The Aithos Research Foundation has launched Aithos LARA (Legal Assessment for Real-world Agents), a public evaluation framework designed to assess whether AI agents comply with key European legal requirements.
The framework places AI models in simulated workplace and consumer-service scenarios where completing assigned tasks may involve actions that conflict with provisions of the EU AI Act or the General Data Protection Regulation (GDPR).
According to Aithos, an initial evaluation involving more than 3,000 tests across 12 frontier AI models found that none consistently met acceptable levels of legal compliance. Compliance rates ranged from 7% to 54%, with the highest-performing model adhering to legal requirements in only slightly more than half of the assessed scenarios.
The research suggests that current frontier AI systems may prioritise task completion over legal obligations when operating with a high degree of autonomy.
Furthermore, the study assessed compliance with six provisions of the EU AI Act and four core GDPR principles, including transparency, lawful processing, data minimisation and purpose limitation.
Researchers reported instances in which models generated outputs that would conflict with some of the AI Act’s prohibited practices, including exploiting vulnerable individuals, conducting emotion recognition in workplace environments and engaging in forms of manipulation prohibited under European law.
To increase transparency, Aithos has made evaluation transcripts, model outputs and judicial assessments publicly available. The organisation argues that independent and public oversight can complement company-led governance efforts by providing greater transparency into how AI systems behave in legally and ethically sensitive contexts.
Why does it matter?
The findings highlight the challenges of deploying AI agents in regulated environments where legal compliance is essential. As organisations increasingly explore AI for customer service, human resources, finance and operational decision-making, ensuring that systems comply with data protection and AI regulations is becoming a key governance requirement.
The research also underscores the growing importance of independent testing and oversight mechanisms as policymakers and regulators seek to evaluate how autonomous AI systems behave in real-world scenarios.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
International Labour Organization (ILO) Director-General Gilbert F. Houngbo has called for a human-centred approach to AI at the opening of the 114th International Labour Conference in Geneva. He said the future of work would depend not only on technological advances, but also on the policies, institutions and social dialogue shaping their impact on people’s lives.
Drawing on his report ‘A Moment of Choice: Harnessing Artificial Intelligence for Decent Work‘, Houngbo outlined an agenda focused on rights, employment and skills, social protection, and social dialogue. He argued that productivity gains generated by AI should be shared through higher wages, stronger labour protections and more inclusive economic growth.
Houngbo warned that decisions taken today would determine whether AI expands opportunity and shared prosperity or contributes to greater inequality and insecurity. He also situated AI governance within a broader context of economic uncertainty, citing ILO estimates that a prolonged oil-price shock could reduce global working hours by the equivalent of millions of full-time jobs and lead to significant labour income losses by 2027.
Delegates will also hold a second discussion on decent work in the platform economy, with the aim of developing new international labour standards. The draft Convention and Recommendation cover employment promotion, protections for digital platform workers, and provisions relating to automated systems used by digital labour platforms.
Delegates from governments, employers, and workers will also address gender equality, social dialogue, tripartism, and the application of labour standards. The conference, which brings together representatives from the ILO’s 187 Member States, will run until 12 June.
Why does it matter?
As AI becomes increasingly integrated into workplaces, governments, employers and workers are debating how productivity gains, skills requirements and labour protections should evolve. The ILO’s focus on human-centred AI reflects growing international efforts to ensure that technological change supports decent work rather than exacerbating inequality.
The discussions are also significant because they could influence future international labour standards for platform work and the use of automated systems in employment, helping shape how AI affects workers worldwide.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The World Health Organization (WHO) has published a discussion paper examining how AI could reshape evidence-informed health policymaking. The paper, titled ‘Artificial intelligence and evidence-informed policy – emerging challenges and opportunities’, examines how AI can affect the way health problems are defined, policy options are designed, and impact is assessed.
The paper was developed jointly by WHO’s Department of Data, Digital Health, Analytics and AI and its Department of Science for Health. It is intended for policy-makers, regulators, health managers, and AI developers, and organises its analysis around the policy cycle, from understanding problems to designing solutions and monitoring implementation.
According to the paper, AI can strengthen policy analysis through the use of larger datasets, continuous evidence synthesis and faster scenario modelling. The paper also identifies risks throughout the policy cycle, including data bias, excessive focus on measurable indicators, digital divides, cybersecurity vulnerabilities and the possibility that automated monitoring systems could gradually shift policy implementation away from its original objectives.
A recurring concern is what the paper describes as ‘epistemic injustice’, whereby AI systems may prioritise quantifiable and data-rich evidence while overlooking lived experience, local expertise, Indigenous knowledge and community-based perspectives. WHO says existing evidence-informed policymaking tools and AI governance frameworks already converge on transparency, participatory engagement, rights protection, and risk-based oversight.
WHO recommends conducting algorithmic impact assessments and technology readiness reviews before deploying AI systems in policymaking processes. Once systems are deployed, WHO recommends continuous evidence-review processes, human verification mechanisms and multidisciplinary oversight, emphasising that AI should support rather than replace human judgement in health policymaking.
Why does it matter?
AI is increasingly being used to analyse large datasets, model policy scenarios and support public-sector decision-making. As governments and international organisations explore these capabilities, questions about transparency, accountability, bias and human oversight are becoming more important.
WHO’s recommendations highlight the need to balance AI’s analytical potential with safeguards that protect human rights, ensure inclusive policymaking and maintain human responsibility for policy decisions.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The Computers, Privacy and Data Protection (CPDP) conference is an annual gathering that brings together academics, policymakers, industry representatives, civil society, students, and EU institutions to discuss emerging digital policy challenges. This year’s theme was ‘Competing Visions, Shared Futures’, the 19th in the series, and it hosted approximately 150 panels over the span of 3 days in Brussels.
What is CPDP?
CPDP’s value lies in its multidisciplinary approach. With academics presenting their work or debating topical issues, as well as with industry and policy experts bringing their expertise to the table, the event creates a space for honest conversations among participants.
The conference is sponsored by organisations such as Google, TikTok, Apple, as well as the European Data Protection Supervisor (EDPS), European Union Agency for Fundamental Rights (FRA) and VBU. Google even presented its Banana AI model in a photo booth, allowing participants to modify photos they took in the booth.
Alongside panels, CPDP hosts an array of workshops, short films, artwork, radio programming, promotion booths, dedicated DPO, youth, finance and IT tracks, book launches, and pop-up exhibitions. The event always closes the day in style with an open bar and a party to chat and network at.
CPDP is not a typical conference with just panels, attendees, moderators, and lengthy speeches. The conference inspires creativity and gives the freedom to achieve it. This was proven by the diverse topics showcased in the event’s schedule over the three days.
From a fireside chat with the artist, Simon Denny, behind the conference’s art, who uses AI as a medium in some of his work, to typical discussions about the Digital Omnibus or tracking period apps, all the way to an exiled journalist talking about Russian internet censorship. There was something for everyone.
Image via Magnific
What was presented?
The breadth of topics discussed at CPDP offers insight into the issues currently shaping Europe’s digital policy agenda. There were approximately 150 panels in total, with data protection, AI, the Digital Omnibus and the topics of digital sovereignty receiving the most attention. Data protection received the most attention overall, as 33 panels were dedicated to the topic. This was followed by 26 panels on AI, 12 on the Digital Omnibus, 10 on digital sovereignty, and 7 on child-related protection.
The distribution of panels reflects the growing prominence of AI in digital policy discussions. However, data protection topics, including privacy and the GDPR, are still the frontrunners in terms of topic relevance. Newer and emerging topics reveal what is topical in the digital world.
Growing concerns over US tech reliance have intensified discussions about EU digital sovereignty. Alongside this, another heavily debated and sensitive topic is child protection in the online context and its generative AI implications, which raises questions about how to better protect children online.
Emerging topics at CPDP
Digital sovereignty is a challenging topic as it encompasses a lot and has yet to be defined, meaning that taking action can look different for a wide variety of actors. Several discussions framed digital sovereignty as a pathway towards greater digital independence and reduced reliance on external technology providers. In order to try to achieve digital sovereignty, public procurement should be steered away from non-EU actors and towards EU businesses to develop a European stack.
Yes, private partnerships are important, but public ones set the tone. Several participants argued that public procurement choices will play an important role in determining whether EU can strengthen domestic digital capabilities and reduce strategic dependencies. Digital sovereignty needs to come from all corners of the market and society; that is the challenge.
A very interesting panel on data protection and AI, the GDPR, and privacy occurred. In Academic Session I, Stephanie von Maltzan presented findings about her groundbreaking research on LLM unlearning. The larger the LLM, the more data points it will be trained on and the more complex its ‘web’ will be.
Removing data points is not a common practice, given how data points interact with each other, meaning that complexity overrides certain fundamental rights. For example, when data subjects invoke their right to erasure under Article 17 of the GDPR, they may request that certain data be deleted in an LLM, yet this request is difficult to carry out in practice.
The research highlights one of the emerging challenges at the intersection of AI governance and data protection. She presents a two tier model in which the actively deployed LLM is accompanied by a parallel ‘shadow’ model.
After receiving a valied erasure request, the ‘shadow model’ would undergo the necessary unlearning processes to remove the relevant data. In the second tier, in a scheduled update, the ‘shadow’ model, which had undergone unlearning, would replace the initial LLM, thereby upholding data subject requests.
Apart from these insightful exchanges of knowledge on AI, digital sovereignty and data protection, the conference offered practical workshops on how to brainstorm re-writing the proposed Article 88b of the Omnibus, data protection officer and cybersecurity crisis scenarios, as well as open conversations about how to protect children in online environments.
Remaining questions
The conference also highlighted several unresolved policy questions that continue to shape European digital governance debates.
Regarding the Digital Omnibus, would companies scale up overnight if we removed regulations?
Does digital sovereignty need/have a definition, or should it be left to the meaning of ‘digital independence’?
Open markets vs data protection, where is the balance?
Regarding digital sovereignty, which clouds should be used in the EU?
Should simplification mean using the once-used definition of personal data by the CJEU, or sticking to the definition relied on in law, cases, and practice?
In order to protect EU sovereignty, should parts of the stack be a public utility?
Why does it matter?
CPDP 2026 demonstrated that while privacy and data protection remain central pillars of European digital policy, debates around AI governance, digital sovereignty and online child protection are rapidly gaining prominence.
The discussions highlighted the growing challenge of balancing innovation, competitiveness, fundamental rights and strategic autonomy as Europe defines its digital future.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Organisation for Economic Co-operation and Development has published a policy paper examining how national security considerations are increasingly influencing competition enforcement across a growing range of sectors.
The report highlights the impact of geopolitical developments, technological change, and stronger attention to economic security, resilience, and technological capability. National security issues are increasingly intersecting with competition policy in areas such as energy, telecommunications, and advanced technologies.
The paper explores how competition authorities should address these concerns while maintaining their established legal and analytical responsibilities. It argues that security concerns should be assessed by competition authorities only where they can be expressed as competition-relevant effects under established competition law tools.
Concerns that fall outside the analytical remit of competition authorities should instead be assessed by governments or specialised bodies, according to the OECD.
The paper proposes an analytical framework to distinguish between national security concerns that can be examined through competition law and those that require separate institutional assessment.
Drawing on cross-jurisdictional experience, the OECD examines how national security considerations can arise in assessments of competitive constraints, merger control, coordinated conduct, unilateral conduct, and remedy design.
The paper concludes that preserving clear institutional roles, legal predictability, analytical boundaries, and effective enforcement will become increasingly important as national security considerations continue to shape economic policymaking.
Why does it matter?
The paper reflects a growing tension in competition policy: governments increasingly view sectors such as energy, telecommunications, and advanced technologies through a national security lens, but competition authorities still need clear legal boundaries. OECD’s framework aims to prevent competition enforcement from becoming a catch-all tool for broader security or industrial policy concerns, while still allowing authorities to consider security-related issues when they have measurable competition effects.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Singapore’s Personal Data Protection Commission (PDPC) has launched a public consultation on proposed advisory guidelines governing the use of personal data in generative AI systems. Published on 2 June, the draft guidelines seek feedback on how Singapore’s Personal Data Protection Act (PDPA) applies when personal data is used in the development and deployment of generative AI systems.
The proposed guidelines address the collection and use of personal data for generative AI model development, the allocation of data protection responsibilities across the AI lifecycle, and the handling of individual rights requests relating to personal data. The guidance is organised around development, deployment, and post-deployment stages.
For model development, the draft guidelines clarify how organisations may rely on exemptions for publicly available information when using web-scraped datasets containing personal data. They also set out considerations for data behind digital barriers such as paywalls, registration requirements, authentication mechanisms, and tools that block automated access.
The PDPC proposes that general privacy notices should not be considered sufficient for obtaining consent to use personal data for large-scale AI training or fine-tuning. Organisations would instead be expected to provide AI-specific notices explaining the categories of personal data used, the purpose of the processing, the model’s intended functions, and how individuals can refuse or withdraw consent.
The proposed guidelines also outline responsibilities for model providers, system providers, and system deployers, including retention, protection, purpose limitation, and accountability obligations. The post-deployment guidance addresses access and correction requests while recognising technical challenges associated with large datasets, embeddings, temporary context windows and the removal of specific information from trained models. Interested parties may submit comments to the PDPC by 1 July 2026.
Why does it matter?
The consultation highlights the growing challenge of applying existing data protection laws to generative AI systems that rely on large-scale data collection and model training. Regulators worldwide are increasingly examining how privacy principles such as consent, transparency and purpose limitation should operate in AI development.
Singapore’s proposed guidance could provide an important reference point for organisations developing or deploying generative AI, particularly in areas such as web scraping, AI training datasets and the allocation of responsibilities across the AI value chain.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The European Commission has appointed two new expert bodies to support the implementation and enforcement of the EU’s AI Act. The Scientific Panel and Advisory Forum will provide independent expertise to the Commission’s AI Office and national authorities responsible for supervising compliance with the regulation.
The Scientific Panel comprises 60 independent experts from fields including frontier AI research, engineering, technical auditing, industry, and societal impact assessment. The panel will focus on general-purpose AI (GPAI) models and systems, systemic risk assessment, model classification, evaluation methodologies, and cross-border market surveillance.
Alongside the panel, the Commission has established an Advisory Forum bringing together representatives from academia, civil society, industry, startups and SMEs. The forum will provide technical advice on implementation challenges, standardisation efforts, and broader issues related to the enforcement of the AI Act.
Several EU agencies will hold permanent seats in the forum, including the European Union Agency for Fundamental Rights (FRA) and the European Union Agency for Cybersecurity (ENISA). Members of both bodies will serve two-year terms and are expected to contribute to the consistent application of the AI Act across the European Union.
Why does it matter?
The AI Act introduces a comprehensive regulatory framework for AI systems in the EU, including specific obligations for general-purpose AI models.
The new expert bodies are intended to strengthen the Commission’s technical capacity, support coordinated enforcement across Member States, and provide independent expertise on emerging risks, standards, and compliance challenges as AI technologies continue to evolve.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The second European Forum on digital citizenship education has concluded in Strasbourg, bringing together policymakers, educators, civil society groups, youth organisations, and parents to discuss responsible participation in digital societies.
Participants examined practical approaches to digital citizenship education, with discussions focusing on AI in education, children’s rights online, critical thinking, inclusion, and safe participation in digital spaces. Particular attention was given to the role of parents and families in helping young people develop responsible and informed online behaviours.
The forum also contributed to preparations for the Council of Europe’s Road Map for strengthening digital citizenship education for 2027–2031. Stakeholders highlighted the need for closer cooperation between public authorities, the private sector, and civil society to support effective implementation.
Outcomes from the event will inform ongoing Council of Europe work to promote democratic values, human rights, and active participation in the digital era, while helping learners and education professionals respond to the growing influence of technology on society.
Why does it matter?
Digital citizenship education is becoming a strategic policy issue as societies try to ensure that technological change is matched by the skills needed for safe, informed, and responsible participation online. The Council of Europe forum links digital literacy with democratic participation, children’s rights, critical thinking, inclusion, and human rights-based digital transformation.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
EuroDIG 2026 concluded with calls for stronger multistakeholder cooperation, greater digital inclusion, and wider support for multilingual internet access during the conference’s closing plenary hosted by EURid.
The final session combined celebratory reflections on the two-day event with broader policy messages on universal acceptance, digital accessibility, and cooperation across governments, the technical community, civil society, academia, and the private sector.
Opening the session, moderator Florence Ranson thanked participants for remaining until the end of what she described as a ‘fulfilling’ conference and said workshop outcomes and feedback would be shared in the coming weeks.
Co-moderator Sandra expressed surprise at the size of the audience at the wrap-up session and thanked the focal points, speakers, rapporteurs, youth participants, institutional partners, and sponsors for their contributions to the programme.
Regina, co-moderating the session, described EuroDIG 2026 as a demonstration of multistakeholder cooperation, noting that EURid hosts EuroDIG only once every ten years. She also highlighted the event’s coincidence with the 20th anniversary of the .eu domain.
Both moderators thanked the European Commission’s DG CONNECT team for supporting the event venue and programme development.
The closing session then shifted toward one of the conference’s recurring themes, the universal acceptance of multilingual domain names and email addresses.
Sarmad Hussain of ICANN said the internet must function in all languages and scripts, pointing to progress made since the Tunis Agenda of 2005 enabled development of internationalised domain names and multilingual email addresses. However, Hussain warned that many websites, platforms, and online services still fail to support non-Latin scripts and local-language identifiers despite existing technical standards.
According to Hussain, this creates a ‘universal acceptance’ challenge affecting accessibility and inclusion online. He called on developers, governments, academia, civil society, and private-sector organisations to update systems and applications so they accept all valid domain names and email addresses regardless of language or script. He also promoted the upcoming Universal Acceptance Day initiative aimed at raising awareness about the issue.
UNESCO representative Dr Xianhong Hu used the closing session to reinforce broader themes of multilingualism, inclusion, and digital cooperation. Speaking on behalf of Ambassador Salih Abduh, Hu highlighted UNESCO’s partnership with EuroDIG and linked the conference to the 25th anniversary of UNESCO’s Information for All Programme.
She noted that discussions during EuroDIG 2026 covered internet governance, universal acceptance, gender equality, youth participation, and intergenerational dialogue, reflecting UNESCO’s priorities around inclusive knowledge societies.
Hu also called for renewed cooperation among European governments, the technical community, academia, civil society, and businesses to bridge digital divides and support multilingual digital futures in the AI era.
The session concluded with a toast to partnership, an invitation for a group photo, and final thanks to participants and organisers.
The closing plenary reflected several broader themes that ran throughout EuroDIG 2026, including multistakeholder governance, digital inclusion, and concerns about unequal access to digital infrastructure and online participation.
The emphasis on universal acceptance also connected technical internet governance questions with wider debates on linguistic diversity and accessibility, highlighting ongoing gaps between existing technical capabilities and real-world adoption across online platforms and services.
EuroDIG 2026 took place on 26 and 27 May at the Charlemagne Building of the European Commission in Brussels under the theme ‘European Voices for the Future of the Internet – Celebrating 20 Years of .eu and the Beginning of a New Internet Governance Era’.
Digital Watch Observatory followed EuroDIG 2026 through a dedicated event page, featuring session information and reporting from Brussels.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
European national and regional Internet Governance Forum initiatives (NRIs) discussed how they can help implement the outcomes of the WSIS+20 review during a EuroDIG 2026 session focused on collaboration, local engagement, and multistakeholder governance.
The discussion examined whether NRIs should remain primarily bottom-up discussion spaces or take on a more direct role in supporting the implementation of global digital governance commitments at the national and regional levels.
Sabina Heber, moderating the workshop, described NRIs as increasingly important spaces for multistakeholder discussion, cooperation, and policy exchange. She said implementation of WSIS goals often depends on national and regional action, making NRIs key links between global frameworks and local realities.
A central debate emerged around the future role of NRIs after the WSIS+20 review.
Jordan Carter of the UK IGF argued that national and regional IGFs have traditionally not operated as ‘WSIS implementation agencies.’ Instead, he said, they usually function as bottom-up forums that relay local discussions into regional and global internet governance processes.
Matthias Kettermann of the Austrian IGF took a more proactive position, arguing that NRIs should engage more directly with WSIS action lines in the post-review environment and translate them into national priorities.
He pointed to Austria’s approach of organising youth-focused panels and rotating the Austrian IGF across different regions to involve local stakeholders, including schools, museums, and innovation departments, in discussions on AI governance and digital transformation.
Declan McDermott of IGF Ireland focused on how NRIs measure and scale impact. He proposed three approaches: ‘scaling out’ to reach more stakeholders, ‘scaling up’ to influence policymakers, and ‘scaling deeply’ to change how internet governance is understood within society.
McDermott argued that NRIs need clearer theories of change and more concrete definitions of success, warning against ‘collaborating for the sake of collaboration.’
Several speakers emphasised that NRIs are particularly valuable because they operate close to national realities and can identify emerging digital policy challenges early.
Dijana Milutinovic from Serbia’s national IGF said NRIs are well-positioned to monitor developments at the country level, raise issues for public debate, and improve the likelihood that concerns will eventually influence regulation or legislation. She added that exchange between NRIs is especially important when countries face similar regional challenges and can learn from one another’s experiences.
The workshop also explored how NRIs produce messages and policy outputs.
Carter explained that the UK IGF publishes annual key messages developed through a multistakeholder steering committee, while Serbia drafts messages during sessions and submits reports to ministries and the global IGF Secretariat.
Austria, by contrast, does not prioritise formal outcome documents and instead focuses more on convening stakeholders and creating connections that later generate initiatives indirectly.
Another major theme was collaboration and experimentation.
Concettina Cassa from Italy’s Agency for Digital Italy proposed the creation of voluntary ‘NRI labs’ as spaces for peer learning and practical cooperation between NRIs. She described them as non-binding multistakeholder spaces where participants could exchange operational experience and experiment with implementation approaches on issues such as trustworthy AI in public administration or child protection online.
According to Cassa, the challenge twenty years after WSIS is no longer only agreeing on principles, but translating them into practical cooperation and implementation.
Participants also discussed new tools for handling controversial policy debates. A representative from the Netherlands presented ‘argument maps,’ structured visual overviews that organise competing positions on contentious issues such as age verification or encryption without forcing participants to agree on a single recommendation.
Business participation emerged as another recurring challenge. Speakers said companies are often difficult to attract unless discussions address concrete operational problems or provide visible practical value.
Kettermann said Austrian organisers worked directly with the Chamber of Commerce to identify topics businesses cared about, while Serbian representatives noted that companies engage more actively when discussions focus on how regulation affects their operations and business models.
Toward the end of the session, participants stressed that NRIs’ ability to influence policymaking depends heavily on resources, institutional legitimacy, and public awareness.
Milutinovic warned that many NRIs rely largely on volunteers, limiting their capacity to produce reports, participate in coalitions, or contribute consistently to policy consultations.
The workshop concluded with several agreed-upon messages, including recognition that NRIs are effective multistakeholder forums for supporting WSIS+20 goals through awareness-raising, stakeholder engagement, peer learning, and practical experimentation.
Participants also endorsed continued dialogue through EuroDIG and supported new forms of collaboration, including NRI labs and other experimental approaches designed to strengthen cooperation while preserving the bottom-up nature of internet governance processes.
EuroDIG 2026 took place on 26 and 27 May at the Charlemagne Building of the European Commission in Brussels under the theme ‘European Voices for the Future of the Internet – Celebrating 20 Years of .eu and the Beginning of a New Internet Governance Era’.
Digital Watch Observatory followed EuroDIG 2026 through a dedicated event page, featuring session information and reporting from Brussels.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
