Jurisdiction

Anthropic offers ENISA access to advanced AI security model

Anthropic has invited the European Commission to facilitate access for ENISA, the EU agency for cybersecurity, to its cybersecurity-focused AI model Mythos, according to Bloomberg. The invitation followed a meeting between Anthropic and the Commission in San Francisco on 29 May. The EU must now establish a mechanism with appropriate security safeguards before access can be implemented; an ENISA official confirmed the agency does not currently have active access.

Anthropic unveiled Mythos in April, describing it as a model capable of identifying and exploiting cybersecurity vulnerabilities at a level that surpasses most human experts. Bloomberg reported on 2 June that ENISA was set to receive access to the model.

European Commission spokesperson Thomas Regnier welcomed the development, saying that access could help authorities build a clearer understanding of potential risks as increasingly capable AI models enter the market. The invitation follows calls from European policymakers and cybersecurity officials for greater access to advanced AI systems and for the development of comparable European capabilities.

Why does it matter?

The emergence of AI models capable of identifying software vulnerabilities at scale is reshaping cybersecurity risk assessments for governments, regulators and critical infrastructure operators. Access to such systems can help authorities better understand their capabilities, evaluate potential threats and develop appropriate safeguards.

For the EU, granting ENISA access to Mythos could support evidence-based policymaking and strengthen preparedness as increasingly powerful cybersecurity-focused AI models become available. The move also highlights a broader challenge: ensuring that public institutions can keep pace with rapidly advancing AI capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Greece approves major digital governance and interoperability reforms

The Greek Parliament has approved a bill from the Ministry of Digital Governance and Artificial Intelligence to expand digital public services, reduce bureaucracy, and strengthen cybersecurity.

The legislation implements the EU rules on the cross-border automated exchange of supporting documents through the once-only principle, allowing citizens and businesses to avoid repeatedly submitting the same documents to public authorities across the EU.

Greece’s new framework establishes technical and operational measures enabling public authorities to retrieve official documents securely and automatically, with the user’s consent. The system will operate through the European interoperability infrastructure and in line with the EU data protection requirements.

The General Secretariat for Information Systems and Digital Governance will oversee technical coordination and implementation.

Beyond cross-border services, the legislation introduces several domestic digital initiatives. These include a Defective Vehicle Recall Registry to notify vehicle owners about critical safety issues, upgrades to the MyStreet application with electric vehicle charging points and emergency gathering locations, and a customer relationship management platform on gov.gr that will allow citizens to track public service requests through a single interface.

The bill also includes measures to accelerate the launch of more than 800 new public-sector interoperability services and strengthen protections against online fraud. A National Malicious Website Blocking List will be established through Greece’s National Cybersecurity Authority to support faster blocking of phishing websites, scam portals, and malicious online services.

Why does it matter?

The legislation shows how EU interoperability rules are being translated into national digital government reforms. Greece is combining the once-only principle for cross-border public services with domestic service integration, citizen-facing digital tools, and cybersecurity measures against online fraud. The result is a broader shift towards public administration built around automated document exchange, consent-based data retrieval, and shared digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU launches consultation on trusted flagger guidelines under the DSA

The European Commission has launched a public consultation on draft guidelines for trusted flaggers under the Digital Services Act, aiming to establish a clearer and more consistent framework for organisations that identify and report illegal online content.

Trusted flaggers are specialised entities whose notices about illegal content must be prioritised by online platforms under the DSA. Platforms remain responsible for assessing whether the reported content is illegal.

More than 70 trusted flaggers have already been designated across the EU, covering areas such as child sexual abuse material, intellectual property infringements, online fraud, financial scams, and online harassment.

The proposed guidelines clarify the criteria and procedures used by national Digital Services Coordinators to grant trusted flagger status. They also set out technical requirements for trusted flaggers and platforms when processing notices of illegal content.

The draft guidelines include safeguards intended to ensure that trusted flaggers remain independent, objective, and accountable while operating in full respect of freedom of expression. They also include measures to prevent misuse of the mechanism, including public annual transparency reports and procedures to suspend or revoke trusted flagger status.

The Commission is inviting feedback from platforms, trusted flaggers, applicants, researchers, civil society organisations, and other stakeholders until 26 June 2026. Following the consultation, the Commission plans to adopt the final guidelines in the second half of 2026.

Why does it matter?

Trusted flaggers are becoming an important procedural tool in the EU’s online safety framework. Clearer rules could improve the reporting and handling of illegal content while reducing fragmentation across member states. The safeguards are also important because prioritised notices must be balanced with accountability, transparency, and protection of freedom of expression.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Germany approves draft law expanding cyber defense powers for federal authorities

Germany’s federal cabinet has approved draft legislation that would expand cyber defence capabilities for three federal agencies, the Federal Office for Information Security (BSI), the Federal Criminal Police Office (BKA), and the Federal Police (Bundespolizei), as part of a broader effort to strenghten the country’s response to cyber threats.

Under the proposal, authorities would be able to block or disrupt software and server infrastructure used in cyberattacks, including systems located outside Germany. The BSI would also receive expanded authority to collect, store, and analyse data to detect activities indicative of attack preparation. Telecommunications providers and major digital platforms would be required to relay BSI warnings about identified threats directly to users.

The government describes the measures as ‘active cyber defence,’ arguing that they are intended to stop or disrupt ongoing attacks rather than conduct retaliatory cyber operations. Current practice involves redirecting attacks to isolated network areas; the new framework would instead authorize direct action against attacker-controlled systems.

According to the Federal Situation Report on Cybercrime 2025, presented by Federal Interior Minister Alexander Dobrindt and the Vice President of the Federal Criminal Police Office, Martina Link, Germany is among Europe’s most frequently targeted countries for cyberattacks.

Federal authorities in Germany have documented sustained campaigns against industrial companies, small and medium-sized enterprises, research institutions, government bodies, and political parties, with a portion attributed to state-affiliated actors.

The draft will now proceed to parliamentary debate. It requires a legislative vote before entering into force.

Why does it matter?

The proposal reflects a broader shift among governments toward more proactive cybersecurity strategies as cyberattacks become increasingly frequent and sophisticated. Rather than focusing solely on defending networks, authorities are seeking legal powers to disrupt malicious infrastructure before attacks cause significant harm.

The legislation also raises important questions about the scope of state cyber powers, oversight mechanisms, and the legal implications of taking action against infrastructure located outside national borders. If adopted, it would mark one of Germany’s most significant cybersecurity policy changes in recent years.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

European Commission fines Temu €200 million under DSA

The European Commission has imposed a €200 million fine on Temu after finding that the online marketplace breached obligations under the Digital Services Act by failing to properly assess and mitigate systemic risks linked to illegal products sold to consumers in the EU.

According to the Commission, Temu’s 2024 risk assessment did not meet DSA requirements because it relied on general information about the wider e-commerce sector rather than evidence specific to its own platform. Regulators also found that the company significantly underestimated the likelihood that the EU consumers would encounter illegal or unsafe products.

The investigation drew on mystery shopping exercises and information from customs and market surveillance authorities. Findings included chargers that failed basic safety requirements and baby toys that contained chemicals above legal limits or presented choking hazards.

Regulators also criticised Temu for failing to sufficiently assess how recommender systems and influencer promotion programmes could contribute to the spread of illegal products on the platform.

Temu must now submit a detailed action plan explaining how it will address the shortcomings identified by the Commission. The plan will be reviewed with the European Board for Digital Services before implementation requirements are set. Failure to comply could lead to additional penalties under the DSA.

The decision is part of a wider Commission investigation into Temu, including issues related to potentially addictive design, recommender systems, and data access for researchers.

Why does it matter?

The fine marks one of the most significant enforcement actions under the Digital Services Act against a major online marketplace. It shows that the DSA is being used not only to address illegal content, but also to require platforms to assess and reduce consumer safety risks linked to illegal and unsafe goods. The case reinforces the EU’s focus on proactive risk management by very large online platforms, including how marketplace design, recommendations, and influencer promotion can amplify the reach of harmful products.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

European Commission advances AI transparency code under EU AI Act

The European Commission’s AI Office has convened a new round of working group meetings and workshops on the forthcoming Code of Practice on Marking and Labelling of AI-Generated Content.

The discussions brought together providers of generative AI systems and models, technology companies, industry representatives, civil society organisations and academic experts. Feedback from the meetings will inform the third and final draft of the code, expected in early June.

The code is intended to support transparency obligations under the AI Act, including requirements linked to marking, labelling, disclosure and detectability of AI-generated content. It covers issues such as synthetic media, deepfakes and certain AI-generated text.

Working Group 1 focused on marking and detection obligations for providers, including a revised multi-layered approach, technical feasibility, benchmarking, compliance frameworks and possible third-party assessments. Industry participants raised concerns over compliance burdens, innovation and feasibility, while civil society and academic experts called for stronger safeguards in the public interest.

Working Group 2 examined disclosure obligations for deployers of generative AI systems, particularly deepfakes and certain AI-generated text. Discussions covered origin disclosure, user-facing labels, proportionality, governance measures, editorial control and the possible development of a uniform EU label.

Additional workshops explored how machine-readable marks, provenance data, visible labels, watermarking systems and an EU-wide icon could work together across the AI value chain. Participants also discussed coordination with other EU rules, including the Digital Services Act, while stressing the need to balance transparency, legal clarity, accessibility and innovation.

Why does it matter?

The code of practice will help determine how AI-generated content is marked, labelled and disclosed across the EU. Its development highlights the practical difficulty of turning transparency obligations into workable rules, particularly when regulators, companies and civil society disagree over technical feasibility, compliance costs, user experience and safeguards against deceptive synthetic media.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Snap, YouTube, TikTok and Meta settle Kentucky school district lawsuit

At mid-May, Snap, YouTube and TikTok have reached a settlement in a lawsuit brought by the Breathitt County School District in Kentucky. The school district alleged that social media platforms contributed to learning disruption, mental health concerns, and additional financial pressures on schools.

Terms of the settlement have not been disclosed. Meta remained a defendant in the same litigation and was scheduled to proceed to trial on June 15th. However, on May 21st, the company also reached a settlement. The case is one of a broader series of lawsuits involving social media platforms and alleged harms affecting minors and schools.

This follows earlier related cases settled by Snap and TikTok. The companies have faced multiple lawsuits related to alleged harms associated with social media use. In a separate case, a jury awarded damages to a plaintiff in litigation involving Google and Meta. Meta has also recently been ordered to pay $375 million in a separate case brought by New Mexico’s attorney general.

Beyond seeking monetary awards of $60 millions, plaintiffs and state authorities have also called for changes to platform design and online safety measures affecting minors. Additional lawsuits involving social media platforms and youth safety issues remain ongoing in US courts.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission launches copyright consultation focused on AI

The European Commission has launched a call for evidence to gather views on whether EU copyright rules should be modernised in response to changes in the digital economy, including challenges linked to generative AI.

The consultation will assess the practical impact and effectiveness of the 2019 Directive on Copyright in the Digital Single Market, which updated EU rules on the use of copyright-protected content across digital platforms and online services. The Commission will examine whether the directive has facilitated the use of protected content in digital environments, improved licensing practices and supported a fairer copyright marketplace.

Rapid technological and market developments are reshaping the creative economy, with the Commission seeking views on how generative AI affects licensing, enforcement and the use of protected works. The review also covers online piracy, particularly of live events, remuneration for performers and producers of recorded music played in the EU, and access to and re-use of works for research purposes.

The call for evidence is open until 25 June and invites contributions from relevant stakeholders on both the review of the 2019 directive and a possible targeted legislative initiative on copyright. The process will be supported by an external study and a stakeholder survey.

Why does it matter?

Generative AI has intensified long-running copyright tensions between technology developers, creators, publishers and platforms. The consultation could influence how the EU approaches licensing, enforcement and the use of protected works in AI systems, while also shaping wider debates on creator remuneration and digital rights in Europe’s creative economy.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Italy lawsuit against Meta and TikTok tests child safety rules

A first hearing has taken place at the Milan Business Court in a case brought by MOIGE, the Italian Parents’ Movement, and a group of families against Meta and TikTok over the protection of minors on social media platforms.

According to MOIGE, the class-wide injunction seeks to protect around 3.5 million Italian children aged between 7 and 14 who are allegedly active on social platforms despite age restrictions. The organisation described the case as the first such action in Europe focused on protecting minors in the digital sector.

The hearing focused on preliminary objections, including challenges by lawyers for Meta and TikTok to the jurisdiction and competence of Italian courts to rule on the companies’ conduct. MOIGE said the platforms also contested documents submitted by its legal team concerning the alleged effects of recommendation algorithms on minors.

According to MOIGE, the documents refer to concerns around variable reinforcement mechanisms, infinite scrolling and behavioural profiling allegedly designed to maximise engagement among younger users. The organisation and the families’ lawyers argue that such design features raise concerns over addictive behaviour and wider risks to children’s well-being.

MOIGE’s lawyers urged the court to proceed quickly, arguing that delays could prolong potential harm affecting minors in Italy. The case will continue with further hearings, with the court expected to set the next steps in the proceedings.

Why does it matter?

The case could become an important test of how courts assess platform responsibility for children’s safety, age restrictions and recommendation systems. If the action advances, it may contribute to wider European debates on algorithmic design, age verification, addictive platform features and whether child online safety should be treated not only as a content moderation issue, but also as a consumer protection and public health concern.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

CMA opens Strategic Market Status investigation into Microsoft business software

The UK Competition and Markets Authority has opened a Strategic Market Status investigation into Microsoft’s business software ecosystem, marking another major step in the country’s digital competition regime.

The investigation will examine Microsoft’s position across workplace software products widely used throughout the UK economy, including productivity software, personal computer and server operating systems, database management systems, security software and its growing AI assistant ecosystem, including Copilot. The CMA said more than 15 million commercial users across the UK rely on Microsoft’s software ecosystem.

Regulators will assess whether Microsoft has Strategic Market Status in business software and whether its position may limit customer choice. The CMA said it will examine concerns linked to product bundling, interoperability limits and default settings that could make it harder for businesses and public-sector organisations to switch providers or combine Microsoft tools with competing products.

The authority will also examine how competing AI services can integrate with Microsoft’s business software as workplace tools increasingly incorporate AI and agentic AI functions. The CMA said customers should be able to access software and AI services from a range of suppliers rather than being locked into a single ecosystem.

Cloud competition concerns are also linked to the probe. An SMS designation would allow the CMA to consider targeted interventions related to Microsoft’s software licensing practices, which were previously identified as reducing competition in cloud services.

The CMA will gather evidence from Microsoft, customers, rivals, challenger technology firms and other stakeholders before deciding whether to designate Microsoft with Strategic Market Status. The regulator said the investigation does not assume wrongdoing and that any future interventions would depend on the evidence and relevant legal tests.

Why does it matter?

The investigation shows how digital competition oversight is moving deeper into enterprise software, cloud infrastructure and AI-enabled workplace tools. As products such as Copilot become embedded in systems used by businesses and public services, regulators are increasingly treating interoperability, bundling and switching costs as strategic competition issues rather than narrow technical questions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.