Ofcom strengthens online safety rules against cyberflashing and self-harm content

Ofcom has introduced stronger online safety measures requiring technology companies to take more robust action against cyberflashing and illegal self-harm content across dating, messaging and social media platforms.

The updated guidance builds on the UK’s Online Safety Act by expanding the obligations of online services to detect, moderate and reduce harmful content that disproportionately affects vulnerable users.

Under the revised measures, platforms must make it easier to report unsolicited sexual images, ensure moderation teams are adequately trained and resourced, remove illegal content more quickly and provide blocking and muting tools to help users manage unwanted interactions.

Companies must also strengthen safeguards against illegal self-harm content by reviewing recommendation algorithms, displaying crisis support information for relevant searches and improving reporting systems for harmful predictive search suggestions.

Ofcom also highlighted the growing threat posed by so-called ‘Com’ groups, criminal online networks that groom and manipulate victims into self-harm and other harmful behaviour.

Services offering direct messaging and presenting grooming risks will be expected to implement child safety defaults, ensuring minors can only receive messages from existing contacts. Additional measures targeting suicide and self harm content are expected later in 2026.

Technology companies must now review their online safety risk assessments and implement appropriate mitigation measures before the updated Codes take legal effect following parliamentary approval.

Ofcom said the strengthened framework reflects the evolving nature of online harms while reinforcing expectations that platforms proactively protect users from illegal and harmful content.

Why does it matter?

The updated Online Safety Codes reinforce a shift towards proactive platform accountability. Rather than relying primarily on user reports, online services are expected to identify risks, strengthen content moderation, improve safety-by-design features and reduce users’ exposure to illegal and harmful content before it spreads.

The measures also demonstrate how the UK is translating the Online Safety Act into detailed operational requirements. As regulators around the world consider similar approaches to platform governance, Ofcom’s implementation of risk assessments, child safety defaults and stronger moderation obligations could influence future online safety frameworks beyond the UK.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ireland expands Trusted Flagger network under the DSA

Ireland’s media regulator, Coimisiún na Meán, has granted Trusted Flagger status to three additional organisations under the EU Digital Services Act.

The Irish Internet Hotline, the Irish Music Rights Organisation and the Jewish Representative Council of Ireland will join the Central Bank of Ireland, which received Trusted Flagger status in 2025.

Each organisation will submit notices to online platforms within its area of expertise. The Irish Internet Hotline will report child sexual abuse material, non-consensual intimate image sharing, racism, xenophobia, financial scams and fraud. The Irish Music Rights Organisation will focus on copyright infringement, particularly music and lyrical copyright, while the Jewish Representative Council of Ireland will report illegal antisemitic material.

Under the Digital Services Act, Trusted Flaggers are recognised bodies that can notify platforms of illegal content. Platforms must give those notices priority and decide on them without undue delay, although the designation does not guarantee content removal.

Coimisiún na Meán said reports from Trusted Flaggers will also help identify online safety trends and support evidence-based supervision of online platforms.

To qualify, organisations must demonstrate expertise in detecting, identifying and notifying illegal content, operate independently from online platforms and carry out reporting activities diligently, accurately and objectively.

The three new accreditations will remain valid for 3 years and can be reviewed, revoked, or reassessed upon expiration of the accreditation period.

Why does it matter?

Trusted Flaggers are one of the practical enforcement mechanisms of the Digital Services Act. Ireland’s expansion of the network creates specialised reporting channels for different categories of illegal online content, including child sexual abuse material, non-consensual intimate images, scams, copyright infringement and antisemitic material. The model aims to improve the quality and speed of platform responses while keeping final moderation decisions with platforms under DSA procedures.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EDPS strengthens monitoring of emerging technologies

The European Data Protection Supervisor (EDPS) has developed a structured framework for monitoring emerging technologies and assessing their implications for privacy and data protection. As digitalisation accelerates, the EDPS recognises that some new technologies do not merely improve existing processes but fundamentally alter how personal data is handled, requiring proactive and ongoing scrutiny.

At the heart of the framework is an annual monitoring cycle that moves from early signal detection to in-depth analysis and public engagement. The EDPS works with the Joint Research Centre’s TIM Analytics service to identify technologies at an early stage and prioritise those most likely to affect data protection over the short and medium term.

The main output of this foresight work is TechSonar, the EDPS’s flagship report on technologies expected to become relevant within the next one to five years. Designed for a broad audience, it outlines emerging technology trends and assesses their potential implications for personal data protection.

Complementing TechSonar, the TechDispatch series provides more detailed analysis of individual technologies, including factual descriptions, preliminary privacy assessments and consideration of how they interact with GDPR principles and data subject rights.

Complementing these publications is the Internet Privacy Engineering Network (IPEN), established by the EDPS in 2014. At least once a year, IPEN brings together public authorities, academics, open-source projects, and private businesses to discuss engineering solutions to privacy challenges, with findings feeding back into the broader technology monitoring work.

The EDPS also coordinates the Internet Privacy Engineering Network (IPEN), established in 2014, which brings together regulators, researchers, open-source communities and industry to discuss technical solutions to privacy challenges and feed those insights into its wider technology monitoring work. Recent activities have included a new video series on AI literacy and a newsletter covering AI governance, the Digital Omnibus debate, and AI use in hiring practices.

Why does it matter?

Emerging technologies such as AI are evolving faster than traditional regulatory processes, making early assessment increasingly important for protecting privacy and fundamental rights. By identifying technologies before they become mainstream, the EDPS aims to help policymakers, regulators and public institutions anticipate risks rather than respond only after new technologies are widely deployed.

The framework also supports greater consistency in European data protection governance. Through publications such as TechSonar and TechDispatch, together with collaboration via IPEN, the EDPS provides a common evidence base that can inform policy development, regulatory enforcement and privacy-by-design approaches across the EU as new technologies continue to emerge.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EDPB updates right to erasure case digest

The European Data Protection Board has updated its one-stop-shop case digest on the GDPR rights to erasure and to object.

The digest is based on final one-stop-shop decisions from the EDPB’s public register under Article 60 of the GDPR. It presents key decisions on a specific theme and provides aggregate findings from relevant cross-border cases.

The updated digest focuses on how data protection authorities assess the internal processes organisations use to comply with erasure requests and objections to processing.

It also lists frequent infringements and provides an overview of corrective measures issued by data protection authorities. Cases include objections to direct marketing and requests by individuals to delete accounts or online data profiles.

The update reflects hundreds of new one-stop-shop decisions adopted by data protection authorities since the original digest was finalised.

The digest was developed under the EDPB’s Support Pool of Experts programme, which supports cooperation among European data protection authorities by providing expertise and enforcement tools.

Why does it matter?

The right to erasure and the right to object are among the GDPR rights most directly used by individuals to control how organisations handle their personal data. The updated digest can help regulators and organisations understand how data protection authorities apply these rights in practice, especially in cross-border cases. It also supports more consistent GDPR enforcement by highlighting recurring infringements, procedural weaknesses and corrective measures.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

IWF backs strengthened EU child protection rules on AI-generated abuse

The Internet Watch Foundation (IWF) has welcomed the political agreement on the revised EU Child Sexual Abuse Directive, saying the legislation marks an important step in strengthening Europe’s response to online child sexual abuse and exploitation.

The organisation says the updated rules address legal gaps created by emerging technologies, particularly the misuse of AI to generate child sexual abuse material.

The revised Directive introduces new criminal offences covering the design, adaptation, distribution and supply of AI systems intended to generate child sexual abuse material. It also criminalises the possession of AI-generated abuse content and materials that provide instructions for committing child sexual abuse.

The revised rules also strengthen protections against online grooming, including cases in which offenders falsely present themselves as children or peers, and extend limitation periods to give survivors more time to pursue justice.

The IWF argues that the legislation reflects the rapidly evolving threat posed by generative AI.

According to the IWF, realistic AI-generated child sexual abuse material increased sharply during 2025, with analysts reporting that many synthetic images and videos are becoming increasingly difficult to distinguish from authentic abuse material.

IWF warns that technological advances are accelerating the scale and sophistication of online child exploitation.

Following the political agreement, the IWF has urged EU member states to transpose the Directive into national law promptly, arguing that timely implementation will strengthen legal protections and law enforcement capabilities across the EU. The organisation argues that timely transposition will be essential to ensure stronger legal protections, improve law enforcement capabilities and reduce opportunities for offenders to exploit AI technologies across the EU.

Why does it matter?

The revised Directive reflects how advances in generative AI are reshaping criminal law and child protection policy. By introducing offences specifically targeting AI systems designed to generate child sexual abuse material, the EU is adapting its legal framework to address emerging forms of technology-enabled exploitation.

The agreement also highlights the growing need for legal systems to evolve alongside AI capabilities. Alongside new offences, the Directive strengthens protections for victims and expands tools available to law enforcement, illustrating how governments are updating criminal legislation to respond to increasingly sophisticated forms of online abuse while seeking greater consistency across EU member states.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Canadian cybersecurity agency warns AI is reshaping cyber threats

Canada’s Centre for Cyber Security has warned that frontier AI models are rapidly transforming the cyber threat landscape, reducing the time organisations have to detect, contain and respond to attacks.

According to the Cyber Centre, AI is enabling cybercriminals to identify vulnerabilities, automate complex attack chains and generate increasingly convincing phishing campaigns, deepfakes and voice impersonation attacks at unprecedented speed and scale.

The advisory follows a joint statement by the Five Eyes cybersecurity agencies urging organisations worldwide to strengthen cyber resilience before AI-enabled attacks evolve into major operational, financial and national security incidents.

The Cyber Centre also highlights internal risks associated with unapproved AI use, including the exposure of sensitive information and reliance on inaccurate or manipulated AI-generated outputs.

Rather than viewing AI solely as a source of risk, the Cyber Centre encourages organisations to integrate frontier AI into cybersecurity operations. AI can help identify vulnerabilities earlier in software development, strengthen secure-by-design practices, improve security monitoring and accelerate incident detection and response.

The guidance emphasises that fundamental cyber hygiene, including timely patching, phishing-resistant multi-factor authentication, network segmentation, centralised logging and regularly tested incident response plans, remains essential despite rapid advances in AI capabilities.

Why does it matter?

The guidance reflects a shift in cybersecurity from preparing for future AI risks to responding to immediate operational challenges. As frontier AI enables attackers to identify vulnerabilities, automate exploitation and produce more sophisticated phishing and social engineering campaigns, organisations may have less time to detect and contain incidents.

The advisory also reinforces an emerging consensus among the Five Eyes partners that AI should be treated as both a cyber risk and a defensive capability. Alongside robust governance and responsible AI use, organisations are increasingly expected to combine AI-enabled security tools with strong cyber hygiene, secure-by-design practices and resilient incident response capabilities to keep pace with a rapidly evolving threat landscape.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UN to honour digital and AI-powered public service innovations

The United Nations Department of Economic and Social Affairs (UN DESA) will honour 12 public sector initiatives at the 2026 UN Public Service Awards for advancing the Sustainable Development Goals through more inclusive, transparent and participatory public services.

The awards attracted more than 700 applications from 62 countries and recognise projects ranging from digital document verification and public procurement monitoring to improving education access and supporting coastal women.

According to UN DESA, several winning initiatives leverage digital government tools, information and communication technologies (ICTs) and AI to improve service delivery and strengthen public administration capacity.

The awards ceremony will be held during the UN Public Service Forum in Tbilisi, Georgia, following the commemoration of UN Public Service Day.

Why does it matter?

The awards highlight how governments are increasingly using digital technologies and AI to improve public service delivery, strengthen administrative capacity and advance sustainable development objectives. From digital verification systems to more transparent procurement processes, technology is becoming an important tool for making public institutions more efficient, accountable and accessible.

The initiative also demonstrates the growing role of digital transformation in achieving the Sustainable Development Goals. By recognising successful public-sector innovations from around the world, the awards provide examples of how governments can use technology to address social, economic and governance challenges while promoting inclusion, transparency and citizen participation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Digital trade agreement gains legal backing in Kyrgyzstan

Kyrgyz President Sadyr Japarov has signed a law ratifying the Digital Economy Partnership Agreement between member states of the Organisation of Turkic States.

The Jogorku Kenesh adopted the law on 3 June 2026 and approved the agreement signed in Bishkek on 6 November 2024. The presidential administration said it was the first law signed in a fully digital format in Kyrgyzstan.

The agreement aims to strengthen trade relations among Turkic states through e-commerce and broader digital-economy cooperation. It also seeks to increase consumer confidence in digital services and online transactions.

The partnership covers areas including electronic commerce, consumer protection in online trade, express delivery services, personal data protection and cooperation between business communities involved in e-commerce.

The move forms part of Kyrgyzstan’s wider digital transformation agenda and adds legal backing to a regional framework for digital trade cooperation among OTS members.

Why does it matter?

The ratification supports efforts to align digital trade rules among Turkic states and make cross-border e-commerce more predictable. The agreement is relevant because it links digital economy cooperation with consumer protection, data protection and delivery infrastructure, areas that are essential for trust in online trade. It also shows how regional organisations are developing their own digital trade frameworks alongside larger global and Asia-Pacific digital economy agreements.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

EU drops browser-based cookie consent proposal from Digital Omnibus

The European Commission had proposed replacing cookie banners with an automated browser-based privacy signal as part of its ‘Digital Omnibus’ package, a move that would have allowed devices to communicate users’ tracking preferences directly to websites. The plan, outlined in Article 88b of the GDPR, was intended to cut red tape and reduce the burden on consumers navigating consent requests across the web.

According to digital rights organisation noyb, cookie banners were not created by data protection law but emerged as a mechanism for the online advertising industry to obtain users’ consent for data sharing with third parties. Studies suggest only 3 to 10 per cent of users actually wish to be tracked, yet so-called dark patterns, such as hidden ‘no’ buttons and pre-ticked boxes, allow the industry to achieve consent rates of up to 90 per cent. Across more than 450 million EU citizens, this results in billions of unnecessary clicks each year.

According to noyb, a lobbying document submitted by Google argued that removing cookie banners would effectively halt all online advertising, citing figures that the European Commission has since described as highly exaggerated. The Commission had made clear that consent would still be possible on a per-website and per-purpose basis, meaning users could grant access to specific outlets while withholding it from others. Google’s paper also claimed that media outlets would be harmed, despite the fact that they are explicitly exempt from the proposed provision.

According to noyb, the lobbying campaign appears to have influenced the legislative process. In the Council’s position paper of 18 June 2026, Article 88b was removed entirely from the Digital Omnibus. Noyb added that Germany, France, and Poland were among the member states supporting the article’s removal following lobbying by the online advertising industry.

The outcome is particularly striking given that many of the same member states have long called on the EU to simplify regulation and cut red tape. noyb, the European digital rights organisation, has described the result as a victory for lobbying over public interest, noting that the majority of EU citizens have consistently expressed frustration with cookie banners.

The European Parliament has not yet taken a position on Article 88b, and negotiations between the Parliament and the Council are ongoing. Noyb has urged the European Parliament to support reinstating Article 88b during the next stage of negotiations.

Why does it matter?

The debate highlights the growing tension between digital simplification efforts, privacy protection and the economic interests of the online advertising ecosystem. Browser-based privacy signals have long been discussed as a way to reduce repetitive consent requests while preserving users’ ability to decide when and how their personal data may be used.

The proposal’s removal also illustrates the influence that industry stakeholders can have during the EU legislative process. Whether Article 88b is reinstated during negotiations with the European Parliament could shape the future of online consent management in Europe, affecting digital advertising, user experience and the practical implementation of data protection rules.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

FIFA World Cup 2026 faces growing AI and cybersecurity threats

The FIFA World Cup 2026 is not only a football tournament. It is one of the largest digital security tests ever associated with a global public event.

With 48 teams, 104 matches and 16 host cities spread across the USA, Canada and Mexico, the ongoing tournament creates a vast network of stadium systems, ticketing platforms, broadcasters, hotels, transport providers, mobile applications, public Wi-Fi networks, payment systems, and connected devices.

The scale of digital interconnection is unprecedented in the history of international sport.

The Canadian Centre for Cyber Security has warned that the event will almost certainly attract cybercriminals, state-sponsored actors and other threat groups because of its visibility, infrastructure complexity, and broad supplier ecosystem.

Similar concerns have been raised by cybersecurity researchers, government agencies and intelligence analysts, all of whom view the tournament as a high-value target.

Canada warns FIFA World Cup 2026 could face cyberattacks, scams and AI-driven disinformation.

What makes the World Cup 2026 particularly significant is the growing role of AI.

AI will support crowd management, threat detection, cybersecurity operations, content moderation, logistics planning, and fan engagement. Ironically, the same technologies will provide attackers with powerful new tools to automate phishing campaigns, generate convincing deepfakes, conduct fraud operations and spread disinformation at an unprecedented scale.

Perhaps paradoxically, the result is a tournament where AI functions simultaneously as a defensive capability and an offensive weapon.

The largest entertainment attack surface in history

Cybersecurity experts have described the FIFA World Cup 2026 as the ‘largest global entertainment attack surface in history’. The description reflects not only the size of the tournament but also the complexity of its digital ecosystem.

Every match involves interactions between permanent stadium infrastructure, temporary commercial suppliers, cloud service providers, telecommunications operators, transportation networks, emergency services, broadcasters, and millions of fans. Unlike previous tournaments, many of these systems are deeply integrated through digital platforms and real-time data exchanges.

Researchers have noted that the attack surface extends far beyond FIFA’s own networks. Airlines, hotels, payment processors, media organisations, local authorities, ride-sharing platforms and tourism providers all become part of the broader security environment. A successful attack on any of these entities could create disruption that affects the tournament itself.

The Center for Strategic and International Studies (CSIS) has divided the World Cup attack surface into three layers. The first includes direct tournament infrastructure such as stadiums, ticketing systems, and broadcasting operations.

The second includes supporting infrastructure such as telecommunications networks, transportation systems and cloud providers. The third consists of millions of individual devices belonging to players, officials, journalists, sponsors and supporters.

Consequently, a cyber incident does not need to compromise FIFA directly to have significant consequences. A ransomware attack affecting a hotel chain, a denial-of-service attack against a transportation provider, or a breach of a ticketing partner could undermine public confidence and create operational disruption in multiple host cities.

AI-driven cybercrime and financial fraud

The most immediate threat facing supporters is financially motivated cybercrime. Major sporting events have historically attracted fraud schemes, but AI significantly increases their sophistication and reach.

Criminal groups are expected to exploit public interest through phishing campaigns, social engineering operations, fake ticket sales, fraudulent travel packages, malicious mobile applications and counterfeit livestreaming services.

The Canadian Centre for Cyber Security highlighted research indicating that more than 4,300 suspicious World Cup-related domains had already been identified by August 2025.

Generative AI allows attackers to produce convincing communications in multiple languages within seconds. Emails can imitate official FIFA announcements, airline notifications, hotel confirmations or ticketing updates with remarkable accuracy. AI-generated text can eliminate many of the grammatical errors that have traditionally exposed phishing attempts.

The personalisation capabilities of AI further increase effectiveness. Information gathered from social media profiles can be used to create tailored messages targeting specific individuals.

A supporter who has publicly discussed attending a World Cup match may receive a realistic-looking email containing details of a stadium, flight, or accommodation booking.

Cybersecurity researchers also warn about AI-powered chatbots designed to engage victims in extended conversations, gradually building trust before directing them towards malicious websites or fraudulent payment portals.

Such attacks represent an evolution beyond traditional phishing because they can adapt dynamically to the victim’s responses.

Deepfakes, disinformation and information warfare

One of the most significant AI-related concerns surrounding the World Cup is the potential use of deepfake technology and synthetic media.

Deepfakes can generate highly realistic audio, video, and images depicting events that never occurred. During a tournament watched by billions of people, such content could spread rapidly before verification mechanisms have time to respond.

 Ball, Football, Soccer, Soccer Ball, Sport, Adult, Male, Man, Person, Computer, Electronics, Laptop, Pc, Cup, Screen, Computer Hardware, Hardware, Accessories, Formal Wear, Tie, Monitor, Phone, Electrical Device, Microphone, Mobile Phone, Book, Publication, Blackboard, People, Face, Head, Gianni Infantino, Lionel Messi

A fabricated video appearing to show a national team manager criticising players, a fake government announcement warning of security threats, or an AI-generated recording supposedly involving FIFA officials could create confusion and damage reputations.

Even brief circulation of false information may influence public perception, financial markets, or security decisions.

Threat actors are very likely to employ AI-generated articles, images and videos during the World Cup tournament. Furthermore, state-sponsored influence operations remain possible, particularly if geopolitical tensions involving participating nations intensify.

The risk is not limited to political manipulation. Criminal groups may use deepfakes to support fraud operations, impersonate public figures or create fake emergency announcements designed to generate panic.

The speed of modern social media platforms means that misleading content can reach millions of users before fact-checking efforts can become effective.

The World Cup, therefore, represents a major test for digital information resilience. Governments, media organisations and technology platforms will need rapid verification capabilities to distinguish authentic content from increasingly sophisticated synthetic media.

Critical infrastructure and operational technology risks

The World Cup’s dependence on critical infrastructure creates another layer of cybersecurity concern.

Electricity grids, water systems, telecommunications networks, transportation infrastructure and emergency communications all support tournament operations. Any disruption affecting these systems could have consequences extending far beyond football matches.

Security researchers have warned that operational technology environments often remain less protected than traditional information technology networks. Many infrastructure systems were designed decades ago, long before cybersecurity became a primary concern.

As digital connectivity expands, vulnerabilities within such systems become increasingly attractive targets.

A cyber-attack on public transportation networks could delay tens of thousands of supporters travelling to World Cup matches. Disruptions affecting telecommunications systems could interfere with emergency coordination, media coverage and public communications.

Attacks targeting stadium access systems could create safety concerns if spectators are unable to enter or exit venues efficiently.

The multinational structure of the tournament further increases its complexity. The US, Canada and Mexico operate under different legal frameworks, cybersecurity standards and regulatory environments.

Effective protection, therefore, requires unprecedented levels of coordination between public authorities and private sector partners in the three countries.

Protecting fan data and digital identities

The FIFA World Cup generates enormous volumes of personal data. Ticket purchases, accommodation bookings, transportation arrangements, mobile applications, loyalty programmes and payment systems all collect information about supporters.

Such datasets are highly attractive to cybercriminals. Personal information can be used for identity theft, financial fraud, account takeovers or targeted phishing campaigns. The concentration of large numbers of international visitors further increases the value of collected data.

Digital ticketing systems present both opportunities and risks. While electronic tickets reduce certain forms of fraud and improve operational efficiency, they also create new attack vectors. Compromised accounts, stolen credentials and fake ticket marketplaces can all exploit digital ticketing ecosystems.

The use of biometric technologies introduces additional challenges. Facial recognition systems may be employed for security screening, venue access or identity verification. Although such technologies can improve efficiency and security, they also raise questions about privacy, consent, data retention, and oversight.

 Person, Electronics, Mobile Phone, Phone, Adult, Male, Man, Computer Hardware, Hardware, Monitor, Screen, Guard, Face, Head, Mattia De Sciglio

Maintaining public trust requires transparency regarding how personal information is collected, stored, and protected. Strong cybersecurity measures must be accompanied by clear governance frameworks and accountability mechanisms.

Online abuse and AI moderation

Cybersecurity during the World Cup extends beyond technical attacks. Online abuse, harassment and hate speech represent significant digital risks affecting players, officials and supporters.

Experience from previous tournaments illustrates the scale of the problem. FIFA reported that one in five players participating in the 2023 Women’s World Cup experienced online abuse. Through the Social Media Protection Service, nearly 117,000 comments were hidden or blocked during the competition. Almost half of the abusive messages were classified as sexist, sexual, or homophobic.

The scale of online interaction surrounding the men’s World Cup is expected to be substantially larger. Social media platforms, therefore, face significant pressure to prevent abuse while preserving legitimate expression.

Ofcom has already warned platforms about their responsibilities under the UK Online Safety Act. The regulator expects companies to maintain effective reporting systems, sufficient moderation resources and rapid responses to illegal content.

Tech companies face scrutiny during the FIFA World Cup as Ofcom monitors compliance.

AI will play a central role in content moderation efforts.

Machine learning systems can analyse vast quantities of user-generated content and identify harmful material much faster than human moderators alone. However, AI moderation remains imperfect. Algorithms may struggle with sarcasm, cultural context, local languages or rapidly evolving forms of abuse.

Balancing safety and freedom of expression will remain one of the most challenging governance issues during the World Cup.

AI as a cybersecurity enabler

Despite the risks, AI has become an essential component of modern cybersecurity strategies.

Security operations centres generate enormous volumes of alerts, logs and threat intelligence data. Human analysts alone cannot process this information effectively. AI enables organisations to identify patterns, prioritise risks, and respond more rapidly to emerging threats.

Machine learning systems can detect unusual network behaviour that may indicate malicious activity. AI tools can analyse phishing campaigns, identify fraudulent domains and uncover relationships between seemingly unrelated attacks.

cybersecyrity AI

Automated systems can isolate compromised devices and block suspicious traffic before significant damage occurs.

AI is also becoming increasingly important for threat intelligence. Security teams use machine learning models to analyse information from global threat feeds, identify emerging attack techniques and predict potential risks. During an event as large as the FIFA World Cup, such capabilities may provide critical advantages.

Beyond cybersecurity, AI supports broader security operations. Computer vision systems can monitor crowd movement, identify congestion points, and assist with emergency planning. Predictive analytics can help authorities allocate resources more effectively and improve incident response capabilities.

Nevertheless, AI should be viewed as a force multiplier rather than a replacement for human expertise. Automated systems can produce false positives, miss novel attack methods or be manipulated through adversarial techniques. Human oversight remains essential, particularly when decisions affect public safety and civil liberties.

International cooperation and long-term implications

The cybersecurity challenge facing the World Cup cannot be addressed by FIFA alone. Effective protection requires collaboration among governments, intelligence agencies, law enforcement organisations, cloud providers, telecommunications companies, stadium operators, and cybersecurity firms.

Information sharing will be particularly important. Threat intelligence must move rapidly across organisations and national borders. Attack indicators identified in one host city may become relevant to another within minutes.

 Adult, Male, Man, Person, Astronomy, Outer Space, Body Part, Hand, Globe, Planet, Handcuffs

The World Cup also serves as a preview of the future challenges facing large-scale public events. As AI becomes increasingly integrated into infrastructure, transportation, communications and security operations, future tournaments will become even more dependent on digital technologies.

The lessons learned from 2026 are therefore likely to influence cybersecurity planning for future Olympic Games, continental championships, political summits and other international gatherings.

Conclusion

The FIFA World Cup 2026 demonstrates how deeply sport has become intertwined with the digital world. Football remains the centrepiece of the tournament, but its success depends equally on cybersecurity, AI governance and operational resilience.

AI will help protect infrastructure, support threat detection, improve crowd management, and strengthen cyber defence capabilities. At the same time, it will enable more sophisticated phishing campaigns, more convincing deepfakes, more effective disinformation operations and increasingly personalised fraud schemes.

The central challenge is not whether AI should be used. The challenge is how it can be deployed responsibly, securely and transparently within one of the most complex public events ever organised.

Success will depend on balancing innovation with security, automation with human oversight and efficiency with public trust.

The real test for FIFA, host governments and technology providers will be resilience. Cyber incidents are almost inevitable given the scale and visibility of the tournament. What will matter most is the ability to detect threats quickly, limit disruption, recover effectively and maintain public confidence.

Ultimately, the FIFA World Cup 2026 may be remembered as the first truly AI-era World Cup, where cybersecurity, misinformation and digital resilience have become as important as events on the pitch.

As citizens, supporters and digital users, we each have a role to play in protecting the integrity of the information and technologies that increasingly shape our lives.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!