Google has introduced ‘Checks by Google’, a new tool designed to assist developers and compliance teams ensure that apps, websites, and AI adhere to various standards and regulations. Initially used internally within Google, this tool is now publicly accessible and focuses on three key areas of compliance – app compliance, code compliance, and AI safety.
The app compliance feature evaluates adherence to regulations such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Brazil’s Lei Geral de Proteção de Dados (LGPD). Meanwhile, the code compliance aspect aids developers in identifying regulatory issues during the app development process.
Furthermore, the AI safety component addresses compliance and ethical standards related to AI, particularly targeting potential biases and safety concerns in AI-generated outputs. In addition to these features, ‘Checks by Google’ employs a fine-tuned Large Language Model and a smart AI crawler for thorough assessments, thereby providing insights into compliance without offering legal advice.
Moreover, the tool is customisable to meet the specific needs of various industries, such as finance and healthcare. Currently available for free, with additional paid services for enterprises, ‘Checks by Google’ has the potential to transform how developers navigate compliance in an increasingly complex regulatory environment.
A group of major tech companies, including Microsoft, Alphabet, Meta, and Amazon, has proposed new terms for how data centres in Ohio should pay for their energy needs. This comes in response to a previous proposal by AEP Ohio that required pre-payments from data centres and cryptocurrency miners due to their large electricity demands.
Ohio has experienced a surge in power requests from data centres as tech companies expand their infrastructure for technologies like generative AI. AEP Ohio paused new data centre contracts, citing the overwhelming number of requests. The state’s power industry now faces regulatory battles that may shape how future energy demands are managed across the US.
Several companies, including power suppliers like Constellation Energy and One Energy Enterprises, initially opposed AEP’s proposal. They have now offered an alternative, suggesting a broader application of AEP’s rules to include industries requiring over 50 megawatts of power at one site. This proposal aims to modify when new customers would have to cover costs like transmission upgrades.
Any settlement between Big Tech and the power companies would need approval from the Public Utilities Commission of Ohio, which will play a crucial role in the outcome of this energy dispute.
The EU recently adopted a directive that modernises civil liability laws, aligning them with contemporary economic models influenced by technological advancements and the principles of the circular economy. That update broadens the definition of a ‘product’ to include digital manufacturing files and software, recognising the increasing prevalence of digital product features.
Additionally, the directive addresses the implications of circular economy business models by ensuring that individuals or companies responsible for repairing or upgrading products outside the original manufacturer’s control can be held liable for any defects that may arise from these modifications. Consumer protection is a core focus of this directive, enhancing the rights of injured parties while providing clarity for producers.
The updated rules stipulate that online platforms will now share liability for defective products sold on their sites, similar to traditional economic operators. The change reinforces the responsibility of online marketplaces to ensure the safety and quality of the products they offer.
The directive streamlines compensation by allowing injured individuals access to relevant evidence manufacturers hold. It holds importers or EU-based representatives of non-EU manufacturers liable for damages from foreign products. To promote fairness, courts may permit claimants to demonstrate only the likelihood of defectiveness when proving a product’s defect is challenging.
Taking effect 20 days after publication in the Official Journal of the European Union, the directive requires member states to transpose it into national laws within two years. The update enhances consumer protection and legal clarity while supporting the adoption of new technologies.
The European Union has postponed the implementation of a biometric entry-check system for non-EU citizens, initially slated for 10 November. Delays stem from concerns raised by Germany, France, and the Netherlands regarding their border computer systems’ readiness. EU Home Affairs Commissioner Ylva Johansson confirmed that no new launch date has been set, though discussions about a phased introduction are ongoing.
The Entry/Exit System (EES) aims to create a digital link between travel documents and biometric data, such as fingerprints and facial scans, thereby removing the need for manual passport stamping at the EU’s external borders. Non-EU citizens arriving in the Schengen area would need to provide biometric information and answer questions regarding their stay.
Digital passports and ID cards are a major step forward, strengthening security in the Schengen area and making travel easier. They will allow border guards to quickly approve genuine travellers and focus better on stopping suspects of crime and terrorism https://t.co/nFu6cg0ndv
Officials from Germany’s interior ministry noted that the three nations represent 40% of the affected passenger traffic and are not yet prepared to implement the EES. They indicated that the EU agency EU-Lisa has yet to deliver the necessary stability and functionality for the central system.
While the French interior ministry acknowledged the EES’s potential benefits, they emphasised the need for proper preparation before its rollout. The Dutch government has not provided a response regarding its stance on the delay.
Zoom plans to roll out custom AI avatars by 2025, offering users a photorealistic digital clone that can replicate head and arm movements. Users will be able to script what their avatar says, with audio synced to lip movements, making it a potential game-changer for asynchronous workplace communication.
The company sees these avatars as a time-saving tool, particularly for those needing to scale video content creation. Despite the promising benefits, questions remain about how Zoom will prevent misuse of this technology, particularly in light of growing concerns around deepfakes. Many fear these digital avatars could be used maliciously to impersonate others or spread disinformation.
Zoom has announced some safety measures, such as advanced authentication and watermarks, though details remain unclear. Other companies offering similar tools, such as Tavus and Microsoft, have stricter safeguards in place, raising concerns that Zoom’s efforts may not be sufficient to curb potential risks.
The rise of deepfakes continues to fuel regulatory debates. While some states in the US have introduced laws to combat the spread of AI-aided impersonation, there is still no comprehensive federal regulation addressing the issue. As Zoom prepares to launch this feature, the company will need to balance innovation with security.
German cartel authorities have closed their investigation into Meta’s data practices following extensive negotiations that led to the US tech giant agreeing to address regulatory concerns. Meta, the owner of Facebook and Instagram, has committed to implementing several measures to change how user data is collected and processed on its platforms, the officials announced on Thursday.
According to Andreas Mundt, the president of the German Federal Cartel Office, one of the most significant changes is that users of Facebook will no longer be required to consent to the unrestricted collection and association of data to their user accounts. This new approach ensures that data not generated through Facebook’s services cannot be automatically linked to a user’s account without specific consent. The decision marks a significant step in limiting the scope of Meta’s data collection and improving user privacy in Germany.
The investigation into Meta was part of a larger initiative by European regulators to closely examine and regulate the data practices of major tech firms. Meta’s cooperation with German authorities highlights its readiness to comply with regulatory standards and could set a precedent for similar cases across Europe. The agreed changes aim to enhance privacy protections for users and increase transparency in how tech platforms manage and utilise personal data.
Internet Initiative Japan Inc. (IIJ) and JSC Uzbektelecom have forged a significant collaboration to strengthen network security services in Uzbekistan and throughout the Central Asian region. Central to this partnership is the integration of IIJ Safous, a sophisticated zero-trust access service that IIJ will provide to empower Uzbektelecom to launch its own security offerings.
The initiative builds upon a previous partnership established through the Telecommunication Infrastructure Development Project awarded in January 2023, which includes prominent players such as Toyota Tsusho, NEC Corporation, and NTT Communication Corporation. Together, they aim to address the growing demand for enhanced cybersecurity solutions in a rapidly evolving digital landscape.
That collaboration aligns closely with Uzbekistan’s ‘Digital Uzbekistan 2030‘ strategy, which aims to enhance the country’s digital infrastructure while highlighting the importance of cybersecurity. As the ICT market continues to expand, the partnership between IIJ and Uzbektelecom is set to foster innovations in managed security services and cloud solutions.
With the outsourcing services sector projected to grow by an annual rate of 12.53% from 2024 to 2029, this initiative strengthens Uzbekistan’s digital security landscape. It also serves as a model for similar partnerships that drive regional digital transformation.
India‘s largest health insurer, Star Health, is investigating allegations that its Chief Information Security Officer (CISO), Amarjeet Khanuja, was involved in a data breach linked to a hacker named xenZen. The hacker, who used Telegram chatbots and websites to distribute customers’ medical records and personal data, claimed that Khanuja ‘sold all this data to me.’ Star Health stated that Khanuja is cooperating with the investigation, which has so far found no evidence of his involvement.
Star Health has initiated legal proceedings against Telegram and the hacker known as xenZen after reports surfaced that the hacker exploited the platform’s chatbots to leak customer data and created websites for easier access. The company stressed that it was a victim of a targeted cyberattack, resulting in unauthorised access to specific information. Independent cybersecurity experts are currently conducting a forensic investigation, and Star Health is collaborating closely with authorities. According to the company’s preliminary assessment, there is no evidence of widespread data compromise, and sensitive customer information is reported to be secure.
A Tamil Nadu court has issued a temporary injunction requiring Telegram and the hacker xenZen to block any chatbots or websites in India that share leaked data. Telegram, which is under heightened scrutiny for its platform’s role in illegal activities, has not yet commented on the lawsuit. In contrast, the hacker has expressed a willingness to participate in the court hearings online. Although Telegram had previously removed flagged chatbots, xenZen’s website remains operational, enabling users to access samples of policy-related data with just a click. In response, Star Health has called on all platforms and users to take swift action to prevent further data exposure.
Mexico has become the focal point for cybercrime in Latin America, accounting for over 50% of all reported cyber threats in the region during the first half of 2024, according to a study by cybersecurity firm Fortinet. With 31 billion cybercrime attempts, hackers are taking advantage of Mexico’s strategic ties with the US and booming industries like logistics and manufacturing, which are being targeted for larger ransom payouts.
Fortinet’s report highlighted how cybercriminals are using advanced tools, such as AI, to streamline attacks and focus on specific sectors for maximum impact. The rapid shift of production closer to the US, known as nearshoring, has made Mexico’s electronics and automotive industries prime targets. Despite a slight dip in attack numbers compared to last year, the overall threat level remains significant.
Experts, including Fortinet executives, emphasised the need for Mexico to strengthen its cybersecurity laws. While President Claudia Sheinbaum has pledged to establish a cybersecurity and AI center, there has been no mention of legal measures yet. Cybersecurity professionals warn that urgent action is needed as Mexico’s role in global supply chains continues to grow.
The Bureau of Industry and Security (BIS) of the US Department of Commerce has introduced a Notice of Proposed Rulemaking to address national security risks associated with the connected vehicle supply chain, particularly concerning foreign adversaries such as China and Russia. Building on Executive Order 13873, which focuses on securing the US information and communications technology supply chain, the proposed rule outlines three main categories of prohibited transactions.
First is importing vehicle connectivity system (VCS) hardware from entities owned or controlled by China or Russia. Second, the sale of completed connected vehicles that incorporate software developed by these foreign adversaries and third, restrictions on manufacturers linked to these countries from selling connected vehicles.
Additionally, the rule mandates compliance mechanisms, including mandatory annual Declarations of Conformity certifying adherence to regulations and general and specific authorisations for certain otherwise prohibited transactions. Furthermore, it imposes recordkeeping requirements that necessitate maintaining documentation related to compliance declarations for ten years.
Notably, prohibitions on software are set to take effect for the model year 2027, while hardware prohibitions will begin in 2030. In addition, violations of the proposed rule may incur significant penalties, with civil fines reaching up to $368,136 and criminal penalties as high as $1 million. The regulatory framework reflects the US government’s commitment to safeguarding national security by regulating the import and sale of connected vehicle systems tied to foreign adversaries.
Why does it matter?
Consequently, it underscores the importance of compliance for stakeholders in the automotive and technology sectors, highlighting the need for vigilance in navigating these new regulatory challenges.
