Governance/Regulation/Legislation
Who Is Accountable When AI Goes Global?
(Tony Oweke – Council on Foreign Relations) Artificial intelligence (AI) systems are increasingly being deployed across borders with no accountability to the populations they affect. Cancer detection algorithms trained on data from high-income countries, for example, continue to misdiagnose patients across the Global South, where darker skin tones and distinct disease profiles were never represented in training datasets. Across Europe, the use of AI in border and asylum systems—including for credibility assessments, identity verification, and lie detection—raises the risk that asylum seekers could be incorrectly returned to unsafe countries and exposed to persecution or other grave human rights abuses through opaque decision-making processes. These are not just the consequences of foreign actors operating in bad faith. They are the byproduct of deploying a new technology transnationally in the absence of shared standards, guardrails, or governance mandates commensurate with AI’s global reach. – https://www.cfr.org/articles/who-is-accountable-when-ai-goes-global
EuroDIG 2026 closes with calls for multilingual internet and stronger digital inclusion
(DigWatch) EuroDIG 2026 concluded with calls for stronger multistakeholder cooperation, greater digital inclusion, and wider support for multilingual internet access during the conference’s closing plenary hosted by EURid. The final session combined celebratory reflections on the two-day event with broader policy messages on universal acceptance, digital accessibility, and cooperation across governments, the technical community, civil society, academia, and the private sector. – https://dig.watch/updates/eurodig-2026-closing-session
EuroDIG highlights collaboration and experimentation for WSIS+20 delivery
(DigWatch) European national and regional Internet Governance Forum initiatives (NRIs) discussed how they can help implement the outcomes of the WSIS+20 review during a EuroDIG 2026 session focused on collaboration, local engagement, and multistakeholder governance. The discussion examined whether NRIs should remain primarily bottom-up discussion spaces or take on a more direct role in supporting the implementation of global digital governance commitments at the national and regional levels. – https://dig.watch/updates/eurodig-highlights-collaboration-and-experimentation-for-wsis20-delivery
EuroDIG 2026 debate strengthens Council of Europe digital governance push
(DigWatch) The Council of Europe participated in EuroDIG 2026 in Brussels, contributing to discussions on digital governance, democracy, trustworthy AI, platform accountability, and the digital public sphere. The Council of Europe participated under its New Democratic Pact for Europe, a year-long consultation focused on democratic backsliding and digital governance. The consultation covers issues including AI, data protection, media and information society, cybercrime, online discrimination and gender-based violence, digitalisation of justice, legal education, internet governance, and youth participation. – https://dig.watch/updates/council-of-europe-eurodig-digital-governance
EuroDIG 2026 debates Europe’s path towards digital sovereignty
(DigWatch) European policymakers, technical experts, and civil society representatives debated how Europe can reduce its dependence on foreign digital technologies without fragmenting the open internet during a EuroDIG 2026 session on digital sovereignty. The discussion reflected growing concern in Europe that heavy reliance on non-European cloud providers, AI systems, platforms, semiconductors, and digital infrastructure has become a strategic vulnerability affecting not only the economy but also democratic resilience and political self-determination. – https://dig.watch/updates/eurodig-2026-debates-europes-path-towards-digital-sovereignty
Spain approves draft law adapting the EU AI Act into national legislation
(DigWatch) Spain’s Council of Ministers has approved a draft Organic Law aimed at adapting the EU AI Act into the country’s national legal framework. Digital Transformation and Public Service Minister Óscar López said the draft law will now be sent to the Cortes for parliamentary consideration. The proposal establishes obligations for AI providers and introduces requirements for human oversight of AI systems. – https://dig.watch/updates/spain-ai-governance-law
YouTube expands AI transparency rules with automatic content detection
(DigWatch) YouTube is updating its approach to AI-generated content by introducing more visible disclosure labels and new automatic detection systems designed to improve transparency for viewers and creators. The update follows growing concerns around realistic synthetic media, manipulated videos, and generative AI tools across major digital platforms. – https://blog.youtube/news-and-events/improving-ai-labels-viewers-creators/
UK cyber guidance targets legacy trust in network access
(DigWatch) The UK’s National Cyber Security Centre has issued new guidance on Zero Trust Network Access, warning that many deployments still rely on outdated assumptions about trust. ZTNA is often introduced to modernise access to applications. However, the NCSC said many implementations still treat network location as a primary indicator of trust, meaning new tools can continue to rely on broad, network-based access rather than more granular and context-driven decisions. – https://dig.watch/updates/uk-cyber-guidance-targets-legacy-trust-in-network
European Commission’s proposal strengthens mobile satellite services rules
(DigWatch) The European Commission has proposed a new EU-level authorisation system for mobile satellite services using the harmonised 2 GHz frequency band, following the expiry of current licences in 2027. The proposal would establish a selection procedure for mobile satellite service providers authorised to use the 2 GHz band across all EU member states. According to the Commission, EU-level authorisation would support regulatory consistency and allow operators to develop and provide services across borders. – https://dig.watch/updates/eu-mobile-satellite-services-authorisation
Security and Surveillance
Russia conducting daily attacks on UK ‘from seabed to cyberspace,’ spy chief warns
(Alexander Martin – The Record) The head of Britain’s cyber and signals intelligence agency delivered a stark warning Wednesday that Russia is conducting daily hybrid attacks against the United Kingdom and Europe, stretching “from the seabed to cyberspace.”. Anne Keast-Butler, director of GCHQ, called on businesses, government and allies to treat cybersecurity with ten times greater urgency, warning “we are at a moment of consequence where the actions we take and the partnerships we build are ever more critical.”. – https://therecord.media/russia-conducting-attacks-on-uk-gchq-briefing
Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans
(Alexander Martin – The Record) Chinese-speaking fraudsters have built a near pixel-perfect clone of FIFA’s official website across more than 300 domains in an attempt to steal credentials and payment details from fans seeking tickets to the 2026 World Cup. The operation — one of four independent campaigns detailed Wednesday by cybersecurity firm Group-IB — could put billions of dollars at risk when accounting for credential theft, fake ticket sales, counterfeit merchandise, fraudulent streaming sites and unlicensed gambling platforms, said the Singapore-based company. The potential scale of the fraud mirrors the scale of the 2026 World Cup, which is set to be the largest edition of the tournament in history, with 48 teams competing across 104 matches in the United States, Canada and Mexico. – https://therecord.media/chinese-speaking-fraud-gang-fifa-world-cup-scam
Cruise giant Carnival confirms data breach affecting nearly 6 million people
(Daryna Antoniuk – The Record) Cruise operator Carnival confirmed on Wednesday that hackers stole personal information, including passport and driver’s license details, in an April cyberattack claimed by the ShinyHunters hacking group. The company said the threat actor gained access to a limited portion of its IT environment last month after compromising an employee account. By the end of April, Carnival determined that the attacker had copied personal information from its systems. The stolen data varies by individual but includes names, addresses, email addresses, phone numbers, dates of birth, driver’s license numbers and passport numbers, according to the company. – https://therecord.media/cruise-giant-carnival-confirms-data-breach-affecting-6-million
Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem
(Pierluigi Paganini – Security Affairs) Resecurity supported Microsoft’s Digital Crimes Unit (DCU) in its disruption of Fox Tempest, a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) capability used by cybercriminals to make malicious files appear legitimate. On May 19, 2026, Microsoft unsealed a legal case in the U.S. District Court for the Southern District of New York targeting Fox Tempest, a cybercrime service that abused Microsoft Artifact Signing to obtain fraudulent code-signing certificates. According to Microsoft, the service enabled cybercriminals to disguise malware as trusted software, improving the likelihood that malicious files would bypass security controls and be executed by victims. – https://securityaffairs.com/192818/security/resecurity-supports-microsoft-dcu-in-disrupting-fox-tempest-cybercriminal-code-signing-ecosystem.html
A Fake UK Visa Site Left 100,000 Passports Wide Open
(Pierluigi Paganini – Security Affairs) UK Visa Portal is not run by the British government. It’s a third-party service, apparently operated by a UAE-registered company called Active Leadgen LLC, that charges fees to help people apply for UK electronic travel authorizations. You don’t need it. The actual application takes minutes on GOV.UK and costs nothing extra. Thousands of people used it anyway, and now their passports and selfies have been sitting exposed on a public Amazon storage server. TechCrunch learned about the leak from an anonymous tipster who said the site was exposing at least 100,000 documents. “While the bucket was not publicly listing its contents, the files within were still accessible and viewable to anyone who knew the web address of each file.” reads the report published by TechCrunch.”The person who notified us about the exposure said a bug on the UK Visa Portal website’s back end allowed them to view the list of files contained in the bucket.” – https://securityaffairs.com/192809/security/a-fake-uk-visa-site-left-100000-passports-wide-open-then-sent-lawyers-instead-of-a-fix.html
19.6 Billion Files Are Sitting Open on the Internet. No Password Required
(Pierluigi Paganini – Security Affairs) There’s a comfortable myth most people carry around: that the data they hand to companies is locked somewhere safe. Researchers at Mysterium VPN just ran the numbers, and the numbers disagree. Across 535,480 publicly listable cloud storage buckets on Amazon S3, Google Cloud, Azure, DigitalOcean, and Alibaba, they counted 19.6 billion files accessible to anyone with a browser and a URL. No login. No exploit. Just a web request. The research team analyzed bucket metadata captured in March 2026, categorizing files by type and filename. They didn’t access or download any content. They didn’t need to. The presence of these file types in open storage is the finding, and it’s bad enough on its own. – https://securityaffairs.com/192787/security/19-6-billion-files-are-sitting-open-on-the-internet-no-password-required.html
Australia warns of serious frontier AI cyber risks
(DigWatch) The Australian Government has issued a policy advisory urging Commonwealth entities to strengthen cybersecurity readiness for the frontier AI era. Issued under the Protective Security Policy Framework, the advisory warns that frontier AI creates a dual-use challenge because advanced AI models can strengthen cyber defence while also being used by malicious actors to conduct cyber activities faster, cheaper, and at greater scale. – https://dig.watch/updates/australia-frontier-ai-cyber-readiness