UNICEF urges child-focused AI governance

UNICEF has called for child rights to be placed at the centre of AI governance, warning that children are adopting AI technologies faster than adults while safeguards struggle to keep pace. Ahead of the first Global Dialogue on AI Governance, UNICEF said AI is already reshaping childhood worldwide, creating significant opportunities alongside new risks.

Based on data from 10 countries, UNICEF estimates that at least 20 million children have used AI, with adoption rates in many cases more than three times higher than among adults.

More than 2 million children, or one in 10, said they use AI for advice on things that worry them. An estimated 13 million children reported using AI to support learning and homework.

UNICEF warned that governance frameworks, including safeguards for children, are failing to keep pace with rapid AI adoption. The organisation said children are more exposed to AI systems, business models and data practices, while having less power to avoid or challenge them.

UNICEF said most AI governance frameworks do not adequately prioritise children’s interests, despite young people being among those most likely to experience the long-term consequences of today’s policy decisions. While AI can support learning, creativity and play, evidence on its effects on cognitive development, emotional well-being and exposure to harm is still emerging.

The organisation also highlighted children’s own concerns. Across the 10 countries surveyed, one-third worried about AI being used for scams or misinformation, while one-quarter feared their images or videos could be manipulated into sexually explicit deepfakes. UNICEF warned that too many AI systems are reaching children without adequate safeguards.

UNICEF called on governments, the private sector and partners to embed child rights in global AI governance, with a particular focus on safety and protection.

The organisation urged investment in research on AI’s impact on children’s development and wellbeing, stronger laws and corporate accountability to stop AI-enabled sexual exploitation and abuse, and AI systems designed with maximum safety and transparency.

UNICEF called on governments and technology companies to embed children’s rights into AI governance through stronger legal protections, corporate accountability and safety-by-design. It also urged greater investment in research, AI literacy for children and caregivers, and digital infrastructure to reduce inequalities in access. According to UNICEF, decisions made today will shape children’s safety, privacy, wellbeing and opportunities for decades to come.

Why does it matter?

Children are becoming some of the earliest and most frequent users of AI, yet governance frameworks, research and safety measures remain underdeveloped. As AI increasingly influences how children learn, communicate and seek information, gaps in protection could expose them to misinformation, exploitation, privacy risks and harmful content during critical stages of development.

The report also reinforces a broader shift in AI governance towards rights-based policymaking. By arguing that children’s interests should be considered from the design stage through deployment and regulation, UNICEF is framing child protection not as a niche issue but as a core principle for trustworthy AI.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK ATOC says social media ban is not enough

The UK Alliance Tackling Online Child Sexual Exploitation and Abuse has welcomed the UK government’s plan to ban social media use by children under 16, while warning that the measure alone will not stop online child sexual abuse.

The alliance said age restrictions on mainstream social media platforms could reduce some risks. Still, children may move to less regulated digital spaces, including encrypted messaging services, gaming platforms and other online environments where grooming, sexual extortion and abuse can continue.

UK ATOC called for a broader, system-wide response focused on prevention, stronger platform accountability and safer-by-design digital services. It said governments, regulators, technology companies and online service providers share responsibility for reducing opportunities for abuse before harm occurs.

The alliance proposed a package of technical, legislative and regulatory measures. These include stronger safeguards in end-to-end encrypted environments, robust age-assurance systems, mandatory safer-by-design principles, stronger enforcement under the Online Safety Act and clearer regulation of AI chatbots and companion services.

It also called for device-level nudity detection, upload prevention for known child sexual abuse material and measures to address livestreamed abuse, grooming and sexual extortion.

UK ATOC welcomed the government’s plan to introduce nudity-detection tools on children’s devices, describing it as an important additional safeguard.

The statement reflects a wider concern that age bans may reduce children’s exposure to some mainstream platforms, but cannot replace a comprehensive child-safety framework across the broader digital ecosystem.

Why does it matter?

The UK debate shows the limits of age-based social media bans as a child-safety tool. Online child sexual exploitation and abuse can move across platforms, devices, encrypted services, gaming environments and AI-enabled systems. UK ATOC’s response therefore shifts the focus from access restrictions alone towards prevention, safer design, platform duties and technical safeguards that address how abuse actually happens across digital services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Singapore strengthens cyber resilience against AI threats

Singapore’s Cyber Security Agency (CSA) has outlined new and ongoing initiatives to strengthen national cyber resilience as AI reshapes the cyber threat landscape.

The measures are detailed in the Singapore Cyber Landscape 2025/2026 report, which reviews cybersecurity trends and the country’s response to evolving digital threats.

CSA said AI is reshaping the global cyber threat environment by enabling attackers to operate with greater speed, scale and sophistication. The agency said agentic AI is a particular concern because autonomous systems could automate parts of the cyber kill chain, compressing attacks that once unfolded over days into hours.

The agency cited Anthropic’s Mythos and the misuse of OpenClaw, an open-source agentic AI framework, as examples of how AI can accelerate vulnerability research, exploit development and cyberattack preparation.

At the same time, CSA said AI can strengthen cyber defence by improving threat detection, accelerating incident response and helping organisations identify vulnerabilities more quickly. As AI systems become more widely deployed across enterprise networks and critical infrastructure, however, they are also becoming attractive targets, making secure AI deployment an increasing priority.

To support secure AI adoption, CSA has published Guidelines on Securing AI Systems and a Companion Guide for system owners. It also released a discussion paper on securing agentic AI systems in October 2025 and said it will continue working with international partners on AI security standards.

The report also highlights how AI is changing the tactics of phishing and scam operations. CSA said attackers can use AI to generate convincing phishing lures at scale, produce realistic voice clones and video deepfakes, and create tools that can bypass multi-factor authentication.

CSA also warned that AI is making phishing and scam campaigns more convincing through voice cloning, video deepfakes and large-scale generation of personalised phishing messages. Despite these growing capabilities, reported phishing cases fell by 21% in 2025 to around 4,800 incidents.

Singapore has also launched the pilot National Simulated Scams Exercise, supported by the Ministry of Home Affairs. The exercise simulated AI-enabled government official impersonation scam calls to help the public recognise and respond to emerging scam tactics.

CSA said the number of infected infrastructure units detected in Singapore rose sharply to 284,300 in 2025, a 142% increase from 2024. The increase was driven mainly by persistent malicious infrastructure activity and improved detection of infected botnet devices.

The agency said weakly secured consumer Internet-of-Things devices and unpatched firmware continue to create opportunities for botnet operators. To address this, all residential routers sold in Singapore must meet Cybersecurity Labelling Scheme Level 2 requirements by the end of 2027.

Ransomware also remained a significant threat, with reported cases rising slightly from 159 in 2024 to 165 in 2025. CSA said small- and medium-sized enterprises remained disproportionately affected due to lower cybersecurity maturity and limited resources.

To support SMEs, CSA backed the Cyber Resilience Centre, which provides cybersecurity health checks and recovery assistance after incidents. Eligible SMEs can also receive co-funding for cybersecurity advisory services through the CISO-as-a-Service programme.

One of the year’s most significant incidents involved an attempted intrusion by the APT group UNC3886 targeting Singapore’s four largest telecommunications operators. CSA said the attack was contained through Operation CYBER GUARDIAN without disruption to services or evidence of customer data being compromised.

CSA is also requiring critical information infrastructure owners to attain Cyber Trust mark certification by the end of 2027. The requirement is intended to extend good cybersecurity practices across broader enterprise environments that support critical infrastructure operations.

In 2025, Singapore also conducted its largest Exercise Cyber Star, involving close to 500 participants from CSA, the Singapore Armed Forces’ Digital and Intelligence Service and critical infrastructure owners across 11 sectors.

CSA said it has expanded Cyber Essentials and Cyber Trust mark certifications to include mandatory cloud and AI security requirements. More than 800 organisations had attained at least one Cyber Essentials certification as of early 2026.

The agency is also advancing Singapore’s National Quantum-Safe initiative, working with industry, academia and international partners to raise awareness of quantum risks, support migration planning and accelerate adoption of quantum-safe technologies.

CSA said Singapore will continue investing in cybersecurity capabilities, strengthening partnerships and supporting secure adoption of emerging technologies in an AI-driven threat landscape.

Commissioner of Cybersecurity and CSA Chief Executive David Koh said Singapore must ‘lock down, find first, and fix fast’ as AI and quantum technologies reshape cyber risks. He said the response must be continuous, with government, industry and citizens working together to ensure digital innovation develops alongside trust and security.

The report illustrates how Singapore is treating cybersecurity as a continuous national resilience effort encompassing AI, critical infrastructure, ransomware, online scams and future quantum threats.

Why does it matter?

Singapore’s strategy reflects a growing shift from reactive cybersecurity towards continuous cyber resilience. Rather than addressing individual threats in isolation, the government is integrating AI security, critical infrastructure protection, scam prevention, cybersecurity certification and quantum readiness into a coordinated national strategy.

The report also illustrates how AI is changing cybersecurity on both sides of the equation. While attackers are using AI to accelerate phishing, malware development and vulnerability exploitation, governments are increasingly deploying AI to strengthen cyber defence, making secure AI deployment and governance central components of national cybersecurity policy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Noyb says US Supreme Court ruling puts EU-US data deal under pressure

The US Supreme Court ruled on Monday in Trump v. Slaughter that the Federal Trade Commission (FTC) may no longer be considered an independent agency, a decision that digital rights organisation noyb argues undermines the legal basis of the EU-US Data Privacy Framework.

According to noyb, the European Commission referred to the FTC’s independence 259 times in its 2023 adequacy decision because EU law requires oversight of personal data protection to be carried out by an independent authority.

The EU-US Data Privacy Framework, adopted by the European Commission in 2023, was the third such agreement since 2000, following the annulment of its two predecessors, Safe Harbour and Privacy Shield, by the Court of Justice of the European Union over concerns about US surveillance laws and the lack of judicial remedies available to EU citizens.

The Supreme Court’s ruling follows the unitary executive theory, under which the conservative majority held that the US President must retain authority over all executive bodies, rendering laws that grant agencies like the FTC independence unconstitutional. Because the EU-US framework’s legal structure depended heavily on the FTC’s independent status, noyb argues that the ruling removes a key legal pillar supporting the Commission’s adequacy decision.

Noyb has sent a formal letter to the European Commission calling for the adequacy decision to be repealed and said it intends to bring a case before the Court of Justice of the European Union seeking its annulment. According to the organisation, such proceedings could take two to three years.

The European Commission’s decision remains formally in force unless repealed by the Commission itself or annulled by the courts, meaning there is no immediate legal effect. However, noyb notes that companies relying on alternative transfer mechanisms such as Standard Contractual Clauses and Binding Corporate Rules are also affected, since these typically depend on impact assessments referencing the same US oversight mechanism that noyb argues have now been legally weakened, including the Privacy and Civil Liberties Oversight Board and the Data Protection Review Court.

Why does it matter?

The ruling introduces fresh legal uncertainty around the EU-US Data Privacy Framework, which underpins transatlantic transfers of personal data used by thousands of businesses. Although the framework remains in force, a successful legal challenge could once again force organisations to reconsider how they transfer data between the EU and the United States.

The case also illustrates the continuing fragility of transatlantic data transfer arrangements. It comes as European policymakers place greater emphasis on digital sovereignty and reducing dependence on foreign digital infrastructure, potentially adding momentum to broader debates over data governance, cloud services and regulatory autonomy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

NVIDIA and Palantir expand sovereign AI for US government

Palantir has announced a new sovereign AI capability built on NVIDIA’s open-source Nemotron models, enabling US government agencies and critical infrastructure operators to deploy, customise and continuously improve AI models within highly secure environments.

The platform combines NVIDIA Nemotron open models with Palantir’s Sovereign AI Operating System, allowing organisations to retain full control over their data, model weights and deployment infrastructure.

The system is designed for air-gapped and highly regulated environments where sensitive information cannot be connected to external networks.

Agencies will be able to train AI models using their own operational data, retain ownership of the resulting models and continuously improve performance through internal feedback loops.

The deployment is supported by NVIDIA AI Enterprise and Palantir’s Artificial Intelligence Platform (AIP), Foundry, Ontology and Apollo platforms.

NVIDIA said the initiative reflects the growing importance of open AI models for government and enterprise development, arguing that they offer greater transparency, customisation and lower deployment costs than proprietary alternatives.

The company also highlighted the role of open models in strengthening AI adoption across sectors including defence, healthcare, energy, transportation and public administration.

Why does it matter?

The announcement reflects the growing importance of sovereign AI, as governments and operators of critical infrastructure seek to deploy advanced AI systems without relying on externally hosted services or relinquishing control over sensitive data. Open models combined with secure, self-managed infrastructure offer an alternative approach for organisations with strict security and regulatory requirements.

The partnership also highlights the strategic role of open foundation models in the evolving AI ecosystem. As competition intensifies between proprietary and open AI approaches, governments are increasingly viewing customisable, locally deployable models as critical assets for national security, digital sovereignty and public-sector modernisation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Chief AI Officers to lead AI adoption across Australian government

Australian public service agencies are formalising the appointment of Chief AI Officers (CAIOs) to guide the safe, strategic and coordinated use of AI across government.

Under the APS AI Plan, all non-corporate Commonwealth entities must appoint a senior leader as Chief AI Officer by 30 June 2026. Corporate Commonwealth entities and Commonwealth companies are strongly encouraged to make similar appointments.

The role is intended to help agencies adopt and use AI, particularly generative AI, as the technology reshapes government operations, public service delivery and internal processes.

Chief AI Officers will complement, rather than replace, AI Accountable Officials. While Accountable Officials focus on governance, compliance and risk management, CAIOs will lead strategic adoption, organisational transformation and AI capability building.

The government said CAIOs should provide strategic leadership rather than focus primarily on technical implementation. Their responsibilities include identifying high-value AI use cases, building staff capability, championing responsible adoption and ensuring AI is deployed safely and effectively.

CAIOs will work across technology, data, policy, cybersecurity, privacy and human resources functions, while collaborating with counterparts across the Australian Public Service and the Department of Finance’s AI Delivery and Enablement team.

Chief AI Officers will also collaborate across the Australian Public Service, including with other CAIOs and the AI Delivery and Enablement function in the Department of Finance.

The government said AI should be viewed as a general-purpose capability rather than a conventional technology upgrade, reflecting its potential to transform multiple areas of public-sector work.

The CAIO role is intended to help agencies move from experimentation to more systematic and responsible adoption. It is also designed to support a whole-of-organisation view of AI risks and opportunities.

The AI Delivery and Enablement team has developed an information pack to support agencies in appointing CAIOs, along with a blog for newly appointed leaders.

A wide range of agencies have already appointed Chief AI Officers. The published list includes major departments, regulators, integrity bodies, health and research agencies, cultural institutions, security agencies and service delivery organisations.

A wide range of organisations have already appointed CAIOs, including major government departments, regulators, law enforcement bodies, research organisations and service delivery agencies such as the Department of Finance, Home Affairs, Treasury, the Australian Federal Police, Services Australia and the Australian Electoral Commission.

The appointments of Chief AI Officers reflect a broader effort to coordinate AI adoption across government while maintaining attention to safety, privacy, cybersecurity, governance and public value.

Why does it matter?

Australia’s initiative reflects a broader shift from experimental AI projects to coordinated, organisation-wide adoption across the public sector. By establishing dedicated AI leadership roles, the government is seeking to embed strategic oversight while ensuring that innovation is balanced with governance, privacy, cybersecurity and public accountability.

The creation of Chief AI Officers also highlights the growing recognition that AI adoption is an organisational transformation challenge rather than solely a technical one. As governments integrate AI into public services, dedicated leadership is becoming increasingly important to coordinate implementation, build capability and ensure AI delivers public value responsibly.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Spain’s AI sandbox offers early test for biometric AI compliance

Spain’s AI regulatory sandbox is becoming an early test of how high-risk AI systems may prepare for compliance with the EU AI Act, with facial recognition among the technologies examined.

Spanish company Herta said it has completed the sandbox process for its facial-recognition video-surveillance system, BioSurveillance. The company presented the pilot as a step towards AI Act-ready deployments in public settings.

Herta describes BioSurveillance as a real-time video-surveillance system capable of detecting multiple faces, enrolling individuals during operation, identifying previously registered people and managing alerts. Its BioSurveillance NEXT product is designed for simultaneous identification in crowded and changing environments.

Spain’s AI agency, AESIA, says practical guides developed through the national AI regulatory sandbox are intended to help companies that develop or deploy high-risk AI systems prepare for their obligations under the EU AI Act. The guides provide recommendations while harmonised EU standards are still being developed.

However, sandbox participation should not be treated as approval for public facial recognition deployments. Remote biometric identification in publicly accessible spaces remains one of the most sensitive areas under the EU AI Act. It is subject to strict limits, depending on the use case, operator and context.

The case highlights how companies developing biometric AI systems are seeking early compliance pathways, while regulators face pressure to balance innovation, public safety, privacy and fundamental rights.

Why does it matter?

Facial recognition is one of the most contested areas of AI regulation because it combines public-space surveillance, biometric data processing and risks to privacy and fundamental rights. Spain’s sandbox offers an early view of how high-risk AI providers may prepare documentation, testing and compliance processes under the EU AI Act. The case also shows why compliance language must be used carefully: participation in a sandbox may support readiness, but it does not remove the legal restrictions surrounding biometric identification in public spaces.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot 

UK CMA consults on Apple App Store steering rules

The UK Competition and Markets Authority has opened a consultation on a proposed conduct requirement that would allow app developers to steer users outside Apple’s App Store to complete digital purchases.

The proposal applies to Apple’s Mobile Platform, which the CMA designated as having Strategic Market Status in October 2025. The consultation is part of the UK’s digital markets competition regime and closes on 28 July 2026.

The CMA said Apple’s App Store is a key gateway for developers distributing native apps in the UK. Its proposal focuses on apps that sell digital goods and services, where developers are generally restricted from directing users to alternative offers or purchases outside Apple’s in-app payment system.

Under the proposed steering conduct requirement, Apple would have to allow developers to communicate with UK users and include redirection mechanisms, such as links or buttons, that lead to external websites for purchases.

Apple could still impose restrictions where they are strictly necessary and objectively justified, including to address malware, fraud, scams, unlawful content or content harmful to children.

The proposal would also regulate how external purchasing options are presented. Apple could use a single interstitial screen to inform users that they are leaving its in-app purchase system, but the screen would need to use neutral language and must not discourage users from completing transactions elsewhere.

The CMA is also proposing that any fee Apple charges on steered transactions must be fair and reasonable. It would also prohibit Apple from discriminating against developers that use redirection mechanisms, including through app review, search ranking, platform functionality or access to interoperability features.

The CMA said effective steering could give developers more control over pricing, billing, refunds and customer support, while giving users more choice and potentially lower prices.

Why does it matter?

The consultation shows the UK’s digital markets regime moving from platform designation to targeted behavioural rules. If adopted, the requirement could weaken Apple’s control over in-app transactions for digital goods and services in the UK and give developers more room to offer alternative payment channels. It also tests how the CMA will balance competition, consumer choice, security, privacy and platform investment under the new Strategic Market Status framework.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia doubles penalties and expands eSafety powers under social media age law

The Australian Government has introduced legislation to strengthen enforcement of its minimum age law for social media platforms, expanding the powers of the eSafety Commissioner and significantly increasing penalties for non-compliance.

The reforms are intended to strengthen oversight of platforms operating in Australia that fail to prevent users under the age of 16 from accessing their services.

Under the proposed legislation, the eSafety Commissioner would receive enhanced information-gathering powers, including the authority to compel platforms and relevant third parties, such as age assurance providers and app stores, to provide documents and evidence demonstrating compliance.

The reforms would also substantially increase penalties for failing to comply with information requests and for systemic breaches of the legislation.

The government said millions of accounts belonging to users under 16 have already been removed, deactivated or restricted since the law entered into force.

However, the government argues that some major platforms continue to do only the minimum required, prompting the need for stronger enforcement powers and greater regulatory accountability.

Why does it matter?

The reforms mark a shift from establishing online child safety rules to enforcing them more aggressively. By expanding the eSafety Commissioner’s investigative powers and increasing penalties, Australia is signalling that platforms will face greater accountability if they fail to implement effective age assurance measures.

The legislation also reinforces Australia’s position as one of the most active jurisdictions in regulating children’s online safety. Its approach could influence other countries considering stronger enforcement mechanisms for age verification, platform responsibility and the protection of minors in digital environments.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU launches funding for youth-centred social media platforms

The European Commission has launched a €1.48 million call for proposals to support the development and testing of safer, more inclusive social media platforms designed for young people.

The initiative aims to involve young people from diverse backgrounds in designing digital services that prioritise privacy, well-being, accessibility and user safety.

Selected projects will develop or enhance protocol-based social media platforms aligned with EU values, while giving users greater control over their data, content moderation and overall online experience.

The programme also supports market analysis, platform development, adoption strategies and recommendations for the future of social media in the EU.

Why does it matter?

The initiative reflects the EU’s growing emphasis on promoting digital platforms that prioritise user wellbeing, privacy and safety rather than engagement-driven business models. By supporting protocol-based alternatives, the Commission is seeking to encourage a more open and user-centric social media ecosystem.

It also highlights a broader policy shift towards involving young people directly in the design of digital services. Giving users greater control over their data, online experience and content moderation aligns with the EU’s wider objectives on digital rights, platform accountability and safer online environments.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!