UK brings major cloud providers under financial oversight

The UK government has designated Microsoft, Google Cloud, Amazon Web Services (AWS) and Oracle as Critical Third Parties (CTPs), bringing the major cloud providers under direct financial regulatory oversight for the first time.

From 13 July 2026, the four companies will come under direct oversight by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), with the aim of strengthening the operational resilience of the UK financial system.

The new regime reflects the financial sector’s growing dependence on cloud infrastructure. Regulators will be able to assess the resilience of critical services, gather operational information and require providers to address risks that could disrupt banking, insurance or financial market infrastructure.

The oversight applies only to services considered systemically important to the financial sector, rather than to the companies’ wider commercial operations.

The UK government described the framework as a proportionate, risk-based approach designed to reduce the likelihood of widespread service disruptions affecting millions of consumers and businesses. It also said additional technology providers could be designated in the future if they meet the statutory threshold for systemic importance.

Microsoft, Google Cloud, AWS and Oracle all welcomed the framework, saying they would comply with the new requirements and continue supporting the resilience of the UK’s financial sector.

Why does it matter?

The designation marks a significant shift in financial regulation by extending direct oversight beyond banks and financial institutions to the technology providers that underpin critical financial services. As cloud infrastructure becomes increasingly central to banking, payments and financial markets, regulators are treating operational resilience as a systemic issue rather than solely a commercial responsibility.

The UK’s approach could also influence regulators in other jurisdictions. As financial institutions become more dependent on a small number of hyperscale cloud providers, governments may increasingly seek direct oversight of technology companies whose services have become essential to the stability of critical sectors.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

European Commission preliminarily finds Meta’s addictive platform design breaches the DSA

The European Commission has issued preliminary findings that Meta’s design of Instagram and Facebook breaches the Digital Services Act (DSA), arguing that features designed to maximise engagement may encourage compulsive use and fail to adequately protect children and other vulnerable users.

The investigation focuses on platform features including infinite scroll, autoplay, push notifications and highly personalised recommender systems.

According to the Commission’s preliminary assessment, Meta failed to properly evaluate the risks these features pose to users’ physical and mental well-being. Investigators found that personalised recommendations, continuous content feeds and engagement-driven formats such as Reels and Stories can encourage excessive use, particularly among younger users.

The Commission also said Meta failed to adequately consider evidence showing that children spend significant time on Instagram and Facebook during nighttime hours.

The Commission also concluded that Meta’s existing mitigation measures are insufficient. Screen time tools, including those enabled by default for teenagers, can easily be dismissed and do not meaningfully reduce usage.

Parental controls were also found to require considerable technical knowledge and active supervision, while educational resources available through Meta’s Safety Centre were considered inadequate to mitigate the risks associated with addictive platform design.

According to the Commission, Meta should redesign several core platform features, including disabling autoplay and infinite scroll by default, introducing more effective screen-time reminders and reducing the engagement-driven nature of its recommender systems.

The findings are preliminary, and Meta now has the opportunity to examine the Commission’s evidence and submit a formal response before a final decision is adopted. If the infringement is ultimately confirmed, the company could face fines of up to 6% of its global annual turnover under the Digital Services Act.

Why does it matter?

The case represents one of the EU’s most significant attempts to regulate platform design rather than online content. If confirmed, it would establish an important precedent for how very large online platforms design recommender systems, engagement mechanisms and user interfaces under the Digital Services Act, particularly where children and vulnerable users are concerned.

More broadly, the case signals that European regulators are increasingly willing to scrutinise the business models underpinning social media platforms, not just the content they host. That could influence how digital platforms design engagement features well beyond the EU.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UNESCO supports Tanzania judicial curriculum on AI and rule of law

UNESCO has supported the development of Tanzania’s first judicial curriculum on AI, helping judges and justice sector professionals address the technology’s growing impact on courts, human rights and the rule of law.

Developed with the Institute of Judicial Administration (IJA) in Lushoto, the competency-based programme is designed for judges, magistrates, judicial trainers, court administrators and other justice sector professionals. It aims to strengthen their ability to understand, assess and make informed decisions about AI while safeguarding judicial independence, due process and fundamental rights.

The initiative supports Tanzania’s broader digital transformation of the justice sector. As courts adopt more digital technologies, judicial officers are expected to face new questions surrounding AI-generated evidence, algorithmic bias, transparency, accountability and the protection of human rights.

The curriculum is designed for long-term institutional use through induction courses, executive education, continuing judicial education and train-the-trainer programmes, allowing judicial expertise to evolve alongside advances in AI.

It draws on UNESCO’s global AI governance instruments, including the Recommendation on the Ethics of Artificial Intelligence, the Global Toolkit on AI and the Rule of Law for the Judiciary, the Guidelines for the Use of AI Systems in Courts and Tribunals, the Ethical Impact Assessment methodology, and guidance on generative AI in education and research.

Adapted to the legal and institutional context of Tanzania, the curriculum combines practical instruction with case studies, judicial simulations and hands-on exercises. Participants will examine AI-generated evidence, identify algorithmic bias, assess human rights risks and practise decision-making while preserving judicial independence.

UNESCO has also produced an instructor’s guide for IJA faculty, including lesson plans, practical exercises and assessment tools to support executive education, continuing judicial training and future train-the-trainer programmes.

The initiative reflects UNESCO’s broader effort to translate global AI governance principles into practical institutional capacity. By focusing on the judiciary, it aims to ensure that AI strengthens justice systems without undermining fairness, accountability or public trust.

Why does it matter?

The initiative treats AI and the rule of law as a practical judicial capacity challenge rather than simply a technology policy issue. As AI becomes more common in legal disputes, evidence and court administration, judges will increasingly need the knowledge to assess its use while protecting due process, judicial independence and fundamental rights.

The programme also illustrates a broader shift in AI governance from developing high-level principles to building institutional capacity. Equipping judges with practical AI knowledge could become an increasingly important part of maintaining public trust in justice systems as AI adoption expands.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Greece begins parliamentary debate on EU AI Act implementation

Greece has introduced a draft law to implement the EU AI Act, becoming one of the first EU member states to establish a comprehensive national governance framework for enforcing the regulation.

The legislation aims to promote the safe, trustworthy and human-centred use of AI while protecting fundamental rights and supporting innovation, entrepreneurship and economic competitiveness.

The draft law designates the Hellenic Data Protection Authority as the national market surveillance authority and national contact point under the AI Act, while assigning the Hellenic Telecommunications and Post Commission as the notifying authority.

It also establishes an Artificial Intelligence Coordination and Know-how Centre to provide technical expertise to regulators, alongside a unified complaints mechanism and an administrative sanctions framework to support enforcement.

To encourage responsible innovation, the proposal introduces an AI regulatory sandbox, allowing startups and small and medium-sized enterprises to test AI applications under regulatory supervision.

The legislation also creates a Unified Registry of Public Artificial Intelligence Systems to strengthen transparency and accountability, while expanding the role of Greece’s AI Observatory in monitoring implementation of the National AI Strategy.

According to the Ministry of Digital Governance, the framework follows the AI Act’s risk-based approach by applying oversight measures proportionate to the risks posed by different AI systems.

The proposal builds on Greece’s broader AI strategy, including the creation of the Special Secretariat for Artificial Intelligence and Data Governance, with the aim of balancing innovation, economic development and the protection of fundamental rights.

Why does it matter?

Greece is positioning itself among the first EU member states to translate the AI Act into operational national institutions and enforcement mechanisms. By establishing supervisory authorities, a regulatory sandbox and governance structures ahead of key implementation deadlines, the country aims to provide greater legal certainty for businesses while supporting responsible AI innovation.

The legislation also illustrates how the AI Act will increasingly be implemented through national institutions rather than EU bodies alone. As other member states develop their own enforcement frameworks, differences in implementation could shape how consistently the regulation is applied across the European Union.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

European Parliament advances child safety privacy balance

The European Parliament has adopted amendments to a temporary exemption from the EU’s ePrivacy rules, seeking to preserve voluntary detection of child sexual abuse material while strengthening protections for end-to-end encrypted communications.

MEPs voted to exclude communications protected by end-to-end encryption from the scope of the temporary derogation, reinforcing privacy protections while maintaining support for voluntary detection measures.

The amendments were adopted during Parliament’s second reading of the proposal. Although a simple majority initially voted to reject the Council’s position, the motion failed because it did not reach the required absolute majority of 360 votes. Parliament therefore proceeded to adopt amendments instead.

The amended text now returns to the Council, which has three months to approve or reject Parliament’s changes. If the Council does not accept all of the amendments, the proposal will move to conciliation negotiations.

The temporary derogation is intended to prevent a legal gap following the expiry of the previous exemption in April 2026. It allows electronic communications providers to continue voluntarily detecting, removing and reporting child sexual abuse material while EU institutions negotiate a permanent legal framework.

Earlier negotiations between the European Parliament and the Council failed to produce an agreement, allowing the previous temporary framework to expire before the proposal returned for a second reading.

At the same time, Parliament and the Council continue negotiations on a permanent legislative framework to combat child sexual abuse online. Most elements have already been agreed, with discussions continuing on issues such as the balance between child protection and fundamental rights, including privacy and secure communications.

Why does it matter?

The vote highlights the EU’s continuing effort to balance child protection with fundamental rights. By excluding end-to-end encrypted communications from the temporary derogation, Parliament is signalling that stronger safeguards against child sexual abuse should not come at the expense of weakening secure communications.

The decision also keeps voluntary detection measures in place while negotiations continue on a permanent framework. The outcome of those talks is likely to shape how the EU reconciles online safety, privacy and encryption in future digital regulation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ofcom fines adult platform over Online Safety Act age check failures

The UK communications regulator, Ofcom, has fined the operator of Fapello.com £630,000 for breaching the Online Safety Act, marking one of its most significant enforcement actions under the new regime.

The penalty includes £600,000 for failing to implement legally required age assurance measures to prevent children from accessing pornographic content, and a further £30,000 for failing to comply with a legally binding information request. Following Ofcom’s action, Fapello.com geoblocked users in the UK, although the regulator said it will continue monitoring compliance.

Ofcom also confirmed it has opened a new investigation into Bit Hive, operator of Eporner.com, to assess whether its age verification measures meet the Act’s requirement for ‘highly effective’ age assurance.

Separately, the regulator expanded its existing investigation into Kemono.cr to examine whether the platform failed to comply with statutory information requests.

Ofcom said robust age verification is a core requirement of the Online Safety Act and warned that providers failing to implement effective protections or cooperate with regulatory investigations should expect enforcement action, including substantial financial penalties.

The regulator added that it prioritises investigations according to user reach and will continue monitoring compliance across online pornography services.

Why does it matter?

The case demonstrates that the UK’s Online Safety Act has entered a new phase of active enforcement. Rather than focusing solely on guidance and compliance deadlines, Ofcom is now imposing financial penalties and investigating platforms that fail to implement effective child protection measures.

The decision also shows that enforcement extends beyond age verification itself. Companies that fail to cooperate with regulatory investigations or provide required information may face additional sanctions, reinforcing the regulator’s ability to oversee compliance across online platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

European Commission takes four countries to EU court over NIS2 delays

The European Commission has referred Ireland, Spain, France and the Netherlands to the Court of Justice of the European Union for failing to transpose the NIS2 Directive fully into national law.

The Directive strengthens the EU cybersecurity rules and sets common requirements for organisations operating in critical sectors.

Member states were required to transpose NIS2 by 17 October 2024, but the four countries have not notified the Commission of full implementation.

The referrals follow earlier infringement steps. The Commission sent letters of formal notice on 28 November 2024 and reasoned opinions on 7 May 2025.

The Commission is asking the Court to impose financial sanctions, including a lump sum and daily penalties until the countries notify complete transposition.

NIS2 applies to entities in 18 critical sectors, including health, energy, transport and public administration.

The Directive aims to improve national and EU-wide cyber resilience by strengthening risk management, incident response and security obligations for public and private entities.

The Commission said full implementation is essential for improving the EU’s overall resilience and the incident response capacity of organisations operating in critical sectors.

Why does it matter?

The referral shows that the Commission is prepared to enforce cybersecurity law against member states that fail to meet implementation deadlines. NIS2 is designed to create a more consistent baseline of cyber resilience across the EU, but delays in national transposition can leave organisations facing fragmented obligations and uneven enforcement. For critical sectors, consistent implementation is central to risk management, incident response and cross-border resilience.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

South Korea opens antitrust proceedings over Google app market practices

South Korea’s Fair Trade Commission has begun formal deliberation procedures over allegations that Google abused its dominant position in the Android app market.

The case follows an examiner’s report submitted to the Commission, which outlines suspected violations of the country’s Fair Trade Act.

According to the report, Google used its Games/Google Velocity Program, known internally as Project Hug, to provide financial support for services such as Google Cloud, Google Ads and YouTube.

In return, participating game developers were allegedly required to launch games on Google’s app marketplace on terms at least as favourable as those offered to rival platforms.

The examiner concluded that the programme reduced incentives for developers to distribute games through competing app marketplaces, including ONE store, while strengthening Google’s position in the Android app ecosystem.

The allegedly affected revenue was estimated at 14.16 trillion won, or about $9.1 billion. If violations are confirmed, potential penalties could reach up to 6% of that amount.

Google will have an opportunity to respond before the Commission reaches a final decision.

The case adds to wider global scrutiny of app-store competition and the ways dominant platforms use developer incentives, contracts and ecosystem services to shape market access.

Why does it matter?

The case shows how antitrust scrutiny of app stores is expanding beyond commission fees and payment systems into developer incentive programmes and platform-service bundles. If KFTC confirms the allegations, the decision could influence how dominant platforms structure support packages for developers and whether such programmes are treated as loyalty-inducing conduct. It also reinforces South Korea’s role as an active jurisdiction in digital-platform competition enforcement.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

ITU showcases AI tools to strengthen digital trust

The International Telecommunication Union (ITU) has highlighted a new generation of AI researchers developing practical tools to strengthen digital trust, improve content authenticity and combat misinformation.

Ahead of the AI for Good Global Summit in Geneva, the Young Researcher Associate Programme is showcasing projects designed to improve multimedia authenticity, helping people identify manipulated content while supporting creativity and innovation in the age of generative AI.

The initiative operates under the AI and Multimedia Authenticity Standards Collaboration, established in 2024 by the World Standards Cooperation, which brings together the International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO) and the ITU.

The programme brings together early-career researchers from universities around the world to develop solutions addressing content authenticity, provenance and digital rights as AI-generated media becomes increasingly common online.

Three flagship projects illustrate the programme’s multidisciplinary approach. STOP&SCAN promotes critical thinking through a five-step framework that encourages people to assess the source, content and context of digital information before sharing it.

AMITO provides an AI-powered multimedia integrity toolkit through Telegram and WhatsApp, analysing suspicious images and videos while explaining its findings in plain language rather than simply labelling content as authentic or fake.

Meanwhile, the Policy-as-Code project maps AI-related regulations across jurisdictions, helping creators, businesses and policymakers understand how AI-generated content is regulated while laying the foundations for machine-readable compliance mechanisms.

The researchers will present their work at the AI for Good Global Summit on 9 July, demonstrating how technical innovation, behavioural science and regulatory frameworks can work together to build more trustworthy digital ecosystems. According to the ITU, strengthening digital trust requires collaboration across generations, disciplines and countries.

According to ITU, designing digital trust requires collaboration across generations, disciplines and countries to ensure AI strengthens rather than undermines confidence in online information.

Why does it matter?

As generative AI makes it easier to create convincing synthetic media, verifying the authenticity and provenance of digital content is becoming increasingly important for governments, businesses and the public. Technical tools alone are unlikely to solve the problem, making user education, common standards and transparent governance equally important.

The initiative also highlights the growing role of international standards organisations in shaping AI governance. By combining authenticity technologies, regulatory mapping and practical educational tools, the ITU and its partners are helping develop a shared foundation for trusted digital ecosystems that can operate across platforms and national borders.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Council of the EU backs interim rules on online child abuse detection

The Council of the European Union has adopted its position on interim legislation that would restore a legal basis for online service providers to voluntarily detect, report and remove child sexual abuse material (CSAM) from their platforms.

The proposal aims to restore legal certainty after the previous temporary framework expired on 3 April 2026, while negotiations continue on a permanent EU regulation to combat online child sexual abuse.

The interim regulation introduces a limited derogation from the EU’s electronic communications privacy rules, allowing online platforms to voluntarily detect child sexual abuse material and report suspected offences to law enforcement authorities.

According to the Council, these voluntary measures are essential for identifying children at risk, supporting criminal investigations, prosecuting offenders and reducing the circulation of child sexual abuse material online.

The Council proposes extending the temporary framework until 3 April 2028 to avoid a prolonged legal gap while negotiations continue on the long-term Child Sexual Abuse Regulation.

Irish Minister for Justice, Home Affairs and Migration Jim O’Callaghan said restoring providers’ ability to detect online child sexual abuse is essential to protecting victims and bringing offenders to justice. The proposal will now move to the European Parliament for a second reading, where MEPs may approve, amend or reject the Council’s position.

If adopted, the measure would restore the legal basis for voluntary detection activities while policymakers continue negotiations on a permanent framework governing the detection of child sexual abuse material across digital services in the European Union.

Why does it matter?

The proposal addresses a legal gap that emerged after the previous temporary framework expired, creating uncertainty for online platforms that voluntarily detect and report child sexual abuse material. Restoring a clear legal basis would allow providers to continue supporting law enforcement while longer-term legislation is negotiated.

The debate also reflects the EU’s continuing effort to balance child protection with privacy and fundamental rights. While the interim proposal focuses on voluntary detection, negotiations on a permanent framework are expected to continue raising questions about the appropriate balance between online safety, privacy and the responsibilities of digital platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!