Economic

UK’s FCA rethinks AI oversight for financial services

The UK’s Financial Conduct Authority (FCA) is rethinking how financial regulation should operate in the age of AI, according to a speech by chief executive Nikhil Rathi.

Speaking at techUK’s Agents of Change: Generative and Agentic AI in Financial Services 2026 event, Rathi said financial services will be central to making the UK a world-leading AI economy. He said the sector can provide the capital, infrastructure, and trust needed for AI to scale across the wider economy.

Rathi said more than 80% of financial services firms are already using or adopting AI, shifting the policy focus from adoption to large-scale deployment. He said AI is challenging the assumptions on which markets and regulation were built, making it necessary to preserve trust, competition, and resilience as technology moves faster than existing frameworks can keep pace.

The FCA chief identified two major scaling opportunities. The first is agentic AI, which Rathi said could evolve beyond summarisation and task automation into systems capable of coordinating workflows and executing transactions.

In retail markets, Rathi said agentic systems could support smarter bill management, personalised investment strategies, and reduced friction. In wholesale markets, they could support liquidity management, trading workflows, and other market functions.

Rathi stressed that accountability for regulated activities and their outcomes must remain clearly assigned, regardless of the degree of automation. He said investors may be reluctant to delegate important decisions to systems they do not understand, making human oversight and consumer confidence essential.

Rathi also identified tokenisation as a second major trend shaping financial markets. Rathi said tokenisation could lower costs, reduce risk, and unlock new services by creating more automated and programmable infrastructure for agentic finance.

He noted that banks are already piloting tokenized deposits and said the FCA had approved Baillie Gifford, alongside Bank of New York Mellon, to launch the UK’s first natively tokenised authorised fund.

Rathi said rapid AI progress raises fundamental questions for regulation. He argued that legislation alone cannot keep pace with technological change, requiring the FCA to evolve from a traditional rule-maker into a regulator focused on continuous supervision, stewardship and resilience.

The FCA is exploring agentic AI as a ‘first responder’ to speed up wholesale market monitoring. Rathi said the regulator could use its technology, large datasets, and supervisory judgement to tackle market abuse faster.

He said traditional rule-making will still be needed in some areas, but will not work everywhere. The FCA’s role will increasingly involve both stewardship and supervision, helping firms and markets navigate technological change and acting before legislation catches up.

Rathi also said AI will change competition in financial services. He said AI can lower barriers to entry and allow challengers to grow quickly, while some incumbents may fall behind.

The FCA chief said the regulator’s role is not to protect incumbents, but to ensure competition works in consumers’ and the economy’s interests. He said the FCA expects to use system-wide powers more frequently as part of its regular toolkit.

Operational resilience was another major theme of the speech. Rathi said financial services increasingly depend on cloud providers, model providers, data providers, and other parts of the AI stack, creating both opportunities and risks for systemic resilience, market integrity, and financial crime.

He said fraud increasingly sits at the intersection of financial services, technology, and telecoms. UK Finance’s Annual Fraud Report suggests the UK lost almost £1.3 billion through payment fraud last year, with two-thirds of authorised fraud cases linked to social media sites and messaging platforms.

Rathi said frontier AI could further magnify risks. Faster and more capable models could help firms identify vulnerabilities and strengthen defences, but could also help attackers move more quickly.

Boards and leadership teams must understand these risks, he said. Firms need to map and govern dependencies on model providers and other third parties, as the Critical Third Parties regime becomes more important.

Rathi said resilience will increasingly become a national security and system-wide challenge. He said no single firm, regulator or sector will be able to see all risks, making better information sharing essential.

The FCA is supporting AI adoption through tools including its Supercharged Sandbox, AI Lab, and the AI Consortium with the Bank of England. Rathi said these initiatives are intended to help firms build, test, and scale AI safely in UK financial services.

He said the FCA will publish more work soon, including the Mills Review on how AI could reshape retail financial services and later guidance on good and poor AI practice.

Rathi concluded that the key question is no longer whether AI will reshape financial services, but whether the UK can become the preferred location for developing and deploying AI safely, responsibly and at commercial scale. He said regulation must support innovation while keeping markets competitive, resilient, and fit for technological change.

Why does it matter?

The speech signals a broader shift in financial regulation from static rule-making towards continuous supervision in response to rapidly evolving AI technologies. As agentic AI, tokenisation and frontier models become more deeply embedded in financial services, regulators are increasingly focusing on governance, operational resilience, competition and accountability rather than relying solely on traditional legislative approaches.

It also illustrates how AI is becoming a strategic issue for financial stability and economic competitiveness. By combining regulatory sandboxes, supervisory innovation and collaboration with industry, the FCA aims to encourage responsible AI adoption while managing emerging risks related to fraud, third-party dependencies, cybersecurity and market integrity. The UK’s approach may influence how other financial regulators adapt to AI-driven transformation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI upgrades GPT-5.5 Instant conversation skills

OpenAI has updated GPT-5.5 Instant to make ChatGPT conversations more natural, useful and responsive to user intent.

According to the company’s release notes, the update is designed to improve conversational quality, especially when users are making decisions, asking for advice, planning, researching options or shopping.

OpenAI said GPT-5.5 Instant is now better at identifying the underlying goal behind a question and carrying context across multiple turns. The company also said the model follows complex instructions more reliably, including requests with several constraints or requirements.

The update is intended to make the model more adaptive during ongoing conversations. When users add constraints or push back on an answer, GPT-5.5 Instant should adjust its approach more effectively, rather than simply repeating its original response.

The change reflects a wider shift in consumer AI systems from one-off answer generation towards more context-aware and interactive assistance.

Why does it matter?

The update shows how competition in AI assistants is moving beyond raw accuracy and benchmark performance towards conversational quality. For everyday users, the ability to understand intent, track context, follow multiple constraints and respond well to feedback can determine whether AI tools feel genuinely useful in education, work, shopping, planning and customer support.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

South Korea pushes Travel Rule expansion for crypto

South Korea’s Financial Intelligence Unit has called for wider application of the crypto Travel Rule during Financial Action Task Force discussions in Paris, urging stronger anti-money laundering controls for virtual asset transfers.

The FIU proposed expanding Travel Rule requirements to cover transfers below the current 1 million won threshold. South Korea already applies the rule to crypto transfers above that amount, requiring virtual asset service providers to share information about senders and recipients.

The FIU said lower-value transfers can be used to avoid reporting requirements by splitting larger transactions into smaller payments. It also warned that offshore and unregistered virtual asset service providers create regulatory gaps and opportunities for illicit finance.

South Korea and several other FATF members also recommended applying Travel Rule obligations to both sending and receiving virtual asset service providers. The proposal is intended to improve traceability across cross-border crypto transactions and reduce regulatory arbitrage.

The discussions came as FATF members reviewed global implementation of anti-money laundering standards for virtual assets. FATF said implementation remains a priority and approved further work on virtual assets and decentralised finance risks, with related reports expected to be published in July.

Why does it matter?

South Korea’s proposal shows how crypto AML policy is moving from basic exchange registration towards tighter monitoring of cross-border transfers and offshore platforms. If FATF standards evolve in this direction, crypto service providers could face broader data-sharing duties even for smaller transactions. The debate also matters for privacy and compliance costs, as stronger traceability requirements may increase oversight but also add friction to routine digital asset transfers.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Spain moves closer to hosting one of Europe’s first AI gigafactories

Spain has taken another significant step in its effort to become a leading European hub for AI and advanced computing infrastructure.

The Council of Ministers has approved a €300 million voluntary contribution to the European High Performance Computing Joint Undertaking (EuroHPC), the body responsible for supporting Europe’s AI factories and the future development of AI gigafactories.

According to the Ministry for Digital Transformation and Public Administration, the contribution is a critical component of Spain’s bid to host one of the EU’s first AI gigafactories.

The government argues that access to large-scale computing infrastructure is becoming essential for researchers, universities, startups and businesses seeking to develop advanced AI systems and remain competitive in an increasingly AI-driven economy.

The investment builds on Spain’s existing role within Europe’s supercomputing ecosystem. The country already hosts AI factories at the Barcelona Supercomputing Center and the Galician Supercomputing Center, while the MareNostrum 5 supercomputer has supported projects ranging from genomic research to climate and digital twin initiatives.

The funding also aims to strengthen Spain’s position in quantum technologies, an area increasingly viewed as strategically important for Europe’s long-term technological autonomy.

The announcement reflects a wider European push to expand sovereign computing capabilities as demand for AI training infrastructure grows worldwide.

By seeking to host an AI gigafactory, Spain hopes to attract investment, support innovation, strengthen domestic technological capabilities and position itself as a central player in Europe’s next-generation AI ecosystem.

Why does it matter?

Access to large-scale computing infrastructure is becoming a strategic prerequisite for advanced AI development. Training frontier AI models, running large-scale simulations and supporting scientific research require computing resources that are increasingly concentrated among a small number of global technology providers. Spain’s investment seeks to strengthen both national and European capacity in this critical area.

The announcement also reflects the EU’s broader push for technological sovereignty. By expanding domestic AI and supercomputing infrastructure, Europe aims to reduce dependence on foreign computing resources, support innovation ecosystems and ensure that advanced technologies are developed within frameworks aligned with European values, regulations and industrial priorities. The competition to host AI gigafactories is therefore as much about economic competitiveness and strategic autonomy as it is about computing power.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Digital trade agreement gains legal backing in Kyrgyzstan

Kyrgyz President Sadyr Japarov has signed a law ratifying the Digital Economy Partnership Agreement between member states of the Organisation of Turkic States.

The Jogorku Kenesh adopted the law on 3 June 2026 and approved the agreement signed in Bishkek on 6 November 2024. The presidential administration said it was the first law signed in a fully digital format in Kyrgyzstan.

The agreement aims to strengthen trade relations among Turkic states through e-commerce and broader digital-economy cooperation. It also seeks to increase consumer confidence in digital services and online transactions.

The partnership covers areas including electronic commerce, consumer protection in online trade, express delivery services, personal data protection and cooperation between business communities involved in e-commerce.

The move forms part of Kyrgyzstan’s wider digital transformation agenda and adds legal backing to a regional framework for digital trade cooperation among OTS members.

Why does it matter?

The ratification supports efforts to align digital trade rules among Turkic states and make cross-border e-commerce more predictable. The agreement is relevant because it links digital economy cooperation with consumer protection, data protection and delivery infrastructure, areas that are essential for trust in online trade. It also shows how regional organisations are developing their own digital trade frameworks alongside larger global and Asia-Pacific digital economy agreements.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

EU drops browser-based cookie consent proposal from Digital Omnibus

The European Commission had proposed replacing cookie banners with an automated browser-based privacy signal as part of its ‘Digital Omnibus’ package, a move that would have allowed devices to communicate users’ tracking preferences directly to websites. The plan, outlined in Article 88b of the GDPR, was intended to cut red tape and reduce the burden on consumers navigating consent requests across the web.

According to digital rights organisation noyb, cookie banners were not created by data protection law but emerged as a mechanism for the online advertising industry to obtain users’ consent for data sharing with third parties. Studies suggest only 3 to 10 per cent of users actually wish to be tracked, yet so-called dark patterns, such as hidden ‘no’ buttons and pre-ticked boxes, allow the industry to achieve consent rates of up to 90 per cent. Across more than 450 million EU citizens, this results in billions of unnecessary clicks each year.

According to noyb, a lobbying document submitted by Google argued that removing cookie banners would effectively halt all online advertising, citing figures that the European Commission has since described as highly exaggerated. The Commission had made clear that consent would still be possible on a per-website and per-purpose basis, meaning users could grant access to specific outlets while withholding it from others. Google’s paper also claimed that media outlets would be harmed, despite the fact that they are explicitly exempt from the proposed provision.

According to noyb, the lobbying campaign appears to have influenced the legislative process. In the Council’s position paper of 18 June 2026, Article 88b was removed entirely from the Digital Omnibus. Noyb added that Germany, France, and Poland were among the member states supporting the article’s removal following lobbying by the online advertising industry.

The outcome is particularly striking given that many of the same member states have long called on the EU to simplify regulation and cut red tape. noyb, the European digital rights organisation, has described the result as a victory for lobbying over public interest, noting that the majority of EU citizens have consistently expressed frustration with cookie banners.

The European Parliament has not yet taken a position on Article 88b, and negotiations between the Parliament and the Council are ongoing. Noyb has urged the European Parliament to support reinstating Article 88b during the next stage of negotiations.

Why does it matter?

The debate highlights the growing tension between digital simplification efforts, privacy protection and the economic interests of the online advertising ecosystem. Browser-based privacy signals have long been discussed as a way to reduce repetitive consent requests while preserving users’ ability to decide when and how their personal data may be used.

The proposal’s removal also illustrates the influence that industry stakeholders can have during the EU legislative process. Whether Article 88b is reinstated during negotiations with the European Parliament could shape the future of online consent management in Europe, affecting digital advertising, user experience and the practical implementation of data protection rules.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Digital euro proposal advances in European Parliament committee

Members of the European Parliament’s Economic and Monetary Affairs Committee have adopted their position on legislation to establish a digital euro, moving the EU closer to negotiations on a possible central bank digital currency.

The proposal would create a new electronic form of central bank money issued by the European Central Bank. It is intended to give citizens and businesses a secure digital payment option while reducing reliance on non-EU payment providers.

MEPs backed a model that would allow the digital euro to work both online and offline. Online payments would be processed through an account-based system, while offline payments would use local storage devices and operate similarly to cash.

The committee said privacy-by-design and privacy-by-default principles should be built into the system. Technologies such as zero-knowledge proofs would allow transactions to be verified without exposing personal data, and the ECB would not have access to users’ personal identification data.

Payment service providers, including banks, e-money providers, post offices and regulated crypto-asset providers, would be able to distribute the digital euro across the EU. Most businesses would be required to accept the digital euro, with exceptions for self-employed people and small and micro enterprises that do not accept other digital payments.

Basic digital euro services would be free. These include opening an account, holding and managing funds, and obtaining at least one payment instrument. Offline payments would also be fee-free.

To protect financial stability, individuals would face limits on the number of digital euros they can hold. Businesses would not be allowed to hold digital euros except to accumulate incoming payments for up to 24 hours, and the digital euro would not pay or charge interest.

The negotiating mandates for the digital euro files will be announced at the start of the July plenary session. Final legislation will still need to be negotiated with the Council before entering into force.

Why does it matter?

The ECON vote shows that the EU is still pursuing a sovereign digital payment infrastructure while trying to address concerns over privacy, financial stability and the future of cash. The proposal contrasts with growing resistance to CBDCs in the United States and other jurisdictions. Still, Parliament’s approach also shows caution: the digital euro would need holding limits, pilot testing, a long rollout period and strict separation from the ECB’s monetary policy functions.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Google expands financial ad verification across EU and EEA

Google has announced the expansion of its financial services advertiser verification programme to every country in the EU and European Economic Area, extending requirements aimed at reducing fraudulent financial advertising.

The rollout will cover 24 additional countries and builds on an existing programme already active in six EU member states and the United Kingdom.

Under the programme, advertisers seeking to promote financial products or services must complete an additional verification process showing that the relevant national regulator authorises them. Google said it will check credentials against official registries across the EU and EEA.

The requirements will be introduced in phases. Businesses will have 30 days to complete the process after notification, and unverified advertisers will have their financial services ads restricted until verification is completed.

Google said the additional requirements build on its wider advertiser identity verification programme, which it says already covers more than 98% of ads seen across the EU. The company also said its systems blocked or removed more than 1.6 billion ads in the EU last year.

The expansion comes amid continuing concern over online financial scams, including fraudulent ads that impersonate legitimate financial services providers or promote misleading investment products.

Why does it matter?

Financial scams increasingly rely on digital advertising to reach consumers at scale. Google’s expansion adds another gatekeeping layer for financial advertisers across Europe by linking ad eligibility to authorisation in official regulatory registers. The measure also shows how large platforms are being pushed, by regulators and reputational pressure, to take more responsibility for the trustworthiness of high-risk advertising categories such as finance.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

US Congress backs CBDC ban through 2030 in housing bill

The US Congress has backed a temporary ban on the Federal Reserve issuing or creating a central bank digital currency as part of the 21st Century ROAD to Housing Act.

The housing package passed the Senate by 85 votes to 5 and was later approved by the House of Representatives by 358 votes to 32. It now awaits President Donald Trump’s signature.

The CBDC provision would amend the Federal Reserve Act to prohibit the Board of Governors of the Federal Reserve System or a Federal Reserve bank from issuing or creating a central bank digital currency, or any substantially similar digital asset, directly or indirectly through a financial institution or other intermediary.

The prohibition would remain in effect until 31 December 2030. The bill defines a CBDC as a digital asset denominated in US dollars, treated as US currency, a direct liability of the Federal Reserve System and widely available to the general public.

The measure includes an exception for dollar-denominated currency that is open, permissionless and private, and that preserves the privacy protections of US coins and physical currency.

Republican supporters have long argued that a US CBDC could create financial surveillance risks, while digital asset industry groups have favoured private-sector payment innovation, including stablecoins, over a government-issued digital currency.

The measure follows a January 2025 executive order by President Trump opposing the development of a US CBDC. If enacted, the new provision would place a statutory limit on Federal Reserve CBDC activity through the end of 2030.

Why does it matter?

The provision would mark a significant US legislative move against a retail Federal Reserve digital dollar, even though no active US CBDC launch is underway. It also reinforces a broader policy direction in Washington: private digital assets, including stablecoins and open blockchain-based instruments, are being favoured over a central bank-issued digital currency. The debate matters for digital payments, financial privacy and the future role of central banks in monetary infrastructure.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

UK ICO warns against unauthorised access to patient records

The UK’s Information Commissioner’s Office (ICO) has warned that unauthorised access to patient records is a serious breach of trust and an ongoing concern across the healthcare sector. In a new blog, the regulator said medical records contain some of the most sensitive personal information and must only be accessed for legitimate reasons.

The ICO said inappropriate access remains rare and does not reflect the behaviour of most healthcare professionals. However, recent high-profile incidents suggest the problem is not confined to isolated cases and requires a stronger organisational response.

According to the regulator, personal curiosity is never a legitimate basis for accessing patient records. Deliberate or reckless access to personal data without authorisation is unlawful and may result in disciplinary measures, loss of professional registration and, in some cases, criminal prosecution.

The ICO called on healthcare leaders to strengthen organisational culture through clear communication, role-specific data protection training and technical safeguards, including role-based access controls and audit logging. Protecting patient privacy is fundamental to maintaining trust in the healthcare system in the UK.

Why does it matter?

Healthcare records contain some of the most sensitive categories of personal information, including medical histories, diagnoses and treatment details. Even isolated cases of unauthorised access can undermine public trust in healthcare institutions and raise concerns about privacy, confidentiality and professional accountability.

The warning also highlights the growing importance of data governance in healthcare. As health systems become increasingly digital and interconnected, organisations must combine technical safeguards, staff training and strong organisational culture to ensure sensitive information is accessed only when necessary and for legitimate purposes. Maintaining patient trust remains essential to the effective delivery of healthcare services.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot