Mandatory facial verification will be introduced in South Korea for anyone opening a new mobile phone account, as authorities try to limit identity fraud.
Officials said criminals have been using stolen personal details to set up phone numbers that later support scams such as voice phishing instead of legitimate services.
Major mobile carriers, including LG Uplus, Korea Telecom and SK Telecom, will validate users by matching their faces against biometric data stored in the PASS digital identity app.
Such a requirement expands the country’s identity checks rather than replacing them outright, and is intended to make it harder for fraud rings to exploit stolen data at scale.
The measure follows a difficult year for data security in South Korea, marked by cyber incidents affecting more than half the population.
SK Telecom reported a breach involving all 23 million of its customers and now faces more than $1.5 billion in penalties and compensation.
Regulators also revealed that mobile virtual network operators were linked to 92% of counterfeit phones uncovered in 2024, strengthening the government’s case for tougher identity controls.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Authorities in Romania have confirmed a severe ransomware attack on the national water administration ‘Apele Române’, which encrypted around 1,000 IT systems across most regional water basin offices.
Attackers used Microsoft’s BitLocker tool to lock files and then issued a ransom note demanding contact within seven days, although cybersecurity officials continue to reject any negotiation with criminals.
The disruption affected email systems, databases, servers and workstations instead of operational technology, meaning hydrotechnical structures and critical water management systems continued to function safely.
Staff coordinated activity by radio and telephone, and flood defence operations remained in normal working order while investigations and recovery progressed.
National cyber agencies, including the National Directorate of Cyber Security and the Romanian Intelligence Service’s cyber centre, are now restoring systems and moving to include water infrastructure within the state cyber protection framework.
The case underlines how ransomware groups increasingly target essential utilities rather than only private companies, making resilience and identity controls a strategic priority.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Prime Minister Kim Min-seok has called for punitive fines of up to 10 percent of company sales for repeated and serious data breaches, as public anger grows over large-scale leaks.
The government is seeking swift legislation to impose stronger sanctions on firms that fail to safeguard personal data, reflecting President Lee Jae Myung’s stance that violations require firm penalties instead of lenient warnings.
Kim said corporate responses to recent breaches had fallen far short of public expectations and stressed that companies must take full responsibility for protecting customer information.
Under the proposed framework, affected individuals would receive clearer notifications that include guidance on their rights to seek damages.
The government of South Korea also plans to strengthen investigative powers through coercive fines for noncompliance, while pursuing rapid reforms aimed at preventing further harm.
The tougher line follows a series of major incidents, including a leak at Shinhan Card that affected around 190,000 merchant records and a large-scale breach at Coupang that exposed the data of 33.7 million users.
Officials have described the Coupang breach as a serious social crisis that has eroded public trust.
Authorities have launched an interagency task force to identify responsibility and ensure tighter data protection across South Korea’s digital economy instead of relying on voluntary company action.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Central Bank of Russia has introduced a detailed proposal aimed at bringing cryptocurrencies under a unified regulatory framework, marking a significant step towards formal legal recognition of digital assets.
Under the proposal, both qualified and non-qualified investors would be permitted to purchase cryptocurrencies. Investor status would be determined by factors such as education, professional background, income level, and asset holdings.
Non-qualified investors would be restricted to buying up to 300,000 roubles worth of crypto per year through authorised intermediaries.
Digital currencies and stablecoins would be classified as currency values under Russian law, yet their use as a means of payment for goods and services would remain prohibited. The framework maintains the state’s long-standing opposition to domestic crypto payments.
Russian residents would also gain the right to purchase and transfer crypto assets abroad, provided such transactions are reported to the Federal Tax Service. The central bank aims to finalise the legislative groundwork by 1 July 2026.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Florida lawmakers are preparing a sweeping AI Bill of Rights as political debates intensify. Senator Tom Leek introduced a proposal to provide residents with clearer safeguards while regulating how firms utilise advanced systems across the state.
The plan outlines parental control over minors’ interactions with AI and requires disclosure when people engage with automated systems. It also sets boundaries on political advertising created with AI and restricts state contracts with suppliers linked to countries of concern.
Governor Ron DeSantis maintains Florida can advance its agenda despite federal attempts to curb state-level AI rules. He argues the state has the authority to defend consumers while managing the rising costs of new data centre developments.
Democratic lawmakers have raised concerns about young users forming harmful online bonds with AI companions, prompting calls for stronger protections. The legislation now forms part of a broader clash over online safety, privacy rights and fast-growing AI industries.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Apple has been fined €98 million by Italy’s competition authority after regulators concluded that its App Tracking Transparency framework distorted competition in the app store market.
Authorities stated that the policy strengthened Apple’s dominant position while limiting how third-party developers collect advertising data.
The investigation found that developers were required to request consent multiple times for the same data processing purposes, creating friction that disproportionately affected competitors.
Regulators in Italy argued that equivalent privacy protections could have been achieved through a single consent mechanism instead of duplicated prompts.
According to the Italian authority, the rules were imposed unilaterally across the App Store ecosystem and harmed commercial partners reliant on targeted advertising. The watchdog also questioned whether the policy was proportionate from a data protection perspective under the EU law.
Apple rejected the findings and confirmed plans to appeal, stating that App Tracking Transparency prioritises user privacy over the interests of ad technology firms.
The decision follows similar penalties and warnings issued in France and Germany, reinforcing broader European scrutiny of platform governance.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
France’s national postal service, La Poste, suffered a cyber incident days before Christmas that disrupted websites, mobile applications and parts of its delivery network.
The organisation confirmed a distributed denial of service attack temporarily knocked key digital systems offline, slowing parcel distribution during the busiest period of the year.
A disruption that also affected La Banque Postale, with customers reporting limited access to online banking and mobile services. Card payments in stores, ATM withdrawals, and authenticated online payments continued to function, easing concerns over wider financial instability.
La Poste stated there was no evidence of customer data exposure, although several post offices in France operated at reduced capacity. Staff were deployed to restore services while maintaining in-person banking and postal transactions where possible.
The incident added to growing anxiety over digital resilience in critical public services, particularly following a separate data breach disclosed at France’s Interior Ministry last week. Authorities have yet to identify those responsible for the attack on La Poste.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The US tech giant NVIDIA has largely remained shut out of China’s market for advanced AI chips, as US export controls have restricted sales due to national security concerns.
High-performance processors such as the H100 and H200 were barred, forcing NVIDIA to develop downgraded alternatives tailored for Chinese customers instead of flagship products.
A shift in policy emerged after President Donald Trump announced that H200 chip sales to China could proceed following a licensing review and a proposed 25% fee. The decision reopened a limited pathway for exporting advanced US AI hardware, subject to regulatory approval in both Washington and Beijing.
If authorised, the H200 shipments would represent the most powerful US-made AI chips permitted in China since restrictions were introduced. The move could help NVIDIA monetise existing H200 inventory while easing pressure on its China business as it transitions towards newer Blackwell chips.
Strategically, the decision may slow China’s push for AI chip self-sufficiency, as domestic alternatives still lag behind NVIDIA’s technology.
At the same time, the policy highlights a transactional approach to export controls, raising uncertainty over long-term US efforts to contain China’s technological rise.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The European Commission has renewed its two adequacy decisions allowing the continued free flow of personal data between the European Union and the United Kingdom. The decision confirms that UK data protection rules remain essentially equivalent to EU standards.
The adequacy findings cover both the General Data Protection Regulation and the Law Enforcement Directive, enabling personal data to move freely between the European Economic Area and the UK without additional safeguards.
In June 2025, the Commission adopted a temporary six-month extension after the original decisions were due to expire, allowing time to assess changes introduced by the UK’s Data (Use and Access) Act.
The renewal follows a positive opinion from the European Data Protection Board and approval from EU member states through the comitology procedure, completing the formal adoption process.
The renewed decisions include a six-year sunset clause, running until December 2031. A joint review by the Commission and the European Data Protection Board is scheduled after four years.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The European Commission has proposed extending the Interim Regulation that allows online service providers to voluntarily detect and report child sexual abuse instead of facing a legal gap once the current rules expire.
These measures would preserve existing safeguards while negotiations on permanent legislation continue.
The Interim Regulation enables providers of certain communication services to identify and remove child sexual abuse material under a temporary exemption from e-Privacy rules.
Without an extension beyond April 2026, voluntary detection would have to stop, making it easier for offenders to share illegal material and groom children online.
According to the Commission, proactive reporting by platforms has played a critical role for more than fifteen years in identifying abuse and supporting criminal investigations. Extending the interim framework until April 2028 is intended to maintain these protections until long-term EU rules are agreed.
The proposal now moves to the European Parliament and the Council, with the Commission urging swift agreement to ensure continued protection for children across the Union.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
