Governance

Italy: Resolution establishing technical and procedural requirements for age verification systems to prevent minors from accessing pornographic content online enters into force

(Digital Policy Alert) On 12 November 2025, the Communications Regulatory Authority (AGCOM)’s Resolution 96/25/CONS, establishing technical and procedural requirements for age verification systems to prevent minors from accessing pornographic content online, comes into force. The resolution applies to operators established in Italy or in other EU Member States that distribute pornographic material to Italian users. AGCOM has the authority to identify relevant entities and notify the European Commission. A foreign service is considered to target Italian users if it uses the Italian language, has a significant Italian audience, generates revenue in Italy, markets to Italian users, or has an Italian domain or contact point. The resolution adopts a technology-neutral approach while setting out minimum requirements for age assurance systems. Key principles include proportionality, compliance with the General Data Protection Regulation (GDPR), involvement of independent third parties, security, accuracy, accessibility, non-discrimination, and user information. It emphasises the protection of user privacy through a “double anonymity” model, where neither the content provider knows the user’s identity nor does the identity provider know which site the user is visiting. The resolution distinguishes between three main age assurance methods: self-declaration (considered ineffective), age estimation (probability-based), and age verification (high certainty based on verified identification). Systems must prevent content providers from collecting personal data about users while ensuring age verification providers cannot identify the sites being accessed. Independent third-party involvement is mandatory, and these providers must be legally and technically separate from pornographic content distributors.For systems not based on installed applications, the process involves three distinct stages: issuance of age proof by a trusted third party, provision of this proof to the user who then presents it to the website, and authentication by the site without accessing the user’s identity data. Application-based systems may use digital wallets or identity management apps, potentially employing QR codes for verification while maintaining privacy protections. Age verification must occur for each access session, with validity ending after 45 minutes of inactivity or when the user closes the browser. Account creation cannot be mandatory, and age verification must be performed regardless of whether users hold an account. – https://digitalpolicyalert.org/event/34846-resolution-establishing-technical-and-procedural-requirements-for-age-verification-systems-to-prevent-minors-from-accessing-pornographic-content-online-enters-into-force

Beware of Google: Why are more countries looking for Google Maps alternatives?

(Cybernews) While Google Maps introduces new, AI-powered features, more countries are thinking of introducing local mapping systems. Countries claim it’s due to security measures, and Google Maps is only one part of the issue. More countries are aiming to utilize technologies developed in their own lands as a means to achieve technological independence from the US. That’s because the US tech giants, being so dominant in the market, have actual influence on how countries introduce tech policies, especially when they become dependent on tech companies such as Nvidia or Google. – https://cybernews.com/tech/google-maps-local-alternatives/

The Case for Making EdTech Companies Liable Under FERPA

(Lavanya Sathyamurthy – Tech Policy Press) Schools now depend on an average of 2,591 edtech tools in a single school year, according to one estimate. These tools can track private conversations between teachers and families and store comprehensive academic and personal records. Yet many companies do not clearly disclose how they collect and use student information. According to one nonprofit, 96% of apps used in schools share student data, such as email addresses and birth dates, with third parties, such as advertising entities. This often occurs without parental or student consent and, therefore, is likely in violation of the Family Educational Rights and Privacy Act (FERPA). – https://www.techpolicy.press/the-case-for-making-edtech-companies-liable-under-ferpa/

Why Commercial Tools Can Scrape Social Media But Researchers Can’t

(Brandon Silverman – Tech Policy Press) When researchers at the Institute for Strategic Dialogue (ISD) submitted a formal data access request to X under Europe’s Digital Services Act in early 2025, they had every reason to be optimistic. As an established research institution studying online reactions to Germany’s elections—precisely the type of public interest work that the European Union established the DSA to enable—their request seemed straightforward. Yet, after weeks of extensive back-and-forth, X rejected the application without providing either the data or a clear legal basis for refusal. When other organizations went through the same process with new data-sharing programs launched by Meta and TikTok, researchers experienced so many challenges that the European Commission launched a formal investigation. After hundreds of interviews with researchers, their preliminary findings confirmed that the programs were not providing the kind of access and data that they claimed. These cases exemplify a stark paradox at the heart of our digital society: even with the support of new emerging regulations, independent researchers still face major barriers to accessing even basic social media data essential for studying everything from election integrity to public health crises. However, if you happen to be a commercial for-profit hoping to study social media, there is a thriving, $100 million-plus market that freely trades this same data with very few restrictions. – https://www.techpolicy.press/why-commercial-tools-can-scrape-social-media-but-researchers-cant/

Legislation

European Union: Gigabit Infrastructure Act including measures to reduce the cost of deploying gigabit electronic communications networks enters into force

(Digital Policy Alert) On 12 November 2025, the Gigabit Infrastructure Act, including in-building physical infrastructure requirements, enters into force. The Act includes measures to facilitate and support the implementation of very high-capacity networks by promoting the joint use of existing physical infrastructure and by enabling the deployment of new physical infrastructure to ensure that the networks can be rolled out faster and at a lower cost. Furthermore, the Act includes a mandatory conciliation mechanism between public sector bodies and telecom operators, exceptions to the provisions for smaller municipalities, promotions for connectivity in rural and remote areas, and conditions for fair and reasonable network access. – https://digitalpolicyalert.org/event/31218-gigabit-infrastructure-act-including-measures-to-reduce-the-cost-of-deploying-gigabit-electronic-communications-networks-enters-into-force

Courts and Litigation

France: Directorate General for Competition, Consumer Affairs, and Fraud Control announced removal of illicit products from SHEIN and permitted operations under surveillance

(Digital Policy Alert) On 7 November 2025, the French Directorate General for Competition, Consumer Affairs, and Fraud Control (DGCCRF) announced that illicit products had been removed from SHEIN and that the company’s operations will remain under surveillance. The removed products included items of a pedopornographic nature, bladed weapons, and medicines. Despite the company’s compliance, the DGCCRF and the Paris Prosecutor’s Office are continuing legal proceedings against SHEIN. The Ministry of the Interior also referred the case to the Paris judicial court, with four separate investigations currently underway. In addition, the authorities have formally requested a European investigation from the European Commission. Customs officials are conducting large-scale inspections of SHEIN packages arriving at Charles de Gaulle Airport, and the authorities will continue to monitor the company to prevent the reintroduction of illicit products. The government stated that similar proceedings will be initiated against other online platforms found to be selling illegal products in the coming days. – https://digitalpolicyalert.org/event/35208-directorate-general-for-competition-consumer-affairs-and-fraud-control-announced-removal-of-illicit-products-from-shein-and-shein-operations-currently-permitted-under-surveillance

Geostrategies

Quad Cooperation in Biotechnology: A New Frontier for Health Security in the Indo-Pacific

(Lakshmy Ramakrishnan – Observer Research Foundation) Biotechnology is a critical and emerging technology with wide-ranging applications in human medicine, biodefence, nutrition, and the use of bio-based materials. This positions it as a key driver of geopolitical influence and a pillar of global health security, where innovations shape disease surveillance and enable the development of medical countermeasures. Recognising biotechnology as an upcoming frontier in technology competition, the Quad countries—the United States, Australia, India, and Japan—have taken steps to integrate it into their national strategies. Given the need to balance technological sovereignty with cooperation amid growing geopolitical uncertainties, the Quad can serve as a platform for aligning national capabilities in biotechnology and advancing allied health solutions. This paper explores the platform’s evolving role in promoting health security in the Indo-Pacific and identifies areas for collaboration in biotechnology research and development. –  https://www.orfonline.org/research/quad-cooperation-in-biotechnology-a-new-frontier-for-health-security-in-the-indo-pacific

Technical is political: When a cloud certification scheme divides Europe

(Clotilde Bômont – EUISS) The European cloud market is largely dominated by US providers, creating structural dependencies and posing risks to the confidentiality of European data. Conceived as a technical certification framework for cloud security, the European Cybersecurity Certification Scheme for Cloud Services (EUCS) has triggered wider debates on European digital sovereignty. Divergences among Member States have stalled the scheme’s adoption, delaying progress on other EU and national digital initiatives. The evolving geopolitical landscape, most notably Donald Trump’s re-election, is reshaping European priorities and could ultimately bring Member States’ positions on the EUCS closer together. – https://www.iss.europa.eu/publications/briefs/technical-political-when-cloud-certification-scheme-divides-europe

Winning the AI race means winning developers in China, says Huang of Nvidia

(DigWatch) Nvidia CEO Jensen Huang said China is ‘nanoseconds’ behind the US in AI and urged Washington to lead by accelerating innovation and courting developers globally. He argued that excluding China would weaken the reach of US technology and risk splintering the ecosystem into incompatible stacks. – https://dig.watch/updates/winning-the-ai-race-means-winning-developers-in-china-says-huang-of-nvidia – https://www.techradar.com/pro/china-is-going-to-win-the-ai-race-nvidia-ceo-jensen-huang-makes-a-bold-proclamation-says-we-all-need-a-little-less-cynicism-in-our-lives

Why analytical AI deserves equal attention in the age of generative AI

(Techradar) Since the meteoric rise of ChatGPT, generative AI has dominated headlines and boardroom conversations, and for good reason. With its remarkable ability to analyze large unstructured data sets, identify patterns and extract valuable insights into content that genuinely appears human-like, many things that were once difficult to do have become much easier. From crafting marketing content to writing code and even designing product prototypes, generative AI has rapidly lowered the barrier to innovation across a range of business functions. In many respects, the hype is real – along with its immense potential to reshape entire industries. – https://www.techradar.com/pro/why-analytical-ai-deserves-equal-attention-in-the-age-of-generative-ai

Infrastructure modernization is key to AI success

(Techradar) As the world’s third largest artificial intelligence market (£72.3bn in 2024), the United Kingdom is home to 37,000 AI companies that employ more than 60,000 people and contribute about £3.7 billion to the economy. The U.K. Government is also throwing its weight behind the technology with several initiatives and investment programs, including the AI Opportunities Action Plan to drive the use of AI tools in public offices. – https://www.techradar.com/pro/infrastructure-modernization-is-key-to-ai-success

Security and Surveillance

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

(Pierluigi Paganini – Security Affairs) Genians Security Center researchers warn that the North Korea-linked Konni APT group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima) posed as counselors to hack Android and Windows, stealing data and wiping phones via Google Find Hub in September 2025. The KONNI RAT was first spotted by Cisco Talos researchers in 2017. It has been undetected since 2014 and was employed in highly targeted attacks. The RAT was able to avoid detection due to continuous evolution, it can execute arbitrary code on target systems and steal data. – https://securityaffairs.com/184474/intelligence/north-korea-konni-apt-used-google-find-hub-to-erase-data-and-spy-on-defectors.html

Qilin Ransomware Activity Surges as Attacks Target Small Businesses

(Alessandro Mascellino – Infosecurity Magazine) A rise in ransomware incidents linked to the Qilin ransomware group, one of the longest-running ransomware-as-a-service (RaaS) operations, has been observed by cybersecurity researchers. According to S-RM’s latest intelligence, Qilin continues to exploit weaknesses such as unpatched VPN appliances, lack of multi-factor authentication (MFA) and exposed management interfaces to gain initial access to corporate networks. In an advisory published on Monday, the firm noted that while major breaches, such as the 2024 Synnovis attack on UK healthcare systems, drew widespread attention, most of Qilin’s victims are small-to-medium-sized businesses in the construction, healthcare and financial sectors. – https://www.infosecurity-magazine.com/news/qilin-ransomware-activity-surges/

Quantum Route Redirect Phishing Kit Democratizes Cyber-Attacks

(Phil Muncaster – Infosecurity Magazine) Security experts have discovered a new, highly automated phishing-as-a-service (PhaaS) platform that has been streamlining large-scale credential theft across 90 countries for several months. KnowBe4, which discovered the phishing kit in early August, christened it “Quantum Route Redirect.”. “Quantum Route Redirect is an advanced automation platform that streamlines the entire phishing campaign process, from traffic rerouting to victim tracking. Our security researchers have identified approximately 1000 domains currently hosting this tool,” the vendor explained. – https://www.infosecurity-magazine.com/news/quantum-route-redirect-phishing/

Russia imposes a 24-hour SIM lock to counter drone attacks

(Cybernews) Russian authorities have ordered telecom operators to introduce a 24-hour block of mobile data connectivity and SMS messaging to all SIM cards entering from abroad or reactivated after 72 hours of inactivity. This is a response to increasing UAV and drone attacks by Ukraine. The Russian Ministry of Digital Development announced that testing of the “cooling-off period” began on November 10th. Any SIM card that has been inactive for 72 hours, or upon returning from international roaming, is subjected to a 24-hour block. – https://cybernews.com/security/russia-introduces-cooling-off-period-for-sim-cards/

Google Cloud says AI will run cybercrime operations by 2026

(Cybernews) Google Cloud’s Cybersecurity Forecast 2026 suggests that AI will soon sit at the center of every major security move, driving both attackers and defenders. In fact, by next year, AI won’t just support cyber crooks: it will run their operations. According to Google Cloud, the balance of power in cybersecurity is further shifting because, unsurprisingly, both attackers and the pros fighting back are increasingly turning to AI. This is not shocking, of course, as AI has been seeping into every digital platform for a few years now. But Google Cloud says that progress is so fast that by next year, AI won’t just support cybercriminals – it will run their operations. – https://cybernews.com/security/google-cloud-cybercrime-forecast-ai/

Hackers threaten to leak Italian gas giant’s data

(Cybernews) A notorious Russia-linked ransomware gang has claimed to have stolen 159GB of data from one of Italy’s largest industrial gas producers and has begun the countdown to release it publicly. The Everest Group, the Russia-linked cybercriminal gang behind the alleged ransomware attack, has listed the SIAD Group as a victim on its leak site on the dark web. The SIAD Group is one of Italy’s leading chemical and industrial gas companies, producing and distributing gases used across sectors such as food, healthcare, automotive, metallurgy, and chemical manufacturing. Its operations also include the supply of liquefied petroleum gas (LPG) and natural gas. – https://cybernews.com/security/siad-group-ransomware-attack/

CMMC enforcement begins after eight years of warnings

(Nick Wakeman – NextGov) The defense industry has had nearly a decade of warnings, but Monday, Nov. 10 marks the day that companies need to start complying with the government’s standards around how they protect controlled unclassified information. Of course, they should have been complying with the National Institute of Standards & Technology’s SP 800-171 standard for the last eight years. But now the Cybersecurity Maturity Model Certification program begins in earnest. Defense agencies will start requiring at least a Level 1 certification on new contracts. Level 1 requires self-certification for 15 controls that are part of 800-171. These cover basic cyber hygiene. – https://www.nextgov.com/cybersecurity/2025/11/cmmc-enforcement-begins-after-eight-years-warnings/409444/?oref=ng-homepage-river

Leading AI companies keep leaking their own information on GitHub

(Techradar) AI companies have had a pretty rocky history with cybersecurity and data privacy, and new research from Wiz shows this still hasn’t improved. Looking at the Forbes top 50 leading AI companies as a benchmark, the experts uncovered nearly two-thirds (65%) of these top AI firms were leaking verified secrets on GitHub. These tokens, sensitive credentials, and API keys were found buried deep in places most researchers and scanners would never encounter, like deleted forks, developer repos, and gists. – https://www.techradar.com/pro/security/leading-ai-companies-keep-leaking-their-own-information-on-github

The ransomware payment ban: what’s the potential impact for UK businesses?

(Techradar) In the past year, the UK government has signaled that it intends to take a more proactive stance on tackling ransomware by introducing a targeted ban on ransomware payments. Under the proposed measures, all publicly funded bodies and critical national infrastructure providers (CNIs), including the NHS, schools and local councils, would be prohibited from paying ransoms. – https://www.techradar.com/pro/the-ransomware-payment-ban-whats-the-potential-impact-for-uk-businesses

Defence, Military, and Warfare

Military experts warn security hole in most AI chatbots can sow chaos

(Aliya Sternstein – Defense News) Current and former military officers are warning that adversaries are likely to exploit a natural flaw in artificial intelligence chatbots to inject instructions for stealing files, distorting public opinion or otherwise betraying trusted users. The vulnerability to such “prompt injection attacks” exists because large language models, the backbone of chatbots that digest hordes of user text to generate responses, cannot distinguish between malicious and trusted user instructions. “The AI is not smart enough to understand that it has an injection inside, so it carries out something it’s not supposed to do,” Liav Caspi, a former member of the Israel Defense Forces cyberwarfare unit, told Defense News. – https://www.defensenews.com/land/2025/11/10/military-experts-warn-security-hole-in-most-ai-chatbots-can-sow-chaos/

As drones proliferate, Army pilots worry about their future. Will a new approach to flight school help?

(Thomas Novelly – Defense One) “We’re cooked,” one Army aviator said recently, describing the reactions of fellow students at the service’s helicopter flight school to Sikorsky’s new uncrewed Black Hawk. “Why are we even doing this, for real?”. As the Army races to realize the promise of unmanned aircraft—more platforms, more flexibility, less risk to aircrew—it is shrinking the units that fly and maintain the helicopters that have long been central to the service’s way of war. Some pilots worry that their careers and expertise will be lost in the transition, even as some express optimism that the Army’s new contractor-run training approach will make tomorrow’s smaller aviation community better than ever. – https://www.defenseone.com/policy/2025/11/drones-proliferate-army-pilots-worry-about-their-future-will-new-approach-flight-school-help/409423/?oref=d1-featured-river-top

Frontiers

Japan develops system to measure and share physical and mental pain

(DigWatch) Japanese mobile carrier NTT Docomo has developed a system that measures physical and mental pain and translates it into a format others can understand. The technology utilises brainwave analysis to convert subjective sensations, such as injuries, stomachaches, spiciness, or emotional distress, into quantifiable levels. – https://dig.watch/updates/japan-develops-system-to-measure-and-share-physical-and-mental-pain – https://japantoday.com/category/tech/japan’s-ntt-docomo-develops-tech-to-quantify-physical-mental-pain

Capgemini and Orano Unveil First Intelligent Humanoid Robot for the Nuclear Industry

(AI Insider) Capgemini and Orano have deployed Hoxo, the first intelligent humanoid robot built for use in nuclear facilities, at Orano’s Melox Ecole des Métiers site in southern France. Equipped with AI, advanced sensors, and autonomous navigation, Hoxo is designed to replicate human movements, perform technical tasks, and operate safely in high-risk or confined environments. Over a four-month testing phase, Orano will evaluate the robot’s precision and mobility as part of a broader effort to integrate humanoid robotics into nuclear operations for improved safety, efficiency, and workforce support. – https://theaiinsider.tech/2025/11/11/capgemini-and-orano-unveil-first-intelligent-humanoid-robot-for-the-nuclear-industry/

Overfuel Secures Growth Investment from Recurring Capital Partners to Accelerate AI Innovation, Strategic Growth, and Leadership Expansion

(AI Insider) Overfuel secured a strategic growth investment from Recurring Capital Partners to accelerate AI-driven innovation, strategic acquisitions, and leadership expansion. The company has achieved over 400% revenue growth in two years as dealerships increasingly adopt its AI-powered platform to boost sales performance. Industry veteran Jamie Kent joined as Chief Strategy Officer to lead OEM partnerships and M&A strategy, reinforcing Overfuel’s position as a leader in next-generation automotive digital solutions. – https://theaiinsider.tech/2025/11/11/overfuel-secures-growth-investment-from-recurring-capital-partners-to-accelerate-ai-innovation-strategic-growth-and-leadership-expansion/

China’s Cornerstone Robotics Raises $200M for Surgical Robotics

(AI Insider) Cornerstone Robotics has closed an oversubscribed US$200 million funding round, attracting a global strategic investor, sovereign wealth funds, and existing shareholders to accelerate commercialization and innovation in surgical robotics. The Chinese company’s flagship Sentire Endoscopic Surgical System is already in clinical use across China, Hong Kong, and Europe following regulatory approval by China’s NMPA. Founded in 2019, Cornerstone Robotics plans to expand globally, advancing accessible, high-quality robotic surgery solutions, with UBS Group serving as financial advisor on the transaction. – https://theaiinsider.tech/2025/11/11/chinas-cornerstone-robotics-raises-200m-for-surgical-robotics/

Dutch Greenhouse Automation Startup SAIA Agrobotics Raises €10M in Series A Funding

(AI Insider) SAIA Agrobotics has raised €10 million in Series A funding led by Check24 Impact, with participation from the EIC Fund, Navus Ventures, and Oost NL, bringing its total funding to over €20 million to support a 2026 commercial rollout. The Netherlands-based startup, spun out of Wageningen University & Research, has developed a greenhouse automation system that moves plants to stationary robots for scanning, trimming, and harvesting—reducing labor costs by 50% and boosting yields by 20%. With deployments already underway at Growers United, SAIA is positioning its AI-driven “Food Factory of the Future” as a cornerstone of Europe’s sustainable, data-driven agricultural infrastructure. – https://theaiinsider.tech/2025/11/11/dutch-greenhouse-automation-startup-saia-agrobotics-raises-e10m-in-series-a-funding/

Partner Robotics Raises Series A Funding for Construction Robotics Expansion

(AI Insider – 11 November 2025) Partner Robotics has raised an eight-figure RMB Series A round led by China Growth Capital, with participation from Cowin Capital and Redpoint China Ventures, bringing its total funding to roughly RMB 100 million (USD 14 million) since 2024. Index Capital served as financial advisor for the round. Founded in 2023 by Kecheng Wang, former CEO of Bright Dream Robotics, Partner Robotics is developing next-generation collaborative robotics solutions driven by deep industry expertise. – https://theaiinsider.tech/2025/11/11/partner-robotics-raises-series-a-funding-for-construction-robotics-expansion/