ai

New Washington initiative targets legal frameworks for collective cyber defence

A new policy coalition has been launched in Washington to develop frameworks governing collaboration between government agencies and private companies on cyber operations, amid growing concerns that unresolved legal questions are limiting deeper cooperation.

Venable’s Center for Cybersecurity Policy and Law established the Cyber Operations Policy Coalition this week. The coalition aims to bring together industry representatives, government officials, legal experts, academics and civil society organisations to develop policy frameworks for collective cyber defence.

Corporate members include Microsoft, Lumen, Halcyon, Autonomous Cyber, and Voreas Labs. Non-corporate members span think tanks and academic institutions, including the Foundation for Defense of Democracies, the Cyber Threat Alliance, the Institute for Security and Technology, McCrary Institute for Cyber and Critical Infrastructure Security, and American University’s Tech, Law, and Security Program. The International Committee of the Red Cross and the Stimson Center participate as observers.

The coalition is coordinated by Stacy O’Mara and advised by a panel that includes former NSA Cybersecurity Director Rob Joyce, former CISA official Bryan Ware, and former Representative Jim Langevin.

During the launch event, current and former officials identified legal authorities, liability arrangements and operational rules as key areas requiring clarification before public-private cyber collaboration can expand at scale. Katie Sutton, assistant secretary of defence for cyber policy, noted that legal expertise would be central to closer integration, pointing to existing authority frameworks on both the government and industry sides.

Tonya Ugoretz, head of PwC’s Cyber & Risk Innovation Institute, highlighted the need for clearer liability frameworks to enable cyber operations without requiring case-by-case authorisation.

The initiative reflects the structure of the cyber domain, where much of the internet and critical infrastructure is privately owned, making companies both potential targets of cyberattacks and key partners in cyber defence efforts.

Several parallel developments add context to the coalition’s launch. The Joint Cyber Defense Collaborative, the CISA-led body for public-private cyber coordination, is mapping both defensive and potential offensive options for use in geopolitical crisis scenarios involving major infrastructure providers, according to JCDC deputy assistant director Matt Springer.

The US military has also more openly discussed offensive cyber operations in recent months, while Congress is considering a proposal for a dedicated cyber service branch.

The emergence of increasingly capable AI systems with cybersecurity applications has further expanded the range of technical, operational and legal questions facing policymakers.

Why does it matter?

Cybersecurity increasingly depends on cooperation between governments and private companies because much of the infrastructure targeted by cyberattacks is privately owned and operated. However, legal questions surrounding authority, liability and operational responsibilities remain unresolved in many jurisdictions.

The coalition reflects growing recognition that existing frameworks may not be fully suited to large-scale cyber defence efforts, particularly as geopolitical tensions, critical infrastructure threats and AI-enabled cyber capabilities increase. Its work could help shape future approaches to collective cyber defence and public-private cybersecurity cooperation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

AI and systemic risk analytics focus of Helsinki conference

The Bank of Finland and the European Systemic Risk Board are holding their 11th joint conference on AI and systemic risk analytics in Helsinki on 3 and 4 June.

The event focuses on how AI methods and new data sources can support financial stability analysis, while also creating new challenges for economies and financial markets.

The conference aims to present research on financial stability and systemic risk analysis using AI methods, novel techniques, and new data sources. Topics include the use of large language models and trustworthy AI, changing interdependencies in financial markets, cybersecurity and operational risks, and AI combined with quantum computing as a possible source of new systemic risks.

The programme also covers more traditional systemic risk analytics and macroprudential policy tools, including early-warning indicators, network and contagion analysis, macro stress-testing, big data analytics, market-based finance, and geopolitical risk modelling.

Speakers include Bank of Finland Governor and ESRB First Vice-Chair Olli Rehn, who will address systemic risk, resilience, and competitiveness in a changing technological landscape. Other sessions will examine systemic cyber risk in financial networks, AI and risk-taking in banking, generative AI in economics and finance research, and AI-related financial system interdependencies.

The hybrid conference will include keynotes, panel discussions, presentations, and poster sessions, with online participation available.

Why does it matter?

The conference shows that AI is becoming a financial stability issue, not only a tool for efficiency or market analysis. Central banks and systemic risk authorities are examining how AI can improve risk detection, stress testing, and data analysis, while also creating new vulnerabilities through cyber risk, operational dependencies, market interconnections, and potential herding behaviour.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

India and South Africa deepen cooperation on AI and emerging technologies

India and South Africa have agreed to strengthen bilateral cooperation in emerging technologies, with AI, digital infrastructure and advanced manufacturing identified as key areas for future collaboration.

The agreement was reached during a meeting between India’s Minister of Science and Technology, Dr Jitendra Singh, and South Africa’s Deputy Minister of Science, Technology and Innovation, Dr Nomalungelo Gina. Both sides emphasised the need to expand traditional scientific cooperation into innovation-driven partnerships aimed at delivering economic and societal benefits.

Discussions covered biotechnology, genomics, vaccine development, health technologies, renewable energy, hydrogen, advanced manufacturing and digital innovation. The two countries also explored opportunities to deepen cooperation in quantum technologies, geospatial technologies and digital infrastructure.

The meeting reaffirmed the long-standing scientific relationship between the two countries and concluded with a commitment to strengthen innovation ecosystems through research collaboration, startup partnerships, technology deployment and industry engagement.

Why does it matter?

India and South Africa are among the leading technology and innovation hubs in the Global South. Expanding cooperation in AI, digital infrastructure, healthcare and advanced manufacturing could help accelerate technological development while fostering greater knowledge exchange and investment opportunities.

The partnership also reflects a broader trend of emerging economies seeking to strengthen innovation ecosystems and reduce reliance on technology supply chains and platforms concentrated in a small number of countries.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

OpenAI advocates for global action on youth AI safety

OpenAI has called for stronger international action on youth AI safety, including the creation of a dedicated institute to support common evidence, guidance, and safeguards for young users.

Ahead of the G7 Leaders’ Summit in Évian, France, the company said governments, researchers, civil society, and industry should work together to raise standards for safe and age-appropriate AI use by children and teenagers.

OpenAI said a dedicated youth AI safety institute could provide continuity beyond a single summit, helping stakeholders share evidence, develop guidance, and keep standards aligned with fast-moving AI systems. The company said such a body could take the form of a new international institute or an existing or newly created national AI institute with a global mandate.

The principles outlined by OpenAI include privacy-preserving age estimation, default safeguards when a user’s age is uncertain, annual youth safety risk assessments, accessible parental controls, clearer transparency about youth protections, and stronger protocols for serious safety situations involving self-harm, exploitation, grooming, sexually exploitative content, and other high-risk interactions.

The company also called for stronger protection of minors’ personal information, including prohibitions on privacy-invasive targeted advertising to young people and the sale of their personal information. It also said youth safety frameworks should promote AI literacy, learning, creativity, skill development, and future opportunities.

OpenAI said AI tools can help young people understand difficult concepts, practise languages, improve writing, learn to code, organise research, explore creative ideas, and prepare for changing labour markets. However, it argued that safeguards, family and educator guidance, and clear accountability mechanisms such as independent audits should support access.

The proposal builds on existing youth safety initiatives and education partnerships, including work with Common Sense Media, educators, and national education deployments in countries such as Estonia, Greece, and Singapore.

Why does it matter?

Youth AI safety is becoming a central policy issue as children and teenagers increasingly use AI tools for learning, creativity, social interaction, and everyday digital tasks. OpenAI’s proposal adds to pressure for international coordination on age-appropriate design, privacy, parental controls, safety protocols, and independent accountability. The G7 context also shows that youth AI safety is moving from product policy into broader debates over digital governance and education policy.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Liberties launches project on patient data and clinical AI accountability

The civil liberties organisation Liberties has launched the AI in the Healthcare Project to examine how personal data is used in the development and deployment of clinical AI systems.

The project, developed with Liberties member and partner organisations and independent expert Júlia Keserű, aims to improve transparency, accountability, and data protection practices in healthcare AI.

According to Liberties, the first phase will gather information through literature review, stakeholder consultations, interviews, freedom of information requests, and GDPR-based data subject access requests. Requests will be submitted to government agencies, regulatory bodies, public health authorities, publicly funded hospitals, and research institutions.

A second phase, led by Liberties, will focus on capacity development for watchdog organisations and civil society groups. The organisation said the work will provide methodologies, research tools, and collaboration platforms to help groups independently monitor the development and use of health AI systems.

The final stage will develop policy recommendations at the EU and national levels to promote responsible, transparent, and accountable health data practices. The recommendations will also seek to support compliance with existing frameworks such as the AI Act and the GDPR.

Liberties said AI systems are increasingly being integrated into healthcare, relying on data from sources such as electronic health records, wearable devices, mobile health apps, genetic testing services, and data brokers. However, it warned that transparency around data sources and their integration into clinical AI systems remains limited, creating risks to privacy, human rights, security, and safe use.

Why does it matter?

The project targets one of the most sensitive areas of AI deployment: healthcare systems that rely on personal and health data. As clinical AI tools become more common, questions about data sources, consent, transparency, GDPR rights, and accountability will become central to whether patients can trust AI-supported healthcare.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Armenia expands AI ecosystem through research, infrastructure and investment

Armenian Prime Minister Nikol Pashinyan said government initiatives have helped position Armenia as an emerging centre for technology and AI, according to remarks reported by state news agency Armenpress. Speaking during the election campaign, Pashinyan highlighted several projects that he said demonstrate the government’s efforts to strengthen Armenia’s technology sector.

Pashinyan highlighted agreements signed with US President Donald Trump last year, including cooperation on AI. He argued that subsequent developments in the sector have validated the government’s approach.

As examples of progress, the Prime Minister cited the establishment of an AI centre at Yerevan State University and the launch of the Eleveight AI data centre. He also linked developments in the sector to increased public investment in science and higher salaries for researchers.

Pashinyan said investment in the defence sector has supported technological development and stated that Armenian defence companies are exporting products internationally. He made the remarks during campaigning ahead of Armenia’s parliamentary elections.

Why does it matter?

Armenia is seeking to expand its role in emerging technologies at a time when countries are increasingly investing in AI infrastructure, research capacity and digital innovation as drivers of economic growth and competitiveness.

The government’s focus on AI cooperation, research institutions and data centre infrastructure reflects broader efforts to strengthen domestic technological capabilities and attract investment in the digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK CMA targets AI search content use in new Google conduct requirements

The UK’s Competition and Markets Authority (CMA) has imposed a new conduct requirement on Google Search under the country’s digital markets competition regime. The measure is designed to give publishers greater control over how their content is used and to improve transparency for users.

Under the new requirement, publishers will be able to prevent their content from being used in Google’s AI-powered search features, including AI Overviews. The CMA said the measure is intended to strengthen publishers’ ability to negotiate content licensing and usage agreements with Google.

Google will also be required to provide clearer attribution for publisher content used in AI-generated search results through prominently visible links. Following consultation feedback, publishers will also be able to opt out of having their content used to fine-tune Google’s AI models.

The CMA said it will continue monitoring Google’s AI-related changes to search and may introduce additional measures if competition concerns persist. Google will have up to nine months to implement the requirements and must publish regular compliance reports as the rollout progresses in the UK.

Why does it matter?

The decision highlights growing regulatory scrutiny of how AI-powered search systems use third-party content. As search engines increasingly generate answers directly within search results, publishers have raised concerns about attribution, traffic losses and the use of their content for AI training.

The UK’s approach could influence broader debates about the relationship between AI platforms, publishers and competition policy, particularly as regulators seek to balance innovation with transparency and fair commercial practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Aithos LARA reveals major AI compliance gaps under the EU AI Act and the GDPR

The Aithos Research Foundation has launched Aithos LARA (Legal Assessment for Real-world Agents), a public evaluation framework designed to assess whether AI agents comply with key European legal requirements.

The framework places AI models in simulated workplace and consumer-service scenarios where completing assigned tasks may involve actions that conflict with provisions of the EU AI Act or the General Data Protection Regulation (GDPR).

According to Aithos, an initial evaluation involving more than 3,000 tests across 12 frontier AI models found that none consistently met acceptable levels of legal compliance. Compliance rates ranged from 7% to 54%, with the highest-performing model adhering to legal requirements in only slightly more than half of the assessed scenarios.

The research suggests that current frontier AI systems may prioritise task completion over legal obligations when operating with a high degree of autonomy.

Furthermore, the study assessed compliance with six provisions of the EU AI Act and four core GDPR principles, including transparency, lawful processing, data minimisation and purpose limitation.

Researchers reported instances in which models generated outputs that would conflict with some of the AI Act’s prohibited practices, including exploiting vulnerable individuals, conducting emotion recognition in workplace environments and engaging in forms of manipulation prohibited under European law.

To increase transparency, Aithos has made evaluation transcripts, model outputs and judicial assessments publicly available. The organisation argues that independent and public oversight can complement company-led governance efforts by providing greater transparency into how AI systems behave in legally and ethically sensitive contexts.

Why does it matter?

The findings highlight the challenges of deploying AI agents in regulated environments where legal compliance is essential. As organisations increasingly explore AI for customer service, human resources, finance and operational decision-making, ensuring that systems comply with data protection and AI regulations is becoming a key governance requirement.

The research also underscores the growing importance of independent testing and oversight mechanisms as policymakers and regulators seek to evaluate how autonomous AI systems behave in real-world scenarios.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Greece advances digital transformation with AI, interoperability and cybersecurity measures

Greece’s Minister of Digital Governance and Artificial Intelligence, Dimitris Papastergiou, has outlined a broad digital transformation agenda in an interview with the newspaper Manifesto, highlighting new legislation, AI deployment, cybersecurity measures and digital public services.

A key element of the agenda is the implementation of the EU’s ‘once-only’ principle, which allows citizens and businesses in Greece to avoid repeatedly submitting the same information to public authorities across the EU. The legislation also introduces more than 800 new interoperability connections between government systems, aiming to reduce bureaucracy and improve service delivery.

Papastergiou highlighted the growing use of AI in public administration, including the mAigov digital assistant, which has handled more than 4.4 million citizen queries. Greece is also investing in AI infrastructure projects, including the Daedalus supercomputer and the Pharos AI Factory, while preparing national legislation aligned with the EU AI Act.

The minister also highlighted a memorandum of understanding with voice AI company ElevenLabs aimed at improving accessibility and public services through voice-based technologies. Additional initiatives include the creation of a Unified Property Hub, stronger anti-phishing measures, a National Malicious Websites Blocking List, the Defective Vehicle Recall Registry and enhancements to the MyStreet application.

On child online safety, Greece plans to introduce age-verification requirements for users under 15 through the Kids Wallet application from January 2027. According to the minister, the system will verify age without exposing or storing unnecessary personal information.

Why does it matter?

Greece’s plans illustrate how governments are increasingly combining AI deployment, digital public services and cybersecurity measures within broader digital transformation strategies.

The initiatives also reflect wider European efforts to improve interoperability, strengthen digital infrastructure, enhance online safety for children and prepare for the implementation of the EU AI Act.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

NGI Commons outlines expectations for the EU Tech Sovereignty Package

NGI Commons has outlined expectations for the European Union’s forthcoming Tech Sovereignty Package, a policy initiative aimed at strengthening Europe’s control over critical digital technologies and reducing reliance on non-European providers.

The initiative is expected to focus on semiconductors, cloud computing, AI and open-source software. According to NGI Commons, the package aims to align and simplify existing policies rather than introduce a new layer of regulation.

The framework builds on recommendations from Mario Draghi’s report on European competitiveness and seeks to support innovation, competitiveness and the EU’s broader objective of open strategic autonomy. A central element of the proposal is the recognition of open technologies as digital commons that underpin Europe’s digital ecosystem.

The analysis argues that open-source software should be treated as strategic infrastructure and supported through long-term funding, coordinated development efforts and greater public-sector adoption to strengthen digital resilience and security.

The report notes that challenges remain, including securing long-term funding, managing the growing energy demands of AI infrastructure and attracting investment, as policymakers seek to balance technological sovereignty with competitiveness.

Why does it matter?

The Tech Sovereignty Package is expected to shape how Europe approaches critical technologies such as semiconductors, cloud services, AI and open-source software in the coming years.

By treating open technologies as strategic infrastructure, policymakers could strengthen digital resilience, reduce external dependencies and support the EU’s broader goal of technological sovereignty while maintaining competitiveness in the global digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.