Governance, Courts, and Litigation

Civil Society is the Democracy Shield Europe Can’t Ignore

(Barbora Bukovská, Mark Dempsey – Tech Policy Press – 23 October 2025)  Last week in Brussels, former heads of state, European Commissioners (past and present), policy makers, academics, regulators and civil society convened to confront a defining question of our era: what does sovereignty mean in a world where power over our information ecosystem is moving away from parliaments to private companies that hold our data, manipulate algorithms and control our digital infrastructure? In the age of dependency, how do we reclaim political agency and protect our democracy? Over the two-day conference, organized by Article 19 and Open Markets Institute, there was a constant reference to the urgent need to confront Big Tech’s influence over speech and the information space. There was also a strong emphasis on the need for bold and brave enforcement of existing digital rules. And a recurring focus was on how we might imagine and build better technology alternatives grounded in values and the respect of rights. Yet one piece of the puzzle arguably hasn’t received the attention it merits. How can we build and push forward this conversation when civil society in Europe and beyond is facing an existential moment? – https://www.techpolicy.press/civil-society-is-the-democracy-shield-europe-cant-ignore/

Technical Standards: America’s Forgotten Tool of Statecraft

(Laura Galante, Tal Feldman – Lawfare – 23 October 2025) A ship docks at the Port of Los Angeles. Cranes begin to offload containers filled with electronics, car parts, and solar panels. Across the Pacific, in Tianjin, China, similar cranes are hard at work. They run the same software and follow identical maintenance protocols, written by standards bodies that most people have never heard of. What connects ports, pipelines, and hospitals today is not just concrete or code. It is the invisible scaffolding of standards. They determine how machines talk to one another, how systems recover after failure, and how foreign hardware gets embedded in critical infrastructure without raising alarms. Most of these rules are not set by governments but by a patchwork of international committees where industry representatives do much of the talking. Over the past decade, China has treated these committees as terrain worth claiming. Its companies show up to international forums. Its ministries coordinate positions. Its engineers write the specifications that others quietly adopt. As a result, China has been able to shape the protocols that define everything from 6G wireless to industrial automation. Indeed, just this week China is hosting five International Organization for Standardization (ISO) meetings, including one in Nanjing on industrial cyber and physical device control, another in Shanghai on ports and terminals, and one in Hangzhou on the sterilization of health-care products. – https://www.lawfaremedia.org/article/technical-standards–america-s-forgotten-tool-of-statecraft

Copyright Should Not Protect Artists From Artificial Intelligence

(Simon Goldstein, Peter N. Salib – Lawfare – 23 October 2025) On Sept. 25, Anthropic agreed to pay $1.5 billion to settle a class-action lawsuit from book publishers and authors. The lawsuit alleged that Anthropic violated intellectual property rights by training their artificial intelligence (AI) models on millions of books downloaded without permission from the internet. Some have complained that $1.5 billion is too little, while others have said it is far too much. To complicate matters, formal copyright law is still murky here. The judicial order that precipitated Anthropic’s settlement allows some kinds of AI training on copyrighted materials (for example, purchased books), but not others (for example, pirated books). And it is silent on a major question: Is training on publicly available websites an infringement? Since law remains indeterminate, first-principles thinking about the purpose of intellectual property can shed light on what courts should do going forward. – https://www.lawfaremedia.org/article/copyright-should-not-protect-artists-from-artificial-intelligence

Brazil is Learning Achieving Tech Sovereignty is Easier Said Than Done

(Laís Martins – Tech Policy Press – 23 October 2025) Brazil, like much of the rest of the world, is learning that establishing tech sovereignty is easier said than done. In contrast to the country’s strong rhetoric around asserting independence and pushing back against United States-based digital platforms, two of its recent announcements underscore how tied up Brazil is with foreign technology — and the immense challenge it would be to wean itself off. In early October, the Institutional Security Bureau (known as GSI in Brazil), an executive cabinet tasked with assisting Brazil’s president on matters of national security and defense policy, published an ordinance paving the way for a technical cooperation agreement with Amazon Web Services (AWS). The agreement, which has been in discussion since 2023, involves the “pursuit of development and increased maturity in information and cybersecurity,” according to the ordinance. The bureau confirmed in an email that, under the partnership, the parties will hold thematic workshops and practical simulation exercises and benefit from what they called an exchange of positive experiences. – https://www.techpolicy.press/brazil-is-learning-achieving-tech-sovereignty-is-easier-said-than-done/

How to Solve AI’s Community News Problem

(Steven Waldman – Tech Policy Press – 23 October 2025) Two reports came out (…) that ought to make tech leaders think very differently about how AI assistants deal with news. The first study, by the European Broadcasting Union, reported that ChatGPT was confidently reporting that Pope Francis was still the Pontiff, months after he died – and that 20% of answers by AI assistants to news-related questions had “major accuracy issues, including hallucinated details and outdated information.”. To be fair, tech leaders have always said accuracy will improve as systems gobble up all the reliable news out there. And the study has its critics, but the findings are nevertheless concerning. – https://www.techpolicy.press/how-to-solve-ais-community-news-problem/

AI leaders call for a global pause in superintelligence development

(DigWatch – 23 October 2025) More than 850 public figures, including leading computer scientists Geoffrey Hinton and Yoshua Bengio, have signed a joint statement urging a global slowdown in the development of artificial superintelligence. The open letter warns that unchecked progress could lead to human economic displacement, loss of freedom, and even extinction. – https://dig.watch/updates/ai-leaders-call-for-a-global-pause-in-superintelligence-development

EU pushes harder on basic digital skills for growth

(DigWatch – 23 October 2025) Nearly half of EU adults lack basic digital skills, yet most jobs demand them. Eurostat reports only 56% have at least basic proficiency. EU Code Week spotlights the urgency for digital literacy and inclusion. The Digital Education Action Plan aims to modernise curricula, improve infrastructure, and train teachers. EU policymakers target 80% of adults with basic skills by 2030. Midway progress suggests stronger national action is still required. – https://dig.watch/updates/eu-pushes-harder-on-basic-digital-skills-for-growth – https://www.euractiv.com/news/half-of-eu-adults-lack-basic-digital-skills-a-serious-challenge-to-competitiveness/

GDPR does not bar courts from processing disputed evidence

(DigWatch – 23 October 2025) The Advocate General of the EU’s top court advised that judges may process personal data as evidence even if obtained unlawfully. The opinion in NTH Haustechnik clarifies that courts can rely on public interest under Article 6(1)(e) GDPR when assessing such data. The case arose from a German labour dispute where an employer accessed a former worker’s eBay account to prove alleged misconduct. The national court asked the CJEU whether evidence gathered unlawfully could still be lawfully processed in judicial proceedings. – https://dig.watch/updates/gdpr-does-not-bar-courts-from-processing-disputed-evidence

Kazakhstan to achieve full Internet access for all citizens by 2027

(DigWatch – 23 October 2025) Kazakhstan aims to provide Internet access to its entire population by 2027 as part of the national ‘Affordable Internet’ project. Deputy Prime Minister and Minister of AI and Digital Development Zhaslan Madiyev outlined the country’s digital transformation goals during a government session, highlighting plans to eliminate digital inequality and expand broadband connectivity. – https://dig.watch/updates/kazakhstan-to-achieve-full-internet-access-for-all-citizens-by-2027 – https://primeminister.kz/en/news/100-of-kazakhstans-population-to-be-provided-with-internet-access-by-2027-30633

EU sets new rules for cloud sovereignty framework

(DigWatch – 23 October 2025) The European Commission has launched its Cloud Sovereignty Framework to assess the independence of cloud services. The initiative defines clear criteria and scoring methods for evaluating how providers meet EU sovereignty standards. Under the framework, the Sovereign European Assurance Level, or SEAL, will rank services by compliance. Assessments cover strategic, legal, operational, and technological aspects, aiming to strengthen data security and reduce reliance on foreign systems. – https://dig.watch/updates/eu-sets-new-rules-for-cloud-sovereignty-framework– https://commission.europa.eu/document/09579818-64a6-4dd5-9577-446ab6219113_en

EU states split over children’s social media rules

(DigWatch – 23 October 2025) European leaders remain divided over how to restrict children’s use of social media platforms. While most governments agree stronger protections are needed, there is no consensus on enforcement or age limits. Twenty-five EU countries, joined by Norway and Iceland, recently signed a declaration supporting tougher child protection rules online. The plan calls for a digital age of majority, potentially restricting under-15s or under-16s from joining social platforms. – https://dig.watch/updates/eu-states-split-over-childrens-social-media-rules – https://www.politico.eu/article/eu-social-media-ban-kids-three-fault-lines/

ChatGPT faces EU’s toughest platform rules after 120 million users

(DigWatch – 23 October 2025) OpenAI’s ChatGPT could soon face the EU’s strictest platform regulations under the Digital Services Act (DSA), after surpassing 120 million monthly users in Europe. A milestone that places OpenAI’s chatbot above the 45 million-user threshold that triggers heightened oversight. The DSA imposes stricter obligations on major platforms such as Meta, TikTok, and Amazon, requiring greater transparency, risk assessments, and annual fees to fund EU supervision. – https://dig.watch/updates/chatgpt-faces-eus-toughest-platform-rules-after-120-million-users

Crypto hiring snaps back as AI cools

(DigWatch – 23 October 2025) Tech firms led crypto’s hiring rebound, adding over 12,000 roles since late 2022, according to A16z’s State of Crypto 2025. Finance and consulting contributed 6,000, offsetting talent pulled into AI after ChatGPT’s debut. Net, crypto gained 1,000 positions as workers rotated in from tech, fintech, and education. The recovery tracks a market turn: crypto capitalisation topping US$4T and new Bitcoin highs. A friendlier US policy stance on stablecoins and digital-asset oversight buoyed sentiment. Institutions from JPMorgan to BlackRock and Fidelity widened offerings beyond pilots. – https://dig.watch/updates/crypto-hiring-snaps-back-as-ai-cools – https://stateofcrypto.a16zcrypto.com/

Counter-Terrorism

Nigerian Militants Increasingly Employ Digital Warfare

(Aminah Mustapha – The Jamestown Foundation – 22 October 2025) Militant groups in Northern Nigeria, including Boko Haram and ISWAP, increasingly exploit encrypted messaging apps, social media algorithms, and AI tools to recruit, radicalize, and coordinate. Nigeria’s counterterrorism response has developed a legal framework and cyber units. Still, it remains hindered by weak implementation, poor interagency coordination, and an over-reliance on blunt tactics, such as network shutdowns. These evolving digital tactics pose a threat to regional stability across the Lake Chad Basin, raising urgent questions for international technology governance, particularly regarding AI regulation and encryption policy. – https://jamestown.org/program/nigerian-militants-increasingly-employ-digital-warfare/

Security and Surveillance

Lazarus Group’s Operation DreamJob Targets European Defense Firms

(Alessandro Mascellino –  Infosecurity Magazine – 23 October 2025) A new series of cyber-attacks targeting European defense companies involved in drone development has been uncovered by cybersecurity researchers. The activity, attributed by ESET to the North Korea-aligned Lazarus Group, marks the latest phase of Operation DreamJob, a long-running cyber-espionage campaign aimed at stealing sensitive military and aerospace data. – https://www.infosecurity-magazine.com/news/lazarus-groups-operation-dreamjob/

SpaceX bricks thousands of Starlink kits used in scams

(Cybernews – 23 October 2025) SpaceX reportedly took action against thousands of Starlink devices in Myanmar, where authorities believe a major scam center operates. Starlink is perfect for attackers wishing to operate away from the watchful eye of the law, as it’s designed to provide fast bandwidth connections in remote areas. Earlier this year, Cybernews wrote about Thai authorities struggling to fight off Chinese Starlink smugglers who provide Burmese scam centers with the SpaceX technology. – https://cybernews.com/news/spacex-disables-starlink-scam-centers/

North Korean crypto hackers bring home a third of the state’s total foreign currency revenue

(Cybernews – 23 October 2025) In a 138-page report on how the Democratic People’s Republic of Korea (DPRK) is evading sanctions via cybercrimes, the Multilateral Sanctions Monitoring Team (MSMT), an international mechanism to report sanctions evasions, calculated that from January 2024 to September 2025, North Koreans stole $2.84 billion in crypto assets. What’s more, according to the MSMT, these heists accounted for approximately one-third of the DPRK’s total foreign currency revenue in 2024 (using the value of the stolen crypto assets at the time of theft and not accounting for any losses during laundering). – https://cybernews.com/crypto/north-korean-crypto-hackers-third-states-total-foreign-currency-revenue/ – https://msmt.info/view/save/2025/10/22/26294780-c396-407d-bb33-88afe988cd96-The_DPRK%E2%80%99s_Violation_and_Evasion_of_UN_Sanctions_through_Cyber_and_Information_Technology_Worker_Activities_(MSMT_2025_2).pdf

F5 breach exposes powerful backdoor exploited by China-linked hackers

(Cybernews – 23 October 2025) In the aftermath of the massive F5 breach, Resecurity, a cybersecurity company, is warning about China-linked hackers actively targeting organizations with F5 BIG-IP systems deployed. These systems are used by enterprises for load balancing, application delivery, and security, and over 250,000 of them are exposed on the internet. The attackers remained in F5’s systems for at least 12 months using a stealthy self-contained backdoor, consistent with the Brickstorm family. Resecurity has recently released a Brickstorm backdoor analysis and additional details on the involvement of China’s threat actors. – https://cybernews.com/security/f5-hackers-using-powerful-brickstorm-backdoor/

Moroccan hackers caught using nation-state-levels of deception just to steal gift cards

(Cybernews – 23 October 2025) Gift cards are highly attractive to cybercriminals because they’re easy to monetize and difficult to track. Some crooks will go to great lengths to obtain them, especially during festive seasons. Unit 42, a security arm of Palo Alto Networks, has investigated a campaign waged by a group operating out of Morocco. Motivated by financial gain, the gang is going after high-value gift‑card issuance applications. “Their operations primarily target global enterprises in the retail and consumer services sectors,” the new report about cloud-based gift card fraud campaign reads. This group’s advanced tactics, persistence, and operational focus even resemble those of nation-state actors. The researchers dubbed the fraud campaign “Jingle Thief.” – https://cybernews.com/security/moroccan-hackers-breach-companies-walk-away-with-gift-cards/

Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer, Researchers Say

(Kevin Poireault – Infosecurity Magazine – 23 October 2025) An established information stealer (infostealer) has recently been upgraded with enhanced capabilities and filled a vacuum left by the decline of the once-dominant Lumma Stealer. According to a Trend Micro report published on October 21, a new version of the Vidar infostealer has emerged, with a new multithreaded architecture for faster, more efficient data exfiltration and improved evasion capabilities. The upgrade, dubbed Vidar 2.0, was first announced by a developer known as “Loadbaks” on underground forums on October 6. – https://www.infosecurity-magazine.com/news/lumma-stealer-vacuum-filled-vidar-2/

AI Agents Need Security Training – Just Like Your Employees

(Kevin Poireault – Infosecurity Magazine – 23 October 2025) As enterprise AI adoption surges, from autonomous email processing to AI-driven workflow automation, security leaders face a new reality: AI agents are now insiders. These agents have access to sensitive data, third-party systems and decision-making authority. Yet most organizations still treat them as unmanaged assets rather than high-risk identities subject to the same security controls as human workers. That gap is a growing concern for AI governance experts like Meghan Maneval, director of community and education at Safe Security and a key contributor to ISACA’s Advanced AI Security Management (AAISM) certification. Speaking to Infosecurity at the ISACA Europe 2025 conference in London, Maneval argued that mandatory security awareness training must extend to AI agents – just as it does for employees. “It may not be as candid as what humans would do during those sessions, but AI agents used by your workforce do need to be trained. They need to understand what your company policies are, including what is acceptable behavior, what data they’re allowed to access, what actions they’re allowed to take,” she explained. During her talk at ISACA Europe 2025, Maneval extended her insights beyond AI agents to all enterprise AI tools, outlining a best-practice framework for AI auditing. Infosecurity selected some of her key recommendations, drawn from both an exclusive interview at ISACA Europe 2025 and her subsequent presentation on AI governance and auditing best practices. – https://www.infosecurity-magazine.com/news-features/ai-agents-need-security-training/

Defence, Military, and Warfare

US ally builds 3,600-ton attack submarine armed with cruise missiles to counter China

(Interesting Engineering – 23 October 2025) South Korea launched its first Changbogo-III Batch-II class submarine on Wednesday, marking a major milestone in the country’s push to expand its indigenous naval capabilities.The Jang Yeong-sil (SS-087) was unveiled during a ceremony at Hanwha Ocean’s shipyard in Geoje, south of Busan.The 3,600-ton diesel-electric submarine is the lead vessel in the second batch of South Korea’s homegrown Changbogo-III program. It is designed to strengthen the Republic of Korea Navy’s underwater deterrence. – https://interestingengineering.com/military/3600-ton-missile-submarine

China: World’s first drone carrier maybe testing magnetic catapults to launch jets

(Interesting Engineering – 23 October 2025) China’s newest amphibious assault ship, the Type 076 Sichuan, seems to have started testing its electromagnetic aircraft launch system (EMALS), a technology only found on the world’s most advanced aircraft carriers. This week’s satellite images and social media posts show the ‘drone carrier’ at the Hudong-Zhonghua Shipyard in Shanghai. The ship was seen facing the open waters of the Yangtze River, with its catapult launch rail pointed toward the river, indicating that it was preparing for launch testing. – https://interestingengineering.com/military/electromagnetic-catapults-drone-carrier-china

Frontiers

World’s first underwater data center fueled by wind power completed in China

(Interesting Engineering – 23 October 2025) China has completed construction of the world’s first wind-powered underwater data center (UDC), that could transform how the vast digital infrastructure driving AI, cloud computing and big data is powered. Located in the Lin-gang Special Area of the Shanghai Pilot Free Trade Zone, the USD 226 million (CNY 1.6 billion) UDC project is being hailed as a milestone in the integration of offshore renewable energy with next-generation computing. – https://interestingengineering.com/energy/world-first-underwater-data-center-china

General Motors unveils AI and robotics innovations for next-generation vehicles

(DigWatch – 23 October 2025) General Motors showcased AI, robotics, and software at GM Forward, showing how cars are becoming intelligent assistants. CEO Mary Barra unveiled advances in autonomy, AI, computing, and energy, signalling a move toward smarter, safer, and more personalised vehicles. GM plans to bring eyes-off driving to market in 2028, debuting on the Cadillac ESCALADE IQ electric SUV. The company has already mapped 600,000 miles of hands-free roads in North America, with Super Cruise drivers completing 700 million miles without a crash attributed to the system. – https://dig.watch/updates/general-motors-unveils-ai-and-robotics-innovations-for-next-generation-vehicles – https://news.gm.com/home.detail.html/Pages/news/us/en/2025/oct/1022-UM-GM-eyes-off-driving-conversational-AI-unified-software-platform.html