EU orders Google to open Android AI features

The European Commission has issued two sets of binding measures under the Digital Markets Act requiring Google to improve competition in AI assistants and online search.

The first decision requires Google to give competing AI services access to 11 key Android features on terms equivalent to those available to its own services, including Gemini.

Users will be able to activate their preferred AI assistant via voice commands and have it to perform tasks across apps, such as sending messages, booking services, or retrieving contextual information.

Alternative providers will also gain access to features covering device context, background execution, on-device models, system integration and automated actions, subject to user consent and security safeguards.

Google must implement most of the measures in Android 18 and no later than 1 August 2027. Concurrent voice activation for multiple AI assistants must be introduced with Android 19 by August 2028.

The second decision requires Google to share anonymised search data with eligible third-party search engines, including AI chatbots that provide online search functions.

The data may include queries, rankings, clicks and views that Google uses to improve its own search service. Recipients may use it to develop search technology, improve retrieval and ground AI-generated answers in current online information.

The measures do not require Google to share its search algorithms, and recipients cannot use the data to train general-purpose AI models or for advertising and consumer profiling.

Google must also establish a transparent application process and a pricing model based primarily on the costs of providing access.

The Commission said the measures are intended to expand consumer choice and prevent Google’s advantages in Android and search from limiting competition in AI services.

Why does it matter?

The decisions apply established DMA interoperability and data-access rules directly to the emerging AI market. Rival assistants could gain deeper access to Android, while search providers and AI chatbots may use Google’s data to improve retrieval and compete more effectively. The measures could lower barriers created by control over operating systems and search data, although implementation will require careful protection of privacy, cybersecurity and commercially sensitive information.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

UK publishes government data breach response framework

The UK government has published a Model Action Plan establishing a coordinated approach for responding to significant personal data breaches across government departments and arm’s-length bodies.

The plan prioritises the wellbeing, privacy, safety and legal rights of people affected by personal data breaches. It also introduces mandatory central reporting to help identify systemic weaknesses, analyse incident trends and share lessons across government.

A breach may be considered significant if it creates a risk of serious harm to large numbers of people, affects vulnerable or high-profile individuals, threatens national security or critical infrastructure, involves multiple organisations, or could cause major financial, operational or reputational damage.

The framework is organised into four response phases, beginning with preparation before an incident occurs. Organisations are expected to maintain response plans, clear escalation procedures, information asset registers and defined responsibilities, while ensuring suppliers report suspected breaches within 12 to 24 hours. Departments should also prepare alternative communication channels, notification templates and evidence preservation procedures.

The government recommends regular testing of response plans, including annual tabletop exercises, to ensure organisations can make timely decisions and meet the statutory 72-hour reporting deadline.

During the first 24 hours after identifying a significant breach, organisations should contain the incident, assess its severity and escalate it internally. Where the significance threshold is met, departments must activate crisis response arrangements and appoint a senior incident manager.

Breaches meeting the statutory threshold must be reported to the Information Commissioner’s Office within 72 hours, with the government stressing that an incomplete report submitted on time is preferable to a complete report filed late.

Departments must also notify relevant government bodies, including the Government Security Group, the Government Data Protection team and, where appropriate, the Government Cyber Coordination Centre and National Cyber Security Centre.

Significant incidents reported to the ICO must also be reported centrally to support government-wide analysis and annual public reporting.

Where a breach poses a high risk to individuals, affected people should generally be informed directly and told what happened, the likely consequences and available support. The guidance stresses that protecting affected individuals should take priority over limiting reputational damage and notes that organisations may need to provide helplines, identity monitoring or welfare support.

After an incident, organisations must conduct a comprehensive review, update their breach registers and report lessons and mitigation progress quarterly. The aim is to ensure that findings lead to practical reforms rather than being recorded without further action.

Why does it matter?

The action plan reflects a shift from treating data breaches primarily as compliance incidents towards managing them as coordinated public-sector resilience challenges. Standardised reporting, preparedness exercises and shared lessons could help government organisations respond more consistently while reducing the impact on affected individuals.

The framework also reinforces the principle that effective breach management extends beyond regulatory reporting. By prioritising support for affected people and requiring continuous organisational learning, the government is encouraging departments to treat data protection as an ongoing governance responsibility rather than a one-off compliance exercise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Claude for Teachers released for verified US educators

Anthropic has launched Claude for Teachers, offering verified K-12 educators in the US free access to premium Claude features, teaching skills and curriculum-aligned resources.

The product is designed to help teachers plan lessons, adapt materials, differentiate instruction and manage classroom workflows.

Claude for Teachers connects to Learning Commons, giving it access to academic standards across all 50 US states and related learning competencies.

Anthropic says the tool can use those standards to draft scaffolded lesson plans and student-facing materials based on widely used curricula, including OpenSciEd and Illustrative Mathematics.

Educators can also connect Claude with K-12 tools such as ASSISTments, Brisk Teaching, Canva Education, Coteach, Diffit, Eedi, MagicSchool, Snorkl and TeachFX.

The platform includes tailored teaching skills grounded in learning science, with use cases including standards-aligned lesson planning, differentiated materials and analysis of class data for instructional planning.

Anthropic says that Claude for Teachers is for educators only and complies with K-12 privacy requirements.

Data from the product will not be used for model training, and student information is covered by a K-12 Data Processing Addendum designed to comply with FERPA.

The company is also working with the American Federation of Teachers on safety and privacy principles for AI in education.

Verified educators can access Claude for Teachers free of charge if they sign up by 30 June 2027, with a dedicated version for schools and districts planned later.

Why does it matter?

Claude for Teachers shows how major AI companies are moving from general-purpose chatbots into specialised education tools with curriculum alignment, workflow integrations and sector-specific privacy commitments. The launch could support lesson planning and differentiated instruction. Still, it also raises familiar questions about student data, vendor dependence, AI quality, teacher autonomy and how schools evaluate the educational impact of AI tools before scaling them.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ofcom says age checks expand but more action needed

Ofcom has published its 2026 Use of Age Assurance Report, finding that age-assurance measures have expanded rapidly over the past year while calling for further action to strengthen online protections for children under the UK’s Online Safety Act.

The report examines the first six months after child protection duties took effect in July 2025, covering pornography, social media and online dating services. Ofcom said highly effective age assurance can significantly improve child safety, although no single method can completely prevent circumvention.

Ofcom said social media platforms have not consistently enforced their existing minimum age requirements and urged services relying on age inference to combine it with other highly effective methods. It also called on pornography services that have yet to introduce age checks to do so without delay, stressing that regulated services remain responsible for ensuring their age-assurance measures are effective.

The regulator also confirmed it will provide Parliament with an assessment by the end of October on how age checks for users over 16 could operate in practice, ahead of proposed social media restrictions expected in 2027.

Why does it matter?

The report provides one of the first comprehensive assessments of how age-assurance requirements are being implemented under the Online Safety Act. Its findings are likely to shape future enforcement priorities and inform policy discussions on additional age-based restrictions for social media services.

The report also suggests that age assurance is evolving into a broader ecosystem responsibility rather than a platform-only obligation. By highlighting the roles of search engines, app stores and device manufacturers alongside online services, Ofcom signals that effective child protection will increasingly depend on coordinated action across the digital ecosystem.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

European Commission accepts X commitments on DSA transparency requirements

The European Commission has accepted corrective measures proposed by X to address alleged breaches of the Digital Services Act (DSA) relating to advertising transparency and researchers’ access to public data.

The action plan requires X to improve its advertising repository so that researchers, civil society organisations and users can more effectively examine advertisements and assess the platform’s systemic risks.

X will introduce new search filters based on advertising content and targeting criteria, display search results directly within the repository, improve response times and provide more complete information about advertisements, including their full content and destination URLs. The company will also make the repository accessible through an application programming interface (API).

The platform will provide additional information about advertisements, including their full content and the URLs to which users are redirected. It will also make the repository accessible through an application programming interface.

The commitments also strengthen researchers’ access to public data. X must improve its application process, provide eligible researchers with timely access to appropriate volumes of data free of charge and avoid unnecessary procedural delays.

The platform will also update its terms and conditions to clarify that eligible researchers are not contractually prohibited from scraping publicly available data.

X now has six months to implement the commitments under an enhanced supervision regime. The Commission said implementation will be verified through an independent audit and close monitoring, following concerns from the Board for Digital Services that the company’s original proposal did not sufficiently address several requirements.

The Commission said it will closely monitor X’s DSA compliance, particularly in areas the Board identified as insufficiently addressed.

Why does it matter?

The commitments strengthen two key pillars of the DSA: transparency in online advertising and independent scrutiny of very large online platforms. Better access to advertising data and public platform information could improve research into systemic risks, political advertising and platform accountability.

The case also demonstrates that accepting corrective measures does not end regulatory oversight. The Commission’s enhanced supervision and independent audit requirements show that compliance under the DSA will increasingly be judged by implementation rather than commitments alone.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Ofcom finalises tougher rules against mobile messaging scams

Ofcom has finalised new rules requiring mobile providers to block, limit and disrupt mobile messaging scams, alongside strengthened guidance to tackle international calls that spoof UK mobile numbers.

The regulator said criminals increasingly use text messages and business messaging services to impersonate friends, companies and public bodies, pressuring victims to transfer money, disclose sensitive information or click malicious links.

Fraud accounted for an estimated 45% of reported crime incidents in England and Wales, with £1.28 billion lost to criminals in 2025. Ofcom also found that 40% of UK mobile users had received at least one suspicious message during the previous three months.

The measures target two main forms of messaging fraud: person-to-person messages sent through SIM cards and mass business messages distributed through commercial messaging infrastructure.

For person-to-person scams, mobile providers must collect intelligence on fraudulent messages, malicious links and phone numbers from customers and anti-fraud organisations. They must use that information to block numbers associated with scammers and stop messages containing malicious links or phone numbers from being delivered across their networks.

Providers must also impose volume limits on pay-as-you-go SIM cards, making it harder for criminal groups to send large numbers of fraudulent messages. The measures complement the government’s proposed ban on SIM farms and commitments made by operators under the Fraud Sector Charter.

Business messaging providers and aggregators must carry out initial and ongoing Know Your Customer (KYC) checks on organisations sending messages and monitor their activity through Know Your Traffic controls.

Providers will also verify alphanumeric sender IDs, which display company names instead of telephone numbers. The checks are intended to prevent scammers from impersonating trusted businesses, delivery services and government agencies.

Where providers identify fraudulent messaging activity, they must investigate its source, apply incident management procedures, and block malicious sender IDs, links and telephone numbers. Companies that fail to carry out appropriate checks may also face regulatory action.

Ofcom has separately strengthened its guidance on international calls that spoof UK mobile numbers. Telecoms companies should withhold the caller ID for calls that appear to originate from a UK mobile number roaming abroad unless they can verify that the number is genuine.

The regulator said spoofing makes overseas calls appear more trustworthy and increases the likelihood that potential victims will answer. However, it cautioned that legitimate organisations may also use withheld numbers, meaning users should continue to assess unexpected calls carefully.

Mobile providers already block more than 600 million suspected scam messages each year, but Ofcom said inconsistent protections across the sector continue to leave consumers exposed.

Consumers can report suspicious calls and messages by forwarding them to 7726, enabling mobile operators to update their fraud-detection and network-protection systems.

Why does it matter?

The new rules shift greater responsibility onto mobile providers to prevent scams before they reach consumers. By requiring stronger customer verification, sender authentication, network-level filtering and SIM controls, Ofcom is moving fraud prevention further upstream rather than relying primarily on users to recognise suspicious messages.

The measures also reflect a broader regulatory trend towards placing more accountability on communications providers to combat digital fraud. If successful, the framework could reduce large-scale messaging scams while serving as a model for other jurisdictions seeking to strengthen telecoms security.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

South Korea to launch free national AI service

South Korea’s Ministry of Science and ICT has announced plans to launch the ‘AI for Everyone’ project this year, providing a homegrown AI service that anyone in the country can use free of charge without usage limits.

The ministry will select participating companies through an open call for proposals. A beta version is scheduled for late September, followed by the launch of a general-purpose AI chatbot and an AI agent to help users search for and apply for public services.

According to the ministry, the project aims to reduce reliance on overseas AI services while narrowing the digital divide. It also responds to concerns about restrictions on free AI services and possible changes by global technology companies. The nationwide service is expected to launch before the end of 2026.

Why does it matter?

The initiative combines digital inclusion with technological sovereignty by offering unrestricted access to a domestically developed AI service. Removing cost and usage limits could broaden AI adoption while integrating generative AI more closely into public services.

The project also reflects a wider international trend of governments investing in national AI capabilities to reduce dependence on foreign providers. As AI becomes part of essential digital infrastructure, countries are increasingly seeking greater control over the services, platforms and data that underpin public-sector AI deployment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK to introduce AI for police evidence disclosure

The UK Home Office has announced major reforms to criminal evidence disclosure that will introduce AI tools to automatically review and summarise police evidence, modernising procedures that have remained largely unchanged since 1996.

The reforms respond to the growing volume of digital evidence in criminal investigations. According to the Home Office, a single fraud case can now involve more than four million documents, while some investigations contain digital material equivalent to 500,000 e-books. Existing guidance often requires officers to manually review and summarise potentially relevant material before prosecutors determine whether it is needed.

The government’s National Centre for Police AI, backed by £75 million in funding, will pilot AI tools capable of automatically summarising digital evidence. The technology will help officers identify, organise and process large volumes of files currently reviewed manually. According to the Home Office, the reforms could free up around six million hours annually by 2028, equivalent to approximately 3,000 additional UK frontline officers.

The government has also accepted recommendations to establish centralised procurement of police technology and create a national disclosure governance forum bringing together representatives from policing, the judiciary, prosecutors and government to oversee the introduction of new technologies. The Director of the Serious Fraud Office described the reforms as an important step towards modernising disclosure practice.

Why does it matter?

The reforms recognise that criminal justice systems increasingly struggle to manage the volume of digital evidence generated by smartphones, cloud services and online communications. Automating routine evidence review could allow investigators to spend more time on investigations while improving the speed of case preparation.

The initiative also illustrates a growing approach to AI adoption in the public sector, where AI supports administrative and analytical tasks rather than replacing human judgement. By introducing governance arrangements alongside the technology, the UK is attempting to balance efficiency gains with accountability in one of the justice system’s most sensitive areas.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EDPB orders Belgian regulator to examine VRT cookie complaint

The European Data Protection Board (EDPB) has instructed the Belgian Data Protection Authority to examine a complaint about VRT cookie banners on its merits rather than dismissing it as an alleged abuse of rights under the GDPR.

The EDPB published its binding decision of 28 May 2026 following a dispute between the Belgian and Austrian data protection authorities. The case concerns cookie banners used by Belgium’s public broadcaster, Vlaamse Radio-en-Televisieomroeporganisatie (VRT).

Austrian privacy organisation Noyb lodged the complaint with the Austrian Data Protection Authority on behalf of an individual. Because VRT is based in Belgium, the Belgian authority acted as the lead supervisory authority under the GDPR’s one-stop-shop mechanism.

The Belgian regulator proposed dismissing the VRT cookie banner complaint, arguing that the complainant had abused the rights provided under Articles 77 and 80(1) of the GDPR.

The Austrian DPA objected, arguing that the complaint should not be rejected on procedural grounds. Instead, it said the Belgian authority should assess the substance of the allegations and determine whether VRT’s cookie banners complied with the GDPR.

After the Belgian DPA declined to follow the objection, it referred the dispute to the EDPB under Article 65(1)(a) of the GDPR.

The EDPB concluded that the Austrian authority’s objection was both relevant and reasoned. Applying the Court of Justice of the European Union’s test for abuse of rights, the Board found that neither the objective nor the subjective element required to establish abuse had been demonstrated.

The decision does not determine whether VRT’s cookie banners violate the GDPR. Instead, it requires the Belgian DPA to assess the complaint on its merits and submit a new draft decision to the other supervisory authorities involved under Article 60(3) of the GDPR.

Why does it matter?

The decision reinforces the principle that GDPR complaints should generally receive a substantive assessment rather than being dismissed on procedural grounds without clear evidence of abuse. It also clarifies the high threshold regulators must meet before concluding that individuals have misused their rights under the GDPR.

The ruling further strengthens the GDPR’s cross-border enforcement system by confirming the role of the EDPB in resolving disputes between national data protection authorities and promoting consistent application of EU data protection law.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Parliament committee backs stronger online protections for children

The European Parliament’s Committee on Culture and Education has adopted a report calling for stronger enforcement of existing EU digital legislation to create a safer online environment, particularly for children and young people.

MEPs argue that platforms should be held more accountable for the impact of their services through stronger safeguards, greater algorithmic transparency and stricter protections against addictive digital design.

The European Parliament report calls for a ban on the most harmful addictive platform features and supports introducing a dedicated ‘youth mode’ that would disable targeted advertising and reduce minors’ exposure to addictive design practices.

MEPs also propose greater transparency around recommender systems so users can better understand why content is promoted, restricted or removed. They further suggest introducing personal liability for serious and persistent failures to comply with child protection obligations.

Beyond platform design, the report recommends an EU-wide code of conduct for influencers and stronger safeguards against practices such as kidfluencing and sharenting, where children are used in commercial content or exposed excessively online.

MEPs also call for mandatory ethical standards for AI companions, greater transparency around AI model training, measures against AI-generated impersonation scams, stronger protection against synthetic child sexual abuse material, and systematic monitoring of children’s digital habits across the EU.

The committee said these measures should complement existing legislation, including the Digital Services Act, AI Act, GDPR and Audiovisual Media Services Directive, creating a more coherent EU framework for protecting minors online. The report will now be submitted to Parliament’s plenary session in September 2026.

Why does it matter?

The report signals growing political support for strengthening children’s online safety by making platforms more accountable for the design and operation of their services. Rather than relying solely on new legislation, MEPs are urging stronger enforcement of existing EU rules alongside targeted measures addressing addictive design, recommender systems and AI-powered services.

Although the report is not legally binding, it could influence future EU legislation and enforcement priorities by reinforcing the shift towards safety-by-design, greater transparency and stronger protections for minors across digital platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!