Privacy and data protection

EU simplifies digital rules to save billions for companies

The European Commission has unveiled a digital package designed to simplify rules and reduce administrative burdens, allowing businesses to focus on innovation rather than compliance.

An initiative that combines the Digital Omnibus, Data Union Strategy, and European Business Wallet to strengthen competitiveness across the EU while maintaining high standards of fundamental rights, data protection, and safety.

The Digital Omnibus streamlines rules on AI, cybersecurity, and data. Amendments will create innovation-friendly AI regulations, simplify reporting for cybersecurity incidents, harmonise aspects of the GDPR, and modernise cookie rules.

Improved access to data and regulatory guidance will support businesses, particularly SMEs, allowing them to develop AI solutions and scale operations across member states more efficiently.

The Data Union Strategy aims to unlock high-quality data for AI, strengthen Europe’s data sovereignty, and support businesses with legal guidance and strategic measures to ensure fair treatment of the EU data abroad.

Meanwhile, the European Business Wallet will provide a unified digital identity for companies, enabling secure signing, storage, and exchange of documents and communication with public authorities across 27 member states.

By easing administrative procedures, the package could save up to €5 billion by 2029, with the Business Wallet alone offering up to €150 billion in annual savings.

The Commission has launched a public consultation, the Digital Fitness Check, to assess the impact of these rules and guide future steps, ensuring that businesses can grow and innovate instead of being held back by complex regulations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU introduces plan to strengthen consumer protection

The European Commission has unveiled the 2030 Consumer Agenda, a strategic plan to reinforce protection, trust, and competitiveness across the EU.

With 450 million consumers contributing over half of the Union’s GDP, the agenda aims to simplify administrative processes for businesses, rather than adding new burdens, while ensuring fair treatment for shoppers.

The agenda sets four priorities to adapt to rising living costs, evolving online markets, and the surge in e-commerce. Completing the Single Market will remove cross-border barriers, enhance travel and financial services, and evaluate the effectiveness of the Geo-Blocking Regulation.

A planned Digital Fairness Act will address harmful online practices, focusing on protecting children and strengthening consumer rights.

Sustainable consumption takes a central focus, with efforts to combat greenwashing, expand access to sustainable goods, and support circular initiatives such as second-hand markets and repairable products.

The Commission will also enhance enforcement to tackle unsafe or non-compliant products, particularly from third countries, ensuring that compliant businesses are shielded from unfair competition.

Implementation will be overseen through the Annual Consumer Summit and regular Ministerial Forums, which will provide political guidance and monitor progress.

The 2030 Consumer Agenda builds on prior achievements and EU consultations, aiming to modernise consumer protection instead of leaving gaps in a rapidly changing market.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Northamptonshire Police launches live facial recognition trial

Northamptonshire Police will roll out live facial recognition cameras in three town centres. Deployments are scheduled in Northampton on 28 November and 5 December, in Kettering on 29 November, and in Wellingborough on 6 December.

The initiative uses a van loaned from Bedfordshire Police and the watch-lists include high-risk sex offenders or persons wanted for arrest. Facial and biometric data for non-alerts are deleted immediately; alerts are held only up to 24 hours.

Police emphasise the AI based technology is ‘very much in its infancy’ but expect future acquisition of dedicated kit. A coordinator post is being created to manage the LFR programme in-house.

British campaigners express concern the biometric tool may erode privacy or resemble mass surveillance. Police assert that appropriate signage and open policy documents will be in place to maintain public confidence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU proposal sparks alarm over weakened privacy rules

The Digital Omnibus has been released by the European Commission, prompting strong criticism from privacy advocates. Campaigners argue the reforms would weaken long-standing data protection standards and introduce sweeping changes without proper consultation.

Noyb founder Max Schrems claims the plan favours large technology firms by creating loopholes around personal data and lowering user safeguards. Critics say the proposals emerge despite limited political support from EU governments, civil society groups and several parliamentary factions.

The Omnibus is welcomed by industry which have called for simplification and changes to be made for quite a number of years. These changes should make carrying out business activities simpler for entities which do process vast amounts of data.

The Commission is also accused of rushing (errors can be found in the draft, including references to the GDPR) the process under political pressure, abandoning impact assessments and shifting priorities away from widely supported protections. View our analysis on the matter for a deep dive on the matter.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Azure weathers record 15.7 Tbps cloud DDoS attack

According to Microsoft, Azure was hit on 24 October 2025 by a massive multi-vector DDoS attack that peaked at 15.72 terabits per second and unleashed 3.64 billion packets per second on a single endpoint.

The attack was traced to the Aisuru botnet, a Mirai-derived IoT botnet. More than 500,000 unique IP addresses, mostly residential devices, participated in the assault. UDP floods with random ports made the attack particularly potent and harder to spoof.

Azure’s automated DDoS Protection infrastructure handled the traffic surge, filtering out malicious packets in real time and keeping customer workloads online.

From a security-policy viewpoint, this incident underscores how IoT devices continue to fuel some of the biggest cyber threats, and how major cloud platforms must scale defences rapidly to cope.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Europe’s digital sovereignty advances through SAP’s new AI collaborations

SAP has announced new partnerships with Bleu, Capgemini, and Mistral AI to advance Europe’s digital sovereignty. The collaboration combines SAP’s expertise in enterprise software with France’s AI ecosystem to develop secure, scalable, and sovereign cloud solutions for governments and regulated sectors.

Bleu and Delos Cloud have established a Franco-German alliance focused on crisis resilience, creating joint capabilities for early detection, analysis, and remediation of cyber incidents. Their cooperation supports rapid response in extreme scenarios and reinforces control over critical infrastructure.

SAP and Capgemini are expanding their partnership to advance sovereign agentic AI and strengthen cybersecurity across Europe. Their new Sovereign Technology Partnership will deliver data management, cloud services, and automation tools for public and regulated sectors.

SAP and Mistral AI are also deepening their collaboration to create Europe’s first full sovereign AI stack. SAP will offer Mistral’s frontier models through its sovereign AI foundation on SAP BTP, while both companies co-develop industry-specific AI applications designed for engineering and R&D workloads.

These partnerships form part of SAP’s broader sovereign cloud strategy, backed by more than €20bn in investment. SAP states that its aim is to provide a secure, compliant, and locally controlled infrastructure that enables innovation while safeguarding European data, assets, and long-term technological independence.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UNESCO and SAP selected the AI system EDiSON for the Solomon Islands

SAP and UNESCO have agreed to deploy the AI-supported disaster management system EDiSON in the Solomon Islands.

The platform, created by SAP Japan and the start-up INSPIRATION PLUS, utilises the SAP Business Technology Platform with machine learning to merge real-time meteorological information with historical records, rather than relying on isolated datasets.

A system that delivers predictive insights that help authorities act before severe weather strikes. It anticipates terrain damage, guides emergency services towards threatened areas and supports decisions on evacuation orders.

The initiative aims to serve as a model for other small island states facing similar climate-related pressures.

UNESCO officials say the project strengthens early warning capacity and encourages long-term resilience. EDiSON will become operational in 2026 and aims to offer a scalable approach for nations with limited technical resources.

Its performance in Japan has already demonstrated how integrated data management can overcome fragmented information flows and restricted analytical tools.

The design of EDiSON enables governments to adopt advanced disaster preparedness systems instead of relying on costly, bespoke infrastructure. A partnership that seeks to improve national readiness in the Solomon Islands, where earthquakes, tsunamis, cyclones and floods regularly threaten communities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta wins antitrust case over monopoly claims

Meta has defeated a major antitrust challenge after a US federal judge ruled it does not currently hold monopoly power in social networking. The decision spares the company from being forced to separate Instagram and WhatsApp, which regulators had argued were acquired to suppress competition.

The judge found the Federal Trade Commission failed to prove Meta maintains present-day dominance, noting that the market has been reshaped by rivals such as TikTok. Meta argued it now faces intense competition across mobile platforms as user behaviour shifts rapidly.

FTC lawyers revisited internal emails linked to Meta’s past acquisitions, but the ruling emphasised that the case required proof of ongoing violations.

Analysts say the outcome contrasts sharply with recent decisions against Google in search and advertising, signalling mixed fortunes for large tech firms.

Industry observers note that Meta still faces substantial regulatory pressure, including upcoming US trials regarding children’s mental health and questions about its heavy investment in AI.

The company welcomed the ruling and stated that it intends to continue developing products within a competitive market framework.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

FCC set to rescind cyber rules after Salt Typhoon hack

The FCC is scheduled this week to vote on rescinding rules imposed in January that required major telecommunications carriers to secure networks from unauthorised access and interception under Section 105 of the Communications Assistance for Law Enforcement Act.

These measures were introduced after the Salt Typhoon cyber-espionage campaign exposed vulnerabilities in US telecom infrastructure.

Current FCC Chair Brendan Carr argues the prior policy exceeded the agency’s legal authority and did not offer flexible or targeted protections. The proposed reversal follows lobbying by major carriers who claim the rules could undermine partnership efforts between public and private sectors.

Lawmakers, including Maria Cantwell, ranking Democrat on the Senate Commerce Committee, have strongly opposed the move. They describe the Salt Typhoon campaign, attributed to Chinese-linked actors targeting numerous US carriers, as one of the most serious telecom breaches in US history, emphasising that loosening these rules could undermine national security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Chrome receives emergency update to fix high-severity zero-day flaw

Google has issued an emergency update to fix the seventh Chrome zero-day exploited in attacks this year. The flaw, tracked as CVE-2025-13223, is caused by a type confusion bug in the browser’s V8 JavaScript engine and was used in the wild before the patch was released.

The company says updates will roll out across the Stable Desktop channel in the coming weeks, though users can install the fix immediately by checking for updates in Chrome’s settings. Google is withholding technical details until most users have upgraded to avoid encouraging further exploitation.

The vulnerability was reported by a member of Google’s Threat Analysis Group and allowed attackers to trigger code execution or browser crashes through malicious HTML pages. It continues a pattern of high-severity zero-days discovered and patched throughout 2025.

Google stresses that prompt updates remain essential, as attackers often target unpatched systems. Automatic updates can help ensure that newly released fixes reach users quickly and reduce exposure to emerging threats.

Security experts also recommend enabling scheduled antivirus scans and using protective features, such as hardened browsers or VPNs. With multiple zero-days already patched this year, analysts say more are likely, and users should keep Chrome’s update settings enabled.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!