Governance/Regulation/Legislation

EU launches Mediterranean digital programme to support governance, cybersecurity and skills

(DigWatch) The European Commission has launched a digital transformation programme for countries in North Africa and the Middle East, marking the first digital initiative under the Pact for the Mediterranean. EU aims to support inclusive and sustainable growth by improving access to digital services and strengthening regulatory alignment. – https://dig.watch/updates/eu-launches-mediterranean-digital-programme-to-support-governance-cybersecurity-and-skills

Global data governance efforts expand as UNESCO supports policy capacity for AI systems

(DigWatch) UNESCO and the United Nations Development Programme (UNDP) have launched a joint initiative to support governments in developing rights-based data governance frameworks for AI. The programme reflects growing global efforts to align digital transformation with public interest objectives. The Data governance for inclusive digital and AI futures initiative provides policymakers with practical tools to design transparent and accountable data systems, with a focus on safeguarding rights and enabling inclusive AI deployment. – https://dig.watch/updates/global-data-governance-efforts-expand-as-unesco-supports-policy-capacity-for-ai-systems

UK government applies AI to improve efficiency in transport policy consultations

(DigWatch) The UK Department for Transport (DfT) has introduced generative AI tools to speed up the analysis of public consultations, significantly reducing time and operational costs. Managing 55 consultations yearly, the department often handles over 100,000 responses per process, previously requiring months of manual review. A new Consultation Analysis Tool, built with Google Cloud and the Alan Turing Institute, processes large datasets within hours using advanced AI. The system identifies key themes with up to 90% accuracy, enabling faster policy responses while delivering estimated annual savings of £4 million. – https://dig.watch/updates/uk-applies-ai-to-improve-efficiency-in-transport

AI reshapes classrooms and universities across Vietnam education system

(DigWatch) AI is becoming a central part of education in Vietnam, changing how schools are managed, how students learn, and how research is carried out. Officials say the shift is part of the country’s wider digital transformation in education. Nguyễn Sơn Hải of Vietnam’s Ministry of Education and Training said earlier reforms focused on digitising activities, while AI is now reshaping teaching and administration more broadly. The ministry is also preparing legal and policy frameworks to support safe and controlled AI use in education. – https://dig.watch/updates/ai-reshapes-classrooms-and-universities-across-vietnam-education-system

EU AI Continent Action Plan shows progress in infrastructure, data and governance

(DigWatch) The European Commission has reported significant progress under its AI Continent Action Plan, marking one year of implementation aimed at strengthening Europe’s position in AI. The strategy focuses on infrastructure, data, talent, adoption and trustworthy AI. Investment in computational capacity has expanded, with AI factories deployed across European supercomputers and further large-scale facilities in development. These initiatives aim to increase access to advanced computing resources for researchers and emerging companies. – https://dig.watch/updates/eu-ai-continent-action-plan-shows-progress-in-infrastructure-data-and-governance

What Regulators Should Do About The AI Industry’s Hidden Financial Loop

(Hera Hyeonseo Lee – Tech Policy Press) By last year, Microsoft had committed $13 billion to OpenAI — but much of that investment has never left the tech giant’s own balance sheet. A significant portion of the money reportedly has flowed in the form of credits for Microsoft’s Azure cloud infrastructure. OpenAI spent those credits training its artificial intelligence models, Microsoft booked the usage as cloud revenue and that revenue growth supported the stock price that justified the next round of investment. This is not a one-off arrangement. A January 2025 report by the Federal Trade Commission on AI partnerships documented similar patterns across the industry, including partnerships between Google and Anthropic and Amazon and Anthropic. Nvidia has played an analogous role. After profiting from the sale of Graphics Processing Units (GPU), it has reinvested in AI infrastructure startups like CoreWeave, which use the funds to buy more Nvidia chips, flowing right back to Nvidia’s reported revenue. Bloomberg has described these arrangements as “AI circular deals”. – https://www.techpolicy.press/what-regulators-should-do-about-the-ai-industrys-hidden-financial-loop-/

Silicon Valley’s Moral Posturing Is an AI Power Play

(Daniel Dobrygowski – Tech Policy Press) To many, Anthropic founder and CEO Dario Amodei looks like he’s channeling Martin Luther in the face of a Pentagon MAGA inquisition, issuing statements defending the company’s principles and drawing firm ‘red lines.’ Even if the true story of Anthropic’s commitment to safety is more complicated, its stance in favor of AI safeguards against domestic surveillance and autonomous weapons has spurred an otherwise unlikely coalition of giant tech platforms, AI researchers, theologians, and tech advocates that supports the AI company in its litigation with the federal government. Anthropic recently secured a temporary stay from a California court in the Pentagon’s attempt to destroy the company by labelling it a “supply chain risk”, but lost a similar motion seeking a stay on the Pentagon’s efforts to bar the company from providing goods and services to the military. The claims at issue here aren’t whether Anthropic’s tech works or how secure it is; rather, the question is who gets to decide what is right and what is wrong when the military uses AI. Such substantial ethical issues, which include questions over human agency and free expression in the age of AI, are coming up at ever greater frequency. Most of these high profile tech debates aren’t about what product works better or worse, or which application has a bigger market. They’re not about who has the best platform or who can scale the fastest. They aren’t even grand claims about “disruption” or how to create utopias. These new, increasingly rancorous, debates are over questions about what’s good or bad for society, what is right and what is wrong. Perhaps more so than past tech arguments, the current Anthropic-Pentagon dispute has fundamentally moral dimensions. – https://www.techpolicy.press/silicon-valleys-moral-posturing-is-an-ai-power-play/

Geostrategies

How India’s New Free Trade Agreement with the EU Limits AI Governance

(Shweta Kushe – Tech Policy Press) Solon, a 6th-century BCE legal scholar from Athens, is often attributed to have said that laws can resemble spiders’ webs: if anything small falls into them, they ensnare it, but large things get away. This insight is simple yet enduring and serves as a useful test for modern legal frameworks. As India and the European Union concluded negotiations and released the text of the India-European Union Free Trade Agreement (India-EU FTA) in February, Solon’s warning is particularly relevant. The India-EU FTA’s Digital Trade Chapter establishes a broad prohibition on requiring the transfer of or access to source code. This prohibition is combined with narrow, largely reactive carve-outs that risk leaving India’s regulators without proactive audit authority over algorithms that shape finance, healthcare and critical infrastructure. Similar concerns arose during negotiations of the India-UK Free Trade Agreement (India-UK FTA), regarding source-code related provisions. However, that agreement explicitly preserved space for algorithmic accountability. By contrast, the India-EU FTA is silent, creating a notable l asymmetry: The EU retains meaningful scrutiny over AI systems through its internal legislation, i.e., the EU AI Act 2024 (Article 74), while India’s ability to examine EU‑origin AI deployed within its borders is legally constrained by the India-EU FTA’s text. – https://www.techpolicy.press/how-indias-new-free-trade-agreement-with-the-eu-limits-ai-governance/

Serpro joins Brazil-China AI cooperation protocol

(DigWatch) Brazil’s Ministry of Science, Technology, and Innovation, Serpro, and the Chinese company iFlytek have signed a cooperation protocol on AI focused on building national capabilities for the functioning of the state. According to Serpro, the protocol forms part of broader Brazil–China cooperation in science and technology. Acting Minister Luis Fernandes said the initiative aims to foster joint technology development and knowledge transfer with Brazil, with implications for digital sovereignty. – https://dig.watch/updates/brazil-serpro-iflytek-ai-cooperation

China’s High-Tech Drive in 10 Charts

(Scott Kennedy – CSIS) Over the past few decades, China’s high-tech drive has made enormous yet uneven progress, both in general and within specific industries. These advances have directly translated into enhanced international power and influence for China. The United States and like-minded countries need to respond pragmatically to maximize the opportunities and minimize the risks resulting from these developments. –  https://www.csis.org/analysis/chinas-high-tech-drive-10-charts

Security and Surveillance

US, UK and Canada disrupt $45M crypto theft in Operation Atlantic

(Pierluigi Paganini – Security Affairs) An international law enforcement operation from the US, UK and Canada, codenamed Operation Atlantic, has targeted large-scale cryptocurrency theft schemes. Authorities identified more than $45 million in stolen digital assets and successfully froze around $12 million. The seized funds are expected to be returned to victims as investigations into the wider fraud networks continue. – https://securityaffairs.com/190805/cyber-crime/us-uk-and-canada-disrupt-45m-crypto-theft-in-operation-atlantic.html

ShinyHunters claim the hack of Rockstar Games breach and started leaking data

(Pierluigi Paganini – Security Affairs) An 8.1GB data leak reportedly linked to Rockstar Games has surfaced, with files shared by ShinyHunters after being obtained via Anodot. The dataset includes anti-cheat source code, player analytics, game assets, Zendesk support tickets and financial information. Rockstar Games, one of the major companies in the video game industry, known for popular titles like Grand Theft Auto. The cybercrime group claims they managed to access Rockstar-related systems hosted through a third-party cloud provider. The group alleges that sensitive internal data was exfiltrated and threatened to publish it. – https://securityaffairs.com/190796/data-breach/shinyhunters-claim-the-hack-of-rockstar-games-breach-and-started-leaking-data.html

Attackers target unpatched ShowDoc servers via CVE-2025-0520

(Pierluigi Paganini – Security Affairs) A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration and communication efficiency. – https://securityaffairs.com/190790/hacking/attackers-target-unpatched-showdoc-servers-via-cve-2025-0520.html

Fake Claude AI installer abuses DLL sideloading to deploy PlugX

(Pierluigi Paganini – Security Affairs) A fake website impersonating Anthropic’s Claude service was found distributing the PlugX remote access trojan, according to Malwarebytes. The rogue site abuses the chatbot’s popularity to trick users into downloading a ZIP archive presented as a “pro version” installer. The malware uses DLL sideloading to execute and then attempts to clean up traces after infection, reducing visibility on the system. “We discovered a fake website impersonating Anthropic’s Claude to serve a trojanized installer. The domain mimics Claude’s official site, and visitors who download the ZIP archive receive a copy of Claude that installs and runs as expected.” reads the report published by Malwarebytes. “But in the background, it deploys a PlugX malware chain that gives attackers remote access to the system.” – https://securityaffairs.com/190754/malware/fake-claude-ai-installer-abuses-dll-sideloading-to-deploy-plugx.html

Hackers access Booking.com user data, company secures systems

(Pierluigi Paganini – Security Affairs) Booking.com warned that hackers may have accessed customer data linked to travel reservations. Exposed details could include names, email addresses, phone numbers, and information shared with accommodations. Booking.com is one of the world’s leading online travel agencies (OTAs) and digital travel companies, specializing in accommodation bookings, including hotels, vacation rentals, and apartments. “In that spirit, we’re writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation.” reads the data breach notification sent to the impacted users. – https://securityaffairs.com/190757/data-breach/hackers-access-booking-com-user-data-company-secures-systems.html