Network security

Under 16 social media ban proposed in Spain

Spain is preparing legislation to ban social media access for users under 16, with the proposal expected to be introduced within days. Prime Minister Pedro Sánchez framed the move as a child-protection measure aimed at reducing exposure to harmful online environments.

Government plans include mandatory age-verification systems for platforms, designed to serve as practical barriers rather than symbolic safeguards. Officials argue that minors face escalating risks online, including addiction, exploitation, violent content, and manipulation.

Additional provisions could hold technology executives legally accountable for unlawful or hateful content that remains online. The proposal reflects a broader regulatory shift toward platform responsibility and stricter enforcement standards.

Momentum for youth restrictions is building across Europe. France and Denmark are pursuing similar controls, while the EU Digital Services Act guidelines allow member states to define a national ‘digital majority age’.

The European Commission is also testing an age verification app, with wider deployment expected next year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Experts call for better protection of submarine internet cables

A high-level panel at the International Submarine Cable Resilience Summit 2026 in Porto focused on a growing paradox in global connectivity. While submarine cable damage incidents have remained relatively stable for over a decade, the time needed to repair them has increased sharply.

Moderated by Nadia Krivetz, member of the International Advisory Body for Submarine Cable Resilience, the discussion brought together government officials and industry experts who warned that longer repair times are creating new vulnerabilities for the global internet, even as undersea cable networks continue to expand rapidly.

Andy Palmer-Felgate of the International Cable Protection Committee highlighted that more than 80% of cable damage is caused by fishing and anchoring, mostly on continental shelves where maritime activity is densest. She noted that a small number of high-risk ‘problem cables’ consume around half of the world’s annual repair capacity, suggesting that targeted prevention in specific locations could significantly reduce global disruption.

Palmer-Felgate also pointed to a shift in fault patterns away from Europe and the Atlantic toward Asia, exposing weaknesses in a repair model that depends on shared, slow-to-move vessels.

New monitoring technologies were presented as part of the solution, though not without limitations. Sigurd Zhang described how distributed acoustic sensing can detect vessel activity in real time, even when ships switch off tracking systems, citing cases in which fishing fleets were invisible to conventional monitoring systems.

International Submarine Cable Resilience Summit 2026

Eduardo Mateo added that newer optical monitoring tools can identify long-term stress and seabed instability affecting cables. Still, both speakers stressed that the cost, data complexity, and reliability requirements remain major barriers, especially for shorter cable systems.

Beyond monitoring, the panel explored improvements in cable design and installation, including stronger armouring, deeper burial, and more resilient network topologies. Mateo cautioned that technology alone cannot eliminate risk, as submarine cables must coexist with other seabed users.

Zhang noted that fully integrated ‘smart cables’ combining telecoms and scientific monitoring may still be a decade away, given the strict reliability standards operators demand.

Government coordination emerged as a decisive factor in reducing damage and speeding up repairs. South Africa’s Nonkqubela Thathakahle Jordan-Dyani described how fragmented regulations across African countries slow emergency responses and raise costs.

Speakers pointed to examples of more effective governance, including Australia’s notification-based repair system and successful legal cases described by Peter Jamieson, which have increased accountability among vessel operators and begun changing behaviour at sea.

Industry practices and skills were also under scrutiny. Jamieson argued that careful route planning and proper burial can prevent most cable faults. Still, Simon Hibbert warned that these standards depend on experienced workers whose skills are hard to replace. With an ageing maritime workforce and fewer recruits entering sea-based professions, the panel cautioned that declining expertise could undermine future cable resilience if training and knowledge transfer are not prioritised.

The discussion concluded by situating cable protection within broader economic and geopolitical pressures. Mateo pointed to supply chain risks for key materials driven by AI-related demand, while Jamieson cited regions like the Red Sea, where geopolitical instability forces cables into crowded corridors.

Despite these challenges, speakers agreed that prevention, cooperation, and shared responsibility offer a realistic path forward, stressing that submarine cable resilience can only be strengthened through sustained collaboration between governments, industry, and international organisations.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Greece nears plan to restrict social media for under-15s

Preparing to restrict social media access for children under 15s, Greece plans to use the Kids Wallet app as its enforcement tool amid rising European concern over youth safety.

A senior official indicated that an announcement is close, reflecting growing political concern about digital safety and youth protection.

The Ministry of Digital Governance intends to rely on the Kids Wallet application, introduced last year, as a mechanism for enforcing the measure instead of developing a new control framework.

Government planning is advanced, yet the precise timing of the announcement by Prime Minister Kyriakos Mitsotakis has not been finalised.

In addition to the legislative initiative in Greece, the European debate on children’s online safety is intensifying.

Spain recently revealed plans to prohibit social media access for those under sixteen and to create legislation that would hold platform executives personally accountable for hate speech.

Such moves illustrate how governments are seeking to shape the digital environment for younger users rather than leaving regulation solely in private hands.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

India pushes Meta to justify WhatsApp’s data-sharing

The Supreme Court of India has delivered a forceful warning to Meta after judges said the company could not play with the right to privacy.

The court questioned how WhatsApp monetises personal data in a country where the app has become the de facto communications tool for hundreds of millions of people. Judges added that meaningful consent is difficult when users have little practical choice.

Meta was told not to share any user information while the appeal over WhatsApp’s 2021 privacy policy continues. Judges pressed the company to explain the value of behavioural data instead of relying solely on claims about encrypted messages.

Government lawyers argued that personal data was collected and commercially exploited in ways most users would struggle to understand.

The case stems from a major update to WhatsApp’s data-sharing rules that India’s competition regulator said abused the platform’s dominant position.

A significant penalty was issued before Meta and WhatsApp challenged the ruling at the Supreme Court. The court has now widened the proceedings by adding the IT ministry and has asked Meta to provide detailed answers before the next hearing on 9 February.

WhatsApp is also under heightened scrutiny worldwide as regulators examine how encrypted platforms analyse metadata and other signals.

In India, broader regulatory changes, such as new SIM-binding rules, could restrict how small businesses use the service rather than broadening its commercial reach.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Microsoft expands software security lifecycle for AI-driven platforms

AI is widening the cyber risk landscape and forcing security teams to rethink established safeguards. Microsoft has updated its Secure Development Lifecycle to address AI-specific threats across design, deployment and monitoring.

The updated approach reflects how AI can blur trust boundaries by combining data, tools, APIs and agents in one workflow. New attack paths include prompts, plugins, retrieved content and model updates, raising risks such as prompt injection and data poisoning.

Microsoft says policy alone cannot manage non-deterministic systems and fast iteration cycles. Guidance now centres on practical engineering patterns, tight feedback loops and cross-team collaboration between research, governance and development.

Its SDL for AI is organised around six pillars: threat research, adaptive policy, shared standards, workforce enablement, cross-functional collaboration and continuous improvement. Microsoft says the aim is to embed security into every stage of AI development.

The company also highlights new safeguards, including AI-specific threat modelling, observability, memory protections and stronger identity controls for agent workflows. Microsoft says more detailed guidance will follow in the coming months.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Ofcom expands scrutiny of X over Grok deepfake concerns

The British regulator, Ofcom, has released an update on its investigation into X after reports that the Grok chatbot had generated sexual deepfakes of real people, including minors.

As such, the regulator initiated a formal inquiry to assess whether X took adequate steps to manage the spread of such material and to remove it swiftly.

X has since introduced measures to limit the distribution of manipulated images, while the ICO and regulators abroad have opened parallel investigations.

The Online Safety Act does not cover all chatbot services, as regulation depends on whether a system enables user interactions, provides search functionality, or produces pornographic material.

Many AI chatbots fall partly or entirely outside the Act’s scope, limiting regulators’ ability to act when harmful content is created during one-to-one interactions.

Ofcom cannot currently investigate the standalone Grok service for producing illegal images because the Act does not cover that form of generation.

Evidence-gathering from X continues, with legally binding information requests issued to the company. Ofcom will offer X a full opportunity to present representations before any provisional findings are published.

Enforcement actions take several months, since regulators must follow strict procedural safeguards to ensure decisions are robust and defensible.

Ofcom added that people who encounter harmful or illegal content online are encouraged to report it directly to the relevant platforms. Incidents involving intimate images can be reported to dedicated services for adults or support schemes for minors.

Material that may constitute child sexual abuse should be reported to the Internet Watch Foundation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU moves closer to decision on ChatGPT oversight

The European Commission plans to decide by early 2026 whether OpenAI’s ChatGPT should be classified as a vast online platform under the Digital Services Act.

OpenAI’s tool reported 120.4 million average monthly users in the EU back in October, a figure far above the 45-million threshold that triggers more onerous obligations instead of lighter oversight.

Officials said the designation procedure depends on both quantitative and qualitative assessments of how a service operates, together with input from national authorities.

The Commission is examining whether a standalone AI chatbot can fall within the scope of rules usually applied to platforms such as social networks, online marketplaces and significant search engines.

ChatGPT’s user data largely stems from its integrated online search feature, which prompts users to allow the chatbot to search the web. The Commission noted that OpenAI could voluntarily meet the DSA’s risk-reduction obligations while the formal assessment continues.

The EU’s latest wave of designations included Meta’s WhatsApp, though the rules applied only to public channels, not private messaging.

A decision on ChatGPT that will clarify how far the bloc intends to extend its most stringent online governance framework to emerging AI systems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

France targets X over algorithm abuse allegations

The cybercrime unit of the Paris prosecutor has raided the French office of X as part of an expanding investigation into alleged algorithm manipulation and illicit data extraction.

Authorities said the probe began in 2025 after a lawmaker warned that biassed algorithms on the platform might have interfered with automated data systems. Europol supported the operation together with national cybercrime officers.

Prosecutors confirmed that the investigation now includes allegations of complicity in circulating child sex abuse material, sexually explicit deepfakes and denial of crimes against humanity.

Elon Musk and former chief executive Linda Yaccarino have been summoned for questioning in April in their roles as senior figures of the company at the time.

The prosecutor’s office also announced its departure from X in favour of LinkedIn and Instagram, rather than continuing to use the platform under scrutiny.

X strongly rejected the accusations and described the raid as politically motivated. Musk claimed authorities should focus on pursuing sex offenders instead of targeting the company.

The platform’s government affairs team said the investigation amounted to law enforcement theatre rather than a legitimate examination of serious offences.

Regulatory pressure increased further as the UK data watchdog opened inquiries into both X and xAI over concerns about Grok producing sexualised deepfakes. Ofcom is already conducting a separate investigation that is expected to take months.

The widening scrutiny reflects growing unease around alleged harmful content, political interference and the broader risks linked to large-scale AI systems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Innovation and security shape the UAE’s tech strategy

The United Arab Emirates is strengthening its global tech role by treating advanced innovation as a pillar of sovereignty rather than a standalone growth driver. National strategy increasingly links technology with long-term economic resilience, security, and geopolitical relevance.

A key milestone was the launch of the UAE Advanced Technology Centre with the Technology Innovation Institute and the World Economic Forum, announced alongside the Davos gathering.

The initiative highlights the UAE’s transition from technology consumer to active participant in shaping global governance frameworks for emerging technologies.

The centre focuses on policy and governance for areas including artificial intelligence, quantum computing, biotechnology, robotics, and space-based payment systems.

Backed by a flexible regulatory environment, the UAE is promoting regulatory experimentation and translating research into real-world applications through institutions such as the Mohamed bin Zayed University of Artificial Intelligence and innovation hubs like Masdar City.

Alongside innovation, authorities are addressing rising digital risks, particularly deepfake technologies that threaten financial systems, public trust, and national security.

By combining governance, ethical standards, and international cooperation, the UAE is advancing a model of digital sovereignty that prioritises security, shared benefits, and long-term strategic independence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Porto summit highlights growing risks to undersea internet cables

The Second International Submarine Cable Resilience Summit opened this week in Porto, Portugal, bringing together senior officials from governments, international organisations, and industry to address the growing risks facing the underwater cables that carry most of the world’s internet traffic. The event highlighted how submarine cables have become critical infrastructure for the global digital economy, especially as societies grow more dependent on cloud services, AI, and cross-border data flows.

Opening the summit, Ambassador João Mira Gomes, Permanent Representative of Portugal to the United Nations Office at Geneva, explained that Portugal’s infrastructure minister was absent due to ongoing storm recovery efforts, underlining the real-world pressures facing critical infrastructure today. He recalled Portugal’s long history in global connectivity, noting that one of the earliest submarine cables linking Portugal and the United Kingdom was built to support the port wine trade, a reminder that communication networks and economic exchange have long evolved together.

Professor Sandra Maximiano, co-chair of the International Advisory Body for Submarine Cable Resilience, placed the discussions in a broader historical context. She pointed to the creation of the International Telecommunication Union in 1865 as the first global organisation dedicated to managing international communications, stressing that cooperation on submarine cables has always been a ‘positive-sum game’ in which all countries benefit from shared rules and coordination.

Maximiano also highlighted Portugal’s strategic role as a cable hub, citing its extensive coastline, large exclusive economic zone, and favourable landing conditions connecting Europe, the Americas, Africa, and Asia. She outlined key projects such as the Atlantic CAM system linking mainland Portugal with Madeira and the Azores using a resilient ring design and smart cable technology that combines telecommunications with seismic and oceanographic monitoring. Existing and planned systems, she said, are not just data pipelines but foundations for innovation, scientific cooperation, and strategic autonomy.

A major outcome of the summit was the adoption of the Porto Declaration on Submarine Cable Resilience, developed with input from more than 150 experts worldwide. The declaration sets out practical guidance to improve permitting and repair processes, strengthen legal frameworks, promote route diversity and risk mitigation, and enhance capacity-building, with special attention to the needs of small island states and developing countries.

ITU Secretary-General Doreen Bogdan-Martin framed these efforts within a rapidly changing digital landscape, announcing that 2026 will be designated the ‘year of resilience.’ She warned that the scale of global digital dependence has transformed the impact of cable disruptions, as even minor outages can ripple across AI systems, cloud platforms, and autonomous services. Resilience, she argued, now depends as much on international coordination and preparedness as on cable design itself.

From the European Union perspective, European Commission Vice-President Henna Virkkunen outlined upcoming EU measures, including a submarine cable security toolbox and targeted funding through the Connecting Europe Facility. She stressed the importance of regional coordination and praised Portugal’s active role in aligning EU initiatives with global efforts led by the ITU.

Closing the opening session, Ambassador Gomes linked cable resilience to broader goals of development and peace, warning that digital divides fuel inequality and instability, and reaffirming Portugal’s commitment to international cooperation and capacity-building as the summit moves the global conversation from policy to action.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!