Jurisdiction

Canada seeks stronger privacy rights through new digital governance law

The Canadian government has introduced the Protecting Privacy and Consumer Data Act, a major legislative proposal designed to modernise the country’s private-sector privacy framework and strengthen protections in an increasingly AI-driven digital environment.

According to the government, Canada’s existing privacy legislation was developed more than 25 years ago and no longer reflects technological realities such as AI, automated decision-making systems, deepfakes and the large-scale collection of children’s data.

The proposed law seeks to address those challenges by establishing stronger rights for individuals and clearer obligations for organisations.

The legislation would recognise privacy as a fundamental right, strengthen protections for children’s data, require meaningful consent for the collection and use of personal information, and introduce greater transparency around automated decision-making.

Canadians would also gain the right to request the deletion of their personal information and benefit from enhanced safeguards when their data is transferred outside Canada.

The proposed framework would be overseen by a newly established Digital Safety and Data Protection Commission of Canada.

The regulator would have authority to issue binding orders and impose significant penalties on organisations that fail to comply with privacy requirements. The government describes the legislation as a key component of its recently launched national AI strategy, aimed at strengthening trust in digital services, data-driven innovation and emerging technologies.

Why does it matter?

The proposed legislation represents one of Canada’s most significant privacy reforms in decades and reflects a broader international trend of updating data protection frameworks for the AI era. As AI systems, automated decision-making tools and digital platforms become more deeply embedded in everyday life, governments are seeking stronger safeguards for personal data, transparency and accountability.

The bill also signals a growing convergence between privacy policy and AI governance. By introducing stronger protections for children’s data, new rights for individuals and greater oversight of automated systems, Canada is positioning privacy as a key foundation for public trust in digital services and emerging technologies.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Debate grows over UK’s proposed social media ban for under-16s

Amnesty International has challenged the British government’s decision to introduce a social media ban for under-16s, arguing that it targets children rather than the design choices made by digital platforms.

Responding to the announcement, Amnesty International UK chief executive Kerry Moscogiuri said the government had correctly identified the risks facing young people online but had chosen the wrong solution.

Amnesty argued that social media companies have developed products and business models that prioritise engagement and profit over children’s well-being, privacy and rights.

The organisation argues that social media platforms should be redesigned and regulated more effectively rather than restricting access for young users. The organisation argued that social media remains an important space where children and teenagers learn, communicate with friends, access support networks and participate in public life.

The human rights group is calling for stronger platform regulation, including restrictions on invasive profiling, hyper-personalised recommendation systems, autoplay features and infinite scrolling.

Amnesty also called for stronger protections for children’s privacy and personal data, arguing that responsibility for online safety should rest primarily with technology companies rather than young users.

Ofcom supports further assessment of child online safety measures

In a letter to Technology Secretary Liz Kendall, Ofcom chief executive Dame Melanie Dawes said the regulator had begun examining age-assurance options and would provide an assessment by the end of October 2026 to support parliamentary consideration of the proposals.

The regulator also pledged to continue prioritising enforcement of existing child protection measures under the Online Safety Act and confirmed it will publish reports on enforcement outcomes and evaluate the impact of the proposed ban within a year of implementation.

Why does it matter?

The debate highlights two competing approaches to child online safety. One approach focuses on restricting access to social media for younger users, while the other seeks to address the design features and business models that critics argue contribute to online harms.

The discussion also reflects broader questions about platform accountability, children’s rights and digital governance. As governments around the world consider age restrictions, age verification requirements and online safety measures, policymakers continue to grapple with how to balance child protection, privacy, freedom of expression and access to digital services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU AI Board reviews AI Act implementation and tech sovereignty agenda

The EU AI Board held its eighth meeting to review progress on AI Act implementation and discuss wider priorities in the EU’s AI strategy.

The meeting took place under the chairmanship of the Cypriot Presidency of the EU Council. The presidency also announced that Moldova had been granted observer status on the AI Board.

The European Commission presented its Tech Sovereignty Package, with a focus on the proposed Cloud and AI Development Act and its role in strengthening AI innovation, competitiveness and technological sovereignty in Europe.

The Board also reviewed the final version of the voluntary Code of Practice on labelling and marking AI-generated content. The code sets out practical steps to help providers and deployers of generative AI systems meet transparency obligations under the AI Act, which will apply from 2 August 2026.

Further discussions focused on the AI Act’s implementation architecture. The Commission presented the recently appointed Scientific Panel and AI Act Advisory Forum, which will support the Commission and the AI Board. Members also discussed progress in establishing national market surveillance authorities and endorsed additional documents prepared by an AI Board subgroup, which are expected to be published shortly.

Why does it matter?

The meeting shows the EU moving from AI Act adoption towards practical implementation. The discussion links several important pieces of the EU AI governance architecture: voluntary transparency tools, expert advisory bodies, national market surveillance authorities and broader industrial policy through the Tech Sovereignty Package. Together, these elements will shape how AI rules are coordinated, interpreted and enforced across the EU.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU publishes the final Code for labelling AI-generated content

The European Commission has published the final Code of Practice on marking and labelling AI-generated content, offering practical guidance for providers and deployers preparing to comply with transparency obligations under the EU AI Act.

The code is voluntary, but the underlying transparency obligations in Article 50 of the AI Act will apply from 2 August 2026. The Commission said the code is intended to help organisations implement those obligations in a consistent, practical and proportionate way.

The framework covers two main areas. Providers of generative AI systems are guided on marking and detecting AI-generated or manipulated audio, image, video and text content, including through machine-readable solutions where technically feasible. Deployers are guided on labelling deepfakes and AI-generated or manipulated text published to inform the public on matters of public interest.

Under the AI Act, users must also be informed when they are interacting with interactive AI systems, such as chatbots. The transparency requirements are intended to help people recognise when content has been generated or altered by AI and to reduce the risk of deception and manipulation.

The Commission has also published a set of the EU icons that deployers may use to label certain AI-generated content. The code does not replace the AI Act or future Commission guidelines on Article 50, which are expected before the transparency obligations begin to apply.

The Commission and the AI Board will now assess the code’s adequacy. If assessed positively, providers and deployers who sign the code may use its measures to help demonstrate compliance with the AI Act’s transparency rules.

Why does it matter?

The code is an important step in turning the AI Act’s transparency provisions into operational practice. Labelling and machine-readable marking rules could shape how platforms, AI providers, media organisations and other deployers handle synthetic text, images, audio and video. The measures are especially relevant for public-interest information, where undisclosed AI-generated or manipulated content can affect trust, elections, journalism and public debate.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UN Cybercrime Convention Protocol talks reveal competing visions

The process of developing a supplementary protocol to the UN Convention against Cybercrime has begun, with early state submissions already showing competing views over its scope and timing.

The Ad Hoc Committee Secretariat invited preliminary written inputs on the possible scope, objectives and structure of a draft protocol supplementary to the Convention, also known as the ‘Hanoi Convention’. The mandate follows UN General Assembly resolution 79/243, which asked the Committee to negotiate a draft protocol addressing, among other issues, additional criminal offences.

The United States questioned the exercise’s premise, arguing that discussions on a supplementary protocol are premature because the Convention has not yet entered into force and its implementation has not yet been tested. Washington called for the Committee first to address whether a protocol is needed at all before discussing its scope, objectives and structure.

Russia, by contrast, submitted a draft protocol text covering a broad range of offences, including terrorism financing, extremism, arms and drug trafficking, critical information infrastructure, unauthorised access to personal data and crimes involving AI. The proposal reflects a wider approach to criminalisation, including content-related offences that are likely to be contested by states concerned about overreach, legal certainty and human rights safeguards.

Other early submissions appear more cautious. Brazil, Nigeria, and Ecuador broadly support advancing the protocol process, while signalling the need to limit its scope and maintain attention to safeguards. Brazil warned against including offences where there is insufficient international consensus, while Ecuador proposed a structure that includes emerging offences, digital evidence, public-private cooperation, proportionality and human rights.

The early inputs point to a familiar divide in UN cybercrime negotiations: whether the treaty framework should remain focused on classical cybercrime, electronic evidence and criminal justice cooperation, or expand further into content-based offences, national security concerns and politically sensitive forms of online conduct.

Why does it matter?

A supplementary protocol could shape the evolution of the UN cybercrime framework after the adoption of the main Convention. If states use the protocol to add broad or content-related offences, the treaty system could move beyond core cybercrime and electronic evidence cooperation into areas with direct implications for freedom of expression, human rights safeguards, political speech, platform governance and state sovereignty. The early submissions suggest that those unresolved tensions are already resurfacing before the Convention has entered into force.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK to test AI legal assistants to help reduce court delays

The UK government will develop and test AI legal assistants as part of a broader set of technology initiatives aimed at reducing court delays and improving the efficiency of the justice system. The Ministry of Justice said the tools will support routine casework, including research and case analysis, before any possible use in the Crown Court.

The AI legal assistants will be developed in collaboration with legal professionals and AI developers, with initial testing taking place in controlled environments. The government said the trials will help establish standards for the safe and ethical use of AI in legal settings and ensure any future systems meet the expectations of judges and legal practitioners before wider deployment.

Judges are also preparing to test an AI tool designed to identify trial-ready cases and group similar hearings together. The government said the tool is intended to better use judicial, prosecutorial, and court resources, helping cases move more quickly for victims.

The announcement also covers Justice Transcribe, an AI tool now available to every probation officer in England and Wales. The tool records and transcribes conversations with offenders, reducing the administrative burden associated with transferring handwritten notes into digital systems.

According to the government, Justice Transcribe could free up the equivalent of 18,750 days annually, enabling probation officers to spend more time supervising offenders and supporting efforts to reduce reoffending. A similar transcription tool is being trialled in Immigration and Asylum Tribunals to support judges with case notes and reduce administrative pressure.

The projects form part of the Prime Minister’s AI Exemplars programme, which aims to accelerate the adoption of AI across public services. The government also pointed to AI Growth Labs, secure testing environments intended to help the UK lawtech sector develop and refine AI products before bringing them to market.

Why does it matter?

Justice systems around the world are exploring how AI can help address growing caseloads, administrative burdens and resource constraints. Applications such as legal research assistance, transcription services and case management tools have the potential to improve efficiency while allowing legal professionals to focus on higher-value tasks.

At the same time, the use of AI in judicial and legal contexts raises important questions about accountability, transparency, fairness and human oversight. The UK’s emphasis on controlled testing and ethical safeguards reflects growing recognition that AI deployment in the justice sector requires robust governance alongside technological innovation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

US unveils new strategy to accelerate AI adoption in national security

The Trump administration has issued a new National Security Presidential Memorandum aimed at accelerating the adoption of AI across the US national security apparatus.

According to the White House, the framework is intended to ensure that military personnel, intelligence professionals and national security agencies have access to advanced AI systems while maintaining accountability and operational control.

The memorandum directs federal agencies to expand the use of commercial and open-source AI technologies in support of national security missions. It also calls for investment in next-generation secure computing infrastructure capable of supporting increasingly advanced AI models and computational workloads.

The memorandum also proposes the creation of an AI National Security Strategic Reserve, bringing together leading non-governmental experts to support national security priorities.

The new framework places emphasis on accountability, reliability and command authority. The White House emphasised that agency leaders and military commanders will remain accountable for decisions and operations supported by AI systems.

Why does it matter?

AI is increasingly viewed as a strategic capability across defence, intelligence, cybersecurity and military planning. Governments are investing heavily in AI systems that can enhance analysis, decision support, operational planning and threat detection.

The memorandum signals Washington’s intention to accelerate the integration of AI into national security operations while maintaining human oversight and accountability. It also reflects broader geopolitical competition over advanced technologies, as major powers seek to secure advantages in AI-driven security capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

New Washington initiative targets legal frameworks for collective cyber defence

A new policy coalition has been launched in Washington to develop frameworks governing collaboration between government agencies and private companies on cyber operations, amid growing concerns that unresolved legal questions are limiting deeper cooperation.

Venable’s Center for Cybersecurity Policy and Law established the Cyber Operations Policy Coalition this week. The coalition aims to bring together industry representatives, government officials, legal experts, academics and civil society organisations to develop policy frameworks for collective cyber defence.

Corporate members include Microsoft, Lumen, Halcyon, Autonomous Cyber, and Voreas Labs. Non-corporate members span think tanks and academic institutions, including the Foundation for Defense of Democracies, the Cyber Threat Alliance, the Institute for Security and Technology, McCrary Institute for Cyber and Critical Infrastructure Security, and American University’s Tech, Law, and Security Program. The International Committee of the Red Cross and the Stimson Center participate as observers.

The coalition is coordinated by Stacy O’Mara and advised by a panel that includes former NSA Cybersecurity Director Rob Joyce, former CISA official Bryan Ware, and former Representative Jim Langevin.

During the launch event, current and former officials identified legal authorities, liability arrangements and operational rules as key areas requiring clarification before public-private cyber collaboration can expand at scale. Katie Sutton, assistant secretary of defence for cyber policy, noted that legal expertise would be central to closer integration, pointing to existing authority frameworks on both the government and industry sides.

Tonya Ugoretz, head of PwC’s Cyber & Risk Innovation Institute, highlighted the need for clearer liability frameworks to enable cyber operations without requiring case-by-case authorisation.

The initiative reflects the structure of the cyber domain, where much of the internet and critical infrastructure is privately owned, making companies both potential targets of cyberattacks and key partners in cyber defence efforts.

Several parallel developments add context to the coalition’s launch. The Joint Cyber Defense Collaborative, the CISA-led body for public-private cyber coordination, is mapping both defensive and potential offensive options for use in geopolitical crisis scenarios involving major infrastructure providers, according to JCDC deputy assistant director Matt Springer.

The US military has also more openly discussed offensive cyber operations in recent months, while Congress is considering a proposal for a dedicated cyber service branch.

The emergence of increasingly capable AI systems with cybersecurity applications has further expanded the range of technical, operational and legal questions facing policymakers.

Why does it matter?

Cybersecurity increasingly depends on cooperation between governments and private companies because much of the infrastructure targeted by cyberattacks is privately owned and operated. However, legal questions surrounding authority, liability and operational responsibilities remain unresolved in many jurisdictions.

The coalition reflects growing recognition that existing frameworks may not be fully suited to large-scale cyber defence efforts, particularly as geopolitical tensions, critical infrastructure threats and AI-enabled cyber capabilities increase. Its work could help shape future approaches to collective cyber defence and public-private cybersecurity cooperation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Anthropic offers ENISA access to advanced AI security model

Anthropic has invited the European Commission to facilitate access for ENISA, the EU agency for cybersecurity, to its cybersecurity-focused AI model Mythos, according to Bloomberg. The invitation followed a meeting between Anthropic and the Commission in San Francisco on 29 May. The EU must now establish a mechanism with appropriate security safeguards before access can be implemented; an ENISA official confirmed the agency does not currently have active access.

Anthropic unveiled Mythos in April, describing it as a model capable of identifying and exploiting cybersecurity vulnerabilities at a level that surpasses most human experts. Bloomberg reported on 2 June that ENISA was set to receive access to the model.

European Commission spokesperson Thomas Regnier welcomed the development, saying that access could help authorities build a clearer understanding of potential risks as increasingly capable AI models enter the market. The invitation follows calls from European policymakers and cybersecurity officials for greater access to advanced AI systems and for the development of comparable European capabilities.

Why does it matter?

The emergence of AI models capable of identifying software vulnerabilities at scale is reshaping cybersecurity risk assessments for governments, regulators and critical infrastructure operators. Access to such systems can help authorities better understand their capabilities, evaluate potential threats and develop appropriate safeguards.

For the EU, granting ENISA access to Mythos could support evidence-based policymaking and strengthen preparedness as increasingly powerful cybersecurity-focused AI models become available. The move also highlights a broader challenge: ensuring that public institutions can keep pace with rapidly advancing AI capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Greece approves major digital governance and interoperability reforms

The Greek Parliament has approved a bill from the Ministry of Digital Governance and Artificial Intelligence to expand digital public services, reduce bureaucracy, and strengthen cybersecurity.

The legislation implements the EU rules on the cross-border automated exchange of supporting documents through the once-only principle, allowing citizens and businesses to avoid repeatedly submitting the same documents to public authorities across the EU.

Greece’s new framework establishes technical and operational measures enabling public authorities to retrieve official documents securely and automatically, with the user’s consent. The system will operate through the European interoperability infrastructure and in line with the EU data protection requirements.

The General Secretariat for Information Systems and Digital Governance will oversee technical coordination and implementation.

Beyond cross-border services, the legislation introduces several domestic digital initiatives. These include a Defective Vehicle Recall Registry to notify vehicle owners about critical safety issues, upgrades to the MyStreet application with electric vehicle charging points and emergency gathering locations, and a customer relationship management platform on gov.gr that will allow citizens to track public service requests through a single interface.

The bill also includes measures to accelerate the launch of more than 800 new public-sector interoperability services and strengthen protections against online fraud. A National Malicious Website Blocking List will be established through Greece’s National Cybersecurity Authority to support faster blocking of phishing websites, scam portals, and malicious online services.

Why does it matter?

The legislation shows how EU interoperability rules are being translated into national digital government reforms. Greece is combining the once-only principle for cross-border public services with domestic service integration, citizen-facing digital tools, and cybersecurity measures against online fraud. The result is a broader shift towards public administration built around automated document exchange, consent-based data retrieval, and shared digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.