The European Union is facing renewed criticism over its failure to stop the export of surveillance technology to governments accused of human rights violations, according to a new report released by Human Rights Watch. The report claims that despite the EU’s landmark Dual-Use Regulation introduced in 2021, EU surveillance technology tool are still reaching countries where they are allegedly used to target journalists, activists, academics, and other critical voices. The 54-page report, titled “Looking the Other Way: EU Failure to Prevent Surveillance Exports to Rights Violators,” raises concerns about weak oversight, limited transparency, and gaps in enforcement within the EU’s surveillance technology export framework.

EU Surveillance Technology Exports Continue Despite Safeguards

The report highlights that the majority of EU member states host companies involved in the development and export of surveillance technology. These tools include intrusion software and telecommunication interception systems capable of monitoring private communications and tracking individuals. According to Human Rights Watch, the growing global use of commercial spyware and related surveillance technology has become a major human rights concern. Governments in several countries have allegedly used such technologies to suppress dissent, monitor opposition voices, and restrict civic freedoms. The EU’s Dual-Use Regulation was introduced to regulate exports of technologies that could serve both civilian and military purposes. The regulation aimed to strengthen oversight of surveillance technology exports by requiring member states to assess the human rights records of destination countries before approving sales. The law also introduced transparency and reporting obligations requiring EU member states to share export licensing data with the European Commission for inclusion in annual public reports. However, Human Rights Watch argues that the implementation of these measures has fallen short of their intended purpose.

Human Rights Watch Flags Weak Oversight and Transparency

A major focus of the report is the EU’s 2024 implementation guidelines for the Dual-Use Regulation. Human Rights Watch claims the guidelines weakened transparency requirements and limited public access to meaningful information about surveillance technology exports. The organization said the reporting system currently does not provide enough detail to determine whether exports are contributing to human rights abuses. To investigate further, Human Rights Watch submitted freedom of information requests to all 27 EU member states seeking data on surveillance technology licensing and exports. The findings revealed several examples of exports to countries with documented records of surveillance-related rights violations. Among the cases highlighted were exports of surveillance tools from Bulgaria to Azerbaijan in 2022 and telecommunication interception systems exported from Poland to Rwanda in 2023. The report states that these exports included technologies capable of intercepting communications and conducting intrusive digital surveillance. Human Rights Watch also criticized both EU institutions and member states for frequently citing trade secrets, national security, and international relations as reasons for withholding export information from public scrutiny.

Concerns Over Surveillance Technology and Human Rights

The report argues that surveillance technology can directly threaten several fundamental rights, including privacy, freedom of expression, freedom of assembly, and in some cases even the right to life and protection from torture. Human Rights Watch said journalists, activists, humanitarian workers, and anti-corruption investigators are among those most vulnerable to misuse of surveillance tools. The organization warned that digital surveillance can expose confidential sources, restrict independent reporting, and create risks to personal safety. According to the report, the EU remains one of the largest hubs for commercial surveillance technology companies globally. A 2024 report by Google’s Threat Analysis Group reportedly found that nearly all major commercial surveillance companies mentioned in its research were based in the EU.

European Commission Faces Pressure Ahead of 2026 Review

The European Commission is expected to begin a formal evaluation of the Dual-Use Regulation in September 2026. Human Rights Watch is urging the commission, the European Parliament, and EU member states to strengthen the rules governing surveillance technology exports during the review process. The organization is calling for stricter human rights due diligence requirements, stronger export controls, and greater transparency in reporting. It also wants surveillance companies to conduct more detailed assessments of whether their products could be used to facilitate rights abuses. In response to questions raised in the report, the European Commission stated that licensing decisions for dual-use exports are handled by individual EU member states. The commission also defended certain reporting limitations, saying that detailed disclosures could reveal commercially sensitive information or identify companies involved in exports. Still, Human Rights Watch argues that the current framework is failing to provide effective oversight. Zach Campbell, senior surveillance researcher at Human Rights Watch, said the EU needs “real transparency” to ensure that the regulation works as intended and prevents European surveillance technology from enabling abuse worldwide.

OpenAI has officially entered the AI cybersecurity race with the launch of OpenAI Daybreak, a new initiative focused on helping security teams identify, validate, and fix software vulnerabilities faster using artificial intelligence. Announced through the company’s LinkedIn post, OpenAI described Daybreak as its vision for “a new era of cyber defense,” where AI systems can assist defenders across secure code reviews, vulnerability analysis, remediation, and threat investigation workflows. The launch reflects a growing industry trend in which AI companies are positioning advanced language models as cybersecurity tools capable of reducing the time between vulnerability discovery and remediation. While AI-generated coding tools have often raised concerns around insecure code generation, companies are now increasingly focusing on using AI defensively to strengthen software security practices. According to OpenAI, AI models are already changing how security teams operate by enabling them to reason across large codebases, identify subtle vulnerabilities, validate fixes, and analyze unfamiliar systems more efficiently. However, the company also acknowledged that advanced AI cybersecurity capabilities require “trust, verification, safeguards, and accountability,” particularly as AI systems become more capable of handling sensitive defensive workflows.

What Is OpenAI Daybreak?

At the center of the announcement is OpenAI Daybreak, a cybersecurity-focused platform powered by GPT-5.5 and Codex, OpenAI’s coding-focused agentic system. OpenAI said the platform is designed to help organizations move from vulnerability discovery to remediation faster while improving visibility into the entire security workflow. The system combines AI reasoning with coding automation to support several defensive security functions, including:

• Secure code reviews
• Threat modeling
• Patch validation
• Malware analysis
• Dependency risk analysis
• Remediation guidance
• Vulnerability triage
• Detection engineering

One of the more notable capabilities highlighted by OpenAI is the platform’s ability to generate and test patches directly within repositories. According to the company, these workflows operate under monitored and controlled access models while also producing audit-ready reports that help security teams verify remediation activity. The emphasis on auditability suggests OpenAI is attempting to address one of the biggest concerns surrounding AI in cybersecurity: the need for accountability and human oversight in automated decision-making.

OpenAI Introduces Tiered Cybersecurity Access

OpenAI is rolling out Daybreak through three different access levels depending on the sensitivity and complexity of cybersecurity operations. The first layer uses GPT-5.5 for broader security assistance and general workflows. The second tier, GPT-5.5 with Trusted Access for Cyber, is aimed at defensive cybersecurity tasks such as secure code review, malware analysis, vulnerability triage, detection engineering, and patch validation. The highest tier is powered by GPT-5.5-Cyber, which OpenAI says is intended for specialised and authorised workflows including penetration testing, red teaming, and controlled validation exercises. The structured access model indicates OpenAI is taking a cautious approach toward releasing advanced cyber capabilities, especially as concerns grow around dual-use AI systems that can potentially be misused by threat actors.

AI Cybersecurity Competition Continues to Grow

The launch of OpenAI Daybreak also comes at a time when AI companies are increasingly competing to establish themselves in cybersecurity operations. Recently, Anthropic introduced Claude Mythos, a cybersecurity-focused AI system that the company claimed could identify software vulnerabilities at a scale beyond what human experts can typically achieve. However, Anthropic stated that Claude Mythos would not be released publicly due to risks associated with its advanced cyber capabilities. That contrast highlights a broader debate currently shaping the AI cybersecurity sector. While companies see AI as a major force multiplier for defenders, there are ongoing concerns about how powerful cyber-focused AI models should be deployed, monitored, and restricted. For OpenAI, Daybreak appears to position the company toward enterprise-controlled and monitored security environments rather than open public access.

AI’s Role in Cyber Defense Is Expanding

The launch of OpenAI Daybreak reflects how rapidly AI is becoming embedded into cybersecurity workflows. Security teams are increasingly under pressure to manage growing attack surfaces, software complexity, and faster-moving threats, making automation and AI-assisted analysis more attractive. At the same time, the rollout of advanced cyber-focused AI systems is likely to intensify discussions around governance, oversight, and responsible deployment. With companies like OpenAI and Anthropic now building specialised cybersecurity AI platforms, the next phase of cyber defense may increasingly depend on how effectively organizations balance AI-driven speed with security safeguards and human verification.

A new outlook from the European Labour Authority and the European Commission’s Directorate-General for Employment, Social Affairs and Inclusion has highlighted how Europe’s approach to AI skills development could shape the future of work by 2040. The report presents several possible futures driven by artificial intelligence adoption, ranging from economic growth and new career opportunities to rising inequality, job insecurity and weakened worker protections. At the centre of all scenarios is one common factor: whether governments, employers and institutions invest early in workforce skills development. According to the findings, AI could create a future where learning becomes more accessible, career growth becomes flexible and workers are better equipped to adapt to changing industries. However, the report also warns that without strong investment in AI skills development, Europe risks widening the gap between workers who can adapt to new technologies and those left behind.

AI-Powered Workplace Could Deepen Inequality 

One of the scenarios described in the report imagines a future where artificial intelligence transforms workplaces so rapidly that many jobs become unrecognisable. In this version of 2040, governments and employers fail to provide adequate workforce training, leaving employees responsible for adapting on their own. The report notes that workers with strong digital and technical skills are likely to benefit the most in such an environment. Meanwhile, employees without access to learning opportunities could struggle to remain employable as automation reshapes industries. The consequences go beyond employment challenges. The report points to growing financial pressure, declining physical and mental wellbeing, and increased social inequality as possible outcomes of an AI transition that does not include inclusive skills development policies. Another scenario paints an even more severe picture of the future. In this case, AI technologies and automation dominate nearly every aspect of work and daily life. A small number of powerful organisations control much of the AI ecosystem, influencing policymaking, economic systems and broader social structures. Under this model, companies rely heavily on automation while reducing investment in employee development. Workers across industries lose jobs as AI systems take over tasks previously performed by humans. The report also warns that weak regulation and limited government oversight could leave workers with little protection. Trade unions, according to the scenario, lose influence in defending labour rights and fair working conditions. The concentration of power among major AI players could also threaten democratic systems while creating environmental concerns linked to large-scale AI infrastructure and energy use.

Slow AI Adoption May still Create a ‘Missed Opportunity’ for Europe

The report also explores a more moderate future in which AI adoption progresses gradually rather than aggressively. While this path appears less disruptive, researchers argue that it could still create long-term problems if Europe fails to prioritise AI skills development. In this “missed opportunity” scenario, the slower pace of AI adoption prevents businesses and workers from fully benefiting from innovation. The report suggests that Europe could lose out on productivity gains, new products and emerging industries if organisations hesitate to adopt AI technologies at scale. For workers, the impact could mean fewer opportunities to move into creative and high-value roles often associated with AI-driven industries. Instead, advanced tasks and innovation-related jobs may remain concentrated among a small group of highly skilled professionals, while much of the workforce continues performing repetitive or lower-value work. Employers may avoid the disruption linked to rapid automation, but they could also fall behind in global competitiveness due to limited innovation and slower operational improvements.

AI Skills Development Seen as Central to Europe’s AI Future

Despite outlining several concerning futures, the report emphasises that these outcomes are not inevitable. Instead, it argues that coordinated action between governments, businesses, educational institutions and workers can help create a more balanced and inclusive AI economy. The European Labour Authority stresses that ongoing workforce skills development will play a central role in determining whether AI benefits society broadly or primarily advantages a small section of the population. The report calls for greater collaboration in promoting lifelong learning, digital education and accessible training programmes that help workers adapt to evolving technologies. It also highlights the importance of policies that support fair AI adoption while protecting workers’ rights and ensuring technological progress contributes to long-term economic and social stability. As Europe continues shaping its AI strategy, the findings serve as a reminder that the future of work may depend less on the technology itself and more on how societies prepare people to work alongside it.

As India marks National Technology Day, industry leaders say the country’s technology ambitions are now closely tied to cybersecurity, AI infrastructure, and digital resilience. With businesses rapidly adopting artificial intelligence, cloud platforms, and connected systems, experts believe the next phase of growth will depend on how securely and responsibly these technologies are deployed. Across industries, organisations are moving beyond experimental AI projects and integrating intelligent systems directly into operations, customer engagement, healthcare, infrastructure, and enterprise decision-making. At the same time, cybersecurity leaders are warning that the rise of AI-driven environments is also creating faster and more sophisticated cyber threats.

National Technology Day 2026 Reflects India’s AI-First Push

According to Ritesh Kapadia, Field Chief Technology Officer, iLink Digital, technology discussions are increasingly centred around how AI systems behave and interact within organisations rather than just the tools themselves. Kapadia said AI is evolving from passive software into active systems capable of analysing context, triggering actions, and supporting enterprise decisions. He noted that organisations are gradually building “AI-first enterprises” where intelligence becomes part of daily workflows instead of operating as a separate technology layer. "Technology conversations today are becoming less focused on tools and more focused on behaviour. AI systems are evolving from passive platforms into active collaborators that can analyse context, trigger actions and support enterprise decision making. This shift is laying the foundation for AI first enterprises, where intelligence is embedded into everyday operations, workflows and business decisions rather than functioning as a separate layer of technology." He added that enterprises are focusing on connected systems that can respond intelligently while maintaining governance and operational clarity. The growing use of AI across enterprise environments is also increasing cybersecurity concerns. Security teams are now dealing with automated attacks, deepfakes, AI-assisted vulnerability discovery, and identity-based threats that can move at machine speed.

Cybersecurity, Core Part of Digital Transformation

Sunil Sharma, Managing Director & VP – Sales (India & SAARC) at Sophos, said National Technology Day 2026 is a reminder that innovation and cybersecurity must grow together. According to Sharma, organisations can no longer depend only on traditional or reactive security models. Businesses are now being pushed toward continuous threat monitoring and real-time response frameworks as attackers use AI to scale operations faster than before. He also highlighted identity security as a major challenge for enterprises managing cloud systems, remote access environments, and interconnected digital ecosystems. “The threat landscape is evolving rapidly,” Sharma said, pointing to deepfakes, automated attacks, and AI-driven vulnerability discovery as some of the biggest emerging concerns. Industry leaders believe cyber resilience is becoming equally important as digital transformation, especially as Indian enterprises continue accelerating cloud adoption and AI integration.

AI Infrastructure and Data Centres Gain Importance

Technology executives also stressed the importance of building infrastructure capable of supporting India’s growing AI ecosystem. AS Prasad, Vice President, Product Management, Vertiv, said the future of AI will depend heavily on infrastructure decisions being made today, particularly around power systems, cooling technologies, and data centre architecture. "The next decade of AI will be won in the infrastructure layer, in the power systems, the cooling architecture, and the data center design decisions being made right now. Prasad noted that AI workloads require scalable and reliable infrastructure to operate efficiently at enterprise and national levels. That view was echoed by Narendra Sen, Founder & CEO, RackBank & NeevCloud, who described data centres as critical to India’s digital future. Sen said India’s policy initiatives, including the IndiaAI Mission and data localisation efforts, are creating momentum for sovereign AI infrastructure and homegrown cloud ecosystems. He added that infrastructure readiness will determine how effectively India can scale AI adoption across industries and government systems.

Responsible AI Adoption Expands Across Industries

The life sciences sector is also witnessing increased AI adoption as companies look to improve operational efficiency and decision-making. Duraisamy Rajan Palani (Durai), Founder and CEO of Archimedis Digital, said AI is helping accelerate innovation in drug discovery, clinical trials, and patient engagement. However, he noted that as AI systems move beyond automation and begin supporting expert-level decisions, accuracy, accountability, and regulatory compliance become increasingly important. Industry experts say responsible AI adoption will remain a key focus area as organisations balance innovation with governance requirements. Meanwhile, Vikram Prabakar highlighted how technology is also being used to address sustainability and inclusion challenges. He said AI-powered waste traceability and digital recycling platforms are helping improve transparency and efficiency while supporting India’s broader sustainability goals.

India’s Technology Growth Also Depends on Skilled Talent

While India continues to invest heavily in AI infrastructure and digital transformation, experts say the shortage of specialised talent remains a growing challenge. Milind Shah, Managing Director, Randstad Digital India, said demand for professionals skilled in AI, cybersecurity, cloud computing, and digital infrastructure is increasing rapidly. He added that many of these specialised roles have emerged only recently, making workforce development a critical priority for businesses, academic institutions, and policymakers. "India is on track to become one of the world’s largest digital infrastructure markets within this decade, supported by sustained investments, policy momentum, and accelerating demand. What now requires equal emphasis is the depth, quality, and readiness of the talent pipeline. AI, cloud, and advanced digital infrastructure rely on highly skilled engineers, architects, and operators capable of managing complex, rapidly evolving environments. Many of these roles have emerged only recently, making workforce readiness a strategic priority rather than a secondary consideration. Addressing this gap will require coordinated action across industry, academia, and policy frameworks to build both scale and specialisation." As National Technology Day 2026 highlights India’s progress in AI and digital innovation, industry leaders say long-term success will depend on building secure infrastructure, strengthening cyber resilience, and preparing a workforce capable of managing increasingly complex technology environments.

California Attorney General Rob Bonta and a coalition of state and local enforcement agencies have announced a $12.75 million settlement with General Motors over allegations that the automaker illegally collected and sold drivers’ personal data without proper consent, in violation of the California Consumer Privacy Act (CCPA). The California privacy settlement marks the largest CCPA penalty in California history so far and represents the state’s first enforcement action focused on data minimization requirements under California privacy law. The case centers on allegations that General Motors shared sensitive driver information, including geolocation data and driving behavior, with data brokers Verisk Analytics and LexisNexis Risk Solutions between 2020 and 2024.

California Privacy Settlement Targets Driver Data Sales

According to the complaint, GM collected data through its OnStar connected vehicle platform, which offers emergency assistance, navigation, and crash response services. Investigators alleged that the company sold names, contact details, precise location information, and driving behavior data of hundreds of thousands of Californians to the two data brokers. Authorities said the data was intended to help create driver-risk scoring products that could be used by insurance companies when setting premiums. The investigation was conducted jointly by the California Department of Justice, the California Privacy Protection Agency (CalPrivacy), and district attorneys from San Francisco, Los Angeles, Napa, and Sonoma counties. Attorney General Rob Bonta said the settlement sends a clear message about consumer control over personal data. “General Motors sold the data of California drivers without their knowledge or consent,” Bonta said in the announcement, adding that the data could reveal sensitive details about consumers’ daily routines and movements.

CCPA Violations and Data Minimization Concerns

A major part of the case focused on alleged violations of the CCPA’s data minimization and purpose limitation requirements, which were added to California law in 2023. Under these provisions, companies are required to collect and retain only the data necessary for a disclosed purpose. Investigators alleged that GM retained driving and location data long after it was needed to operate OnStar services and later sold that retained data to third parties. Authorities also alleged that GM failed to clearly inform consumers about how their information would be used. The complaint stated that GM’s privacy policies suggested driver data would only be used to provide requested OnStar services and even claimed the company did not sell driving or location information. Investigators said the company’s practices contradicted those statements. San Francisco District Attorney Brooke Jenkins described modern vehicles as “rolling data collection machines” and said consumers deserve transparency about what information is collected and how it is shared. Los Angeles County District Attorney Nathan J. Hochman said companies handling consumer data would be held accountable under California privacy laws, regardless of their size.

Connected Vehicle Privacy Under Scrutiny

The settlement follows growing regulatory scrutiny around connected vehicle privacy and automotive data collection practices. In 2023, CalPrivacy launched investigations into connected car manufacturers and their handling of consumer information. Public attention increased further in 2024 after a report by The New York Times highlighted how automakers were sharing driving behavior data with insurance companies. The reporting indicated that some consumers outside California had experienced increased insurance premiums tied to such data-sharing practices. California investigators later determined that California drivers were likely not directly affected through insurance rate increases because state insurance laws prohibit insurers from using driving behavior data to set premiums. However, regulators maintained that the collection, retention, and sale of the data itself violated California privacy requirements.

Settlement Terms for General Motors

Under the proposed California privacy settlement, General Motors must implement several privacy-related measures over the coming years. The company will be required to:

• Pay $12.75 million in civil penalties.
• Stop selling driving data to consumer reporting agencies for five years.
• Delete retained driving data within 180 days unless consumers provide express consent for limited uses.
• Request the deletion of driver data already shared with LexisNexis and Verisk.
• Establish and maintain a comprehensive privacy compliance program.
• Submit privacy assessments and compliance reports to California regulators and prosecutors.

The settlement also reinforces California’s broader push to strengthen consumer control over personal information under the CCPA. CalPrivacy Executive Director Tom Kemp said California privacy laws require businesses to collect only the information they genuinely need and to be transparent about how that data is handled. Alongside the settlement announcement, regulators also highlighted the state’s Delete Request and Opt-out Platform (DROP), which allows Californians to submit requests to delete personal information held by hundreds of registered data brokers.

The European Union has reached a provisional agreement to amend parts of the EU AI Act, introducing simplification measures for businesses while also expanding restrictions on harmful AI applications, including so-called “nudifier” apps and AI-generated child sexual abuse material. The agreement, reached early Thursday by negotiators from the European Parliament and the Council, forms part of the EU’s broader “digital omnibus” package aimed at refining the implementation of the bloc’s landmark AI legislation. The updated proposal seeks to reduce compliance burdens and legal uncertainty for AI providers while maintaining the AI Act’s core risk-based framework. Lawmakers said the changes are designed to make the rules more practical without weakening safeguards tied to safety, privacy, and fundamental rights.

EU AI Act Deadlines Pushed to Reduce Legal Uncertainty

One of the biggest changes under the proposed amendments is the postponement of several obligations linked to high-risk AI systems. Under the revised timeline, rules for AI systems classified as high-risk due to their use cases will now apply from 2 December 2027. These systems include AI deployed in biometric identification, critical infrastructure, education, employment, law enforcement, and border management. Meanwhile, AI systems used as safety components under sector-specific EU product safety laws will face compliance obligations from 2 August 2028. The agreement also delays watermarking obligations for AI-generated content until 2 December 2026. The European Commission had earlier proposed a February 2027 implementation date. Watermarking tools are intended to help identify and trace AI-generated images, audio, and video content. Lawmakers said the postponements are necessary to ensure technical standards and implementation guidance are fully in place before the rules become enforceable.

EU Bans Nudifier Apps and AI-Generated Abuse Content

A major part of the agreement focuses on tightening restrictions around harmful AI-generated sexual content. Negotiators agreed to ban AI systems designed to create child sexual abuse material or generate explicit deepfake content involving identifiable individuals without consent. The restriction covers images, video, and audio content. The EU AI Act ban specifically applies to companies placing such AI systems on the EU market, providers failing to include reasonable safeguards against misuse, and users deploying the systems to create illegal or non-consensual explicit material. The decision directly targets “nudifier” apps, which use AI to digitally remove clothing or generate fake explicit imagery of individuals. Companies operating such systems will have until 2 December 2026 to comply with the new requirements. Michael McNamara, co-rapporteur for the Civil Liberties, Justice and Home Affairs committee, said the agreement strengthens the EU’s ability to act against AI systems that threaten human dignity and fundamental rights. “I’m pleased that this morning we reached an agreement on the AI Omnibus,” McNamara said. “Alongside simplification measures, we are banning nudification apps, a key part of the Parliament’s mandate, and, of course, the creation of child sexual abuse material using AI systems.”

Simplification Measures for AI Providers and SMEs

The amendments also introduce several simplification measures intended to reduce overlapping compliance requirements for companies developing AI technologies. Under the new framework, machinery products with AI features will no longer need to comply separately with both the EU AI Act and sector-specific safety laws if existing safety rules already provide equivalent protection. Lawmakers also narrowed the definition of “safety component” within the EU AI Act. This means AI functions designed only to assist users or improve product performance will not automatically be classified as high-risk unless their failure creates health or safety risks. Another change allows companies to process personal data where strictly necessary to detect and correct bias in AI systems, provided appropriate safeguards are in place. The agreement further extends certain exemptions previously available only to small and medium-sized enterprises (SMEs) to small mid-cap companies. EU officials said the move is intended to help startups and growing technology firms scale AI innovation more easily within Europe. Arba Kokalari, co-rapporteur for the Internal Market and Consumer Protection committee, said the revised rules strike a balance between innovation and regulation. “With this agreement, we show that politics can move just as quickly as technology,” Kokalari said. “We now make the AI rules more workable in practice, remove overlaps and pause the high-risk requirements.”

Next Steps for the EU AI Act Amendments

The provisional agreement still requires formal approval from both the European Parliament and the Council before it can become law. EU lawmakers are aiming to finalize adoption before 2 August 2026, which marks the scheduled start date for existing high-risk AI system rules under the original AI Act framework. The negotiations are part of the EU’s continuing effort to shape global standards around artificial intelligence governance while addressing concerns related to safety, transparency, and misuse of generative AI technologies.

A major QLearn cybersecurity incident has affected thousands of educational institutions globally, including Queensland state schools and universities, after a cyber breach involving third-party education technology provider Instructure exposed personal information linked to students and staff. Queensland Education Minister John-Paul Langbroek confirmed the incident in an official statement, saying the Queensland Department of Education was briefed about the international cybersecurity breach involving Instructure, the provider behind the Department’s online learning platform, QLearn. According to early assessments, the breach may affect more than 200 million people and over 9,000 institutions worldwide, making it one of the largest education-sector cybersecurity incidents disclosed this year.

QLearn Cybersecurity Incident Impacts Queensland Schools

The Department of Education said students and staff who have worked or studied at Education Queensland schools since 2020 may have been affected by the QLearn cybersecurity incident. Authorities stated that compromised information currently appears limited to names, email addresses, and school locations. Officials added there is currently no evidence that passwords, dates of birth, or financial information were accessed during the breach. The online learning platform QLearn was introduced in Queensland schools in 2020 under the previous government and has since become a widely used digital education system across the state. Minister Langbroek said school principals have already begun contacting affected families and teachers to notify them about the breach and provide further guidance. “This morning I have been briefed by the Department of Education about an international cybersecurity breach involving a third-party provider, Instructure, which delivers the Department’s online learning platform, QLearn,” Langbroek said in the statement.

Instructure Data Breach Raises Concerns Across Education Sector

The QLearn cybersecurity incident has once again highlighted the growing cybersecurity risks facing the global education sector, particularly as schools and universities continue relying heavily on third-party digital learning platforms. Because the breach involves Instructure, a provider serving institutions across multiple countries, the incident extends far beyond Queensland. Authorities indicated that educational institutions across Australia and overseas are also impacted. While officials stressed that no sensitive financial or authentication data has been identified as compromised so far, cybersecurity experts often warn that exposed personal information such as names and email addresses can still be valuable to cybercriminals. Threat actors frequently use this type of information in phishing campaigns, identity-based scams, and social engineering attacks targeting students, parents, and school employees. The Department of Education has not publicly disclosed how the cybersecurity breach occurred or whether any ransomware or unauthorized network access was involved. Investigations into the incident are ongoing.

Queensland Department Prioritizes Support for Vulnerable Families

In response to the QLearn cybersecurity incident, the Queensland Department of Education said it is prioritizing support for vulnerable individuals and families potentially affected by the breach. According to the Minister’s statement, the Department is providing priority assistance to families and teachers with known family and domestic violence concerns, as well as individuals connected to Child Safety services. The additional support measures appear aimed at reducing potential risks associated with the exposure of school-related location information and contact details. Government agencies increasingly recognize that cybersecurity incidents affecting education systems can carry broader safety implications, especially for vulnerable groups whose personal or location-related information may require additional protection.

Global Education Sector Continues Facing Cybersecurity Threats

The QLearn cybersecurity incident adds to a growing list of cyberattacks and data breaches targeting educational institutions worldwide. Schools, universities, and online learning providers have become frequent targets due to the large amount of personal information they manage and the widespread use of interconnected digital platforms. Education systems often rely on multiple third-party vendors for online learning, communications, and student management services, increasing the potential attack surface for cybercriminals. The Queensland Department of Education said it will continue updating the public as more information becomes available from the ongoing investigation into the breach. At this stage, authorities have not advised affected individuals to reset passwords or take additional security measures, though officials are continuing to assess the full scope and impact of the incident. The investigation into the Instructure-related breach remains active as educational institutions worldwide work to determine the extent of the exposure and any potential long-term cybersecurity implications.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new initiative called “CI Fortify” aimed at helping critical infrastructure operators prepare for disruptive cyberattacks linked to geopolitical conflicts. The initiative comes amid growing concerns over nation-state cyber threats targeting operational technology (OT) systems that support essential services across the United States. The CI Fortify initiative focuses on improving critical infrastructure resilience through two key objectives: isolation and recovery. CISA said the effort is designed to help operators maintain essential operations even if adversaries compromise telecommunications networks, internet services, or industrial control systems. According to the agency, nation-state actors are no longer limiting their activities to espionage. Instead, threat groups have increasingly been pre-positioning themselves inside critical infrastructure environments to potentially disrupt or destroy systems during future geopolitical conflicts.

CI Fortify Initiative Focuses on Isolation and Recovery

Under the CI Fortify initiative, CISA is urging critical infrastructure organizations to assume that third-party communications and service providers may become unreliable during a crisis. Operators are also being asked to plan under the assumption that threat actors may already have some level of access to OT networks. Nick Andersen, Acting Director at CISA, emphasized the need for organizations to prepare for worst-case operational scenarios. “In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering, at a minimum, crucial services,” Andersen said. “They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise.” The isolation strategy outlined under CI Fortify involves proactively disconnecting operational technology systems from external business networks and third-party connections. CISA said this approach is intended to prevent cyber impacts from spreading into OT environments while allowing organizations to continue delivering essential services in a degraded communications environment. The agency advised operators to identify critical customers, including military infrastructure and other lifeline services, and determine the minimum operational capabilities needed to support them during emergencies. CISA also recommended updating engineering processes and business continuity plans to support safe operations for extended periods while systems remain isolated.

Recovery Planning Central to Critical Infrastructure Resilience

Alongside isolation, the CI Fortify initiative places strong emphasis on recovery planning. CISA urged operators to maintain updated system documentation, create secure backups of critical files, and regularly practice system replacement or manual operational transitions. The agency noted that organizations should also identify communications dependencies that could complicate recovery efforts, such as licensing servers, remote vendor access, or upstream network connections. CISA encouraged operators to work closely with managed service providers, system integrators, and vendors to understand potential failure points and establish alternative recovery pathways. The initiative also highlights broader benefits of emergency planning beyond cybersecurity incidents. According to CISA, the same planning processes can help organizations maintain operations during weather-related disruptions, equipment failures, and safety emergencies. The agency said isolation planning can help cut off command-and-control access to compromised systems, while strong recovery preparation can reduce incident response costs and shorten recovery timelines.

Security Vendors and Service Providers Asked to Support CI Fortify

The CI Fortify initiative extends beyond infrastructure operators and calls on cybersecurity vendors, industrial automation suppliers, and managed service providers to support resilience planning efforts. Industrial control system vendors are being encouraged to identify barriers that could interfere with isolation and recovery procedures, including licensing restrictions and server dependency issues. Managed service providers and integrators are expected to assist organizations in engineering updates, local backup collection, and recovery documentation planning. Meanwhile, security vendors are being asked to support threat monitoring and provide intelligence if nation-state actors shift from espionage-focused activity to destructive cyber operations. CISA also requested vendors share information related to tactics that could undermine recovery or bypass isolation protections, including malicious firmware updates and vulnerabilities affecting software-based data diodes.

Volt Typhoon Cyberattacks Continue to Shape U.S. Cybersecurity Strategy

The launch of CI Fortify is closely tied to ongoing concerns surrounding the Volt Typhoon cyberattacks, which U.S. officials have linked to Chinese state-sponsored threat actors. CISA’s initiative specifically references the Volt Typhoon campaign as an example of how adversaries have attempted to establish long-term access inside U.S. critical infrastructure systems to potentially support disruptive actions during military conflicts. The Volt Typhoon operation first became public in 2023, when U.S. authorities revealed that Chinese hackers had infiltrated multiple sectors of American critical infrastructure. Former CISA Director Jen Easterly stated in 2024 that the agency had identified and removed Volt Typhoon intrusions across several sectors. She later reiterated in 2025 that efforts continued to focus on identifying and evicting Chinese cyber actors from critical infrastructure environments. Despite these operations, cybersecurity researchers and some government officials have warned that Chinese threat actors may still retain access to portions of critical infrastructure networks. Several experts have argued that nation-state groups remain deeply embedded in certain environments despite years of remediation efforts. With the CI Fortify initiative, CISA appears to be shifting focus toward operational resilience, recognizing that prevention alone may not be sufficient against sophisticated nation-state cyber threats targeting U.S. critical infrastructure.

Australia has announced the creation of a Cyber Incident Review Board, a move aimed at strengthening the country’s ability to respond to and learn from major cyberattacks. The initiative places Australia among a small group of jurisdictions globally that have formalised independent review mechanisms to assess significant cyber incidents and improve long-term resilience. The Cyber Incident Review Board will conduct no-fault, post-incident reviews of major cybersecurity events affecting both government and private sector organisations. Rather than assigning blame, the board’s mandate is to identify systemic gaps and generate actionable recommendations to improve how Australia prevents, detects and responds to cyber threats. Established under the Cyber Security Act 2024, the board is a central element of the government’s 2023-2030 Australian Cyber Security Strategy. The broader goal is to position Australia as one of the most cyber secure nations by the end of the decade, supported by resilient infrastructure, prepared communities and stronger industry practices. Officials said the Cyber Incident Review Board will focus on extracting lessons from incidents and translating them into practical steps that can reduce the likelihood and impact of future attacks.

Cyber Incident Review Board Brings Leaders From Cross-Sector 

The government has appointed a panel of senior cybersecurity and industry leaders to the Cyber Incident Review Board. The board will be chaired by Narelle Devine, Global Chief Information Security Officer at Telstra. Other members include Debi Ashenden of the University of New South Wales, Valeska Bloch from Allens, Jessica Burleigh of Boeing Australia, Darren Kane from NBN Co, Berin Lautenbach of Toll Group and Nathan Morelli from SA Power Networks. The group brings experience across cybersecurity operations, legal frameworks, governance, national security and critical infrastructure. Authorities said this mix is designed to ensure independent, credible advice that reflects both technical and policy realities.

Government Emphasises Learning Over Blame

Australia’s Minister for Cyber Security Tony Burke said the Cyber Incident Review Board will play a key role in ensuring continuous improvement in national cyber defence. “We know that cyber attacks are constant. This guarantees we learn from every attack and keep increasing our resilience,” Burke said in a statement. He added that the board will examine major cybersecurity incidents, develop findings and provide recommendations that can be applied across sectors. The no-fault model is intended to encourage cooperation from affected organisations, while still producing insights that can benefit the wider ecosystem.

Response Shaped by Recent High-Profile Cyberattacks

The creation of the Cyber Incident Review Board follows a series of major cyber incidents in Australia, including breaches involving health insurer Medibank and telecom provider Optus. These events exposed sensitive customer data and triggered widespread public concern, increasing pressure on the government to strengthen cybersecurity oversight. By introducing structured post-incident reviews, authorities aim to ensure that lessons from such breaches are not lost and can inform future preparedness efforts.

How Australia’s Approach Compares Globally

Australia’s Cyber Incident Review Board aligns with similar efforts internationally but includes some distinct features. The European Union has established a comparable mechanism under its Cyber Solidarity Act, tasking the EU Agency for Cybersecurity with reviewing significant cross-border incidents. However, that framework has yet to be tested in practice. In the United States, a cyber safety review board has already examined several incidents, including a high-profile breach involving Microsoft. That report pointed to avoidable security failures and called for cultural and leadership changes within the company, prompting CEO Satya Nadella to prioritise security across operations. However, earlier U.S. reviews, such as those into the Log4j vulnerability and the Lapsus$ group, were criticised for lacking focus and impact. Analysts noted that broader, less targeted reviews made it harder to drive accountability or meaningful change.

Stronger Powers to Ensure Participation

One notable difference in Australia’s model is its ability to compel organisations to provide information if they decline to participate voluntarily. This marks a shift from the U.S. approach, which relied on cooperation from affected entities. Experts have argued that such powers could improve the depth and accuracy of findings, ensuring that the Cyber Incident Review Board has access to critical data when analysing incidents. At the same time, the framework stops short of allowing flexible expansion of board membership for specialised cases, an idea that has been suggested in international policy discussions.

Focus on Long-Term Cyber Preparedness

The Cyber Incident Review Board is expected to become a key mechanism in shaping Australia’s cybersecurity posture over the coming years. By systematically reviewing incidents and sharing lessons across sectors, the government hopes to build a more coordinated and resilient defence against evolving cyber threats. With cyberattacks continuing to target critical infrastructure, businesses and public services, the success of the Cyber Incident Review Board will likely depend on its ability to translate insights into measurable improvements across the national ecosystem.

A ransomware organization sentencing has brought one of the key operatives behind a major cybercrime group to justice, highlighting the global reach of law enforcement in tackling ransomware attacks. A Latvian national, Deniss Zolotarjovs, has been sentenced to 102 months in prison for his role in a Russian-linked ransomware organization responsible for targeting more than 54 companies worldwide. The sentencing marks a significant development in ongoing efforts to dismantle international ransomware networks. According to the U.S. Department of Justice, Zolotarjovs played a central role in extortion operations carried out between June 2021 and August 2023. The group operated under multiple ransomware brands, including Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira, reflecting a complex and evolving cybercrime structure.

Ransomware Organization Sentencing: Role in Extortion and Data Exploitation

Officials said Zolotarjovs was primarily responsible for increasing pressure on victims who hesitated to pay ransom demands. He analyzed stolen data and used sensitive information to intensify extortion tactics. In one case involving a pediatric healthcare provider, Zolotarjovs used children’s health information to pressure the organization into paying. When the ransom demand was not met, he allegedly encouraged co-conspirators to leak or sell the data. Court documents reveal he distributed a bulk set of sensitive records to hundreds of patients, aiming to amplify fear and force compliance. Assistant Attorney General A. Tysen Duva described Zolotarjovs as a “cruel, ruthless, and dangerous international cybercriminal,” noting that his actions included exploiting highly personal data to increase leverage over victims.

Financial and Operational Impact of Attacks

The ransomware organization’s activities caused widespread damage. Of the more than 54 targeted companies, attacks on 13 resulted in losses exceeding $56 million, including approximately $2.8 million paid in ransom. An additional 41 companies are believed to have paid around $13 million, though detailed loss figures are still being compiled. Authorities estimate that the total financial impact could reach hundreds of millions of dollars when factoring in underreported incidents. Beyond financial losses, the attacks led to the exposure of highly sensitive data, including Social Security numbers, addresses, dates of birth, and healthcare records. In one instance, a government entity’s 911 emergency system was forced offline, raising serious concerns about public safety and the broader consequences of ransomware attacks.

Organized Structure and Global Operations

Investigators found that the ransomware organization operated with a structured hierarchy and used a network of companies across Russia, Europe, and the United States to mask its activities. Members were largely based in Russia and reportedly operated from an office in St. Petersburg. The group’s operations also involved corruption and misuse of public resources. Authorities said some members had ties to former Russian law enforcement, allowing them to access databases, intimidate individuals, and identify potential recruits. These connections also enabled members to avoid scrutiny, including evading taxes and military service through bribes.

Arrest, Extradition, and Prosecution

Zolotarjovs was arrested in Georgia in December 2023 and later extradited to the United States in August 2024 after contesting the process. In July 2025, he pleaded guilty to conspiracy charges involving money laundering and wire fraud. The case was investigated by the Federal Bureau of Investigation, with support from multiple field offices and international partners. Special Agent in Charge Jason Cromartie said the case reflects the agency’s continued efforts to track down cybercriminals operating across borders. U.S. Attorney Dominick S. Gerace II added that the prosecution demonstrates that cybercriminals cannot rely on geography or anonymity to evade justice.

Continued Focus on Ransomware Threats

The ransomware organization sentencing highlight the scale and persistence of ransomware threats targeting businesses and public services. Authorities said investigations into related actors and networks remain ongoing as part of broader efforts to disrupt global cybercrime operations.

A Canvas cybersecurity incident has disrupted services at Instructure, the company behind the widely used Canvas platform, raising concerns among educational institutions over potential data exposure and service interruptions. The Canvas cybersecurity incident first came to light late Friday, when Instructure disclosed that it had detected unauthorized activity linked to a cyberattack. The company said it immediately launched an investigation with the support of external forensic experts to determine the scope and impact. By Saturday, Chief Information Security Officer Steve Proud confirmed that attackers had gained access to certain user data from some institutions. The exposed information includes names, email addresses, student identification numbers, and messages exchanged within the platform. Proud emphasized that the incident has been contained. He added that the response involved revoking privileged credentials and access tokens, deploying security patches, and increasing system-wide monitoring. However, some of these defensive measures led to temporary disruptions in services, particularly tools dependent on API keys.

Canvas Cybersecurity Incident: No Financial or Sensitive Identity Data Compromised

Despite the data breach, Instructure stated that there is currently no evidence that highly sensitive data such as passwords, financial information, government identifiers, or dates of birth were accessed. The company noted it will notify affected institutions if any new findings emerge. Canvas is used extensively by schools, universities, and enterprises to manage coursework, host educational content, and facilitate communication between students and educators. The scale of its usage has amplified concerns around the potential reach of the incident.

ShinyHunters Claims Large-Scale Data Theft

The cybercriminal group ShinyHunters claimed responsibility for the attack on Sunday, alleging it had stolen 3.6 terabytes of data affecting more than 9,000 schools. These claims have not been independently verified, and Instructure has not publicly responded to the group’s assertions. [caption id="attachment_111847" align="aligncenter" width="657"] Source: X[/caption] Such claims, if validated, could significantly expand the scope of the Canvas cybersecurity incident beyond initial disclosures. For now, the company maintains that its investigation is ongoing.

Ongoing Maintenance and Service Restoration Efforts

Instructure has been providing regular updates as it works to stabilize systems affected by the Canvas cybersecurity incident. As of May 5, Canvas Data 2 and Beta services have largely been restored, while the Test environment remains under maintenance. Earlier updates indicated that some users experienced disruptions due to reissued application keys, a precautionary measure taken to enhance security. Users were required to re-authorize access to certain tools, with updated keys identifiable by timestamps. The company also confirmed that it rotated certain keys even without evidence of misuse, reflecting a cautious approach to securing its infrastructure.

Continued Monitoring as Investigation Proceeds

The investigation into the Canvas cybersecurity incident remains active, with Instructure continuing to monitor its systems and assess potential risks. The company has reiterated its commitment to transparency and stated that updates will be shared as new information becomes available. For institutions relying on Canvas, the incident highlights the operational impact of cybersecurity threats on critical education platforms. While services are gradually being restored, the focus now shifts to understanding the full extent of the breach and preventing similar incidents in the future.

The Federal Bureau of Investigation (FBI) has issued a public warning over a sharp rise in cyber-enabled cargo theft, as threat actors increasingly use digital tactics to impersonate legitimate businesses, hijack freight, and steal high-value shipments. According to the FBI, cybercriminals are targeting transportation and logistics companies involved in shipping, receiving, and insuring cargo. The agency said these attacks have been ongoing since at least 2024 and are now becoming more sophisticated and widespread. Losses linked to cyber-enabled cargo theft have surged significantly. In 2025, estimated cargo theft losses in the United States and Canada reached nearly $725 million, marking a 60 percent increase from the previous year. Confirmed incidents rose by 18 percent, while the average value per theft increased by 36 percent to $273,990, reflecting a shift toward more targeted, high-value shipments.

How Cyber-Enabled Cargo Theft Works

The FBI outlined a structured, multi-step process used in cyber-enabled cargo theft schemes. Attackers begin by compromising accounts of brokers and carriers through phishing techniques such as spoofed emails, fake websites, and malicious links. Victims are often sent emails posing as legitimate business communications, such as carrier agreements or service complaints. These emails include links that lead to phishing websites designed to mimic trusted platforms. Once accessed, these sites deploy malware or remote monitoring tools, allowing attackers to gain full control over systems without detection. After gaining access, cybercriminals exploit online freight marketplaces known as load boards. They impersonate legitimate brokers or carriers and post fake shipment listings, sometimes in large volumes. Unsuspecting carriers bid on these listings and are further compromised through fraudulent agreements or malicious downloads. In the next stage, attackers use the compromised accounts to accept real shipment contracts. They then engage in illegal double-brokering, rerouting freight to unintended locations. Shipment documents are manipulated, including bills of lading, and delivery destinations are altered without the knowledge of the original parties. The final stage of cyber-enabled cargo theft involves physically diverting the cargo. Goods are transferred through cross-docking or transloading to other drivers, often complicit, and then stolen for resale. In some cases, attackers demand ransom payments in exchange for information about the shipment’s location. [caption id="attachment_111803" align="aligncenter" width="972"] Image Source: https://www.ic3.gov/[/caption]

Indicators of Cyber-Enabled Cargo Theft

The FBI has identified several warning signs that may indicate a cyber-enabled cargo theft attempt. These include unexpected communications regarding shipments made in a company’s name, spoofed email domains, and requests to download documents from suspicious links. Other indicators include emails referencing negative service reviews with embedded links, unauthorized changes to email account settings, and slight variations in domain names designed to mimic legitimate organisations. Attackers may also use temporary or internet-based phone numbers to communicate with victims. These tactics are designed to create a sense of urgency or legitimacy, increasing the likelihood that employees will engage with malicious content.

Steps to Prevent Theft

To reduce the risk of cyber-enabled cargo theft, the FBI is urging organisations to adopt stronger verification and security practices. Companies are advised to independently confirm shipment requests using multiple communication channels before releasing goods. The agency recommends implementing multi-layer verification processes and not relying solely on familiar names or email addresses. Businesses should also maintain detailed records of all transactions, including driver identification, vehicle details, and communication logs, to support investigations if needed. Recognising phishing attempts and avoiding interaction with suspicious links remain critical preventive measures.

Reporting Theft Incidents

The FBI has encouraged victims of cyber-enabled cargo theft to report incidents promptly. In addition to contacting local law enforcement, affected organisations should file complaints with the Internet Crime Complaint Center (IC3) or reach out to their nearest FBI field office. The agency said timely reporting can help identify patterns, disrupt criminal networks, and prevent further losses across the logistics sector.

The global digital rights conference RightsCon 2026 has been cancelled just days before its scheduled start in Lusaka, after Zambia’s government intervened, citing concerns over the event’s themes and participation. The decision has left thousands of attendees stranded or forced to change plans, marking a major disruption for one of the world’s largest gatherings focused on digital rights. The conference, hosted by Access Now, was set to begin on May 5 and expected to bring together more than 2,600 in-person participants and 1,100 online attendees from over 150 countries. However, organisers confirmed that RightsCon 2026 will not proceed either in Zambia or virtually.

Sudden Cancellation of RightsCon 2026

The first indication of trouble emerged when Zambia’s Minister of Technology and Science raised concerns about incomplete security clearances and the nature of the conference’s discussions. Soon after, state-owned media announced that the government had “postponed” the event. Organisers say the move came without formal consultation. In a detailed statement, Access Now described the situation as unprecedented and deeply disruptive. “To our community, We are devastated to be writing to you instead of gathering together as planned and we know we’re not alone. The frustration and disappointment stemming from the loss of RightsCon 2026 is felt deeply by all of us, especially our partners in the region who worked tirelessly alongside our team.” The organisation added that the scale of the event made postponement impractical, noting that planning had been underway for more than a year with over 500 sessions scheduled.

Allegations of Foreign Interference

A key issue highlighted by organisers was alleged external pressure linked to participation from Taiwanese civil society groups. According to Access Now, concerns were raised after communication from Zambian officials regarding diplomatic pressure. “We believe foreign interference is the reason RightsCon 2026 won’t proceed in Zambia or online.” The organisers said they were informally told that for the conference to go ahead, certain topics would need to be moderated and some communities excluded, including Taiwanese participants. This, they said, crossed a fundamental line. “This was our red line. Not because we were unwilling to engage, but because the conditions set before us were unacceptable and counter to what RightsCon is and what Access Now stands for.”

Breakdown in Communication

Access Now detailed a breakdown in communication with Zambian authorities in the final days leading up to the event. Despite prior agreements, including a signed memorandum of understanding and coordination on visa processes, organisers said they received no clear explanation before the cancellation was publicly announced. At 9:33 pm local time on April 28, the postponement was reported in the media before organisers received official confirmation. A formal letter followed later, stating that the decision was “necessitated by the need for comprehensive disclosure of critical information relating to key thematic issues proposed for discussion.” Organisers said the explanation lacked clarity and did not specify actionable concerns.

Impact on Global Digital Rights Community

The cancellation of RightsCon 2026 has had immediate consequences for the global digital rights community. Thousands of participants were already travelling to Lusaka when the announcement was made. “It is with heavy hearts that we share: RightsCon will not proceed in Zambia or online.” “We do not recommend registered participants travel to Lusaka for RightsCon.” The event has long been considered a key platform for discussions on internet governance, privacy, cybersecurity, and freedom of expression. Its cancellation raises broader concerns about shrinking civic space and restrictions on global dialogue. Access Now described the situation as part of a wider challenge facing civil society. “We see this unilateral decision, and the way it was taken, as evidence of the far reach of transnational repression targeting civil society, and effectively shrinking the spaces in which we operate.”

What Comes Next After RightsCon 2026 Cancellation

Despite the setback, organisers reaffirmed their commitment to the event’s mission and the broader digital rights movement. “RightsCon may not happen in Zambia, but we will come together again; how and where we do so will be informed by you, our community.” Access Now also acknowledged the support received from partners, governments, and participants in the aftermath of the cancellation. The abrupt halt of RightsCon 2026 highlights the challenges facing international forums that address sensitive issues such as digital freedoms.

Organisations worldwide are being urged to prepare for a vulnerability patch wave, as security experts warn that advances in artificial intelligence (AI) could rapidly expose long-standing weaknesses across software systems. The warning comes from National Cyber Security Centre (NCSC), which says businesses must act now to strengthen their environments before a surge of critical updates arrives. In a blog, Chief Technology Officer Ollie Whitehouse highlighted that years of accumulated technical debt are now becoming a major cybersecurity risk. Technical debt refers to unresolved flaws and compromises in software that arise when organisations prioritise speed or short-term delivery over long-term resilience. According to Whitehouse, artificial intelligence is accelerating the problem. Skilled attackers are increasingly able to use AI tools to identify and exploit vulnerabilities at scale, forcing what the NCSC describes as a “correction” across the technology ecosystem. This is expected to trigger a vulnerability patch wave, with a high volume of security updates affecting open source, commercial, proprietary, and software-as-a-service platforms.

Prioritising External Attack Surfaces

As part of preparing for the vulnerability patch wave, the NCSC advises organisations to first focus on their external attack surfaces. Internet-facing systems, cloud services, and exposed infrastructure present the highest risk when new vulnerabilities are disclosed. The guidance recommends a perimeter-first approach. Organisations should secure outward-facing technologies before moving deeper into internal systems. This reduces the likelihood that attackers can exploit newly discovered weaknesses during the vulnerability patch wave. Where resources are limited, priority should be given to patching systems that are directly exposed to the internet. Critical security infrastructure should follow next. However, the NCSC cautions that patching alone will not solve every issue. Legacy and end-of-life systems remain a major concern. Many of these technologies no longer receive security updates, leaving organisations vulnerable even during a vulnerability patch wave. In such cases, businesses may need to replace outdated systems or bring them back into supported environments, especially if they are externally accessible.

Preparing for Faster and Large-scale Patching

The expected vulnerability patch wave will require organisations to rethink how they manage updates. The NCSC is urging businesses to prepare for faster, more frequent, and large-scale deployment of security patches, including across supply chains. Several key measures have been recommended:

• Enable automatic updates wherever possible to reduce operational burden
• Adopt secure “hot patching” to apply fixes without service disruption
• Ensure internal processes support rapid and large-scale updates
• Use risk-based prioritisation models such as Stakeholder Specific Vulnerability Categorisation (SSVC)

Whitehouse noted that organisations must be ready to accelerate patching timelines when critical vulnerabilities are actively exploited, particularly those affecting internet-facing systems. At the core of this approach is an “update by default” policy. This means applying software updates as quickly as possible, ideally through automated processes. While this may not always be feasible for safety-critical or operational technology systems, the NCSC says it should form the foundation of modern vulnerability management strategies.

Beyond Vulnerability Patch Wave: Addressing Systemic Risks

The NCSC emphasises that the vulnerability patch wave is only part of a broader cybersecurity challenge. Patching addresses immediate risks, but it does not eliminate the underlying causes of technical debt. Technology vendors are being encouraged to build more secure systems from the outset. This includes adopting memory safety and containment technologies such as CHERI, which can reduce the likelihood of exploitable vulnerabilities. For organisations operating critical services, strengthening cybersecurity fundamentals is equally important. Frameworks such as Cyber Essentials and sector-specific resilience models can help reduce the impact of breaches and improve overall security posture. Additional guidance has also been issued for high-risk environments, covering areas such as privileged access workstations, cross-domain security architecture, and threat detection through observability and proactive hunting.

Organisations Urged to Act Now

The NCSC has made it clear that preparation cannot be delayed. The anticipated vulnerability patch wave is expected to impact organisations of all sizes and sectors. Businesses are advised to review their vulnerability management processes, assess their exposure, and ensure their supply chains are also ready to respond. Larger organisations, in particular, are encouraged to seek assurance from both commercial and open-source partners. As Whitehouse concluded, readiness for the vulnerability patch wave will depend on proactive planning, strong fundamentals, and the ability to respond quickly at scale.

The APRA AI risk warning has placed banks, insurers, and superannuation trustees on alert as Australia’s financial regulator calls for a significant uplift in how artificial intelligence is governed across the sector. The Australian Prudential Regulation Authority has stated that current governance, risk management, and operational resilience practices are not keeping pace with the rapid adoption of AI. In a letter to regulated entities, APRA said the APRA AI risk warning follows a targeted supervisory review conducted late last year across major financial institutions. The review assessed how AI is being deployed and governed across the industry and found widening gaps between technology adoption and risk control frameworks.

APRA AI Risk Warning on Governance and Operational Gaps

The APRA AI risk warning highlights that AI is increasingly being embedded into operational systems, customer services, and decision-making tools across regulated entities. While adoption is accelerating, APRA observed that governance structures have not matured at the same speed. According to the regulator, assurance practices remain fragmented, particularly in areas involving cyber security, data protection, procurement, and operational resilience. The APRA AI risk warning notes that many organisations are still relying on traditional risk management approaches that are not designed for AI-driven systems. Another key concern raised in the APRA AI risk warning is the limited visibility over how AI models are trained, updated, or modified when embedded within third-party platforms. This lack of transparency, APRA said, reduces the ability of institutions to fully assess risks linked to model behaviour and system dependencies.

Board Oversight Gaps Highlighted in APRA Warning

The APRA AI risk warning also draws attention to board-level oversight challenges. While boards show strong interest in AI-driven productivity and customer service improvements, many still lack sufficient technical understanding to effectively challenge management decisions. APRA observed that some boards are heavily reliant on vendor summaries and presentations rather than detailed internal assessments of AI risk exposure. The APRA AI risk warning stresses that this creates blind spots in governance, particularly when dealing with unpredictable model outputs and operational risks.

AI Risk Warning Flags Cyber and Concentration Risks

Cybersecurity is a major focus of the APRA AI risk warning, with APRA noting that advanced AI models could significantly increase the speed and scale of cyberattacks. The regulator specifically referenced frontier AI models that may assist malicious actors in identifying system vulnerabilities more efficiently. The APRA AI risk warning also highlights growing concentration risk, where institutions depend heavily on single AI providers across multiple use cases. APRA cautioned that insufficient contingency planning in such scenarios could create operational vulnerabilities if service disruptions occur.

Fragmented Risk Management Systems

A key theme in the APRA AI risk warning is the fragmented nature of current risk management frameworks. AI-related risks often cut across multiple domains, including cyber security, privacy, procurement, and operational risk. However, APRA found that existing systems are not always integrated enough to manage these overlaps effectively. The regulator said this fragmentation limits the ability of financial institutions to gain a complete view of AI-related exposure and weakens overall assurance mechanisms.

Expectations for Stronger Controls

APRA Member Therese McCarthy Hockey stated that financial institutions must adapt quickly to manage emerging risks while continuing to leverage AI for efficiency and service improvements. She noted that while AI presents significant opportunities, organisations must ensure their systems are capable of identifying and responding to vulnerabilities at a pace matching AI-driven threats. The APRA AI risk warning outlines expectations for boards to maintain sufficient understanding of AI systems, set clear risk appetite frameworks, and ensure stronger oversight of third-party dependencies. APRA also expects clearer triggers for intervention when systems do not operate as intended.

Ongoing Supervisory Focus

The APRA AI risk warning confirms that while no new regulatory requirements are being introduced at this stage, APRA expects immediate improvements in how institutions manage AI-related risks. The regulator has indicated that it will continue to monitor AI adoption closely and may consider further policy action if necessary. APRA also stated it will continue engaging with domestic and international regulators to assess emerging risks linked to AI technologies and their impact on financial system stability.

In a major international enforcement action, Operation Tri-Force Sentinel, led by Dubai Police, in coordination with the FBI and Chinese Police, has dismantled a large transnational fraud network involved in global financial scams. The Operation Tri-Force Sentinel crackdown resulted in the arrest of 276 individuals linked to organised cyber-enabled fraud activities spanning multiple countries, primarily involving suspects from Southeast Asia. The Operation Tri-Force Sentinel was carried out under the UAE Ministry of Interior and focused on disrupting criminal syndicates running high-yield investment scams, commonly known as HYIS, “pig butchering” schemes, and virtual currency fraud. Authorities confirmed that nine major fraud centres were dismantled during the coordinated action.

276 Arrests and Nine Fraud Centres Dismantled in Operation Tri-Force Sentinel

As part of the operation, law enforcement agencies executed synchronized raids that dismantled three major criminal syndicates operating fraud centres. These centres were responsible for large-scale financial deception campaigns targeting victims across several regions. The operation led to the arrest of 276 suspects, with authorities confirming that the network used advanced social engineering techniques. Victims were reportedly engaged through digital platforms, where trust was gradually built before financial exploitation took place. Dubai Police also confirmed the arrest of a key leader of one of the syndicates in Thailand, carried out in coordination with the Royal Thai Police. The enforcement action marked one of the most significant coordinated strikes against cyber-financial crime groups in recent times under Operation Tri-Force Sentinel. [caption id="attachment_111753" align="aligncenter" width="553"] Image Source: Dubai Police[/caption]

Dubai Police, FBI, and Chinese Police Coordination 

Dubai Police played a central role in directing and executing Operation Tri-Force Sentinel, enabling real-time intelligence sharing between international partners. The collaboration with the FBI and Chinese Police was described as critical to the success of the operation. Dubai Police stated that the operation reflects a proactive strategy to combat evolving transnational financial crime threats. The agency emphasized that coordinated international efforts were essential to dismantling complex criminal networks operating across borders. The FBI highlighted the significance of joint enforcement efforts, stating that the operation demonstrates the effectiveness of coordinated global action in disrupting large-scale fraud schemes. It further noted that the partnership with the UAE authorities, particularly the Dubai Police, played a key role in achieving operational success. Chinese Police also reaffirmed their commitment to combating telecom and financial fraud crimes. They emphasized continued cooperation with global law enforcement agencies to address emerging cross-border criminal activities targeted in Operation Tri-Force Sentinel.

Transnational Fraud Networks and Financial Crime Disruption

The dismantled network operated multiple fraud centres using structured and organised digital fraud models. These included investment scams and cryptocurrency-related fraud schemes that have increasingly affected victims across several countries. Authorities noted that the criminal groups involved in Operation relied heavily on psychological manipulation and digital engagement strategies to execute financial scams at scale. The coordinated enforcement action disrupted key operational infrastructure of these networks in a single phase.

International Cooperation Strengthened 

This operation highlights the growing importance of international cooperation in tackling financial crime networks that operate beyond national borders. The joint action between Dubai Police, the FBI, and the Chinese Police demonstrates strengthened coordination in intelligence sharing and enforcement execution. Officials involved in the operation emphasized that continued collaboration is essential to countering sophisticated fraud networks. The success of Operation reflects the ability of global law enforcement agencies to respond jointly to complex cyber-enabled financial threats. The operation marks a significant step in global efforts to combat organised fraud networks and reinforces the role of coordinated international enforcement in addressing cross-border financial crime.

The IOCTA 2026 report released by Europol offers a detailed look at how cybercrime is evolving across Europe, with criminals increasingly using artificial intelligence, encryption, and cryptocurrencies to scale their operations. The latest edition of the Internet Organised Crime Threat Assessment outlines key trends shaping the threat landscape and calls for stronger coordination among law enforcement agencies. According to the IOCTA 2026 report, cybercrime is becoming more complex and interconnected, driven by rapid technological advancements. The findings highlight how criminals are adapting quickly, making it harder for authorities to detect, track, and disrupt their activities.

IOCTA 2026 Report Maps Evolving Cyber Threat Landscape

The IOCTA 2026 report serves as a roadmap for understanding emerging cyber threats, covering areas such as online fraud, ransomware attacks, and child exploitation networks. Edvardas Šileris, Head of the European Cybercrime Centre at Europol, emphasized that the report is intended to help law enforcement agencies respond effectively to these evolving risks. He noted that as cybercriminals continue to exploit new technologies, strengthening capabilities and improving collaboration will be essential to protect citizens and critical infrastructure.

Dark Web Fragmentation and Cryptocurrencies Fuel Crime

A key finding in the IOCTA 2026 report is the continued role of the dark web as a central hub for cybercriminal activity. Despite ongoing crackdowns, marketplaces and forums remain active, with criminals frequently shifting platforms to avoid detection. The report highlights how fragmentation and specialization across these platforms make investigations more difficult. Encrypted messaging services and anonymized networks are increasingly connecting surface and dark web environments, reducing the visibility of criminal operations. Cryptocurrencies also play a significant role, according to the IOCTA 2026 report. Privacy-focused coins and offshore exchanges are widely used to launder ransomware payments, making financial tracking more challenging. The report also points to a growing trend of younger individuals becoming involved in cryptocurrency-related activities, sometimes without understanding the legal risks.

AI-Driven Fraud Expands Across Europe

The IOCTA 2026 report identifies artificial intelligence as a major driver of online fraud. Cybercriminals are using generative AI tools to create highly targeted phishing campaigns and social engineering attacks. These tools allow attackers to:

• Personalize fraudulent messages at scale
• Mimic legitimate communication styles
• Automate large-scale scam operations

The report also highlights the use of caller ID spoofing and SIM farms, which enable attackers to send thousands of messages or calls simultaneously. This combination of AI and automation is increasing both the reach and success rate of fraud campaigns.

Ransomware and Data Extortion Remain Key Threats

Ransomware continues to be a dominant threat, as outlined in the IOCTA 2026 report. A large number of active ransomware groups were observed throughout 2025, with many adopting data extortion tactics. Instead of relying solely on encryption, attackers are increasingly threatening to release stolen data to pressure victims into paying. This shift has made cyberattacks more damaging, particularly for public institutions and large organizations. The report also notes growing links between state-sponsored actors and criminal groups, with some cybercriminals acting as proxies in broader geopolitical strategies. Emerging hacking coalitions are adding another layer of complexity to the threat landscape.

Rise in Online Child Exploitation and Criminal Networks

The IOCTA 2026 report highlights a concerning increase in online child sexual exploitation cases. The financial trade of child abuse material is growing, and the use of synthetic content is creating new challenges for investigators. Encrypted messaging platforms are widely used by offenders, making it harder for authorities to monitor and intervene. The report also points to the emergence of organized online communities that engage in multiple forms of criminal activity. These networks combine cybercrime with violent offenses, creating a complex and dangerous ecosystem that extends beyond digital spaces.

Need for Stronger Law Enforcement Collaboration

The findings of the IOCTA 2026 report reinforce the need for improved coordination between governments, law enforcement agencies, and industry stakeholders. As cyber threats become more advanced, isolated efforts are no longer sufficient. The report provides actionable insights and recommendations aimed at strengthening investigative capabilities and improving response strategies. It also stresses the importance of innovation in tackling new forms of cybercrime.

A Hutt City Council phishing attack reported in March 2026 has led to the exposure of sensitive information belonging to hundreds of individuals, prompting the council to strengthen its cybersecurity measures and notify affected residents. According to officials, the Hutt City Council phishing attack resulted in unauthorized access to several email accounts. Initial investigations confirmed that identity information of five individuals was compromised, while financial details of up to 732 people may have been exposed through email correspondence.

Details of the Hutt City Council Phishing Attack

The Hutt City Council phishing attack involved malicious emails designed to trick users into revealing login credentials or granting access to internal systems. Once access was obtained, attackers were able to view email communications containing personal and financial data. Council authorities stated that while only a small number of individuals had confirmed identity data compromised, a significantly larger group may have had information exposed indirectly through email threads. All individuals impacted by the Hutt City Council phishing attack have been contacted directly and provided with guidance on steps to secure their information and reduce potential risks.

Immediate Response and Containment Measures

Following the Hutt City Council phishing attack, the organization initiated a rapid response to contain the breach and prevent further unauthorized access. This included securing affected accounts, reviewing system access logs, and strengthening internal security settings. Chief Executive Jo Miller confirmed that the incident has been reported to the Office of the Privacy Commissioner. She acknowledged the seriousness of the breach and its impact on the community. “We are sorry this has occurred and acknowledge the concern it may have caused. It’s a reminder to handle data with sufficient care,” Miller said, adding that additional safeguards have been implemented to prevent similar incidents. The council has also accelerated its cybersecurity improvement program in response to the Hutt City Council phishing attack, focusing on enhanced monitoring and faster incident detection.

Strengthening Systems and Security Controls

In response to the Hutt City Council phishing attack, several measures have been implemented to improve system resilience. These include:

• Enhanced email security settings
• Increased monitoring of account activity
• Additional staff training to identify phishing attempts
• Strengthened access controls

The council stated that these improvements are part of a broader effort to reduce the risk of similar incidents in the future.

Growing Threat of Phishing Attacks

The Hutt City Council phishing attack reflects a wider trend of increasingly sophisticated cyber threats. Authorities noted that cybercriminals are using advanced tools, including artificial intelligence, to automate phishing campaigns, making them more convincing and harder to detect. These evolving tactics allow attackers to scale operations quickly, adapt to security measures, and target organizations more effectively. As a result, early detection and rapid response have become critical components of cybersecurity strategies. The incident serves as a reminder for both organizations and individuals to remain cautious when handling emails and sharing sensitive information.

Advisory for Affected Individuals

Following the Hutt City Council phishing attack, affected individuals have been advised to:

• Monitor bank and financial statements closely
• Be alert to suspicious emails or communications
• Update passwords and enable additional security measures where possible

The council has also encouraged prompt reporting of any unusual activity to minimize potential harm.

Ongoing Review and Community Assurance

The Hutt City Council phishing attack is currently under review as part of ongoing efforts to strengthen data protection practices. Officials have emphasized their commitment to safeguarding personal information and improving system security. While the incident has caused concern, the council maintains that steps have been taken to contain the breach and reduce the likelihood of future attacks. Additional safeguards and monitoring systems are now in place as part of the response to the Hutt City Council phishing attack. Authorities continue to work with relevant agencies to ensure compliance and maintain transparency as investigations progress.

A major Canada SMS blaster cybercrime case has come to light as Toronto Police charge three men with 44 offences in what authorities describe as a first-of-its-kind investigation in the country. The case, part of Project Lighthouse, highlights a growing threat where cybercriminals use mobile technology to target thousands of people at once. The investigation began in November 2025 after a security partner alerted police to a suspected SMS blaster operating in downtown Toronto. What followed was a months-long probe into a sophisticated operation that combined mobility, deception, and large-scale disruption.

What Is the Canada SMS Blaster Cybercrime Case?

At the center of the Canada SMS blaster cybercrime case is a device that mimics a legitimate cellular tower. When nearby mobile phones connect to it, users receive fraudulent messages that appear to come from trusted organizations. These messages often include links to fake websites designed to steal sensitive information such as banking credentials and passwords. This method is widely known as “smishing,” a form of phishing carried out through text messages. However, the scale and mobility of the device used in this case set it apart from typical cyber fraud schemes. Deputy Chief Rob Johnson said the operation posed serious risks beyond financial fraud. He noted that the technology had the capability to reach thousands of devices simultaneously, raising concerns about public safety.

Large-Scale Disruption Across the Greater Toronto Area

Investigators found that the SMS blaster was not stationary. It was operated from vehicles, allowing suspects to move across the Greater Toronto Area and deploy the device in multiple locations. According to Detective Sergeant Lindsay Riddell, tens of thousands of devices connected to the rogue network over several months. Police also recorded more than 13 million network disruptions, during which affected devices were unable to connect to legitimate cellular networks. These disruptions had serious implications. During those moments, access to emergency services such as 9-1-1 could have been impacted, making the Canada SMS blaster cybercrime case not just a financial threat but also a public safety concern.

Arrests and Seizure of Devices

Toronto Police executed search warrants on March 31 at residences in Markham and Hamilton, leading to the arrest of two suspects. Authorities seized multiple SMS blasters along with a significant amount of electronic evidence. A third individual later turned himself in on April 21. All three now face a combined total of 44 charges linked to the operation. The Canada SMS blaster cybercrime case involved extensive coordination between multiple agencies, including the Royal Canadian Mounted Police National Cybercrime Coordination Centre, regional police services, financial institutions, and telecom providers. Officials say this collaboration was key to identifying and disrupting the activity.

A New Type of Cyber Threat in Canada

Law enforcement officials emphasized that this is the first known case of SMS blaster technology being used in Canada. The case reflects how cyber-enabled crimes are becoming more advanced and harder to detect. Authorities noted that while the technology is new, the objective remains the same: to gain unauthorized access to personal and financial information. The Canada SMS blaster cybercrime case shows how attackers are combining traditional fraud tactics with newer tools to scale their operations.

Public Advisory and Safety Measures

Police are urging the public to remain cautious when receiving unexpected text messages. Users are advised not to click on suspicious links or share personal information through unsolicited messages. Officials recommend accessing banking services only through official applications or by directly entering website addresses into browsers. Victims of suspected fraud are encouraged to report incidents to law enforcement. Deputy Chief Johnson also acknowledged the role of the Toronto Police Coordinated Cyber Centre and partner agencies in handling the investigation. He stressed that staying informed and vigilant remains one of the most effective defenses against such threats.

The Norway social media age limit is moving closer to becoming law, with the government confirming it will introduce legislation this year to restrict access for children under 16. The proposal, expected to be presented to Parliament (Stortinget), aims to reshape how young users interact with digital platforms and place greater responsibility on technology companies for enforcing age restrictions. Prime Minister Jonas Gahr Støre said the move is designed to protect childhood experiences from being dominated by screens and algorithms. He emphasized that children should have space for play, friendships, and offline development, positioning the Norway social media age limit as a safeguard rather than a restriction.

How the Norway Social Media Age Limit Will Work

Under the proposed law, the Norway social media age limit will apply from January 1 of the year a child turns 16. This means access will be granted based on birth year rather than exact birthdate, ensuring that entire school cohorts are treated equally. In practice, most children will be at least 15 years old when they gain access. Minister for Children and Families Lene Vågslid explained that this approach addresses concerns raised during public consultations. Many respondents argued that differences based on birthdates could create social divides among peers. By aligning access with school cohorts, the government aims to balance protection with inclusion. “For me, it is important both to give better protection for children in the digital world and to listen to what young people are saying. I understand that social media can be an important social arena. We want to ensure inclusion and a sense of community. That is why we are proposing that the cutoff be based on the year of birth rather than the exact birth date, so that cohorts are given equal opportunities, regardless of when each person is born,” said Minister for Children and Families Lene Vågslid (Labour). At the same time, officials acknowledge that social media plays a role in young people’s social lives. The policy attempts to maintain that balance while reducing early exposure to potential harms linked to excessive screen time and online interactions.

Tech Companies to Enforce the Norway Social Media Age Limit

A key feature of the Norway social media age limit is the shift in responsibility to technology companies. Platforms will be required to implement effective age verification systems at login, ensuring that underage users cannot bypass restrictions. Minister of Digitalisation and Public Governance Karianne Tung made it clear that enforcement will not rely on children or parents alone. She stated that companies must take full responsibility for compliance and ensure that safeguards are operational from the first day the law takes effect. “I expect technology companies to ensure that the age limit is respected. Children cannot be left with the responsibility for staying away from platforms they are not allowed to use. That responsibility rests with the companies providing these services. They must implement effective age verification and comply with the law from day one,” said Minister of Digitalisation and Public Governance Karianne Tung (Labour). This approach aligns with broader European regulatory trends, particularly the Digital Services Act, which is expected to require platforms to take stronger accountability for user safety, including age verification measures.

Part of a Wider European Push

Norway is among the first countries in Europe to move forward with a nationwide social media restriction of this kind. However, it is not acting in isolation. Several European governments are exploring or advancing similar policies. In France, lawmakers have already backed a proposal to restrict social media use for children under 15, with strong support from President Emmanuel Macron. Spain has also announced plans to block access for users aged 15 and under, while the Netherlands is considering a minimum age of 15. In the United Kingdom, Prime Minister Keir Starmer has supported tighter controls, with pilot programs underway to assess the impact of limiting social media use among teenagers. These developments suggest that the Norway social media age limit is part of a broader shift across Europe toward stricter regulation of digital platforms and greater protection for minors.

Implementation Timeline and Next Steps

The Norwegian government plans to send the proposed legislation for consultation within the European Economic Area before the summer. This process typically lasts around three months. Full enforcement of the Norway social media age limit is expected once the Digital Services Act is incorporated into Norwegian law. Officials say recent trends support the move. Data indicates a decline in the number of children owning smartphones and using social media, partly due to national screen-time guidelines and initiatives such as mobile-free schools. The government intends to implement the policy in stages, but it has made clear that service providers are expected to begin compliance preparations immediately.

A Shift in Digital Policy

The Norway social media age limit reflects growing concern among policymakers about the impact of digital platforms on children’s mental health, privacy, and development. By placing legal responsibility on technology companies and aligning with European regulation, Norway is positioning itself at the forefront of this policy shift. As similar measures gain traction across Europe, the effectiveness of age verification and enforcement will be closely watched. The Norwegian model could become a reference point for other countries seeking to balance digital access with child protection.