Portugal presents AMALIA as open European Portuguese language model

Portugal has presented AMALIA, its first open language model developed in European Portuguese, as part of a wider effort to strengthen national AI capacity and modernise the public sector.

Prime Minister Luís Montenegro said the project shows Portugal’s ability to develop advanced technology and contribute to Europe’s strategic autonomy.

AMALIA, short for Automatic Artificial Intelligence Multimodal Language Assistant, was developed by a consortium of Portuguese universities and research centres.

The project received an initial €5.5 million through Portugal’s Recovery and Resilience Facility, with a further €1.5 million planned for a new development phase in 2027.

Available as open code, AMALIA is intended to allow public administration bodies, companies, universities and research centres to develop their own applications.

The government says the model can support customer service, administrative process automation, knowledge management and decision-making across public services.

The AMALIA website says the project is designed to promote European Portuguese, preserve Portuguese cultural representation and support data sovereignty by enabling AI use in public administration without sensitive data leaving national territory.

The model is also expected to support use cases in education, culture and museums, media and science.

Why does it matter?

AMALIA addresses a gap in AI language infrastructure by focusing specifically on European Portuguese, a language variety often underrepresented or conflated with Brazilian Portuguese in multilingual AI systems. Open access also matters because it allows public bodies, universities and companies to adapt the model rather than relying only on closed commercial tools. The project fits a broader European debate on AI sovereignty, where governments are seeking domestic or regional capabilities in language models, data governance and public-sector AI infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Australia records highest data breach notifications since 2018

Australia recorded its highest annual number of data breach notifications in 2025 since mandatory reporting began in 2018, according to the Office of the Australian Information Commissioner.

The regulator received 1,205 notifications under the Notifiable Data Breaches scheme in 2025, an 8% increase from 1,112 in 2024.

Organisations covered by the Privacy Act must notify the OAIC of data breaches that are likely to result in serious harm to affected individuals.

Malicious or criminal activity remained the leading cause of reported breaches, accounting for 716 notifications. Cyber hacking continued to be the main cause of reported incidents.

Health service providers were the most affected sector, reporting 225 breaches, or 19% of the annual total. Financial services, Australian government agencies, business and professional associations, education providers and legal, accounting and management services were also among the most affected sectors.

The OAIC has released a new quick reference guide to help organisations assess potential breaches, decide whether notification is required and understand how to report incidents.

Privacy Commissioner of Australia, Carly Kind, said the threat posed by data breaches to Australian businesses and organisations is substantial and rising year on year.

The regulator’s latest privacy attitudes survey also found that data breaches remain the top privacy concern for Australians, with 82% expressing concern, up from 74% in 2023.

Why does it matter?

Rising breach notifications show that data protection is becoming a persistent operational and regulatory challenge for Australian organisations. The dominance of malicious activity and cyber hacking links privacy compliance directly to cybersecurity preparedness, especially in sensitive sectors such as health. OAIC’s new guide also signals a push towards faster, clearer breach assessment and notification, which matters for affected individuals as well as regulated entities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Stronger health data governance seen as key to trusted AI and digital health at WSIS Forum 2026

Strong legislative frameworks for health data governance are becoming essential to ensure that AI and digital health technologies remain trustworthy, equitable and rights-based, speakers said during a session at the WSIS Forum 2026.

The discussion brought together representatives from governments, international organisations, civil society and the private sector, who agreed that while AI and digital technologies are transforming healthcare, governance frameworks have not always kept pace. Speakers repeatedly argued that stronger legislation, greater international coordination and broader stakeholder participation will be necessary to build public trust and enable responsible data sharing across borders.

The session formed part of the WSIS Forum 2026, held in Geneva from 6 to 10 July. Co-organised by the International Telecommunication Union (ITU), UNESCO, UNDP and UNCTAD together with more than 50 UN organisations, the forum serves as one of the UN’s principal multistakeholder platforms for digital cooperation and sustainable development.

Trust begins with governance

Opening the discussion, Mathilde Forslund of Transform Health argued that health data has become the foundation of modern healthcare, powering everything from patient care and disease surveillance to AI innovation and health system planning.

However, she stressed that technological progress alone is insufficient.

‘Digital technologies and AI are transforming health systems rapidly, but these benefits will only be realised equitably and responsibly if governance keeps pace and public trust is maintained,’ she said.

Forslund argued that trusted governance requires legislation grounded in human rights, transparency and equity, alongside inclusive decision-making that informs citizens how their health data is collected, shared and protected. She also called for stronger national legal frameworks governing both health data and AI while encouraging greater regional and international alignment to prevent fragmented rules from undermining interoperability and cross-border cooperation.

Rather than starting from scratch, she noted that countries can already build on existing resources, including Transform Health’s Health Data Governance Principles, WHO guidance on AI, OECD recommendations and emerging regional initiatives such as the European Health Data Space (EHDS) and the Africa CDC’s work on continental health data governance.

National legislation provides legal certainty

Drawing on Zambia’s experience, Andrew Kashoka, Director of Information Technology at the Ministry of Health of Zambia, explained that governments increasingly recognise the need for legal certainty as digital health systems expand.

He argued that while policies and strategies provide direction, legislation ultimately establishes enforceable rights and obligations governing consent, privacy, accountability and access to health data.

‘Technology moves faster than policy and policy moves faster than legislation,’ Kashoka observed.

He described Zambia’s National Digital Health Strategy and the country’s participation in the WHO Global Initiative on Digital Health (GUIDE), noting that electronic health records, digital public infrastructure and AI all require strong legal foundations to maintain public confidence.

Kashoka also highlighted the Africa CDC’s continental health data governance framework, saying it provides African countries with shared principles that support legal interoperability, trusted cross-border collaboration, regional disease surveillance and responsible AI innovation.

Coordination, not policy, remains the biggest challenge

Several speakers suggested that governance challenges stem less from the absence of policies than from fragmented implementation.

Linda Bonyo, Founder of the Lawyers Hub and the Africa AI Policy Lab, argued that numerous organisations are already developing health data and AI governance initiatives, but often work independently with limited coordination.

She criticised the exclusion of parliaments and judicial institutions from governance discussions, arguing that legislators and courts play essential roles in creating and interpreting legal frameworks.

Bonyo also called for stronger institutional capacity, particularly among national data protection authorities that increasingly find themselves overseeing AI without sufficient technical expertise or financial resources.

She further highlighted practical barriers limiting African participation in international governance discussions, including visa restrictions and the high cost of attending Geneva-based meetings.

Summarising the challenge, Bonyo remarked that the problem is ‘not a policy problem… it’s implementation,’ urging countries to develop governance frameworks rooted in local realities rather than simply adopting foreign regulatory models.

Private sector and technical standards also matter

Representing the technical and private-sector perspective, Simão Ferraz de Campos Neto, Senior Counsellor at the International Telecommunication Union (ITU), argued that clearer rules and common technical standards are essential if health data is to be shared safely without discouraging innovation.

He noted that organisations frequently hesitate to share data not because they oppose collaboration, but because legal uncertainty creates concerns about liability.

Campos Neto called for interoperable technical standards, machine-readable datasets and standardised data-sharing agreements that could make trusted health data exchange significantly easier.

He also cautioned against treating AI as a single technology requiring uniform regulation.

Instead, he advocated proportionate, risk-based regulation that reflects the diversity of AI applications, while avoiding excessive regulatory burdens that could slow innovation.

Momentum builds towards global action

Closing the discussion, Jamal Alshanfari, Ambassador and Head of Oman Health office in Geneva, pointed to growing political momentum following discussions at the World Health Assembly, where member states expressed broad support for developing stronger global health data governance arrangements.

He identified four priorities for the next phase of work. The phases are expanding international consensus, strengthening national legislation and institutional capacity, providing practical implementation guidance, and ensuring that governments, civil society, academia, industry and end users all participate in shaping future frameworks.

Alshanfari also reminded participants that governance discussions should ultimately focus on those most affected by digital health technologies.

‘Everybody forgets about the end user,’ he said, stressing that trust depends on governance frameworks serving citizens as much as institutions.

In her closing remarks, Forslund said the discussion demonstrated encouraging progress across national, regional and global initiatives, while acknowledging that implementation remains the greatest challenge. She pointed to the upcoming World Health Assembly as an important opportunity to advance work on a possible global resolution on health data governance.

The session concluded with broad agreement that trusted AI in healthcare will depend not only on technological innovation but also on stronger legislation, greater international coordination, practical implementation, and governance frameworks that place citizens’ rights and public trust at their centre.

Track all key moments from the WSIS Forum 2026 on our dedicated WSIS page.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

MEPs to debate EU AI cybersecurity strategy

Members of the European Parliament are set to question the European Commission on its latest AI and cybersecurity proposals, including a new AI cybersecurity strategy expected to be unveiled on 7 July.

According to the European Parliament’s plenary newsletter, the Commission’s action plan is expected to include measures to help EU member states and companies address AI-related cybersecurity risks.

The strategy is also expected to strengthen Europe’s AI cybersecurity capabilities as policymakers examine how AI is reshaping both cyber threats and cyber defence.

The debate follows the European Commission’s welcome of the G7 cybersecurity declaration on strengthening global cyber resilience. Parliament is also considering two legislative proposals collectively referred to as the ‘Cybersecurity Act 2‘.

The proposals are expected to address issues including the NIS2 framework, the role of the EU Agency for Cybersecurity (ENISA), the EU cybersecurity certification framework and ICT supply chain security.

The debate is scheduled for 7 July, as part of a European Commission statement followed by parliamentary scrutiny.

Why does it matter?

The debate shows that AI-related cybersecurity risks are becoming part of the EU’s broader cyber resilience agenda. By linking AI policy with NIS2, ENISA, certification and supply chain security, the EU is preparing to treat AI not only as an innovation priority but also as a cybersecurity concern.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hong Kong launches AI privacy sandbox for schools

Hong Kong’s Office of the Privacy Commissioner for Personal Data and the Digital Policy Office have launched an AI privacy sandbox to support responsible AI adoption in schools.

The Safeguarding Personal Data AI Sandbox will provide a collaborative platform for schools exploring AI solutions while managing the risks to personal data protection.

The first phase will run for six months and select 15 school applicants. It is open to publicly funded primary and secondary schools, with applications accepted until 30 October 2026.

Selected schools will receive guidance from the Privacy Commissioner’s office on compliance with the Personal Data (Privacy) Ordinance.

They will also receive support from the Digital Policy Office on Hong Kong’s Generative Artificial Intelligence Technical and Application Guideline.

Cyberport, Hong Kong, and the Hong Kong Productivity Council will provide technical advice.

A briefing session for interested schools is scheduled for 28 August 2026.

Why does it matter?

Schools are increasingly exploring AI tools, but their use of student data creates specific privacy, safety and governance risks. Hong Kong’s sandbox offers a practical way to test AI adoption in education while giving schools regulatory and technical support. The initiative also shows how governments can move beyond broad AI principles by creating sector-specific support mechanisms for institutions that may lack in-house expertise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ITU showcases AI tools to strengthen digital trust

The International Telecommunication Union (ITU) has highlighted a new generation of AI researchers developing practical tools to strengthen digital trust, improve content authenticity and combat misinformation.

Ahead of the AI for Good Global Summit in Geneva, the Young Researcher Associate Programme is showcasing projects designed to improve multimedia authenticity, helping people identify manipulated content while supporting creativity and innovation in the age of generative AI.

The initiative operates under the AI and Multimedia Authenticity Standards Collaboration, established in 2024 by the World Standards Cooperation, which brings together the International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO) and the ITU.

The programme brings together early-career researchers from universities around the world to develop solutions addressing content authenticity, provenance and digital rights as AI-generated media becomes increasingly common online.

Three flagship projects illustrate the programme’s multidisciplinary approach. STOP&SCAN promotes critical thinking through a five-step framework that encourages people to assess the source, content and context of digital information before sharing it.

AMITO provides an AI-powered multimedia integrity toolkit through Telegram and WhatsApp, analysing suspicious images and videos while explaining its findings in plain language rather than simply labelling content as authentic or fake.

Meanwhile, the Policy-as-Code project maps AI-related regulations across jurisdictions, helping creators, businesses and policymakers understand how AI-generated content is regulated while laying the foundations for machine-readable compliance mechanisms.

The researchers will present their work at the AI for Good Global Summit on 9 July, demonstrating how technical innovation, behavioural science and regulatory frameworks can work together to build more trustworthy digital ecosystems. According to the ITU, strengthening digital trust requires collaboration across generations, disciplines and countries.

According to ITU, designing digital trust requires collaboration across generations, disciplines and countries to ensure AI strengthens rather than undermines confidence in online information.

Why does it matter?

As generative AI makes it easier to create convincing synthetic media, verifying the authenticity and provenance of digital content is becoming increasingly important for governments, businesses and the public. Technical tools alone are unlikely to solve the problem, making user education, common standards and transparent governance equally important.

The initiative also highlights the growing role of international standards organisations in shaping AI governance. By combining authenticity technologies, regulatory mapping and practical educational tools, the ITU and its partners are helping develop a shared foundation for trusted digital ecosystems that can operate across platforms and national borders.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Council of the EU backs interim rules on online child abuse detection

The Council of the European Union has adopted its position on interim legislation that would restore a legal basis for online service providers to voluntarily detect, report and remove child sexual abuse material (CSAM) from their platforms.

The proposal aims to restore legal certainty after the previous temporary framework expired on 3 April 2026, while negotiations continue on a permanent EU regulation to combat online child sexual abuse.

The interim regulation introduces a limited derogation from the EU’s electronic communications privacy rules, allowing online platforms to voluntarily detect child sexual abuse material and report suspected offences to law enforcement authorities.

According to the Council, these voluntary measures are essential for identifying children at risk, supporting criminal investigations, prosecuting offenders and reducing the circulation of child sexual abuse material online.

The Council proposes extending the temporary framework until 3 April 2028 to avoid a prolonged legal gap while negotiations continue on the long-term Child Sexual Abuse Regulation.

Irish Minister for Justice, Home Affairs and Migration Jim O’Callaghan said restoring providers’ ability to detect online child sexual abuse is essential to protecting victims and bringing offenders to justice. The proposal will now move to the European Parliament for a second reading, where MEPs may approve, amend or reject the Council’s position.

If adopted, the measure would restore the legal basis for voluntary detection activities while policymakers continue negotiations on a permanent framework governing the detection of child sexual abuse material across digital services in the European Union.

Why does it matter?

The proposal addresses a legal gap that emerged after the previous temporary framework expired, creating uncertainty for online platforms that voluntarily detect and report child sexual abuse material. Restoring a clear legal basis would allow providers to continue supporting law enforcement while longer-term legislation is negotiated.

The debate also reflects the EU’s continuing effort to balance child protection with privacy and fundamental rights. While the interim proposal focuses on voluntary detection, negotiations on a permanent framework are expected to continue raising questions about the appropriate balance between online safety, privacy and the responsibilities of digital platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Microsoft Defender adds protection for local AI agents

Microsoft has announced new Defender capabilities designed to help organisations secure local AI agents and Model Context Protocol servers across enterprise environments.

The company said Microsoft Defender can now discover more than 25 types of local AI agents and MCP servers across managed Windows and macOS devices.

Microsoft said the feature also provides runtime protection when developers use coding agents such as GitHub Copilot CLI or Claude Code. According to the company, Defender can detect and block prompt injection attempts before a malicious action is executed.

Security teams can investigate AI agent exposure through Advanced Hunting. Microsoft said the local AI agent capabilities are currently in preview.

The update reflects a broader shift in enterprise security as organisations deploy AI agents, coding tools and MCP servers inside development and productivity workflows.

Microsoft also announced Codename MDASH, a private-preview multi-model agentic scanning system designed to discover, validate and help remediate software vulnerabilities. The company said MDASH can route validated issues into Microsoft Defender workflows and engineering pipelines.

Other June security updates include Microsoft Entra Backup and Recovery, expanded multicloud coverage in Defender for Cloud, new database threat protection for open-source relational databases on AWS RDS, Microsoft Purview customisable reports and a unified identity risk score.

Why does it matter?

AI agents are becoming part of enterprise infrastructure, which means they also become part of the attack surface. Local coding agents, MCP servers and agentic development tools can interact with files, code, credentials and internal systems. Microsoft’s update shows end point security expanding beyond traditional malware detection towards prompt injection, agent exposure and AI-driven development workflows. It also reflects a wider trend: security teams will need visibility and controls for AI systems deployed inside organisations, not only for cloud-hosted models.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UNESCO report calls for regional approach to digital platform regulation

A UNESCO report has called for a more coordinated regional approach to digital platform regulation in Mexico, Central America and the Caribbean, warning that existing legal frameworks are struggling to keep pace with the risks posed by online platforms.

The report, ‘The Regulation of Digital Platforms in Mexico, Central America and the Caribbean: From Diagnosis to a Roadmap for Action‘, examines Costa Rica, El Salvador, Guatemala, Honduras, Mexico, Panama and the Dominican Republic. It assesses how national legal frameworks align with UNESCO’s Guidelines for the Governance of Digital Platforms.

The report finds that all seven countries provide constitutional protections for freedom of expression, privacy and safeguards against prior censorship. However, most still lack comprehensive rules for digital intermediaries and robust personal data protection frameworks, with Mexico and Panama identified as partial exceptions.

According to UNESCO, these regulatory gaps have encouraged sector-specific, reactive or punitive measures rather than the shared responsibility, transparency and accountability model promoted in its guidelines. The report also highlights concerns about regulatory independence, noting that some oversight bodies remain subordinate to executive authorities.

Electoral integrity is identified as a major concern. The report says social media platforms, microtargeting and generative AI have outpaced the capacity of many electoral authorities, increasing exposure to disinformation and manipulation. Panama is highlighted as an exception because it has criminalised large-scale manipulation through bots and deepfakes.

The roadmap recommends shifting regulation away from individual content moderation towards oversight of platform systems, algorithms, transparency and risk management. It also calls for moderation practices that better reflect local languages, cultures and indigenous communities.

The report concludes that countries in the region have limited bargaining power when dealing individually with major technology companies. It recommends stronger regional cooperation, including negotiating blocs, and suggests using banking and tax authorities to improve oversight of advertising revenues, monetisation and other platform-related economic activity.

Why does it matter?

The report argues that effective digital platform governance requires regional cooperation rather than fragmented national approaches. For many smaller countries, limited regulatory capacity and bargaining power make it difficult to influence the practices of global technology companies or address cross-border challenges such as disinformation, algorithmic transparency and AI-enabled manipulation.

The recommendations also reflect a broader shift in platform regulation. Instead of focusing primarily on individual pieces of content, UNESCO advocates greater oversight of platform design, algorithms, transparency and systemic risks, aligning with emerging international approaches to digital governance.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

US House of Representatives passes Kids Internet and Digital Safety Act

The US House of Representatives has passed the Kids Internet and Digital Safety Act in a bipartisan 267-117 vote, advancing a broad package that combines 14 online child safety proposals into a single piece of legislation.

The legislation includes provisions requiring AI chatbots to remind users they are not human, provide mental health resources, encourage regular breaks and avoid promoting potentially harmful topics. Lawmakers also removed the original Kids Online Safety Act’s proposed ‘duty of care’ provision after concerns it could lead to censorship, a decision criticised by several senators who co-authored the earlier bill.

Critics, including digital rights organisations and several lawmakers, argue the legislation weakens existing protections and does not go far enough in holding technology companies accountable. The Electronic Frontier Foundation warned that compliance could encourage widespread age verification, potentially requiring users to submit personal information and raising concerns about privacy and freedom of expression.

Supporters reject those criticisms, arguing that the bill does not explicitly require age verification but instead strengthens safeguards for minors and expands parental controls. The legislation now moves to the Senate, where it is expected to face further scrutiny.

Why does it matter?

The legislation represents one of the most comprehensive federal efforts to strengthen online child safety in the United States. Its inclusion of AI chatbot requirements reflects growing recognition that conversational AI introduces new risks for younger users that existing online safety frameworks were not designed to address.

At the same time, the bill highlights the continuing challenge of balancing child protection with privacy and freedom of expression. As it moves to the Senate, debate is likely to focus on whether stronger platform accountability can be achieved without expanding age verification requirements or creating incentives for broader online censorship.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot