European Commission launches consultation on data sovereignty

The European Commission has launched a targeted consultation on data sovereignty, seeking feedback on challenges affecting EU organisations, cross-border data flows and strategic data dependencies.

The consultation targets stakeholders across the data value chain and a range of economic sectors. It seeks input on data-related dependencies, including barriers to accessing or using data in third countries, obstacles to transferring data into the EU, and risks associated with third-country access to sensitive data.

The European Commission supports the Data Union Strategy adopted in November 2025, which aims to strengthen the EU’s data sovereignty and reinforce its position in international data flows.

The initiative is also linked to the European Tech Sovereignty Package, which covers semiconductors, AI, cloud computing and open-source technologies. According to the Commission, these measures are intended to strengthen Europe’s digital autonomy and support its ambition to become an AI continent.

The consultation will remain open until 8 September 2026 at 23:59 CEST.

Why does it matter?

The consultation reflects the EU’s growing view that data sovereignty is both an economic competitiveness issue and a matter of strategic security. By examining cross-border data flows, third-country access and data dependencies, the Commission is seeking to reduce vulnerabilities while preserving trusted international data exchanges.

The exercise also highlights how data governance is becoming a central pillar of the EU’s broader technology sovereignty agenda. The feedback received could help shape future policies on cloud services, AI, digital infrastructure and international data transfers as Europe seeks to balance openness with greater strategic autonomy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EDPB adopts GDPR guidance for AI, blockchain and anonymisation

The European Data Protection Board (EDPB) has adopted new guidelines on anonymisation, web scraping for generative AI, and the use of blockchain technologies under the General Data Protection Regulation (GDPR). The measures aim to provide organisations with greater regulatory clarity while protecting individuals’ personal data rights.

The anonymisation guidelines set out criteria for determining when data can be considered anonymous, focusing on whether individuals can be isolated, linked to other datasets or reidentified through inference. The framework is intended to help organisations assess when data can be used without identifying individuals.

The web scraping guidance outlines the GDPR obligations associated with collecting online data to train generative AI models. The EDPB emphasises transparency, purpose limitation, data accuracy and data minimisation, while noting that processing sensitive personal data requires additional legal safeguards.

The Board also adopted its blockchain guidelines following public consultation, explaining how different blockchain architectures may affect GDPR compliance. The recommendations are intended to help organisations deploy blockchain technologies while addressing privacy challenges associated with decentralised data processing.

Why does it matter?

The EDPB’s guidance provides greater legal certainty for organisations developing AI and blockchain applications in Europe. As generative AI increasingly relies on large-scale data collection and blockchain adoption continues to expand, clearer GDPR expectations could shape how organisations collect, process and protect personal data.

The guidance also illustrates how European regulators are adapting long-standing data protection rules to emerging technologies without creating separate privacy frameworks for each new innovation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

UK Treasury highlights economic value of cyber resilience

HM Treasury has published a report arguing that cyber resilience in financial services should be treated as a strategic capability rather than simply a compliance requirement or technical cost.

The report, The Value of Resilience: Cyber Resilience in Financial Services, brings together evidence on the economic and operational value of resilience, focusing on the growing impact of cyber disruption across the financial sector.

The report argues that cyber risk has intensified as financial institutions become more dependent on digital infrastructure, third-party providers, cloud services and shared technologies. It cites the Bank of England’s 2026 H1 Systemic Risk Survey, in which 82% of UK banks, insurers and asset managers identified cyberattacks as one of the financial system’s a top five risks.

HM Treasury also cites National Cyber Security Centre data showing a sharp rise in nationally significant cyber incidents during 2024–25. Highly significant incidents increased by 50% year on year, while nearly half of all incidents handled by the NCSC met the threshold for national significance.

The financial impact can be considerable. KPMG Cyber Risk Insights modelling cited in the report estimates plausible worst-case annual ransomware losses of more than £230 million for mid-sized financial firms and around £466 million for large institutions, illustrating how average loss estimates can underestimate severe but plausible cyber events.

Beyond direct financial losses, the report links major cyber incidents to operational disruption, reputational damage, lost revenue and reduced investor confidence, noting that affected firms may underperform the market for a year or longer.

At the same time, HM Treasury argues that stronger cyber resilience can reduce both the likelihood and impact of disruption through earlier detection, faster containment, more effective escalation procedures, recovery planning, service prioritisation and fallback arrangements.

The report also presents resilience as a driver of growth rather than simply a defensive measure. Citing Accenture research, it argues that highly resilient organisations generate faster revenue growth, achieve stronger profit margins and are better positioned to modernise systems, adopt AI and pursue digital transformation without disruption undermining progress.

Why does it matter?

The report reframes cyber resilience as a source of competitive advantage rather than simply a risk management function. For financial institutions, stronger resilience is presented not only as a way to protect customers and market confidence, but also as an enabler of AI adoption, digital transformation and long-term business performance.

The findings also reflect a broader shift in cyber policy. As financial services become increasingly dependent on cloud infrastructure, AI and interconnected digital ecosystems, regulators are treating operational resilience as a strategic capability that underpins both financial stability and economic growth.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Parliament updates Digital Agenda for Europe factsheet

The European Parliament has updated its factsheet on the Digital Agenda for Europe, outlining how the EU’s digital policy has shifted from setting strategic goals to implementing rules on platforms, data, digital identity, AI and cybersecurity.

The factsheet says digital platforms and emerging technologies continue to reshape how Europeans work, communicate, shop and learn. Since 2024, the EU has focused on implementing legislation designed to strengthen digital security, promote fair competition and support digital sovereignty alongside the green transition.

The updated overview of the Digital Agenda for Europe situates current policy within a longer trajectory, from the 2010 Digital Agenda and the 2015 Digital Single Market strategy to the 2030 Digital Compass and the Digital Decade framework. Together, these initiatives set targets for digital skills, public services, business transformation and resilient digital infrastructure.

The document highlights several core policy areas. On data, it points to the EU’s framework built around the GDPR, the Data Governance Act and the Data Act. On AI, it notes that the AI Act has been in force since August 2024, with its provisions applying in stages under the oversight of the EU AI Office.

The factsheet also identified the Digital Services Act (DSA) and Digital Markets Act (DMA) as key pillars of the EU’s digital single market. It notes that the DSA has applied in full since February 2024, while DMA enforcement intensified in 2025 with the first fines imposed on designated gatekeepers.

Cybersecurity is another major focus. The document highlights the expanded scope of the NIS2 Directive, the Cyber Resilience Act, which entered into force in December 2024, and the Cyber Solidarity Act, aimed at strengthening EU-wide cyber detection and incident response.

The update also highlights digital identity, interoperability, platform work, media freedom, digital education and infrastructure resilience as continuing priorities within the EU’s broader digital policy agenda.

Why does it matter?

The update illustrates how the EU’s digital strategy has entered a new phase focused on implementation rather than legislation. With most of its major digital laws now in force, attention is shifting from adopting new rules to enforcing them consistently across member states and ensuring they deliver tangible results.

That shift is significant because the success of the EU’s digital agenda will increasingly be judged by its practical impact on competition, cybersecurity, AI governance, digital sovereignty and the functioning of the single market, rather than by the number of new regulatory initiatives.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UN explores how AI can scale human rights implementation

Digital tools and AI can help governments turn thousands of human rights recommendations into concrete action, but only if technology remains firmly guided by human expertise and institutional cooperation, speakers concluded during a WSIS Forum 2026 session on scaling digital tools for human rights monitoring.

The discussion brought together representatives from Costa Rica, the Office of the UN High Commissioner for Human Rights (OHCHR), academia, and civil society to examine how digital platforms, AI-assisted analysis, and improved data management can enhance the implementation of recommendations issued by UN human rights mechanisms.

Costa Rica shares experience with recommendation tracking

Opening the discussion, Domenico Zipoli, Head of Programmes at the Geneva Human Rights Hub, noted that governments receive thousands of recommendations every year from treaty bodies, the Universal Periodic Review (UPR), special procedures, and regional mechanisms, making implementation increasingly difficult without digital support.

Costa Rica’s Roberto Cespedes, Chargé d’Affaires at the country’s mission to the UN in Geneva, explained how the National Recommendations Tracking Database (NRTD) has transformed the country’s follow-up process.

Costa Rica established its National Mechanism for Implementation, Reporting and Follow-up (NMIRF) in 2011, bringing together ministries, parliament, the judiciary, and the national human rights institution. However, for years, the mechanism lacked an effective technological platform capable of managing recommendations from multiple international processes.

‘The database has significantly improved visibility of recommendations across institutions,’ Cespedes said.

He highlighted the tool’s ability to cluster recommendations by topic, enabling ministries to identify shared responsibilities and collaborate more effectively. Rather than working in isolation, institutions increasingly recognise the need for coordinated implementation.

Costa Rica is also working to expand access beyond government. Cespedes said civil society organisations are expected to gain direct access to the platform, allowing them to monitor implementation, provide feedback, and strengthen transparency.

OHCHR: AI can assist, but humans remain indispensable

Presenting the UN perspective, Marie Eve Boyer, Human Rights Officer at OHCHR, explained that the NRTD was developed to address the fragmentation of international human rights recommendations.

Built on the Universal Human Rights Index, the platform enables governments to consolidate recommendations, assign responsibilities across ministries, monitor progress, and prepare reports more efficiently.

Boyer noted that 20 countries are already using the NRTD, while another 40 are waiting for deployment.

She argued that AI has significant potential to support implementation by identifying relevant information, clustering recommendations, highlighting data gaps, and scaling reporting processes. However, she stressed that technology cannot replace human judgement.

‘AI can help process information, but it cannot understand the reality experienced by communities,’ she said, adding that contextual expertise remains essential when assessing whether recommendations have genuinely been implemented.

She also warned against viewing digital tools as substitutes for strong institutions, arguing that successful implementation depends on sustained human engagement alongside technological innovation.

Generative AI opens new possibilities for legal experts

Offering an academic perspective, Lukasz Szoszkiewicz, Assistant Professor at Adam Mickiewicz University in Poznań, demonstrated several prototype tools built using natural language processing and generative AI.

His projects include searchable databases of UN treaty body jurisprudence, analytical dashboards for the Universal Human Rights Index, and paragraph-level search tools for European Court of Human Rights decisions.

Szoszkiewicz argued that generative AI is fundamentally changing software development by enabling lawyers, researchers, and other domain experts to build specialised digital tools themselves rather than relying solely on IT teams.

‘Domain experts now have the possibility to develop tools that match exactly what they need,’ he explained.

He also addressed concerns about AI hallucinations, recommending that large language models be used primarily to generate deterministic software code rather than directly analysing sensitive datasets. This approach, he said, produces more reliable and verifiable results while reducing the likelihood of inaccurate outputs.

Better data still needed to measure real-world outcomes

Audience interventions highlighted persistent challenges surrounding data availability and measuring whether human rights recommendations actually improve people’s lives.

Representatives from civil society organisations working on torture prevention and disability rights pointed to the difficulty of obtaining reliable outcome data, particularly in countries where governments do not systematically publish relevant information.

Responding to these concerns, Boyer said OHCHR is exploring minimum datasets that could help governments monitor implementation more consistently while aligning human rights indicators with the Sustainable Development Goals.

Cespedes added that AI could eventually help governments identify positive actions that officials may not even realise correspond to international recommendations, making implementation more visible and easier to document.

Throughout the session, speakers agreed that AI and digital platforms should be viewed as tools to strengthen human rights implementation rather than replace human oversight. They concluded that meaningful progress will depend on better data, stronger institutional cooperation, and continued collaboration between governments, international organisations, academia, and civil society.

Track all key moments from the WSIS Forum 2026 on our dedicated WSIS page.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

ECB urges banks to prepare for AI cyber threats

The European Central Bank has called on major euro area banks to prepare action plans to address AI-enabled cybersecurity threats.

In a letter to bank CEOs, ECB Banking Supervision said emerging AI models can identify software vulnerabilities and generate functioning exploits at unprecedented speed.

The ECB warned that AI is compressing the time between vulnerability discovery and exploitation, with potentially serious implications for the confidentiality, integrity and resilience of banks’ ICT systems.

The central bank said the change is a long-term shift in the threat landscape, not a temporary risk linked to a single tool.

Banks have been asked to submit action plans to their Joint Supervisory Teams by 31 October 2026.

The plans should set out concrete measures, resources, roles, responsibilities and implementation timelines for strengthening cyber resilience.

Short-term priorities include faster vulnerability and patch management, stronger monitoring and detection, AI-enabled defensive capabilities and updated third-party risk management.

The ECB also called for structural measures such as defence-in-depth, improved cyber hygiene, infrastructure modernisation, crisis management, recovery arrangements and information-sharing.

The letter follows a European Systemic Risk Board warning about systemic cyber risks posed by frontier AI models.

ECB Banking Supervision also said it will address cybersecurity risks linked to quantum computing in a separate letter.

Why does it matter?

The ECB letter turns AI-enabled cyber risk into a concrete supervisory issue for major euro area banks. If AI accelerates vulnerability discovery and exploit generation, banks will face shorter windows for patching, detection and response. The focus on third-party providers and supply chains is also important because financial institutions depend heavily on external ICT services. The ECB’s approach links AI cyber threats with DORA-style operational resilience, showing that advanced AI is now part of mainstream financial supervision.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Viber brings ChatGPT into its messaging app

Rakuten Viber has launched ChatGPT-powered tools inside its messaging app through a new partnership with OpenAI.

The integration allows users to ask questions in a dedicated ChatGPT chat or tab, mention @ChatGPT in supported private and group chats, summarise conversations and shared links, polish draft messages, translate messages and remix images.

Viber said most tools are available after users update the app, without requiring ChatGPT registration.

Image Remix requires users to log in to ChatGPT within Viber or create a free account. OpenAI says availability may vary by region, app version, account and chat type.

The privacy model depends on the feature used. Viber says its core messaging features remain protected by end-to-end encryption, while ChatGPT-powered tools are activated only when users choose to use them.

When a ChatGPT-powered feature is used, Viber sends OpenAI the information needed to process that request. Depending on the feature, that may include selected messages, drafts, images, prompts, link content, messages that mention @ChatGPT, timestamps, approximate location and a Viber-generated hashed user ID.

OpenAI says data sent from ChatGPT-powered features in Viber personal and group chats is not used to train its models, except for conversations in the ChatGPT tab.

If a user connects a ChatGPT account, activity may be associated with that account and handled under OpenAI’s standard retention and data settings.

Why does it matter?

The launch brings generative AI into everyday messaging, moving ChatGPT from a separate assistant into conversations, links, drafts, translations and images. That makes AI tools more accessible, but also creates a more complex privacy model. Users need to understand when messages remain inside an end-to-end encrypted chat and when selected content is sent to OpenAI for processing. For messaging platforms, the key governance challenge is adding useful AI features while preserving user control, clear consent and transparent data handling.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Finland opens consultation on platform work legislation implementing EU rules

Finland’s Ministry of Economic Affairs and Employment has opened a public consultation on a draft Platform Work Act that would transpose the EU Platform Work Directive into national law.

The consultation runs from 8 July to 28 August 2026.

A tripartite working group with representatives from government ministries, employer organisations, trade unions and occupational safety authorities prepared the draft act. The group did not reach a unanimous position.

The proposed act would introduce a legal presumption of an employment relationship for people working through digital labour platforms.

Its purpose is to make it easier to determine whether platform workers are employees or self-employed by shifting the burden of proof from the worker to the platform company.

The proposal also includes measures to increase transparency in algorithmic management, including automated decision-making and monitoring systems.

It would strengthen the protection of platform workers’ personal data and require the impact of automated systems to be considered when safeguarding workers’ health and safety.

Occupational safety and health authorities would be able to impose fines on platform companies and intermediaries that breach the rules. The draft also includes a prohibition on reprisals.

Additional national rules would require platform companies to verify workers’ identities and take reasonable steps to ensure contractual terms are appropriate.

The act is intended to enter into force on 2 December 2026 and would apply to platform work carried out in Finland, regardless of where the digital labour platform is established.

Why does it matter?

Finland’s proposal shows how the EU member states are beginning to turn the Platform Work Directive into national rules. The draft addresses two central issues in the gig economy: employment status and algorithmic management. By shifting the burden of proof to platform companies and increasing transparency around automated decision-making, the proposal could give workers stronger protections while forcing platforms to document how their systems manage work, data and safety.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UN AI dialogue urges human rights to become the foundation of AI governance

Human rights must move from the margins to the centre of AI governance if societies are to harness AI without undermining democracy, equality and public trust, speakers argued during the fourth thematic discussion of the UN Global Dialogue on AI Governance.

Bringing together governments, UN agencies, civil society, academia and industry, the session examined how AI systems can better respect human rights through stronger transparency, accountability and human oversight. Participants agreed that AI governance should be grounded in international human rights law throughout the entire AI lifecycle, from design and development to deployment and oversight.

AI deserves the same safeguards as medicines

UN High Commissioner for Human Rights Volker Türk opened the discussion by comparing AI regulation to the approval process for new medicines. Drugs undergo years of testing before reaching patients, he noted, yet AI systems are being deployed at unprecedented speed despite already contributing to mass surveillance, online disinformation, discrimination and growing risks to children.

Türk rejected the notion that regulation inevitably slows innovation, arguing instead that robust safeguards enable societies to trust new technologies. International human rights law, he said, already provides a binding framework for addressing issues such as privacy, equality, non-discrimination and access to justice, and should guide AI governance rather than being treated as an afterthought.

He also stressed that human oversight must be meaningful rather than symbolic, with clearly identified individuals empowered to intervene or halt AI systems when necessary. Summarising his vision for responsible innovation, Türk contrasted the technology industry’s pursuit of ‘bigger, faster, better’ with what he described as a more appropriate goal: ‘smarter, kinder, wiser.’

Women and children bear disproportionate AI risks

The first panel focused on how AI is amplifying existing inequalities, particularly for women, children and other vulnerable groups.

UN Women Executive Director Sima Bahous presented evidence showing that 44% of assessed AI systems exhibit gender bias, while up to 99% of online sexual deepfakes target women. She also noted that women remain significantly underrepresented in AI development, with only a minority of national AI strategies explicitly addressing gender equality.

Bahous argued that governments remain the primary duty bearers under international human rights law and called for mandatory human rights impact assessments before and after AI deployment, alongside the meaningful participation of women, indigenous communities, disability advocates and civil society in AI governance.

Sonia Livingstone, a member of the Independent International Scientific Panel on AI, highlighted growing evidence that AI-generated child sexual abuse material is increasing rapidly and warned that many AI companion systems currently fail basic child safety standards. Rather than excluding young people from digital technologies, she argued, policymakers should ensure that children’s rights to participation, education and expression remain protected while embedding safeguards into AI systems from the outset.

Agentic AI raises new accountability challenges

Speakers also warned that increasingly autonomous AI systems are exposing significant legal and governance gaps.

Morocco’s Minister Delegate Amal El Fallah Seghrouchni described agentic AI as one of the most important governance challenges of the coming decade. As AI systems increasingly rely on networks of autonomous agents making decisions without direct human instruction, identifying responsibility when something goes wrong becomes considerably more difficult.

She proposed several practical measures, including documenting the actions of AI agents throughout decision-making processes, ensuring that a clearly identifiable human remains responsible for AI-enabled public services, and guaranteeing timely avenues for redress when individuals are harmed.

Samuel Arias Arzeno, Judge of the Supreme Court of the Dominican Republic, similarly argued that governance only becomes meaningful when someone believes an AI system has violated their rights and seeks justice. Courts, he said, must remain central institutions for ensuring that AI-assisted decisions remain subject to human accountability.

Rights protections should not depend on geography

A recurring concern throughout the discussion was that meaningful human rights protections are often applied unevenly across different regions.

Digital Rights Foundation founder Nighat Dad argued that robust human rights due diligence is largely conducted only where legislation requires it, particularly in Europe, while identical AI systems may be deployed elsewhere without comparable safeguards. She described this as a structural choice rather than a capacity gap, creating what she called a ‘two-tier’ human rights regime.

Dad called for mandatory gender and child rights impact assessments before deployment, consistent due diligence obligations across all markets where AI systems operate, and repeated assessments whenever AI capabilities change significantly.

Alvitta Ottley, also a member of the Independent Scientific Panel on AI, highlighted what she described as an ‘evaluation mismatch’. Current AI assessments often measure technical performance such as speed and accuracy, she explained, while policymakers and societies are instead asking whether AI protects human rights, strengthens accountability and improves people’s lives. Closing this evidence gap will require interdisciplinary research and much stronger evaluation of AI’s long-term societal impacts.

UN Assistant Secretary-General for Youth Affairs Felipe Paullier added that young people remain among AI’s most active users and innovators, yet rarely participate in decisions shaping the technology’s future. He urged governments to create meaningful opportunities for youth participation within national AI governance frameworks.

Global South voices call for more inclusive governance

Audience interventions reinforced the need for AI governance that is genuinely inclusive rather than shaped primarily by a handful of countries and companies.

Brazil highlighted its Digital Statute for Children and Adolescents, which requires child protection measures to be incorporated from the design stage and restricts platform features that encourage excessive use. Poland pointed to the Council of Europe Framework Convention on AI as an important legally binding instrument placing AI within the broader framework of human rights, democracy and the rule of law, while the Republic of Korea presented its AI Basic Act, which requires human rights assessments for high-impact AI systems.

Civil society organisations called for stronger global action. Access Now urged governments to establish binding human rights safeguards and prohibit AI applications that pose unacceptable risks, while the Association for Progressive Communications argued that communities should be viewed as ‘the first mile, not the last mile’ of AI governance, emphasising that meaningful connectivity and local participation remain prerequisites for equitable AI development.

In the closing discussion, co-chair Linda Bonyo highlighted another overlooked barrier to inclusive governance: many Global South experts remain unable to participate in international discussions because of restrictive visa processes, illustrating that exclusion from AI governance can begin long before negotiations start.

Closing the session, Spain’s Minister for Digital Transformation and Public Service Óscar López Águeda acknowledged that governments are already behind the pace of technological change but insisted the direction ahead is clear. AI governance, he argued, is ultimately about defending democracy, human dignity and human agency, ensuring that AI helps societies become better rather than simply more technologically advanced.

Track all key moments from the Global Dialogue on AI Governance inaugural meeting on our dedicated page.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Europol denies bypassing EU data protection rules

Europol has rejected allegations that it operated a ‘secret’ or ‘shadow’ database outside the EU data protection rules.

In a new fact-check, the agency said recent reports misrepresented two long-established operational environments used to support digital investigations and online information analysis.

Europol said its Computer Forensic Network is used to analyse complex digital evidence securely in support of criminal investigations.

It also said the Internet-Facing Operational Environment is used to collect and triage publicly available online information before relevant material is transferred to Europol’s operational systems in accordance with applicable legal requirements.

The agency said neither environment was created to bypass oversight or data protection obligations.

Europol also published a timeline showing that both systems have existed for many years and have evolved alongside changes to its legal framework, governance and supervisory arrangements.

The agency said it has worked with the European Data Protection Supervisor on governance improvements, technical modernisation and safeguards, including after regulatory changes introduced in 2022.

Europol said public debate on law enforcement and privacy should be based on accurate descriptions of operational systems and their oversight.

Why does it matter?

The dispute highlights the tension between law enforcement’s need to process large volumes of digital evidence and the privacy safeguards required under the EU law. Europol’s response is important because operational data systems used in cybercrime, terrorism and serious organised crime investigations can affect fundamental rights if oversight, retention and access rules are unclear. The case also shows why transparency about investigative infrastructure matters for public trust, especially as law enforcement agencies modernise their data-processing capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!