Ofcom has proposed new content and accessibility standards for major streaming platforms operating in the UK, expanding regulatory oversight across the rapidly growing on-demand media sector. The draft framework follows powers introduced through the Media Act and would align streaming services more closely with traditional broadcast television standards.
The proposed rules would apply to major platforms including Netflix, Amazon and Disney. Ofcom said audiences increasingly expect consistent protections regardless of whether content is viewed through conventional television or streaming services.
The draft Code includes requirements covering harmful or offensive material, fairness and privacy protections, and due impartiality and accuracy for news content. Additional safeguards for minors would also apply, alongside stronger expectations around contextual warnings and viewer information.
Ofcom also proposed new accessibility obligations for streaming providers. Under the draft rules, platforms would need to subtitle 80% of catalogue content, provide audio description for 10%, and provide signing for 5%. The regulator said that more than 18 million people with hearing or sight conditions could benefit from improved accessibility standards across streaming platforms.
Why does it matter?
The proposals signal a major shift in how digital media platforms are regulated in the UK, extending broadcast-style obligations into streaming ecosystems for the first time. The measures could influence global debates around platform accountability, online safety, accessibility standards, and regulatory convergence between traditional media and digital services.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A first hearing has taken place at the Milan Business Court in a case brought by MOIGE, the Italian Parents’ Movement, and a group of families against Meta and TikTok over the protection of minors on social media platforms.
The hearing focused on preliminary objections, including challenges by lawyers for Meta and TikTok to the jurisdiction and competence of Italian courts to rule on the companies’ conduct. MOIGE said the platforms also contested documents submitted by its legal team concerning the alleged effects of recommendation algorithms on minors.
According to MOIGE, the documents refer to concerns around variable reinforcement mechanisms, infinite scrolling and behavioural profiling allegedly designed to maximise engagement among younger users. The organisation and the families’ lawyers argue that such design features raise concerns over addictive behaviour and wider risks to children’s well-being.
MOIGE’s lawyers urged the court to proceed quickly, arguing that delays could prolong potential harm affecting minors in Italy. The case will continue with further hearings, with the court expected to set the next steps in the proceedings.
Why does it matter?
The case could become an important test of how courts assess platform responsibility for children’s safety, age restrictions and recommendation systems. If the action advances, it may contribute to wider European debates on algorithmic design, age verification, addictive platform features and whether child online safety should be treated not only as a content moderation issue, but also as a consumer protection and public health concern.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK Information Commissioner’s Office has warned that AI is enabling faster, more advanced and harder-to-detect cyberattacks, urging organisations to strengthen their defences against emerging threats.
In a blog post, the regulator highlighted risks such as AI-generated phishing emails, deepfake social engineering, automated vulnerability scanning, AI-powered malware, credential attacks, data poisoning and indirect prompt injection. The ICO said cybersecurity must be treated as a shared responsibility, with organisations expected to take proactive steps to protect the personal data they hold.
The ICO said strong foundational security measures remain essential, but should be reinforced with layered defences to counter AI-powered threats. It pointed to practical steps such as patching systems, restricting access through multi-factor authentication, applying least-privilege principles and managing supplier risks.
The recommendations also include monitoring systems for unusual activity, carrying out vulnerability scanning and penetration testing, and maintaining regularly tested incident response plans. The ICO said AI can also support cyber defence, but should operate within a clear framework of human oversight and accountability.
Organisations are further advised to minimise data collection, conduct regular data audits and train staff to recognise AI-powered social engineering attacks. The ICO said AI tools processing high-risk personal data should be supported by data protection impact assessments and appropriate safeguards.
Why does it matter?
The ICO’s warning links AI-powered cyber threats directly to data protection obligations. As attackers use AI to scale phishing, exploit vulnerabilities and impersonate trusted contacts, organisations are expected not only to improve technical security, but also to limit the personal data they hold, strengthen governance and prepare for faster-moving incidents.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The company said the summit brings together representatives from governments, technology companies, consumer groups and academia to discuss collective responses to increasingly sophisticated scams. Google said its approach combines AI-driven protections across its products with wider cooperation involving industry and public authorities.
Google highlighted the use of AI-powered systems in services including Gmail, Chrome, Search, Ads and Phone by Google. The company said Gmail blocks more than 99.9% of spam, phishing and malware, while Search filters out hundreds of millions of spam-related pages daily. It also said its systems caught more than 99% of policy-violating ads before they reached users in 2025.
User-facing tools are also part of the company’s anti-scam strategy. Google pointed to Security Checkup, Passkeys, 2-Step Verification, Circle to Search and Google Lens as tools that can help users strengthen account protection and verify suspicious messages or content.
The company also highlighted public awareness and education initiatives, including Be Scam Ready, a game-based programme that uses simulated scam scenarios to help users recognise common tactics. Google said a previous Google.org commitment of $5 million is supporting anti-scam initiatives in Europe and the Middle East, including work by the Internet Society and Oxford Information Labs.
Google also referred to cooperation through the Global Signal Exchange, a threat-intelligence sharing platform for scams and fraud. As a founding partner, Google said it both contributes to and draws from the platform, which now stores more than 1.2 billion signals used to identify and disrupt criminal activity.
The company said it also works with law enforcement agencies, including the UK’s National Crime Agency, and participates in the Industry Accord Against Online Scams and Fraud. Google also pointed to legal actions against scam operations and botnets, including cases involving Lighthouse and BadBox.
Why does it matter?
Online scams are increasingly industrialised, cross-platform and supported by AI-enabled tactics, making them difficult to address through product-level security alone. Google’s approach shows how major technology companies are combining automated detection, user education, threat-intelligence sharing and law enforcement cooperation to respond to fraud. The wider policy issue is how much responsibility large platforms should bear for detecting and disrupting scams before they reach users.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Committee Chair Tim Scott said the bill is intended to establish clearer rules for digital assets, strengthen consumer protection, support innovation and keep digital asset activity within the United States. The committee said the legislation now moves to the Senate floor.
The vote followed months of negotiations and highlighted continuing political divisions over the scope of US crypto regulation. Supporters argue that the bill would provide long-awaited market structure rules, while critics remain concerned about consumer protection, enforcement powers, conflicts of interest and the treatment of decentralised finance.
A central issue in the revised text is how to regulate stablecoin-related activity. The bill seeks to prevent stablecoins from functioning like bank deposits by limiting passive yield on customer holdings, while still allowing certain rewards linked to user activity or platform use.
The bill also continues debate over decentralised finance, including how far regulation should extend to developers, protocols and infrastructure providers that do not directly custody user funds.
Ethics provisions were among the most contested issues during the markup process, with lawmakers divided over whether and how to restrict potential conflicts of interest involving public officials and cryptoasset activities.
Further hurdles remain before the legislation can become law. The bill will need to advance through the full Senate, be reconciled with other Senate work on digital asset regulation and secure agreement with the House of Representatives before reaching the President’s desk.
Why does it matter?
The vote moves the United States closer to a federal framework for digital asset markets, but the debate shows that key questions remain unresolved. Rules on stablecoin rewards, DeFi, developers and enforcement powers will shape how crypto firms operate in the US. However, the political split could affect how quickly Congress can deliver a stable regulatory regime.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
The Swiss municipality of Muri bei Bern has launched BIDI, a blockchain-based biodiversity voucher system designed to reward residents for local conservation work.
The project was developed with The Hashgraph Group, Swisscoast and Apps with Love, and runs on Hedera’s distributed ledger infrastructure. Project partners describe it as Switzerland’s first live municipal blockchain initiative.
Residents can receive digital vouchers for activities such as meadow restoration, invasive plant removal, wetland conservation and hedge maintenance. The vouchers are pegged to the Swiss franc and can be redeemed at participating local merchants and service providers.
The project replaces a paper-based voucher programme that had operated locally for several years. Swisscoast developed the payment layer using its HCHF digital Swiss franc infrastructure, while The Hashgraph Group supported the initiative through its Enterprise Accelerator Programme for government and enterprise blockchain applications.
Project partners present BIDI as an example of blockchain technology being used beyond financial markets, with a focus on public administration, environmental incentives and local economic participation. They also say the framework could be adapted for other municipalities in Switzerland and elsewhere in Europe.
Why does it matter?
The project shows how blockchain tools are being tested in local public services, not only in finance. By digitising biodiversity vouchers and linking them to local conservation work, Muri bei Bern is experimenting with a model that could make environmental incentives easier to issue, track and redeem. Its wider significance will depend on whether the system proves useful beyond a small municipal setting and whether similar projects can scale without adding unnecessary technical complexity.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
The UK government has announced a new investment in London-based Isomorphic Labs through its Sovereign AI Fund, strengthening national efforts to support homegrown AI companies developing strategic technologies.
The company focuses on using frontier AI systems to redesign how medicines are discovered and developed. Isomorphic Labs builds on the scientific foundations of AlphaFold, the DeepMind system capable of predicting protein structures with high accuracy, while expanding into broader AI-driven drug design models across multiple therapeutic areas.
The investment forms part of a wider fundraising round as the company scales efforts to accelerate medicine development and reduce the time traditionally required for pharmaceutical research. British officials described the initiative as part of a broader strategy to strengthen sovereign AI capabilities, support domestic innovation, and ensure future AI breakthroughs remain anchored in the UK economy.
The Sovereign AI programme, launched in 2026, combines venture capital investment with government-backed support for promising UK AI firms. Officials say supported companies must maintain a meaningful British presence while contributing to domestic economic growth, technological leadership, and high-skilled employment.
Why does it matter?
AI is increasingly moving beyond consumer applications and into strategic sectors such as biotechnology, pharmaceuticals, and healthcare infrastructure. The UK’s backing of Isomorphic Labs reflects growing international competition to secure sovereign AI capabilities tied to scientific research, intellectual property, and future economic advantage.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
European Commission officials are examining whether Meta’s policy on access to WhatsApp for AI providers may raise competition concerns in the European Economic Area.
Changes to the WhatsApp Business Solution terms are at the centre of the investigation, particularly as they affect how third-party AI providers can offer services on the platform. The Commission is assessing whether the policy could limit access for competing AI services and reduce choice for users and businesses.
Messaging platforms are becoming important distribution channels for AI-powered services. As chatbots and AI assistants become more integrated into everyday communication tools, access to widely used platforms such as WhatsApp may become an important factor in competition between providers.
Commission officials have said they will examine whether Meta’s conduct complies with the EU competition rules. Opening an investigation does not mean that the Commission has reached a conclusion or found an infringement.
The broader EU scrutiny of large digital platforms is increasingly focused on how access to infrastructure, services and user ecosystems is managed as AI tools become more widely adopted.
Why does it matter?
Competition questions are expanding into AI distribution channels. Messaging platforms can shape which AI services reach users and businesses at scale, making access rules an important part of the emerging AI market. The outcome could influence how major platforms design access policies for third-party AI providers while regulators seek to preserve competition and user choice.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
With the rapid expansion of AI technologies, agentic AI is rapidly moving from experimentation to deployment on a scale larger than ever before. As a result, these systems have been given far greater autonomy to perform tasks with limited human input, much to the delight of enterprise magnates.
Companies such as Microsoft, Google, Anthropic, and OpenAI are increasingly developing agentic AI systems capable of automating vulnerability detection, incident response, code analysis, and other security tasks traditionally handled by human teams.
The appeal of using agentic AI as a first line of defence is palpable, as cybersecurity teams face mounting pressure from the growing volume of attacks. According to the Microsoft Digital Defense Report 2025, the company now detects more than 600 million cyberattacks daily, ranging from ransomware and phishing campaigns to identity attacks. Additionally, the International Monetary Fund has also warned that cyber incidents have more than doubled since the COVID-19 pandemic, potentially triggering institutional failures and incurring enormous financial losses.
To add insult to injury, ransomware groups such as Conti, LockBit, and Salt Typhoon have shown increased activity from 2024 through early 2026, targeting critical infrastructure and global communications, as if aware of the upcoming cybersecurity fortifications and using a limited window of time to incur as much damage as possible.
In such circumstances, fully embracing agentic AI may seem like an ideal answer to the cybersecurity challenges looming on the horizon. Systems capable of autonomously detecting threats, analysing vulnerabilities, and accelerating response times could significantly strengthen cyber resilience.
Yet the same autonomy that makes these systems attractive to defenders could also be exploited by malicious actors. If agentic AI becomes a defining feature of cyber defence, policymakers and companies may soon face a more difficult question: how can they maximise its benefits without creating an entirely new layer of cyber risk?
Why cybersecurity is turning to agentic AI
The growing interest in agentic AI is not simply driven by the rise in cyber threats. It is also a response to the operational limitations of modern security teams, which are often overwhelmed by repetitive tasks that consume time and resources.
Security analysts routinely handle phishing alerts, identity verification requests, vulnerability assessments, patch management, and incident prioritisation — processes that can become difficult to manage at scale. Many of these tasks require speed rather than strategic decision-making, creating a natural opening for AI systems to operate with greater autonomy.
Microsoft has aggressively moved into this space. In March 2025, the company introduced Security Copilot agents designed to autonomously handle phishing triage, data security investigations, and identity management. Rather than replacing human analysts, Microsoft positioned the tools to reduce repetitive workloads and enable security teams to focus on more complex threats.
Google has approached the issue through vulnerability research. Through Project Naptime, the company demonstrated how AI systems could replicate parts of the workflow traditionally handled by human security researchers by identifying vulnerabilities, testing hypotheses, and reproducing findings.
Anthropic introduced another layer of complexity through Claude Mythos, a model built for high-risk cybersecurity tasks. While the company presented the model as a controlled release for defensive purposes, the announcement also highlighted how advanced cyber capabilities are becoming increasingly embedded in frontier AI systems.
Meanwhile, OpenAI has expanded partnerships with cybersecurity organisations and broadened access to specialised tools for defenders, signalling that major AI firms increasingly view cybersecurity as one of the most commercially viable applications for autonomous systems.
Together, these developments show that agentic AI is gradually becoming embedded in the cybersecurity infrastructure. For many companies, the question is no longer whether autonomous systems can support cyber defence, but how much responsibility they should be given.
When agentic AI tools become offensive weapons
The same capabilities that make agentic AI valuable to defenders also make it attractive to malicious actors. Systems designed to identify vulnerabilities, analyse code, automate workflows, and accelerate decision-making can be repurposed for offensive cyber operations.
Anthropic offered one of the clearest examples of that risk when it disclosed that malicious actors had used Claude in cyber campaigns. The company said attackers were not simply using the model for basic assistance, but were integrating it into broader operational workflows. The incident showed how agentic AI can move cyber misuse beyond advice and into execution.
The risk extends beyond large-scale cyber operations. Agentic AI systems could make phishing campaigns more scalable, automate reconnaissance, accelerate vulnerability discovery, and reduce the technical expertise needed to launch certain attacks. Tasks that once required specialist teams could become easier to coordinate through autonomous systems.
Security researchers have repeatedly warned that generative AI is already making social engineering more convincing through realistic phishing emails, cloned voices, and synthetic identities. More autonomous systems could further push those risks by combining content generation with independent action.
The concern is not that agentic AI will replace human hackers. Cybercrime could become faster, cheaper, and more scalable, mirroring the same efficiencies that organisations hope to achieve through AI-powered defence.
The agentic AI governance gap
The governance challenge surrounding agentic AI is no longer theoretical. As autonomous systems gain access to internal networks, cloud infrastructure, code repositories, and sensitive datasets, companies and regulators are being forced to confront risks that existing cybersecurity frameworks were not designed to manage.
Policymakers are starting to respond. In February 2026, the US National Institute of Standards and Technology (NIST) launched its AI Agent Standards Initiative, focused on identity verification and authentication frameworks for AI agents operating across digital environments. The aim is simple but important: organisations need to know which agents can be trusted, what they are allowed to do, and how their actions can be traced.
Governments are also becoming more cautious about deployment risks. In May 2026, the Cybersecurity and Infrastructure Security Agency (CISA) joined cybersecurity agencies from Australia, Canada, New Zealand, and the United Kingdom in issuing guidance on the secure adoption of agentic AI services. The warning was clear: autonomous systems become more dangerous when they are connected to sensitive infrastructure, external tools, and internal permissions.
The private sector is adjusting as well. Companies are increasingly discussing safeguards such as restricted permissions, audit logs, human approval checkpoints, and sandboxed environments to limit the degree of autonomy granted to AI agents.
The questions facing businesses are becoming practical. Should an AI agent be allowed to patch vulnerabilities without approval? Can it disable accounts, quarantine systems, or modify infrastructure independently? Who is held accountable when an autonomous system makes the wrong decision?
Agentic AI may become one of cybersecurity’s most effective defensive tools. Its success, however, will depend on whether governance frameworks evolve quickly enough to keep pace with the technology itself.
How companies are building guardrails around agentic AI
As concerns around autonomous cyber systems grow, companies are increasingly experimenting with safeguards designed to prevent agentic AI from becoming an uncontrolled risk. Rather than granting unrestricted access, many organisations are limiting what AI agents can see, what systems they can interact with, and what actions they can execute without human approval.
Anthropic has restricted access to Claude Mythos over concerns about offensive misuse, while OpenAI has recently expanded its Trusted Access for Cyber programme to provide vetted defenders with broader access to advanced cyber tools. Both approaches reflect a growing consensus that powerful cyber capabilities may require tiered access rather than unrestricted deployment.
The broader industry is moving in a similar direction. CrowdStrike has increasingly integrated AI-driven automation into threat intelligence and incident response workflows while maintaining human oversight for critical decisions. Palo Alto Networks has also expanded its AI-powered security automation tools designed to reduce response times without fully removing human analysts from the decision-making process.
Cloud providers are also becoming more cautious about autonomous access. Amazon Web Services, Google Cloud, and Microsoft Azure have increasingly emphasised zero-trust security models, role-based permissions, and segmented access controls as enterprises deploy more automated tools across sensitive infrastructure.
Meanwhile, sectors such as finance, healthcare, and critical infrastructure remain particularly cautious about fully autonomous deployment due to the potential consequences of false positives, accidental shutdowns, or disruptions to essential services.
As a result, security teams are increasingly discussing safeguards such as audit logs, sandboxed environments, role-based permissions, staged deployments, and human approval checkpoints to balance speed with accountability. For now, many companies seem ready to embrace agentic AI, but without keeping one hand on the emergency brake.
The future of cybersecurity may be agentic
Agentic AI is unlikely to remain a niche experiment for long. The scale of modern cyber threats, combined with the mounting pressure on security teams, means organisations will continue to look for faster and more scalable defensive tools.
That shift could significantly improve cybersecurity resilience. Autonomous systems may help organisations detect threats earlier, reduce response times, address workforce shortages, and manage the growing volume of attacks that human teams increasingly struggle to handle alone.
At the same time, the technology’s long-term success will depend as much on restraint as on innovation. Without clear governance frameworks, operational safeguards, and human oversight, the same tools designed to strengthen cyber defence could introduce entirely new vulnerabilities.
The future of cybersecurity may increasingly belong to agentic AI. Whether that future becomes safer or more volatile may depend on how responsibly governments, companies, and security teams manage the transition.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The US Economic Development Administration has announced approximately $25 million in funding for a new AI Upskill Accelerator Pilot Program to support AI workforce training.
The programme will fund industry-driven partnerships that design and implement AI training models for workers and businesses in sectors considered important to regional economies. EDA says the initiative is intended to support workforce development approaches that can scale, adapt and become self-sustaining as AI technologies continue to evolve.
The funding opportunity links the programme to the Trump administration’s 2025 Artificial Intelligence Action Plan, which includes goals to accelerate AI development, support adoption across industries and strengthen US leadership in the technology. EDA says the programme is part of efforts to empower American workers to use AI tools and support industries tied to regional growth.
Deputy Assistant Secretary and Chief Operating Officer Ben Page said AI is becoming ‘a core driver of productivity and growth across industries’ and that workers need AI skills so regions can attract investment, adopt advanced technologies and sustain long-term economic growth.
The pilot will support workforce development in an emerging technology area while helping businesses and workers build the skills needed to use AI in the workplace. Applications for the programme are open until 10 July 2026.
Why does it matter?
The programme shows how AI policy is increasingly being linked to regional economic development and workforce readiness, not only research or infrastructure. By funding industry-driven training models, the EDA is trying to prepare workers and local economies for AI adoption while helping businesses close skills gaps that could affect productivity, investment and competitiveness.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!