Jurisdiction

Apple loses appeal against German regulators

Apple has lost its appeal against a regulatory decision that could impose stricter controls on the company in Germany.

The Federal Court of Justice upheld a 2023 ruling by the country’s competition authority, which classified Apple as a company of ‘paramount cross-market significance for competition,’ placing it under closer scrutiny.

A decision like this means Apple will face potential regulatory measures similar to those imposed on tech giants such as Google’s parent company, Alphabet, and Facebook’s owner, Meta.

The ruling follows a judge’s earlier indication in January that the court would side with the regulator. Apple had attempted to involve the European Court of Justice in Luxembourg, but the request was denied.

In Europe, Apple’s App Store has come under increasing scrutiny, with regulators expressing concerns over how the company collects and utilises vast amounts of user data. This latest setback adds to Apple’s ongoing legal and regulatory challenges in the region.

For more information on these topics, visit diplomacy.edu.

California’s attempt to regulate online platforms faces legal setback

A federal judge in California has blocked a state law requiring online platforms to take extra measures to protect children, ruling it imposes unconstitutional burdens on tech companies.

The law, signed by Governor Gavin Newsom in 2022, aimed to prevent harm to young users by mandating businesses to assess risks, adjust privacy settings, and estimate users’ ages. Companies faced fines of up to $7,500 per child for intentional violations.

Judge Beth Freeman ruled that the law was too broad and infringed on free speech, siding with NetChoice, a group representing major tech firms, including Amazon, Google, Meta, and Netflix.

NetChoice argued the legislation effectively forced companies to act as government censors under the pretext of protecting privacy.

The ruling marks a victory for the tech industry, which has repeatedly challenged state-level regulations on content moderation and user protections.

California Attorney General Rob Bonta expressed disappointment in the decision and pledged to continue defending the law. The legal battle is expected to continue, as a federal appeals court had previously ordered a reassessment of the injunction.

The case highlights the ongoing conflict between government efforts to regulate online spaces and tech companies’ claims of constitutional overreach.

For more information on these topics, visit diplomacy.edu.

US launches national security unit to combat cyberattacks on telecom sector

The Federal Communications Commission (FCC) has launched a national security unit in response to recent cyber incidents affecting US telecommunications firms.

These incidents, attributed to a group known as Salt Typhoon, involved unauthorised access to sensitive data and communications.

The newly formed unit will be led by Adam Chan, FCC’s national security counsel, and will include representatives from eight different bureaus and offices within the agency. The council’s objectives are to:

  • Reduce reliance on foreign entities in the US telecom and technology supply chains.
  • Address vulnerabilities related to cyber threats, espionage, and surveillance.
  • Support U.S. leadership in critical technologies, including 5G, satellites, quantum computing, IoT, and robotics.

Cybersecurity experts have emphasised the importance of securing digital infrastructure against advanced threats. The telecommunications sector, despite its established cybersecurity measures, continues to face persistent and evolving risks.

Recent reports indicate that Salt Typhoon has continued targeting US telecom networks, with activity observed as recently as February.

The FCC has taken several steps in recent months to enhance industry security, and the formation of this council represents a further effort to strengthen resilience.

For more information on these topics, visit diplomacy.edu.

US bans Chinese AI LLM DeepSeek from government devices

Several US Commerce Department bureaus have recently prohibited using the Chinese AI model DeepSeek on government-issued devices, according to internal communications and sources familiar with the matter.

A mass email circulated among staff emphasised the importance of safeguarding departmental information systems, instructing employees to refrain from downloading, viewing, or accessing any applications, desktop apps, or websites associated with DeepSeek. ​

The case reflects escalating apprehensions among US officials and legislators regarding data privacy and the potential exposure of sensitive government information through DeepSeek’s usage.

In February, Representatives Josh Gottheimer and Darin LaHood, House Permanent Select Committee on Intelligence members, introduced legislation to ban DeepSeek on government devices. They also contacted state governors, urging similar prohibitions at the state level. In a letter dated 3 March, the lawmakers cautioned that using DeepSeek could inadvertently share highly sensitive and proprietary information with the Chinese Communist Party, including contracts, documents, and financial records. ​

Several states, including Virginia, Texas, and New York, have already implemented bans on DeepSeek for government devices. A coalition of 21 state attorneys general has called on Congress to enact comprehensive legislation addressing this issue.

The concerns stem from DeepSeek’s rapid emergence as a low-cost AI model, which has disrupted global equity markets and posed a potential threat to the United States’ leadership in AI. ​

Stay updated on DeepSeek developments!

For more information on these topics, visit diplomacy.edu.

London court holds secret hearing on Apple’s cloud encryption dispute

A London court has reportedly heard Apple’s appeal against a British government order requiring it to provide access to encrypted cloud storage.

The hearing, held at the Investigatory Powers Tribunal on Friday, took place behind closed doors, with no media or civil rights groups allowed to attend.

The case stems from a ‘technical capability notice’ issued to Apple, which allegedly compelled the company to create a backdoor into its encrypted services. In response, Apple removed its Advanced Data Protection feature for new users in Britain.

Neither Apple nor the UK government has confirmed the existence of the order, but reports suggest it has raised concerns among privacy advocates and foreign governments.

Civil rights groups, including Privacy International and Liberty, have condemned the secrecy of the proceedings, calling the order ‘unacceptable and disproportionate.’

Critics argue that allowing governments to bypass encryption undermines privacy and security for users worldwide. The issue has drawn international attention, with United States officials investigating whether Britain’s actions violated the CLOUD Act, which restricts demands for US citizens’ data.

Government officials have remained tight-lipped, with the Home Office refusing to comment and security ministers maintaining a policy of neither confirming nor denying such notices.

While authorities argue that encryption access is essential for tackling serious crimes, opponents warn that weakening security protections could have far-reaching consequences. The case highlights ongoing tensions between governments and tech companies over privacy, security, and law enforcement.

For more information on these topics, visit diplomacy.edu.

ICC Office of the Prosecutor invites public input on draft policy for cyber-enabled crimes

The Office of the Prosecutor of the International Criminal Court invites public comments on its draft policy addressing cyber-enabled crimes under the Rome Statute.

The Office encourages participation from all relevant stakeholders, including States Parties, civil society organisations, private sector entities, and experts in the field.

Contributions will support the development of a final policy paper that will guide the Office’s approach to cyber-related conduct within its jurisdiction, including its investigative and prosecutorial activities.

The policy paper builds on the crimes outlined in the Rome Statute, assessed within the broader framework of international law.

It aims to enhance transparency regarding the Office’s work in this area and contribute to discussions on legal standards, best practices, and frameworks for cooperation, including those relevant to national authorities.

The draft policy clarifies that the Court does not have jurisdiction over common cybercrimes, such as fraud or unauthorised access to computer systems, which are typically addressed under national laws.

While some countries have international obligations to prosecute these crimes under specific treaties, they do not fall within the mandate of the Court. However, national efforts to combat such crimes may sometimes overlap with the Court’s work where they intersect with crimes under its jurisdiction.

To date, cyber-related issues have only been considered at the periphery of the Court’s work, and their legal and practical implications have yet to be fully explored.

Investigating and prosecuting cyber-enabled crimes presents new and complex challenges. This policy sets out the Office’s current position on these issues while recognising that certain matters may only be fully addressed as the Court’s practice in this area develops.

As with any crime under the Court’s jurisdiction, cyber-enabled crimes will be assessed based on their gravity—including their scale, nature, manner of commission, and impact.

The Court focuses on crimes of the most serious international concern, typically those causing widespread harm to large populations.

An exception applies to offences against the administration of justice, which are not subject to a gravity threshold but are considered serious due to their impact on the Court’s ability to function.

For more information on these topics, visit diplomacy.edu.

Pavel Durov granted temporary leave from France in legal case

French authorities have granted Pavel Durov, the Russian-born founder and CEO of Telegram, temporary permission to leave France.

Durov was placed under formal investigation last August over alleged criminal activities on the messaging platform and had been barred from leaving the country. He departed for Dubai on Saturday after an investigating judge approved his temporary absence.

The legal probe has heightened tensions between France and Russia, particularly against the backdrop of the war in Ukraine.

Prosecutors suspect Durov of complicity in allowing illegal activities such as drug trafficking and money laundering on Telegram. As part of his legal obligations, he was required to post bail of 5 million euros ($5.4 million).

Being under formal investigation in France does not imply guilt but indicates that judges believe there is sufficient evidence to continue the case. The Paris prosecutor’s office has not commented on the latest developments.

For more information on these topics, visit diplomacy.edu.

UK watchdog launches enforcement on file-sharing services

The UK’s internet watchdog, Ofcom, has launched a new enforcement programme under the Online Safety Act (OSA), targeting storage and file-sharing services due to concerns over the sharing of child sexual abuse material (CSAM).

The regulator has identified these services as particularly vulnerable to misuse for distributing CSAM and will assess the safety measures in place to prevent such activities.

As part of the enforcement programme, Ofcom has contacted a number of file-storage and sharing services, warning them that formal information requests will be issued soon.

These requests will require the services to submit details on the measures they have implemented or plan to introduce to combat CSAM, along with risk assessments related to illegal content.

Failure to comply with the requirements of the OSA could result in substantial penalties for these companies, with fines reaching up to 10% of their global annual turnover.

Ofcom’s crackdown highlights the growing responsibility for online services to prevent illegal content from being shared on their platforms.

For more information on these topics, visit diplomacy.edu.

EU delays ETIAS launch until late 2026

The European Union has announced that the ETIAS (European Travel Information and Authorisation System) will require visa-free travellers from non-EU countries, including the UK, to obtain authorisation before short stays in the Schengen Area.

Initially planned for 2026, the system has been delayed and is now set to launch in late 2026, with full implementation not expected until 2027. The ETIAS aims to improve border security and will apply to travellers from 60 non-EU countries who don’t need a visa.

To apply for the ETIAS, travellers will need to complete an online application, provide personal details, answer security questions, and pay a €7 fee.

However, this authorisation will be linked to the traveller’s passport and remain valid for three years, or until the passport expires. Also, children under 18 and adults over 70 will be exempt from the fee, though they still need to apply for authorisation.

The ETIAS will not become mandatory until six months after the EU’s Entry/Exit System (EES) is fully operational. The EES, which is set to launch in phases starting in October 2025, will be a registration system for non-EU travellers, including those from the UK and US.

However, due to delays in the installation of necessary technology at Schengen borders, the launch of the ETIAS has been pushed back to late 2026.

For more information on these topics, visit diplomacy.edu.

Infosys resolves cybersecurity lawsuits in the US

Indian IT services giant Infosys has settled lawsuits filed against its US subsidiary, Infosys McCamish Systems, for $17.5 million. The lawsuits stem from a cyber incident that occurred in November 2023, which resulted in the compromise of personal data. The company has agreed to pay the settlement into a fund that will resolve all claims related to the breach.

The breach, which involved unauthorised access and data exfiltration, affected up to 6.5 million individuals. Following the incident, Infosys McCamish in the US, in coordination with a third-party vendor, took steps to address the issue and limit the damage caused by the cyberattack.

This settlement marks a significant step for Infosys in resolving the ongoing legal issues stemming from the 2023 incident. The Indian company has worked to resolve the situation while continuing to bolster its cybersecurity measures to prevent future breaches.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.