Privacy and data protection

UK Home Office’s new vulnerability reporting policy creates legal risks for ethical researchers, experts warn

The UK Home Office has introduced a vulnerability reporting mechanism through the platform HackerOne, allowing cybersecurity researchers to report security issues in its systems. However, concerns have been raised that individuals who submit reports could still face legal risks under the UK’s Computer Misuse Act (CMA), even if they follow the department’s new guidance.

Unlike some private-sector initiatives, the Home Office program does not offer financial rewards for reporting vulnerabilities. The new guidelines prohibit researchers from disrupting systems or accessing and modifying data. However, they also caution that individuals must not ‘break any applicable law or regulations,’ a clause that some industry groups argue could discourage vulnerability disclosure due to the broad provisions of the CMA, which dates back to 1990.

The CyberUp Campaign, a coalition of industry professionals, academics, and cybersecurity experts, warns that the CMA’s definition of unauthorized access does not distinguish between malicious intent and ethical security research. While the Ministry of Defence has previously assured researchers they would not face prosecution, the Home Office provides no such assurances, leaving researchers uncertain about potential legal consequences.

A Home Office spokesperson declined to comment on the concerns.

The CyberUp Campaign acknowledged the growing adoption of vulnerability disclosure policies across the public and private sectors but highlighted the ongoing legal risks researchers face in the UK. The campaign noted that other countries, including Malta, Portugal, and Belgium, have updated their laws to provide legal protections for ethical security research, while the UK has yet to introduce similar reforms.

The Labour Party had previously proposed an amendment to the CMA that would introduce a public interest defense for cybersecurity researchers, but this was not passed. Last year, Labour’s security minister Dan Jarvis praised the contributions of cybersecurity professionals and stated that the government was considering CMA reforms, though no legislative changes have been introduced so far.

For more information on these topics, visit diplomacy.edu.

Sweden considers law requiring encrypted messaging backdoors, Signal threatens to exit

Swedish law enforcement and security agencies are advocating for legislation that would require encrypted messaging services such as Signal and WhatsApp to implement technical measures allowing authorities to access user communications, according to a report by SVT Nyheter.

If introduced, the bill would mandate that these platforms retain messages and provide law enforcement with access to the message history of criminal suspects. Minister of Justice Gunnar Strömmer stated that such measures are necessary for authorities to carry out investigations effectively.

Signal Foundation President Meredith Whittaker told SVT Nyheter that if the proposed legislation requires the company to introduce backdoors, Signal would withdraw from the Swedish market rather than comply. The Swedish Armed Forces have also expressed concerns, warning that implementing such access mechanisms could introduce security risks that might be exploited by unauthorised parties.

The bill could be considered by Sweden’s parliament, the Riksdag, next year if it moves forward in the legislative process.

Similar legislative efforts have been introduced in other countries. In the UK, Apple recently disabled end-to-end encryption for iCloud accounts in response to government demands for access to encrypted data.

For more information on these topics, visit diplomacy.edu.

Bybit resumes operations in India after regulatory approval

Bybit has resumed its trading services in India after securing the necessary registration with Indian authorities, the exchange confirmed on 25 February. The move restores full access to Bybit’s platform for existing users and allows new users to gradually join the platform. The exchange had suspended several services in January due to regulatory challenges while awaiting approval from India’s Financial Intelligence Unit.

With the regulatory requirements now met, Indian users can open new trades and access all of Bybit’s platform features. This return to the Indian market comes at a time when other major exchanges, like Binance, are also vying for market share despite ongoing regulatory scrutiny. The country remains a key focus for crypto firms due to its increasing adoption and trading volumes.

However, Bybit’s recovery comes amidst a challenging period for the platform, following a massive security breach on 21 February. The $1.5 billion hack, the largest crypto heist in history, targeted Bybit’s Ethereum cold wallet. Blockchain analysts have linked the breach to North Korea’s Lazarus Group, known for its previous high-profile cybercrimes, including the Ronin and WazirX hacks.

The Lazarus Group has been involved in laundering stolen assets through decentralised protocols. North Korean hackers have already exceeded $1.34 billion in crypto thefts in 2024, and the figure continues to grow in 2025, posing a serious threat to the crypto sector.

For more information on these topics, visit diplomacy.edu

Google loses European court battle over Android Auto access

Europe’s top court has ruled that Google’s decision to block an Enel e-mobility app from Android Auto could be considered an abuse of market power. The judgment reinforces competition rules and may push major tech firms to allow easier access for rival apps.

The case stemmed from a €102 million fine imposed by Italy’s antitrust authority in 2021 for restricting access to Enel’s JuicePass app.

Google challenged the penalty, arguing security concerns and the absence of a specific app template. However, the Court of Justice of the European Union backed the Italian regulator, stating that dominant companies must ensure interoperability unless valid security risks exist.

The court clarified that companies should develop necessary templates within a reasonable timeframe.

Although Google has since introduced the requested feature, the ruling may set a precedent for similar cases. Legal experts see it as aligning with EU competition law, citing past decisions against IBM and Microsoft.

The ruling also supports the objectives of the Digital Markets Act, which aims to regulate dominant digital platforms.

The decision is final and unappealable, meaning the Italian Council of State must now rule on Google’s appeal in line with the court’s findings.

For more information on these topics, visit diplomacy.edu.

Italy demands 12.5 million euros from X over tax probe

Italy is demanding 12.5 million euros ($13 million) from Elon Musk’s social network X following a tax probe linked to a broader investigation into Meta. The case, which focuses on value-added tax (VAT) claims for the years 2016 to 2022, is significant as it raises questions about how social networks provide access to their services. Italian tax authorities argue that user registrations on platforms like X, Facebook, and Instagram should be considered taxable transactions, as they involve the exchange of personal data for a membership account.

This case could have major implications for the tech sector in Europe, potentially altering the way business models are structured in the 27-nation European Union, as VAT is a harmonised EU tax. Although the claim of 12.5 million euros is a small amount for X, the outcome of this case could influence future tax policies across the region. Both X and Meta must respond to the tax authority’s observations by late March or early April, with the option to either accept the charges or challenge them in court.

The investigation also comes at a sensitive time, as US President Donald Trump has criticised digital taxes in countries like Italy that target US tech firms. Musk, who has strong ties with Italian Prime Minister Giorgia Meloni, is also keen to expand his Starlink business in the country. If no agreement is reached, Italy’s Revenue Agency may pursue a lengthy judicial review, which could take up to 10 years to resolve.

For more information on these topics, visit diplomacy.edu.

Google faces lawsuit over AI search impact on publishers

An online education company has filed a lawsuit against Google, claiming its AI-generated search overviews are damaging digital publishing.

Chegg alleges the technology reduces demand for original content by keeping users on Google’s platform, ultimately eroding financial incentives for publishers. The company warns this could lead to a weaker online information ecosystem.

Chegg, which provides textbook rentals and homework help, says Google’s AI features have contributed to a drop in traffic and subscribers.

As a result, the company is considering a sale or a move to go private. Chegg’s CEO Nathan Schultz argues Google is profiting from the company’s content without proper compensation, threatening the future of quality educational resources.

A Google spokesperson rejected the claims, insisting AI overviews enhance search and create more opportunities for content discovery. The company maintains that search traffic remains strong, with billions of clicks sent to websites daily.

However, Chegg argues that Google’s dominance in online search allows it to pressure publishers into providing data for AI summaries, leading to fewer visitors to original sites.

The lawsuit marks the first time an individual company has accused Google of antitrust violations over AI-generated search features. A similar case was previously filed on behalf of the news industry. A US judge overseeing another case involving Google’s search monopoly is handling this lawsuit as well.

Google intends to challenge the claims and is appealing a previous ruling that found it held an illegal monopoly in online search.

For more information on these topics, visit diplomacy.edu.

New open-source AI model from Alibaba enters the market

Alibaba is set to release an open-source version of its video and image-generating artificial intelligence model, Wan 2.1. The company announced the move on X, with full details to be revealed in a recorded video.

Competition in China’s AI market has been intensifying, particularly after DeepSeek’s recent launch of advanced open-source models.

The tech giant originally introduced its AI model in January under the name Wanx before renaming it Wan. Alibaba has promoted its capability to generate highly realistic visuals and noted its strong performance on VBench, a ranking platform for video-generating models.

The company also previewed its reasoning model, QwQ-Max, with plans to make it open source in the future.

Major investments in AI and cloud computing are also underway, with at least 380 billion yuan ($52 billion) committed over the next three years.

Alibaba is positioning itself as a key player in the AI industry while competing with global leaders moving towards closed-source models.

For more information on these topics, visit diplomacy.edu.

Competition heats up for Musk’s Starlink in satellite internet

Elon Musk’s Starlink is facing mounting competition from several ambitious satellite internet projects, including China’s SpaceSail and Jeff Bezos’s Project Kuiper. SpaceSail, backed by the Chinese government, recently expanded its reach to Brazil and Kazakhstan, with plans for a 15,000-satellite constellation by 2030. Meanwhile, Bezos’s Project Kuiper is in talks with Brazilian officials to establish its own LEO satellite network.

These developments come as Beijing accelerates its investment in satellite technology, having launched a record 263 satellites last year. With SpaceSail aiming to deploy 648 satellites in 2025 alone, it is positioning itself as a serious challenger to Starlink’s current fleet of around 7,000 satellites. SpaceSail’s plans are seen as part of China’s broader push to expand its digital influence, sparking concerns about potential censorship capabilities.

For more information on these topics, visit diplomacy.edu.

Nvidia takes legal action against EU antitrust investigation

Nvidia has filed a lawsuit against the European Commission for accepting a referral from Italy to review its acquisition of AI startup Run:ai. The US chipmaker argues that the Commission violated a recent court ruling that restricts its powers over minor transactions. This case follows growing concerns over the Commission’s use of Article 22, which allows it to review smaller mergers that fall below EU merger thresholds, a move companies have criticised as overreach.

While the case will not impact the approval of the AI‘s deal, which was cleared in December, a ruling in favour of Nvidia could curb the European Commission’s ability to regulate similar transactions in the future. Nvidia argues that the decision breaches legal principles, including proportionality and equal treatment, and undermines legal certainty for businesses operating in the EU.

For more information on these topics, visit diplomacy.edu.

Silent album released to challenge UK AI copyright reforms

More than 1,000 musicians have joined forces to release a silent album as part of a protest against the UK government’s proposed changes to copyright laws. The changes would allow AI companies to use artists’ work to train models without needing permission, a move critics argue would undermine creators’ rights. The silent album, titled ‘Is This What We Want?’, features empty studios and performance spaces, symbolising the potential loss of control over their work.

The changes have sparked outrage from high-profile artists such as Kate Bush, who warned that this could lead to the exploitation of musicians by tech companies. The protest album, which includes contributions from other major artists like Ed Sheeran and Dua Lipa, aims to highlight the negative impact of such reforms on the livelihoods of creators.

The UK government argues that these changes will help boost the AI and creative industries, allowing them to reach their full potential. However, the controversy over copyright law is growing, with many in the music industry urging a rethink before any new regulations are finalised.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.