Jurisdiction

European Commission targets end-to-end encryption and proposes expanding Europol’s powers into an EU-level FBI equivalent

The European Commission announced ProtectEU, a new internal security strategy that sets out the broad priorities it intends to pursue in the coming years in response to evolving security challenges. While the document outlines strategic objectives, it does not include specific legislative proposals.

The Commission highlighted the need to revisit the European Union’s approach to internal security, citing what it described as ‘a changed security environment and an evolving geopolitical landscape.’ Among the identified challenges are hybrid threats from state and non-state actors, organised crime, and increasing levels of online criminal activity.

One of the key elements of the strategy is the proposed strengthening of Europol’s operational role. The Commission suggests developing Europol into a truly operational police agency to reinforce support to member states, with the capacity to assist in cross-border, large-scale, and complex investigations that present serious risks to the Union’s internal security.

That would bring Europol closer in function to agencies such as the US Federal Bureau of Investigation. The strategy also notes the Commission’s intention to develop roadmaps on ‘lawful and effective access to data for law enforcement’ and encryption.

The strategy aims to ‘identify and assess technological solutions that would enable law enforcement authorities to access encrypted data lawfully, safeguarding cybersecurity and fundamental rights.’ These issues continue to be the subject of technical and legal discussion across jurisdictions.

Other aspects of the strategy address long-standing challenges within the EU’s security framework, including limited situational awareness and coordination at the executive level. The strategy proposes enhancing intelligence-sharing through the EU’s Single Intelligence Analysis Capacity, a mechanism for the voluntary sharing of intelligence by member states, which is currently supported by open-source analysis.

The report further emphasised that the effectiveness of any reforms in this area would depend on the commitment of member states, citing ongoing challenges related to differing national priorities and levels of political alignment. In addition, the Commission announced its intention to propose a new Cybersecurity Act and new measures to secure cloud and telecom services and develop technological sovereignty.

For more information on these topics, visit diplomacy.edu.

Singapore issues new guidelines to strengthen resilience and security of cloud services and data centres

The Infocomm Media Development Authority (IMDA) has issued new Advisory Guidelines (AGs) intended to support the resilience and security of Cloud Services and Data Centres (DCs) in Singapore. The guidelines set out best practices for Cloud Service Providers (CSPs) and DC operators, aiming to reduce service disruptions and limit their potential impact on economic and social functions.

A wide range of digital services—including online banking, ride-hailing, e-commerce, and digital identity systems—depend on the continued availability of cloud infrastructure and data centre operations. Service interruptions may affect the delivery of these services.

The AGs encourage service providers to adopt measures that improve their ability to recover from outages and maintain operational continuity. The AGs recommend various practices to address risks associated with technical misconfigurations, physical incidents, and cybersecurity threats.

Key proposals include conducting risk and business impact assessments, establishing business continuity arrangements, and strengthening cybersecurity capabilities. For Cloud Services, the guidelines outline seven measures to reinforce security and resilience.

These cover security testing, access controls, data governance, and disaster recovery planning. Concerning Data Centres, the AGs provide a framework for business continuity management to minimise operational disruptions and maintain high service availability.

That involves the implementation of relevant policies, operational controls, and ongoing review processes. The development of the AGs forms part of wider national efforts led by the inter-agency task force on the Resilience and Security of Digital Infrastructure and Services.

These guidelines are intended to complement regulatory initiatives, including planned amendments to the Cybersecurity Act and the Digital Infrastructure Act (DIA) introduction, which will establish requirements for critical digital infrastructure providers such as major CSPs and DC operators. To inform the guidelines, the IMDA conducted consultations with a broad range of stakeholders, including CSPs, DC operators, and end user enterprises across sectors such as banking, healthcare, and digital platforms.

The AGs will be updated periodically to reflect technological developments, incident learnings, and further industry input. A coordinated approach is encouraged across the digital services ecosystem. Businesses that provide digital services are advised to assess operational risks and establish appropriate business continuity plans to support service reliability.

The AGs also refer to international standards, including IMDA’s Multi-Tier Cloud Security Standard, the Cloud Security Alliance Cloud Controls Matrix, ISO 27001, and ISO 22301. Providers are encouraged to designate responsible personnel to oversee resilience and security efforts.

These guidelines form part of Singapore’s broader strategy to strengthen its digital infrastructure. The government will continue to engage with sectoral regulators and stakeholders to promote resilience, cybersecurity awareness, and preparedness across industries and society.

As digital systems evolve, sustained attention to infrastructure resilience and security remains essential. The AGs are intended to support organisations in maintaining reliable services while aligning with recognised standards and best practices.

For more information on these topics, visit diplomacy.edu.

Midjourney’s V7 debuts with personalization and improved image quality

Midjourney has launched V7, its first new AI image model in nearly a year, introducing major improvements in image quality and text prompt accuracy.

The model, which rolled out in alpha on Thursday, features enhanced textures, better coherence in generating bodies and objects, and a new personalization system that tailors results to individual users.

To access V7, users must first rate around 200 images to create a personalised profile, a feature enabled by default for the first time.

The new model is available in two versions: Turbo, which generates images at a higher cost, and Relax, a more budget-friendly option. A new Draft Mode also allows users to create lower-quality images at ten times the speed and half the cost of standard mode, with the option to enhance them later.

Some existing Midjourney features, such as image upscaling and retexturing, are not yet available in V7 but are expected within two months.

Midjourney remains an independent company, having raised no external funding since its launch in 2022. The San Francisco-based firm is reportedly generating around $200 million in revenue and is expanding into hardware, video, and 3D object generation.

However, the company faces ongoing legal challenges, with multiple lawsuits accusing it of using copyrighted images without permission to train its AI models.

For more information on these topics, visit diplomacy.edu.

New Jersey criminalises the harmful use of AI deepfakes

New Jersey has become one of several US states to criminalise the creation and distribution of deceptive AI-generated media, commonly known as deepfakes. Governor Phil Murphy signed the legislation on Wednesday, introducing civil and criminal penalties for those who produce or share such media.

If deepfakes are used to commit further crimes like harassment, they may now be treated as a third-degree offence, punishable by fines up to $30,000 or up to five years in prison.

The bill was inspired by a disturbing incident at a New Jersey school where students shared explicit AI-generated images of a classmate.

Governor Murphy had initially vetoed the legislation in March, calling for changes to reduce the risk of constitutional challenges. Lawmakers later amended the bill, which passed with overwhelming support in both chambers.

Instead of ignoring the threat posed by deepfakes, the law aims to deter their misuse while preserving legitimate applications of AI.

‘This legislation takes a proactive approach,’ said Representative Lou Greenwald, one of the bill’s sponsors. ‘We are safeguarding New Jersey residents and offering justice to victims of digital abuse.’

A growing number of US states are taking similar action, particularly around election integrity and online harassment. While 27 states now target AI-generated sexual content, others have introduced measures to limit political deepfakes.

States like Texas and Minnesota have banned deceptive political media outright, while Florida and Wisconsin require clear disclosures. New Jersey’s move reflects a broader push to keep pace with rapidly evolving technology and its impact on public trust and safety.

For more information on these topics, visit diplomacy.edu.

Are digital taxes the new frontline in global trade warfare?

While President Trump’s tariffs on goods dominate headlines, a more consequential battle is brewing over digital services. US tech giants like Meta, Google, and Amazon wield unparalleled global dominance in this sector.

In just-in-time analysis, Jovan Kurbalija argues that Trump’s fixation on traditional trade levers (steel, cars) overlooks a critical vulnerability for the United States: the use of digital services taxes (DSTs) and regulatory pressure by the EU and other trading partners to counterbalance new US tariff.

The collapse of OECD-led multilateral tax negotiations in 2024 has triggered a resurgence of unilateral DSTs, from Canada’s retroactive levy to India’s expanded ‘equalization levy’ and revived EU proposals for bloc-wide digital taxes.

Kurbalija analyses how digital taxation redefines trade diplomacy, with implications ranging from recalibrated leverage (host nations exploiting US tech dependence) to governance gaps (WTO rules ill-equipped for digital disputes). It poses new challenges for digital diplomacy, AI negotiations, and internet governance.

He warns that failure to address this ‘invisible trade war’ could escalate tit-for-tat measures, jeopardizing both physical goods trade and the digital economy. The rise of data and sovereignty will be inevitable.

Ultimately, the piece underscores a paradigm shift: in the 21st-century economy, algorithms, and data flows are as strategically vital as steel beams—and more impactful for economic well-being and global prosperity.

For more information on these topics, read more here.

AppLovin joins TikTok takeover frenzy

As the 5 April deadline approaches for TikTok to secure a non-Chinese buyer or face a US ban, the list of potential acquirers continues to grow.

Marketing platform AppLovin has submitted a preliminary bid to acquire TikTok’s operations outside of China, aiming to expand its footprint in the global digital advertising arena.

AppLovin’s move adds to the mounting interest in TikTok, with Amazon and a consortium led by OnlyFans founder Tim Stokely also entering the fray.

These developments come amid US government concerns over TikTok’s Chinese ownership, which officials argue poses national security risks, a claim that TikTok and its parent company, ByteDance, have consistently denied.

The White House has taken an unusually active role in facilitating the sale.

President Donald Trump indicates openness to a deal wherein China approves the transaction in exchange for relief from US tariffs on Chinese imports.

This intertwining of trade negotiations and tech acquisitions underscores the complex geopolitical landscape influencing the fate of TikTok in the US.

Private equity firm Blackstone is also evaluating a minority investment in TikTok’s US operations, potentially joining non-Chinese shareholders like Susquehanna International Group and General Atlantic in contributing fresh capital.

The future of TikTok, an app used by nearly half of all Americans, remains uncertain as the deadline looms and negotiations continue.

For more information on these topics, visit diplomacy.edu.

Authors in London protest Meta’s copyright violations

A wave of protest has hit Meta’s London headquarters today as authors and publishing professionals gather to voice their outrage over the tech giant’s reported use of pirated books to develop AI tools.

Among the protesters are acclaimed novelists Kate Mosse and Tracy Chevalier and poet Daljit Nagra, who assembled in Granary Square near Meta’s King’s Cross office to deliver a complaint letter from the Society of Authors (SoA).

At the heart of the protest is Meta’s alleged reliance on LibGen, a so-called ‘shadow library’ known for hosting over 7.5 million books, many without the consent of their authors.

A recent searchable database published by The Atlantic revealed that thousands of copyrighted works, including those by renowned authors, may have been used to train Meta’s AI models, provoking public outcry and legal action in the US.

Vanessa Fox O’Loughlin, chair of the SoA, condemned Meta’s reported actions as ‘illegal, shocking, and utterly devastating for writers,’ arguing that such practices devalue authors’ time and creativity.

‘A book can take a year or longer to write. Meta has stolen books so that their AI can reproduce creative content, potentially putting these same authors out of business’ she said.

Meta has denied any wrongdoing, with a spokesperson stating that the company respects intellectual property rights and believes its AI training practices comply with existing laws.

Still, the damage to trust within the creative community appears significant. Author AJ West, who discovered his novels were listed on LibGen, described the experience as a personal violation:

‘I was horrified to see that my novels were on the LibGen database, and I’m disgusted by the government’s silence on the matter,’ he said, adding, ‘To have my beautiful books ripped off like this without my permission and without a penny of compensation then fed to the AI monster feels like I’ve been mugged.’

Legal action is already underway in the US, where a group of high-profile writers, including Ta-Nehisi Coates, Junot Díaz, and Sarah Silverman, have filed a lawsuit against Meta for copyright infringement.

The suit alleges that Meta CEO Mark Zuckerberg and other top executives knew that LibGen hosts pirated content when they greenlit its use for AI development.

The protest is also aimed at UK lawmakers. Authors like Richard Osman and Kazuo Ishiguro have joined the call for British officials to summon Meta executives before parliament.

The Society of Authors has launched a petition on Change.org that has already attracted over 7,000 signatures.

Demonstrators were urged to bring placards and spread their message online using hashtags like #MetaBookThieves and #MakeItFair as they rally against alleged copyright violations and for broader protection of creative work in the age of AI.

The case, one of the lots, describes the increasingly tense relationship between the tech industry, content and data policies in training AI systems, which hardly depend on the written word and the most various literature, facts, and info from the written tradition to be trained (and thus able) to respond to most various user requests and alongside be accurate in their responses.

For more information on these topics, visit diplomacy.edu.

UK government announces new cyber bill to strengthen national defences and protect critical infrastructure

The UK government has unveiled plans for a new Cyber Security and Resilience Bill aimed at enhancing the country’s ability to defend against the growing risk of cyber threats. Scheduled to be introduced later this year, the Bill forms a key part of the government’s broader strategy to protect critical national infrastructure (CNI), support economic growth, and ensure the resilience of the UK’s digital landscape.

The forthcoming legislation will focus on bolstering the cyber resilience of essential services—such as healthcare, energy, and IT providers—that underpin the economy and daily life. Around 1,000 vital service providers will be required to meet strengthened cyber security standards under the new rules. These measures are designed to safeguard supply chains and key national functions from increasingly sophisticated cyber attacks affecting both public and private sectors.

In addition, the government is considering extending cyber security regulations to over 200 data centres across the country. These centres are integral to the functioning of modern finance, e-commerce, and digital communication. By improving their security, the government hopes to safeguard services that rely heavily on data, such as online banking, shopping platforms, and social media.

If adopted, the government’s proposals include:

  • Expanding the scope of the NIS Regulations. The scope of the Network and Information Systems (NIS) Regulations would be broadened to include a wider range of organisations and suppliers. This expansion would bring data centres, Managed Service Providers (MSPs), and other critical suppliers under the regulatory framework, ensuring that more entities are held to high standards of cyber security and resilience.
  • Enhanced regulatory powers. Regulators would be equipped with additional tools to strengthen cyber resilience within the sectors they oversee. This includes new obligations for organisations to report a broader range of significant cyber incidents, enabling faster and more informed responses to emerging threats.
  • Greater Flexibility to Adapt. The government would gain increased flexibility to update the framework in line with the evolving threat landscape. This means regulations could be swiftly extended to cover new and emerging sectors, ensuring the UK remains agile in the face of dynamic cyber risks.
  • New Executive Powers for National Security. In circumstances where national security is at stake, the government would be granted new executive powers to act decisively in response to serious cyber threats.

For more information on these topics, visit diplomacy.edu.

Japan passes landmark cyber defence bill

Japan has passed the Active Cyber Defence Bill, which permits the country’s military and law enforcement agencies to undertake pre-emptive measures in response to cyber threats.

The legislation adopts a two-pronged approach, focusing on both passive and active cyber defence. It includes the establishment of a cybersecurity council and an oversight committee to enhance threat analysis and information-gathering capabilities. The bill also introduces new requirements for critical infrastructure providers to report cybersecurity incidents promptly. Additionally, it enables the government to collect technical information—such as IP addresses and timestamps—from telecommunications providers in cases where a potential cyberattack is identified, to monitor communications between Japan and external actors.

The legislation also grants the military powers to carry out active measures against cyber threats. This includes the deployment of ‘cyber harm-prevention officers’, tasked with actions such as disrupting servers involved in cyberattacks and responding to critical incidents.

While the bill is positioned as part of Japan’s broader efforts to strengthen its cyber resilience, some commentary has raised questions about the balance between security and oversight.

For more information on these topics, visit diplomacy.edu.

Japan targets Apple and Google with new law

The Japan Fair Trade Commission (JFTC) announced on Monday that it has designated Apple Inc., its Japanese subsidiary iTunes K.K., and Google LLC under the new smartphone software competition promotion law.

The law targets dominant IT companies in the smartphone app market, regulating areas like smartphone operating systems, app stores, web browsing software, and search engines.

The primary aim of the law is to prevent these giants from blocking market entry for other companies or giving preferential treatment to their own services. The law will take full effect in December, with the designated companies required to correct any problematic practices.

Apple will be required to allow other companies into the App Store business instead of monopolising it, fostering price competition. Google will be prohibited from displaying its services in search results instead of favouring them.

In response, both companies expressed concerns, with Apple questioning the impact on user experience and Google vowing to engage in discussions to ensure fairness.

For more information on these topics, visit diplomacy.edu.