applied a mitigation at 03:28 a.m., and marked the incident resolved at 04:57 a.m.

A second incident affected ChatGPT conversations. OpenAI began investigating the issue at 03:18 a.m., applied a mitigation at 03:29 a.m., and marked the incident resolved at 04:58 a.m. The company said all impacted services had fully recovered.

OpenAI’s official status page listed both incidents as degraded performance rather than a full outage. The company did not provide further details on the cause of either disruption in the incident updates.

The brief disruption highlights the growing reliance on AI services for daily work, communication, and software development, as even short periods of degraded performance can affect users and organisations that depend on cloud-based AI tools.

Why does it matter?

The incidents show how widely used AI services are becoming part of everyday digital infrastructure. Even brief login or conversation failures can disrupt work for individuals, developers, businesses, and teams that rely on ChatGPT and related API services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.