Archive for EU

« Older Entries

The EU Gets Pwned By ShinyHunters

Posted in Commentary with tags , on March 30, 2026 by itnerd

Today is the day that I report on organizations and individuals getting pwned.

The European Commission has confirmed a cyberattack affecting its Europa.eu web platform, with early findings indicating that data was extracted from cloud infrastructure hosted on Amazon Web Services (AWS). The incident was discovered on March 24, 2026, and officials said the breach was contained while an investigation into the full scope remains ongoing.

Hackers linked to the ShinyHunters group have claimed responsibility, alleging they accessed and stole more than 350GB of data, including databases and internal documents. The European Commission has not verified the full extent of the stolen data but confirmed that some data was taken and that affected entities are being notified.

The Commission stated that its internal systems were not impacted, with the attack limited to externally hosted cloud services supporting its public-facing websites. Authorities continue to assess the incident and determine what information may have been accessed while implementing additional security measures.

Lydia Zhang, President & Co-Founder,Ridge Security Technology Inc. served up this comment:

   “Continuously exposed external digital assets, such as public websites and AWS S3 buckets, have become prime attack targets, especially with the rise of AI-driven automated threats. Organizations must strengthen their security posture; continuously scanning, testing, and remediating vulnerabilities across these interfaces is no longer optional, but essential.”

Noelle Murata, Sr. Security Engineer, Xcape, Inc. provided this comment:

   “The business impact has escalated from a simple web defacement to a massive Identity and Access Management (IAM) crisis, as the breach likely involves the theft of DKIM keys and SSO directories. This means the adversary can now generate perfectly authenticated emails that bypass DMARC checks, turning the Commission’s own reputation into a weapon for secondary spear-phishing campaigns across the EU.

   “The technical post-mortem indicates a failure of “Identity Hygiene” rather than a cloud security flaw; AWS has publicly cleared its own name, pointing to compromised credentials – likely harvested via the group’s signature vishing tactics against IT helpdesks. For defenders, the priority is no longer just “containing” the breach but an immediate, wholesale rotation of all cloud-based signing keys and a mandatory password reset for the entire SSO tenant. Furthermore, organizations interacting with the EC should treat all incoming “official” correspondence with extreme skepticism, even if it passes cryptographic validation.

   “The reality is that if your identity provider is compromised, your “secure” cloud is effectively an open book.

   “The EU is about to find out that “GDPR Compliance” is a lot harder to enforce when you’re the one filling out the self-report form.”

Phil Wylie, Senior Consultant & Evangelist, Suzu Labs adds this:

   “This attack shows that threat actors do not always need to penetrate core internal networks to create risk. Public-facing cloud environments often contain valuable operational data that can support reconnaissance, social engineering, and follow-on attacks.

   “Most cloud breaches are not failures of the provider but issues around identity security, access management, or configuration. The real lesson here is that organizations need stronger visibility into how cloud data is accessed and moved, not just whether malware is present.

   “Even if the affected systems were isolated, any confirmed data exfiltration should be treated as potential intelligence exposure that could enable future targeting.”

Rajeev Raghunarayan, Head of GTM, Averlon had this to say:

   “Cloud breaches are rarely contained to the system where the compromise started. The real question is what that system had access to, regardless of whether it was considered external or internal. Public-facing applications are often connected to backend services, databases, and storage, and a compromise can expose far more than the initial entry point suggests. The separation between external and internal systems can limit blast radius, but only if access across those layers is tightly controlled, whether through network paths, vulnerabilities, misconfigurations, or identity permissions.

   “The priority for organizations is understanding what data and systems were reachable from the compromised environment, not just what was directly affected. That potential blast radius is what determines the true impact and guides an effective response.”

It’s days like this that make me wonder if there’s no going back and that organizations getting pwned is now the new normal. But we cannot believe that is true. Instead more effort needs to be put into making sure that this starts to get addressed so that pwnage becomes an edge case as opposed to the new normal.

UPDATE: Gidi Cohen, CEO & Co-founder, Bonfy.AI had this to say:

“Modern incidents like the European Commission’s cloud breach are less about a single misconfigured account and more about sprawling unstructured content moving across websites, SaaS apps, storage buckets, AI systems, and agents without unified, context‑aware governance. Cloud security posture management and traditional DLP/DSPM remain necessary, but they are no longer sufficient on their own; without adaptive content controls that understand the people, customers, and citizens behind the data, organizations will continue to be surprised by where sensitive information surfaces when a breach hits.

What matters now is not just where data lives but how it flows: public platforms and “content systems” quietly accumulate regulated and entity‑specific data in logs, backups, CMSes, and object stores, while AI and automation continuously read from and write to those same stores, creating a dense web of human, system, and agent access paths that legacy tools do not see end to end. In that environment, a cloud compromise becomes a test of whether an organization can quickly answer the only questions regulators and boards truly care about, whose data was exposed, through which systems, and how far it has already propagated.”

Leave a comment »

Elon Musk Is Likely In Deep Trouble As Grok Is Under Investigation By The EU

Posted in Commentary with tags , , on January 26, 2026 by itnerd

It sucks to be Elon Musk. He’s already been slapped by the EU for not adhering to the Digital Markets Act, and he’s been under fire for the fact that his AI chatbot Grok creates content that is objectionable content. Here’s how that played out:

That takes us to today. The EU has clearly had enough with Elon’s antics and have opened an investigation into Grok and Twitter/X:

The European Commission has launched a new formal investigation against X under the Digital Services Act (DSA). In parallel, the Commission extended its ongoing investigation launched in December 2023 into X’s compliance with its recommender systems risk management obligations.

The new investigation will assess whether the company properly assessed and mitigated risks associated with the deployment of Grok’s functionalities into X in the EU. This includes risks related to the dissemination of illegal content in the EU, such as manipulated sexually explicit images, including content that may amount to child sexual abuse material.

These risks seem to have materialised, exposing citizens in the EU to serious harm. In light of this, the Commission will further investigate whether X complies with its DSA obligations to:

  • Diligently assess and mitigate systemic risks, including of the dissemination of illegal content, negative effects in relation to gender-based violence, and serious negative consequences to physical and mental well-being stemming from deployments of Grok’s functionalities into its platform.
  • Conduct and transmit to the Commission an ad hoc risk assessment report for Grok’s functionalities in the X service with a critical impact on X’s risk profile prior to their deployment.

It’s a safe bet that this will not end well for Elon because when you mess with the EU, the EU tends to make life miserable for you. And it will also be a safe bet that Elon with whine and moan about how unfair this is. But let’s face facts. Elon created this situation by his cavalier attitude towards common decency. And as a result, this very troubled man is likely now in the “find out” phase.

Like I said at the start of this, it sucks to be Elon Musk.

Leave a comment »

UK and China establish “Cyber Dialogue”, while EU targets “high-risk” foreign tech suppliers

Posted in Commentary with tags , , on January 21, 2026 by itnerd

British and Chinese security officials are seeking to established a “Cyber Dialogue” to discuss cyberattacks amidst hacking accusations by both sides, according to Bloomberg.

The forum is supposedly designed for security officials to manage threats to each other’s national security, by improving communication, allowing, for the first time, private discussion of deterrence measures, and avoiding and preventing escalation, as communicated by people familiar with the matter who spoke on condition of anonymity.

The collaboration comes after China’s top diplomat Wang Yi and British National Security Adviser Jonathan Powell met in Beijing in November agreeing to “confront and resolve issues” and “further enhance regular dialogues” after British officials said a month earlier that they believed Chinese hackers had spied on UK government computer systems for over a decade, and Chinese state-backed actors had compromised its critical infrastructure.

Meanwhile, the European Commission unveiled an updated cybersecurity framework that would tighten protections for critical infrastructure by targeting “high-risk” foreign suppliers of digital equipment and services. 

The proposed legislation marks a shift from previous voluntary guidelines toward mandatory rules giving the Commission the authority to require removal of these high-risk vendors from key sectors such as telecommunications and other infrastructure essential to the EU’s economy and security. 

Although the proposal doesn’t explicitly name specific companies, officials have previously singled out concerns over equipment from Chinese technology firms like Huawei and ZTE.

The overhaul also includes a revised Cybersecurity Act designed to secure information and communications technology supply chains, streamline certification processes, and improve incident reporting and threat alerts.

The updated law would also empower the EU Agency for Cybersecurity (ENISA) to issue early warnings and support collaboration with Europol and national response teams.

Michael Bell, Founder & CEO, Suzu Labs had this comment:

“The Cyber Dialogue is a pragmatic move, not a naive one.

   “In March 2024, the UK publicly accused China of breaching the Electoral Commission and targeting parliamentarians’ email accounts. They sanctioned individuals linked to APT31. They summoned China’s ambassador. Beijing called the accusations “fabricated and malicious slanders.”

   “Eight months later, Wang Yi and Jonathan Powell met in Beijing and agreed to establish a Cyber Dialogue. That looks like whiplash, but there’s logic to it.

   “Cyber operations exist in a gray zone. They’re not acts of war, but they’re not peacetime activity either. Without communication channels, an incident response could be misread as aggression. Escalation becomes more likely when neither side understands the other’s red lines.

   “There’s precedent. In 2015, Obama and Xi established a cyber agreement with hotlines and joint dialogue mechanisms. US officials reported a drop in certain Chinese intrusions afterward. It wasn’t perfect. The US later accused China of violations. But it created a framework for managing the problem.

   “The UK is trying something similar. They’re not pretending the threat doesn’t exist. They publicly attributed attacks, imposed sanctions, and issued warnings about Volt Typhoon pre-positioning in critical infrastructure. Now they’re opening a channel to discuss deterrence and prevent miscalculation.

   “Whether it works depends on whether both sides actually use it. The 2015 US-China agreement produced results until it didn’t. The UK-China dialogue could follow the same trajectory. But having the channel is better than not having it.

   “The alternative, pure confrontation without communication, creates its own risks. In cyberspace, those risks are harder to see until they materialize.

   “In regards to the EU targeting “high-risk” tech suppliers, honestly, it sounds like Brussels ran out of patience.

   “The 5G Security Toolbox has been voluntary guidance since January 2020. It recommended that member states assess high-risk vendors and impose restrictions where necessary. Six years later, only 10 of 27 member states actually did anything meaningful about Huawei and ZTE. The patchwork approach created exactly the security gaps the Toolbox was supposed to prevent.

   “The new legislation fixes that by making removal mandatory. High-risk suppliers must be phased out within three years of the law taking effect. The scope expands beyond mobile networks to fixed and satellite infrastructure across 18 critical sectors: water, electricity, cloud services, semiconductors, medical devices.

   “The Commission will conduct EU-wide risk assessments based on country of origin and national security implications. ENISA gets real authority: early threat alerts, centralized incident reporting, coordination with Europol. A formal catalogue of high-risk suppliers will follow via implementing act. Huawei and ZTE are expected to be on it.

   “This is expensive. Germany alone faces an estimated €2.5 billion to replace Huawei equipment across Deutsche Telekom, Vodafone, and Telefónica. EU-wide, operators are looking at roughly €3 billion annually in higher infrastructure costs. That’s not a rounding error. It’s why voluntary guidelines failed. Member states and operators kept finding reasons to delay.

   “The legislation removes the option to delay. It’s regulatory coercion, and it’s probably necessary. Security through voluntary compliance only works when everyone complies. When half the member states ignore the guidance, you get exploitable gaps.

   “For enterprises operating in the EU, this means vendor audits, procurement changes, and certification requirements through ENISA. The three-year timeline sounds manageable until you account for supply chain constraints and the reality that everyone will be competing for the same alternative equipment.

   “Both approaches respond to the same underlying reality: Chinese state-affiliated actors have demonstrated capability and intent to compromise Western infrastructure. The UK and EU are choosing different tools to manage that risk.

   “The UK is betting that communication reduces the chance of catastrophic miscalculation. The EU is betting that removing the attack surface is more reliable than trusting dialogue.

   “Neither approach is wrong. They’re addressing different aspects of the same problem. The UK approach manages the state-to-state relationship. The EU approach manages the technical supply chain risk.

   “For enterprises, the implication is clear: you can’t rely on a single approach. You need security architecture that accounts for both diplomatic uncertainty and regulatory mandates. The technology landscape is fragmenting, and your vendor strategy needs to fragment with it.”

John Carberry, Solution Sleuth, Xcape, Inc. follows with this comment:

   “The UK-China cyber dialogue signals a shared understanding that unchecked cyber tensions pose serious escalation risks for global powers. Creating forums for discussing deterrence and intentions could minimize miscalculations, even if persistent accusations of espionage between the two nations remain unresolved.

   “Concurrently, Europe’s implementation of mandatory restrictions on “high-risk” suppliers demonstrates that dialogue doesn’t automatically equate to trust. The EU’s framework signifies a stricter stance on supply-chain security, transitioning from voluntary recommendations to legally binding regulations with tangible economic impacts. This shift from voluntary guidelines to mandatory exclusions for companies like Huawei and ZTE suggests that while the UK pursues dialogue, the wider Western approach is leaning towards complete technological decoupling.

   “ENISA’s augmented responsibilities for early warnings, incident reporting, and cross-border responses further underscore Europe’s focus on cybersecurity as a matter of technological sovereignty rather than mere IT best practices. By granting ENISA and Europol enhanced early-warning capabilities, the EU is fortifying itself against the very state-sponsored actors the UK is now engaging with diplomatically.

   “Collectively, these trends illustrate a two-pronged strategy: diplomatic efforts to influence state conduct, combined with structural defenses to mitigate systemic vulnerabilities. Cybersecurity policy is increasingly serving as both a diplomatic instrument and a component of industrial strategy.

   “You can’t build a bridge of trust with diplomacy while simultaneously bricking up the windows to keep the “partners” out of the house.”

Trust isn’t built overnight. Which I suspect will mean that any real traction on this will take a while to materialize any results. Which is fine as long as everyone sticks to it.

Leave a comment »

Elon Musk’s Twitter/X Hit With $140 Million Fine

Posted in Commentary with tags , on December 5, 2025 by itnerd

Elon Musk is likely less of a fan of the European Union today versus yesterday. I say that because he’s or more accurately Twitter/X has been fined $140 million by them. Here’s why:

 Elon Musk’s social media company X was fined 120 million euros ($140 million) by EU tech regulators on Friday for breaching EU online content rules, the first sanction under landmark legislation which will likely draw the U.S. government’s ire.

And:

EU regulators said X’s DSA violations included the deceptive design of its blue checkmark for verified accounts, the lack of transparency of its advertising repository and its failure to provide researchers access to public data.

Well, this is going to get interesting as I am sure that Elon will have something…. perhaps something stupid to say about this. I did check his Twitter account and there’s nothing so far. But you know that he’s going to say something. In the meantime, it’s clear that the EU is making the point that tech companies will bend to its will and not the other way around.

Leave a comment »

EU’s ‘Cyber Solidarity Act’ creates a cooperative mechanism for effective defenses

Posted in Commentary with tags on March 7, 2024 by itnerd

On Tuesday, the EU agreed to the Cyber Solidarity Act, a new set of rules intending to make the EU more resilient and reactive to cyber threats via cooperation mechanisms.

An EU-wide cybersecurity alert system will be established to rapidly share information and will comprise of national cyber hubs which will be responsible for detecting and acting on cyber threats, helping authorities respond more effectively to major incidents.

The new regulation will allow for the creation of a cybersecurity emergency mechanism that will support:

  • Preparedness actions, including testing entities in highly critical sectors, such as healthcare, transportation and energy.
  • Shared financial assistance for impacted entities.
  • A ‘cybersecurity reserve’ made up of incident response services from the private sector as well as associated partnering countries that are ready to intervene during a large-scale cybersecurity incident.

The EU Council and Parliament have also agreed to amend the 2019 Cybersecurity Act in order to establish European certification schemes for managed security services. This aims to boost the quality and comparability of these service providers and avoid fragmentation of the internal market.

Formal adoption of the provisional agreements will come once they have been endorsed by the Council and Parliament. 

Emily Phelps, VP, Cyware had this comment:

   “The Cyber Solidarity Act recognizes and addresses the critical nature for the EU to more effectively prepare, detect, and respond to cyber threats. Threat actors often work together, increasing the challenges nations and organizations face to defend against adversaries. These collaborative efforts to improve resiliency are an important step to protecting critical infrastructure, national security, and economic continuity.

Dave Ratner, CEO, HYAS follows with this comment:

   “Sharing information the way that the EU Cyber Solidarity Act does is a great start and a good initiative — too many times the right information is not shared quickly enough. However, if the goal is to make everyone, especially critical infrastructure, truly proactive and cyber resilient then they need to do more than just share information about ‘what’s happened in the past’ and ‘what’s happening now’.  They need to endorse the use of proactive threat intelligence capable of identifying what is going to happen, and mandate the implementation of cyber resiliency solutions like Protective DNS — which other governments are already recommending — that are capable of automatically identifying attacks in real-time and shutting them down.”

George McGregor, VP, Approov had this comment:

   “The EU continues to flesh out the EU Cybersecurity Strategy laid out 4 years ago.

   “The newly announced Cyber Solidarity Act is intended to drive readiness and cooperation and includes infrastructure investments and financial incentives. Because of this it will certainly prove less controversial than the Cyber Resiliency Act of 2023 which imposed strict breach reporting requirements on companies operating in the EU.

   “Key, however, will be the effective execution of the work needed to implement this Act. For example, the creation of a “state-of-the-art” European Cybersecurity Alert System is certainly aspirational but could prove quite challenging to implement. Further information and regular updates on the status of the various projects required to implement the Act will be welcome as a next stage. “

By making sure that everyone shares info and plays nice in the metaphorical sandbox, it ensures that everyone is a lot safer. Thus I see this as a very good move by the EU and one that should be copied far and wide.

Leave a comment »

EU Passes Landmark AI Bill

Posted in Commentary with tags , on December 9, 2023 by itnerd

Yesterday, the EU reached a deal on its landmark AI bill. In the process, they’re racing ahead of US:

The European approach to trustworthy AI

The new rules will be applied directly in the same way across all Member States, based on a future-proof definition of AI. They follow a risk-based approach:

Minimal risk: The vast majority of AI systems fall into the category of minimal risk. Minimal risk applications such as AI-enabled recommender systems or spam filters will benefit from a free-pass and absence of obligations, as these systems present only minimal or no risk for citizens’ rights or safety. On a voluntary basis, companies may nevertheless commit to additional codes of conduct for these AI systems.

High-risk: AI systems identified as high-risk will be required to comply with strict requirements, including risk-mitigation systems, high quality of data sets, logging of activity, detailed documentation, clear user information, human oversight, and a high level of robustness, accuracy and cybersecurity. Regulatory sandboxes will facilitate responsible innovation and the development of compliant AI systems.

Examples of such high-risk AI systems include certain critical infrastructures for instance in the fields of water, gas and electricity; medical devices; systems to determine access to educational institutions or for recruiting people; or certain systems used in the fields of law enforcement, border control, administration of justice and democratic processes. Moreover, biometric identification, categorisation and emotion recognition systems are also considered high-risk. 

Unacceptable risk: AI systems considered a clear threat to the fundamental rights of people will be banned. This includes AI systems or applications that manipulate human behaviour to circumvent users’ free will, such as toys using voice assistance encouraging dangerous behaviour of minors or systems that allow ‘social scoring’ by governments or companies, and certain applications of predictive policing. In addition, some uses of biometric systems will be prohibited, for example emotion recognition systems used at the workplace and some systems for categorising people or real time remote biometric identification for law enforcement purposes in publicly accessible spaces (with narrow exceptions).

Specific transparency risk: When employing AI systems such as chatbots, users should be aware that they are interacting with a machine. Deep fakes and other AI generated content will have to be labelled as such, and users need to be informed when biometric categorisation or emotion recognition systems are being used. In addition, providers will have to design systems in a way that synthetic audio, video, text and images content is marked in a machine-readable format, and detectable as artificially generated or manipulated.

Companies not complying with the rules will be fined.

I’ll give my commentary in a moment. But I’ll serve up the comments of Anurag Gurtu , CPO, StrikeReady:

The regulation paves the way for what could become a global standard to classify risk, enforce transparency and financially penalize tech companies for noncompliance.

The European Union’s deal on the landmark AI bill marks a significant moment in the global conversation about the regulation of artificial intelligence. This ambitious legislation, which seeks to classify AI risks, enforce transparency, and penalize noncompliance, demonstrates the EU’s proactive stance in addressing the complexities of AI technologies.

The Act’s focus on monitoring and oversight, especially for high-risk applications, could set a new global standard for AI regulation. While it aims to balance protection and innovation, the Act will require tech companies operating in the EU to adapt significantly, potentially reshaping global AI development and deployment strategies.

This legislation also raises critical discussions about the balance between innovation and ethical considerations in AI. While Europe is taking a lead, it will be interesting to see how other regions, particularly the U.S., respond to this development. Will they follow suit with similar regulations, or will they take a different path?

Moreover, the Act’s implications on open-source AI models, which are exempt from certain restrictions, could stimulate interesting shifts in the AI industry, potentially favoring open-source approaches.

However, there are concerns about the potential impact on innovation and the competitive edge of European AI companies. While the Act aims to ensure safety and ethical standards, it’s crucial that it doesn’t stifle the innovative potential of AI.

This development is a significant step in the global dialogue on AI governance and sets the stage for further international discussions on how best to manage this rapidly evolving technology.

The combination of classifying risk and known that the EU will not be afraid to drop the ban hammer on any company who tries to skirt the rules is sure to be an effective combination. Other countries need to copy this so that AI is sufficiently regulated and risk is minimized.

Leave a comment »

EU’s Cyber Resilience Act would require a ONE day breach notice

Posted in Commentary with tags on October 4, 2023 by itnerd

A group of leading tech companies and security researchers have written an open letter about how the vulnerability disclosure requirements proposed for the EU’s Cyber Resilience Act don’t make sense and are flat out dangerous.

Basically, the requirements would ask vendors to disclose that they know about a vulnerability in ONE day. The industry argues that’s not enough time and would open the doors to hackers to jump on the vulnerabilities without giving everyone enough time to actually do the patches.  “Article 11 of the CRA requires software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of exploitation.”

George McGregor, VP, Approov Mobile Security had this comment:

“These vulnerability requirements, if enforced, will be of critical importance to US companies which operate in the EU.  The EU Cyber Resilience Act makes no distinction about where vulnerabilities are discovered so the obligation will be worldwide in scope.

“This is clearly understood by the number of US based individuals who have signed the request to modify the CRA in order to remove the requirement to report unpatched vulnerabilities within 24 hours.

“The letter also requests that vulnerabilities uncovered during testing should not be included in the reporting requirement.

“With this level of industry reaction, the CRA requirements should certainly be relaxed.”

I am completely in favour of this as it makes vendors completely accountable for the quality of their products. But it has to be done in a way that make sense and is sustainable. This doesn’t meet that standard. A rethink is absolutely in order.

Leave a comment »

The EU Passes Draft Legislation To Govern AI

Posted in Commentary with tags , on June 14, 2023 by itnerd

The news is out today that the EU Parliament has moved one step closer to putting legislation into force to govern AI:

The European parliament approved rules aimed at setting a global standard for the technology, which encompasses everything from automated medical diagnoses to some types of drone, AI-generated videos known as deepfakes, and bots such as ChatGPT.

MEPs will now thrash out details with EU countries before the draft rules – known as the AI act – become legislation.

“AI raises a lot of questions socially, ethically, economically. But now is not the time to hit any ‘pause button’. On the contrary, it is about acting fast and taking responsibility,” said Thierry Breton, the European commissioner for the internal market.

A rebellion by centre-right MEPs in the EPP political grouping over an outright ban on real-time facial recognition on the streets of Europe failed to materialise, with a number of politicians attending Silvio Berlusconi’s funeral in Italy.

The final vote was 499 in favour and 28 against with 93 abstentions.

Craig Burland, CISO, Inversion6 had this comment in relation to this news:

Let the debate begin! Similar to data privacy years ago, the EU has just taken a position at the far end of the spectrum to frame the parameters of the discussion. Putting aside the many challenges of enforcement as well as the ubiquitous use of AI in modern technology projects, the EU has documented intriguing concepts centered on ensuring the validity of the content and proper use cases. Contrast this with Google’s pronouncement last week that focused primarily on protecting the technology itself.  What was announced today will shift and transition as the debate plays out in the media and behind closed doors. But, in planting this flag, the EU has started what will be a fascinating dialog that affects businesses and individuals alike.

I’m honestly not sure how this will shake out. But based on the fact that the EU has come out with regulations like GDPR, this draft legislation is likely to shape the discussion about AI and how it should be used. Thus everyone need to pay attention to this.

UPDATE: Eduardo Azanza, CEO, Veridas adds this:

     “The passing of the Artificial Intelligence Act is a significant moment and should not be underestimated at all. For technologies such as AI and biometrics to ever be successful, it is essential that there is trust from businesses and the wider public.

It’s critical that we have established agreed standards and deliverables to ensure that AI and collected biometric data are used responsibly and ethically. There must be clearly defined responsibilities and chains of accountability for all parties, as well as a high degree of transparency for the processes involved. 

As the UK and US look to introduce their own Artificial Intelligence Act, it is essential they work with the EU to define minimum global standards – only then can we guarantee the ethical use of AI and biometrics.

Ultimately, it’s businesses’ duty to responsibly and ethically use AI technology, as its capability to replicate human abilities raises huge concerns. Organizations need to be conducting periodic diagnoses on the ethical principles of AI. Confidence in AI security technology must be based on transparency and compliance with legal, technical, and ethical standards.”

UPDATE #2: Ani Chaudhuri, CEO, Dasera had this comment:

European Union lawmakers have taken a decisive step in shaping the future of artificial intelligence by adopting the E.U. AI Act. This landmark legislation challenges the power of American tech giants and sets unprecedented restrictions on AI usage. This move is long overdue as it prioritizes data security and protects individuals from potential harm caused by unchecked AI systems.

The E.U. AI Act introduces essential guardrails to prevent deploying AI systems that pose an “unacceptable level of risk.” By banning tools like predictive policing and social scoring systems, the legislation safeguards against intrusive and discriminatory practices. Furthermore, it limits high-risk AI applications, such as those that could influence elections or jeopardize people’s health.

One significant aspect of the legislation is its focus on generative AI, including systems like ChatGPT. Requiring content generated by such systems to be labeled and mandating the publication of summaries of copyrighted data used for training promotes transparency and protects intellectual property rights. These measures address growing concerns and ensure responsible AI development.

While some voices express concern over the potential impact on AI development and adoption, the European Parliament’s determination to lead the global dialogue on responsible AI should be applauded.  European lawmakers have proactively developed comprehensive AI legislation that accounts for evolving technologies and potential risks.

The E.U.’s commitment to data privacy, tech competition, and social media regulation aligns with its ambitious AI regulations. This cohesive framework ensures that European companies adhere to high standards, promoting consumer trust and privacy. It also strengthens Europe’s position as the global tech regulator, setting precedents that will shape international tech policies.

As Europe leads in establishing AI standards, the United States must step up its efforts to keep pace. Congress must pass comprehensive legislation addressing AI and online privacy. Falling behind Europe risks hindering innovation and surrendering the opportunity to lead the global debate on AI governance.

We believe that responsible AI development should be a global endeavor. As Europe sets the bar, it is incumbent upon the United States to catch up and play an active role in shaping AI policies. We can strike the right balance and ensure AI benefits society by fostering innovation while safeguarding individual rights.

While concerns and challenges exist, the E.U. AI Act represents a significant step toward building a responsible and secure AI ecosystem. Europe’s commitment to protecting individuals and upholding data security sets an example for the world. As the AI landscape continues to evolve, we must embrace robust regulations that foster trust, innovation, and global cooperation.

Leave a comment »

EU Finalizes Law That Will Force Apple To Finally Put USB-C Into The iPhone

Posted in Commentary with tags , on October 24, 2022 by itnerd

You might recall that the European Union recently passed a law requiring devices sold within the union to have USB-C. Since most phones and tablets already have USB-C, one could plausibly argue that this law is squarely aimed at Apple as they have stuck with Lightning on iPhones even though Lightning is really USB 2.0 with a fancy connector. Which in 2022 is quite sad.

Today, the final steps to bring this law into effect are done and this law is now good to go according to this press release:

The new rules will make a USB-C charging port mandatory for a whole range of electronic devices. This will mean that most devices can be charged using the same charger. For consumers to know exactly what they are buying, the directive introduces a pictogramthat specifies whether a new device comes with a charger and a label indicating the charging performance.

The directive also allows consumers to choose whether to purchase a new device with or without a charger. This will not only save consumers money, but will also reduce the electronic waste associated with the production, transportation and disposal of chargers. Four years after the directive enters into force, the Commission will assess whether this unbundling of sales should be made mandatory.

Although becoming more popular, wireless charging has not yet been harmonised across devices. To enable this technology to become available for more devices, the Commission will work on harmonising wireless charging for electronic devices and on interoperability based on technological developments.

Categories of devices concerned

The new rules will apply to a wide range of portable devices:

  • mobile phones
  • tablets and e-readers
  • digital cameras and video game consoles
  • headphones, earbuds and portable loudspeakers
  • wireless mice and keyboards
  • portable navigation systems

In addition, all laptops will also be covered by the new rules 40 months following the entry into force of the directive.

So from the sounds of it, Apple will need to convert AirPods over to USB-C along with the Magic Mouse, Magic Keyboard, and Magic Trackpad given that all their laptops and tablets already have USB-C. While it’s been rumoured that Apple has been testing USB-C iPhones, they have a lot of work ahead of them. But I for one cannot wait for a USB-C iPhone as Lightning is dead and has been for years. The other thing that I note is this re-ignites the charger in the box debate. Apple led the way on not including chargers in the box of a new phone. But based on this, it sounds like they will have to rethink that.

3 Comments »

It’s Official…. USB-C On Phones And Other Devices Will Now Be Mandatory In The EU

Posted in Commentary with tags on October 4, 2022 by itnerd

The EU has been teasing this for some time. But now it’s official. A press release issued by the European Parliament earlier today states the following:

By the end of 2024, all mobile phones, tablets and cameras sold in the EU will have to be equipped with a USB Type-C charging port. From spring 2026, the obligation will extend to laptops. The new law, adopted by plenary on Tuesday with 602 votes in favour, 13 against and 8 abstentions, is part of a broader EU effort to reduce e-waste and to empower consumers to make more sustainable choices.

Under the new rules, consumers will no longer need a different charger every time they purchase a new device, as they will be able to use one single charger for a whole range of small and medium-sized portable electronic devices.

Regardless of their manufacturer, all new mobile phones, tablets, digital cameras, headphones and headsets, handheld videogame consoles and portable speakers, e-readers, keyboards, mice, portable navigation systems, earbuds and laptops that are rechargeable via a wired cable, operating with a power delivery of up to 100 Watts, will have to be equipped with a USB Type-C port.

All devices that support fast charging will now have the same charging speed, allowing users to charge their devices at the same speed with any compatible charger.

I think it’s a safe bet that Tim Cook and company are not happy about this as they’ve resisted calls from their users to switch from Lightning to USB-C for years. Even though it’s pretty clear that Lightning is dead as well as dead slow. But I for one am very happy about this as it will finally force Apple to join everybody else in 2022 with a USB-C port on their phone. Though I can see a scenario where Apple may either try to fight this, or get rid of all ports on iPhones just to make a point. But I suspect that we’ll see soon enough. Starting with Apple trotting out one of their press minions to comment about how this stops innovation.

1 Comment »

« Older Entries