Governance

Data Portability Can Restore Real Consumer Choice Between ‘Consent or Pay’ Offerings Online

(Tom Fish – Tech Policy Press) The sign-up options for online services in Europe are evolving in response to a series of regulatory interventions. The most high-profile example of this is Meta’s introduction of an ad-free subscription option for accessing Facebook and Instagram in 2023, followed by an additional “less personalized ads” option a year later. With consumers now frequently being asked to decide between ad-funded and subscription-based access to digital content, it’s worth considering the role of data portability in preserving truly meaningful choice. – https://www.techpolicy.press/data-portability-can-restore-real-consumer-choice-between-consent-or-pay-offerings-online/

Cloud Services Face Scrutiny Under the Digital Markets Act

(Megan Kirkwood – Tech Policy Press) European authorities announced three new market investigations into cloud-computing services under the Digital Markets Act (DMA), as EU leaders gather in Berlin for the Summit on European Digital Sovereignty — an event billed as a push for an “independent, secure and innovation-friendly digital future for Europe.” Two investigations will assess whether Amazon Web Services (AWS) and Microsoft’s Azure should be designated as gatekeepers, despite apparently “not meeting the DMA gatekeeper thresholds for size, user number and market position.” A third investigation is to assess if the DMA is best placed to “effectively tackle practices that may limit competitiveness and fairness in the cloud computing sector in the EU.” – https://www.techpolicy.press/cloud-services-face-scrutiny-under-the-digital-markets-act/

If Europe Wants Digital Sovereignty, It Must Reinvent Who Owns Tech

(Sofia Calabrese, Roy Virah-Sawmy – Tech Policy Press) Over the past year, digital sovereignty has taken centre stage in European policy debates. Democratic-by-design governance of tech companies, however, has received far less attention. It deserves much more. The current conversation about sovereignty remains, for the most part, narrowly focused on economics. Most recently, Germany and France have included digital sovereignty in their joint economic agenda. When it comes to emerging technologies, however, the economic dimension is only one piece of a much larger puzzle. – https://www.techpolicy.press/if-europe-wants-digital-sovereignty-it-must-reinvent-who-owns-tech/

New EU rules aim to accelerate GDPR complaint handling

(DigWatch) The Council of the European Union has approved new rules aimed at speeding up the handling of cross-border data protection complaints, marking a significant update to the enforcement of the General Data Protection Regulation (GDPR) across the bloc. The new regulation aims to address long-standing bottlenecks in cooperation between national data protection authorities, which often hinder investigations involving companies operating across multiple EU countries. – https://dig.watch/updates/new-eu-rules-aim-to-accelerate-gdpr-complaint-handling

EU aviation regulator opens debate on AI oversight and safety

(DigWatch) EASA has issued its first regulatory proposal on AI in aviation, opening a three-month consultation for industry feedback. The draft focuses on trustworthy, data-driven AI systems and anticipates applications ranging from basic assistance to human–AI teaming. The move comes amid wider criticism of EU AI rules from major tech firms and political leaders. Aviation stakeholders are now assessing whether compliance costs and operational demands could slow development or disrupt competitive positioning across the sector. – https://dig.watch/updates/eu-aviation-regulator-opens-debate-on-ai-oversight-and-safety

New strategy targets Africa’s connectivity gap

(DigWatch) Africa’s latest digital summit in Cotonou presented a growing concern. Coverage has expanded across West and Central Africa, yet adoption remains stubbornly low. Nearly two-thirds of Africans remain offline, despite most already living in areas with mobile networks. Senior figures at the World Bank argued that the continent now faces an inclusion challenge rather than an infrastructure gap, as many households weigh daily necessities against the cost of connectivity. – https://dig.watch/updates/new-strategy-targets-africas-connectivity-gap

Digital Twins Demand a New Social Contract

(Mark Fenwick, Paul Jurcys – Tech Policy Press) In an age of personal AI, digital twins have begun to take shape. By this, we mean digital duplicates of living and deceased humans, constructed from data and trained on existing writings, public interviews, and presentations, that aspire to resemble an individual’s intellectual knowledge, style and behavior. One striking example is “LuFlot,” a philosophical agent designed on the corpus of Prof. Luciano Floridi, a leading thinker in the philosophy of information and digital ethics. LuFlot is not a sci-fi concept, but an existing text-based conversational tool that enables his students and followers to engage with his ideas through AI-mediated dialogue, conceptual debate, and inquiry-based learning. It extends his intellectual presence. – https://www.techpolicy.press/digital-twins-demand-a-new-social-contract/

Legislation

It’s Back. Congress Gears Up for Year-End Fight Over Moratorium on AI Laws

(Cristiano Lima-Strong – Tech Policy Press) United States lawmakers are preparing for another potential showdown over a proposed moratorium on state artificial intelligence rules, with House lawmakers considering using an annual defense measure as a vehicle to get it passed after an earlier attempt unraveled. House Majority Leader Steve Scalise (R-LA) told Punchbowl News on Monday that the chamber is “looking at” tucking the language into the National Defense Authorization Act (NDAA), a yearly defense spending bill widely viewed as must-pass and often used to attach other policy measures. The remarks signal the battle is poised to reenter the public spotlight by year’s end. According to Politico, House and Senate leaders are aiming to finalize a deal on the defense package before lawmakers break for the Thanksgiving holiday on Nov. 27, with final votes on track for early December. – https://www.techpolicy.press/its-back-congress-gears-up-for-yearend-fight-over-moratorium-on-ai-laws/

Moving Past ‘Chat Control’ to Solutions that Truly Protect Kids and Privacy

(Ella Jakubowska – Tech Policy Press) The CSA Regulation, the EU’s proposed law laying down rules to prevent and combat child sexual abuse, has been one of the most sharply-contested legal proposals of recent years. Aiming to curb the serious issue of the spread of child sexual abuse material (CSAM) online, in 2022, the EU executive proposed a bill to scan digital communications and storage, mainly using artificial intelligence (AI) tools to find and report CSAM. In autumn 2025, public awareness of this controversial law reached an all-time high across EU countries, as an important vote signaled a possible crunch point. The vote was ultimately canceled due to a lack of support from EU Member State governments, and what came next surprised everyone. However, the possibility of moving forward productively is within the EU’s reach following a significant shift by the Danish government. In an unexpected move, Ambassadors for the EU’s Member States are set to agree next week to rule out the most controversial elements of their draft position – those that would amount to encryption-breaking ‘chat control’. For the first time, it seems possible that lawmakers could strike a deal to address the grave issue of online CSAM in ways that will uphold the privacy and digital security of the general population. – https://www.techpolicy.press/moving-past-chat-control-to-solutions-that-truly-protect-kids-and-privacy/

India’s data protection rules finally take effect

(DigWatch) India has activated the Digital Personal Data Protection Act 2023 after extended delays. Final regulations notified in November operationalise a long-awaited national privacy framework. The Act, passed in August 2023, now gains a fully operational compliance structure. –  https://dig.watch/updates/indias-data-protection-rules-finally-take-effect

Courts and Litigation

Report calls for new regulations as AI deepfakes threaten legal evidence

(DigWatch) US courtrooms increasingly depend on video evidence, yet researchers warn that the legal system is unprepared for an era in which AI can fabricate convincing scenes. A new report led by the University of Colorado Boulder argues that national standards are urgently needed to guide how courts assess footage generated or enhanced by emerging technologies. – https://dig.watch/updates/report-calls-for-new-regulations-as-ai-deepfakes-threaten-legal-evidence

Security and Surveillance

Livestreaming Platforms Must Demonstrate Their Safety Measures’ Effectiveness

(Dhanaraj Thakur – Tech Policy Press) In the conversation about keeping children safe online, one heart-rending problem stands out: child sexual exploitation and abuse (CSEA) on livestreaming platforms, which persists around the globe. In October, a German man was charged on hundreds of counts for pushing children in various countries to harm themselves on video and create pornographic content. Earlier this year, a UK man was convicted of arranging livestreamed sexual abuse of children. And last year, a Florida man and his girlfriend and son were arrested for allegedly sexually abusing children on livestreaming sites, earning money from anonymous predators who paid to watch. The case’s appalled judge spoke out, saying, “For the past 25 years, I’ve seen just about everything, so to shock the court’s conscience is frankly a difficult proposition at this point in the court’s career.”. These stories of horrific and illegal activities are unfortunately not unique, and are playing out across popular livestreaming platforms, where users — and particularly young people — gather online to generate and share content about gaming, sports, politics, music, and more. Perpetrators also use livestreaming services to groom or sextort children, or pay children directly or others to perform sexual acts with children live. – https://www.techpolicy.press/livestreaming-platforms-must-demonstrate-their-safety-measures-effectiveness/

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

(Pierluigi Paganini – Security Affairs) Dutch police Politie, seized 250 servers running an unnamed bulletproof hosting service used solely by cybercriminals. Active since 2022, it appeared in over 80 cybercrime investigations. “In an investigation into a rogue hosting company, the East Netherlands cybercrime team seized thousands of servers.” reads the press release published by Politie. “According to the police, the hosting company is used solely for criminal activities. Research shows that the company has appeared in more than 80 investigations into cybercrimes at home and abroad since 2022 and has recently continued to be used for criminal activities.”. Dutch police took thousands of virtual servers offline. The move blocks criminal use and enables further investigation. – https://securityaffairs.com/184757/cyber-crime/dutch-police-takes-down-bulletproof-hosting-hub-linked-to-80-cybercrime-cases.html

New npm Malware Campaign Redirects Victims to Crypto Sites

(Alessandro Mascellino – Infosecurity Magazine) A new malware campaign built around seven npm packages has been uncovered by cybersecurity experts. The campaign, observed by the Socket Threat Research Team, is operated by a threat actor known as dino_reborn. It uses a mix of cloaking tools, anti-analysis controls and fake crypto-exchange CAPTCHAs to identify whether a visitor is a potential victim or a security researcher. Six of the packages contain nearly identical 39 KB malware samples, while a seventh constructs a façade webpage. All seven remained live until takedown requests placed them into security holding. The packages include signals-embed, dsidospsodlks, applicationooks21, application-phskck, integrator-filescrypt2025, integrator-2829 and integrator-2830. – https://www.infosecurity-magazine.com/news/npm-malware-campaign-redirects/

AI-Enhanced Tuoni Framework Targets Major US Real Estate Firm

(Alessandro Mascellino – Infosecurity Magazine) A highly advanced intrusion attempt using the emerging Tuoni C2 framework targeted a major US real estate company in October 2025. The attack, observed by Morphisec and described in an advisory published today, combined social engineering, steganography and in-memory execution. The campaign demonstrates how threat actors are combining modular command-and-control (C2) tools with AI-assisted delivery methods to circumvent conventional defenses. – https://www.infosecurity-magazine.com/news/ai-tuoni-framework-targets-us-real/

How One CIO Enables Executives to Boost Cybersecurity and Safeguards Scientific Research

(James Coker – Infosecurity Magazine) As cyber threats grow in complexity and regulatory scrutiny intensifies, the role of executive leadership in cybersecurity is undergoing a profound change. Organizations can no longer afford for security to remain a purely technical concern, it demands informed, active engagement from the boardroom to ensure resilience and business continuity. At the the Gartner Security & Risk Management Summit 2025, Jonathan Monk, CIO at the Institute of Cancer Research, a UK charity, discussed a novel approach security leaders can use to support executives in making informed and active decisions about implementing security controls and managing exposure. – https://www.infosecurity-magazine.com/interviews/how-one-cio-safeguards-scientific/

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

(The Hacker News) Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East. The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented by the threat intelligence firm early last year. – https://thehackernews.com/2025/11/iranian-hackers-use-deeproot-and.html

GenAI and Deepfakes Drive Digital Forgeries and Biometric Fraud

(Phil Muncaster – Infosecurity Magazine) AI technology is being adopted by fraudsters in ever growing numbers to commit new account fraud (NAF) and circumvent even biometric-based checks, according to a new report from Entrust. The security vendor analyzed data from over one billion identity verifications in 30+ sectors and 195 countries, between September 2024 and September 2025, to compile its 2026 Identity Fraud Report. – https://www.infosecurity-magazine.com/news/genai-deepfakes-digital-forgeries/

Resilience At Risk: Talent and Governance in the Age of AI

(Adham Etoom, Isheanesu Sithole – Infosecurity Magazine) The global shortage of cybersecurity professionals has evolved from a staffing concern into a strategic vulnerability that undermines national security, enterprise resilience, regulatory integrity and the safe deployment of artificial intelligence. Without sufficient skilled practitioners, even the most advanced technologies and well-funded initiatives collapse under their own weight. Cyber and AI systems are socio-technical by nature: tools cannot defend themselves. They require humans who can interpret threats, validate safeguards and enforce accountability across every stage of the lifecycle. – https://www.infosecurity-magazine.com/blogs/talent-and-governance-in-the-age/

Half a Million Stolen FTSE 100 Credentials Found on Criminal Sites

(Phil Muncaster – Infosecurity Magazine) Security experts have warned the UK’s largest companies that they’re at risk of being breached, after finding hundreds of thousands of corporate credentials on cybercrime sites. Socura teamed up with Flare to monitor “cybercrime communities” across the clear and dark web for FTSE 100 company domains. Its resulting report, FTSE 100 for Sale, revealed 460,000 compromised credentials belonging to employees at these firms. Some firms had as many as 45,000 leaked credentials, while 15 companies had more than 10,000 each. Although this is a problem across multiple sectors, financial services (70,000+) was particularly affected. – https://www.infosecurity-magazine.com/news/half-million-stolen-ftse-100/

SaaS Rolls Forward, Not Backward: Strategies to Prevent Data Loss and Downtime

(Carl Brundage, Eoghan Casey, Matthew O’Neill – Infosecurity Magazine) As more organizations use Software as a Service (SaaS) for mission-critical applications, the complexity of managing data loss incidents within these environments grows. Estimates of the hourly cost of downtime range from $336k to multimillions, depending on the company’s size. Rapid restoration of SaaS data is key to minimize disruption and cost, but many organizations are ill-prepared in part due to the ‘InfoSec↔SaaS divide’. Maintaining reliable and complete data is essential for successful applications of AI to ensure accuracy. This article helps bridge the divide by showing how SaaS fundamentally changes Business Continuity and Disaster Recovery (BCDR) planning and data repair, particularly in the era of agentic AI. – https://www.infosecurity-magazine.com/blogs/how-to-prevent-saas-data-loss/

Investigation shows major crypto exchanges struggle to stop illicit flows

(Cybernews) Hundreds of millions of dollars’ worth of crypto assets continued to flow through major exchanges even after they paid penalties and were under the supervision of court-appointed monitors, an international investigation has revealed. The International Consortium of Investigative Journalists (ICIJ) has published The Coin Laundry report, which is based on more than 10 months of reporting across 35 countries. Researchers gathered hundreds of crypto asset wallet addresses linked to known illicit activity, while also examining reports, court records, sanctions lists, complaints filed with the Seychelles’ financial regulator, and speaking with scam victims, among other sources. What they found is that money launderers for drug traffickers, Southeast Asian scam-center operators, and North Korean hackers used brand-name exchanges to move their funds. – https://cybernews.com/crypto/investigation-major-crypto-exchanges-stop-illicit-flows/

Hackers claim oil giant Petrobras, alleging oil-rich maps theft

(Cybernews) A Russia-linked ransomware gang claims it has snatched 90GB of sensitive seismic and exploration data from Petrobras, pressuring the Brazilian petroleum giant to negotiate. The Everest Group, a Russia-related ransomware gang, has targeted Brazil’s petroleum giant Petrobras, according to the cybercriminals’ claims on their leak site on the dark net. Petrobras, officially Petróleo Brasileiro S.A., is a Brazilian multinational corporation in the oil and gas industry. Founded in 1953, it is half-owned by the state. In 2024, the company boasted over $91 billion in annual revenue. – https://cybernews.com/security/brazil-petrobras-ransomware-attack/

AI can corrupt opinion polls, sway election results

(Cybernews) Opinion surveys have become vulnerable to artificial intelligence tools and can be exploited by foreign adversaries to influence election outcomes. Surveys have played a crucial role in the United States’ elections for nearly a century, but their reliability is now threatened by AI tools, according to a new study published in the Proceedings of the National Academy of Sciences. ​Researchers from Dartmouth College have developed an autonomous synthetic respondent that operates from a 500-word prompt. – https://cybernews.com/ai-news/ai-opinion-poll-election/

New report warns retailers are unprepared for AI-powered attacks

(DigWatch) Retailers are entering the peak shopping season amid warnings that AI-driven cyber threats will accelerate. LevelBlue’s latest Spotlight Report says nearly half of retail executives are already seeing significantly higher attack volumes, while one-third have suffered a breach in the past year. – https://dig.watch/updates/new-report-warns-retailers-are-unprepared-for-ai-powered-attacks

Frontiers and Markets

Vatican gathers global experts on AI and medicine

(DigWatch) Medical professionals, ethicists and theologians gathered in the Vatican this week to discuss the ethical use of AI in healthcare. The conference, organised by the Pontifical Academy for Life and the International Federation of Catholic Medical Associations, highlighted the growing role of AI in diagnostics and treatment. – https://dig.watch/updates/vatican-gathers-global-experts-on-ai-and-medicine

UK uses AI to fight drug-resistant infections

(DigWatch) The UK is harnessing AI to combat the growing threat of drug-resistant infections, a crisis often called ‘the silent pandemic’. The Fleming Initiative and GSK will invest £45m in AI research to speed up new antibiotics and combat deadly bacteria and fungi. – https://dig.watch/updates/uk-uses-ai-to-fight-drug-resistant-infections

Hyundai launches record investment to boost South Korea’s tech future

(DigWatch) Hyundai Motor Group has unveiled a record 85.8 billion dollar investment plan that will reshape South Korea’s industrial landscape over the next five years. The company intends to channel a large share of the funds into fields such as AI, robotics, electrification, software-defined vehicles, and hydrogen technologies. – https://dig.watch/updates/hyundai-launches-record-investment-to-boost-south-koreas-tech-future

New Quantum Echoes system reveals molecular structures at scale

(DigWatch) Google says its new Quantum Echoes algorithm runs 13,000 times faster than leading supercomputers, marking what it calls the first verifiable quantum result across different hardware. The breakthrough brings real-world use cases in medicine and materials science closer to feasibility. Quantum Echoes is built to overcome a core limitation in today’s models: constrained memory that prevents long reasoning chains. The method uses structured world models to maintain a single research goal while processing tens of millions of tokens across multiple agent runs. – https://dig.watch/updates/new-quantum-echoes-system-reveals-molecular-structures-at-scale

Nokia to build Surge’s 5G fixed-wireless network in Indonesia

(DigWatch) Indonesian telecom provider Surge (Solusi Sinergi Digital) and Nokia have entered a multi-year agreement to roll out a 5G Fixed Wireless Access (FWA) network across Java, Papua, and Maluku. Nokia will leverage its existing FTTx, IP and optical infrastructure for backhaul, and deploy a new RAN and customer premises equipment (CPE) tailored for FWA. The deployment will utilise Nokia’s AirScale RAN portfolio, comprising baseband, remote radio heads, and zero-footprint sites, all enabled by its energy-efficient ReefShark chip technology. – https://dig.watch/updates/nokia-to-build-surges-5g-fixed-wireless-network-in-indonesia

Ant Group Unveils China’s First Multimodal AI Assistant with Code-Driven Outputs

(AI Insider) Ant Group introduced LingGuang, a multimodal AI assistant that generates answers as 3D models, animations, real-time visual analysis and code-built flash apps in under 30 seconds, processing language, images, audio, data and application code through a unified modular framework. The system’s three core features include Fast Research for dynamic 3D and illustrated explanations, Flash App for instant no-code mini-apps, and AGI Camera for real-time scene understanding and on-the-fly image or video generation. Ant Group positions LingGuang as China’s first broadly accessible AI tool enabling non-technical users to create functional applications and interact with AI across multiple formats in a single workflow. – https://theaiinsider.tech/2025/11/18/ant-group-unveils-chinas-first-multimodal-ai-assistant-with-code-driven-outputs/

IFS and Boston Dynamics Collaboration Combines the Power of Robotics with Agentic AI to Transform Field Operations

(AI Insider) IFS and Boston Dynamics unveiled a joint autonomous field-operations system that links Boston Dynamics’ Spot robots with the IFS.ai platform to create an end-to-end loop connecting sensing, predictive analysis and automated action. The collaboration targets asset-intensive industries such as energy, utilities, manufacturing and mining, aiming to improve safety, speed decision-making and increase uptime by using autonomous inspections and agentic AI-driven workflows. Spot robots collect real-time operational data—including thermal readings, leak detection, gauge measurements and hazard identification—which IFS.ai analyzes to trigger enterprise actions like predictive maintenance, automated anomaly detection and intelligent crew dispatch. – https://theaiinsider.tech/2025/11/17/ifs-and-boston-dynamics-collaboration-combines-the-power-of-robotics-with-agentic-ai-to-transform-field-operations/

PowerLattice Raises $25M to Reduce AI Compute Power Needs

(AI Insider) PowerLattice emerged from stealth with a $25 million Series A led by Playground Global and Celesta Capital, unveiling a power-delivery chiplet that brings power directly into the processor package and cuts compute power needs by more than 50%. The company’s chiplet integrates into existing SoC designs, shortens the power path and reduces energy loss, effectively doubling compute performance while improving reliability for next-generation AI accelerators and GPUs exceeding 2 kW. Founded by industry veterans from Qualcomm, NUVIA and Intel, PowerLattice has raised $31 million to date and is preparing engineering samples for 1 kW-plus processors as data centers confront escalating power constraints. – https://theaiinsider.tech/2025/11/17/powerlattice-raises-25m-to-reduce-ai-compute-power-needs/