All news in category “Regulation and Policy Brief”

🔒 Cambodia has enacted the Law on Combating Online Scams, effective immediately, imposing steep penalties for organisers of scam compounds. The law threatens ringleaders with 5–10 years imprisonment and fines up to $250,000, escalating to 10–20 years and larger fines where violence, forced labour, or trafficking are involved. It also shields coerced victims from prosecution.

🔒 Mike Masnick argues the New Mexico court ruling against Meta applies a troubling 'design choices create liability' framework that could undermine end-to-end encryption. The state used Meta's 2023 decision to add E2EE in Messenger as evidence that the company 'shielded' predators, and is seeking court-ordered changes to 'protect minors from encrypted communications.' The ruling risks forcing companies to weaken security features and stop documenting internal safety tradeoffs.

🔒 The Executive Branch has determined that foreign-made consumer routers create a supply-chain vulnerability and pose a severe cybersecurity risk that could disrupt U.S. critical infrastructure and harm U.S. persons. Any new router manufactured outside the United States must receive FCC approval before it can be imported, marketed, or sold; approval requires disclosure of foreign investors or influence and a plan to shift manufacturing to the U.S. Certain devices may be exempted by the Department of Defense or DHS, though neither agency has listed exceptions yet. Existing home routers do not need to be discarded, and market impacts may favor companies able to produce domestically, such as Starlink, while vendors like Netgear—which manufactures abroad—face new compliance and cost pressures.

🛡️ The 2026 U.S. Cyber Strategy for America largely reiterates longstanding White House cyber priorities but adopts a noticeably more aggressive tone. One sentence — “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.” — reads like an explicit invitation for corporate hackback. The author argues this is a dangerous and ill-considered idea because it risks misattribution, vigilantism, extrajudicial punishment, and escalation rather than strengthening security.

🔒 The FBI has issued a public service announcement warning Americans about privacy and data-security risks posed by foreign-developed mobile applications, particularly those maintained by Chinese companies. The bureau says some apps may collect extensive personal data — even when only active — and may store information on servers in China or require consent to share data. The FBI recommends disabling unnecessary sharing, updating device software, and installing apps only from official app stores.

🔒 Kent Walker, Google's President of Global Affairs, outlined how rapidly evolving user expectations are shaping AI development at the IAPP Global Summit 2026. He highlighted Personal Intelligence in Search and the Ukraine national assistant Diia.AI as examples of context-aware, task-oriented assistants. Google’s rollout approach emphasizes trusted testers, staged expansion, continuous feedback, and clear controls over agents’ access, while applying guardrails such as Gemini avoiding proactive assumptions. Walker urged investment in privacy-enhancing technologies, new transparency models, and global standards to align data protection with these innovations.

📞 The Information Commissioner’s Office (ICO) fined Birmingham-based monitored alarm provider TMAC £100,000 after staff used false identities on marketing sales calls and the firm made over 260,000 calls to numbers registered on the Telephone Preference Service. The ICO said TMAC deliberately targeted individuals over 60 between February and September 2024, impersonating local crime and fire prevention initiatives to trick recipients. The regulator stressed these actions breached the Privacy and Electronic Communications Regulations and highlighted the importance of public reporting in enabling enforcement.

🚨 The UK has imposed sanctions on the China-based cryptocurrency marketplace Xinbi, accusing it of enabling large-scale scam operations across Southeast Asia and facilitating crypto laundering. Authorities say Xinbi, which reportedly handled over $19.7 billion of inflows, sold victim data and traded satellite internet equipment used to contact targets. The action targets Xinbi and related firms and individuals linked to the Prince Group and #8 Park, and includes plans to freeze London properties.

🚫 The UK’s Foreign, Commonwealth and Development Office has sanctioned Xinbi, a Chinese-language marketplace accused of selling stolen personal data and satellite internet equipment to Southeast Asian scam networks and assisting North Korean actors with cryptocurrency laundering. Chainalysis links Xinbi to over $19.9 billion in transactions from 2021–2025. The measures also target #8 Park and operator Legend Innovation Co, aiming to sever Xinbi from legitimate crypto services and disrupt payments to scam centers.

🗳️The December Trump executive order constrains state AI regulation by directing federal lawsuits and withholding funds from states that attempt limits, effectively prioritizing industry interests over local consumer protections. Polling in 2025 shows broad bipartisan support for greater state and federal oversight, yet the order reshapes political fault lines ahead of the midterms. Candidates may use AI as a wedge—highlighting job displacement, datacenter opposition, and corporate concentration—while organizers work to broaden the debate beyond local fights.

🔒 The FCC has banned the import and sale of all consumer-grade internet routers manufactured in foreign countries, saying they pose an 'unacceptable risk' to US national security. The rule, announced on 23 March, allows only devices with conditional DoD or DHS approval, effectively blocking most future consumer models because many are made abroad. The agency cited incidents such as the Volt, Flax and Salt Typhoon attacks, while industry experts caution that governance, patching and lifecycle management — not just country of origin — drive much of the risk.

🔔 Sen. Ron Wyden warned on the Senate floor that a classified, previously undisclosed interpretation of Section 702 is affecting Americans’ privacy and has been withheld from public and congressional debate. He raised the issue while opposing the nomination of Joshua Rudd to lead the NSA, citing Rudd’s unwillingness to accept basic constitutional limits on surveillance. Wyden said he has repeatedly asked administrations to declassify the matter and is still awaiting a response from DNI Gabbard. He urged Congress to openly debate the matter before Section 702 is reauthorized.

🔒 The FCC announced a ban on imports of new foreign-made consumer routers, citing unacceptable cyber and national security risks after an Executive Branch determination. New models are placed on the Covered List unless granted Conditional Approval by the Department of War or DHS; Starlink routers are exempt. Existing customer-owned devices and previously authorized models remain legal to use and sell.

🔒 The FCC has expanded its Covered List under the Secure and Trusted Communications Networks Act to include all consumer routers manufactured outside the United States, effectively banning the sale of new foreign-made models. The move follows a National Security Determination that identified foreign-produced routers as a significant supply-chain threat and cited recent compromises linked to groups such as Volt, Flax, and Salt Typhoon. The agency permits limited exemptions and an alternative approval path for vendors that transparently disclose ownership, manufacturing, and supply-chain details and commit to onshoring critical component production. Existing routers remain available, but consumers may face reduced model availability and higher prices as certification adds time and cost.

🔐At a Royal United Services Institute event reviewing the Cyber Monitoring Center’s first year, Ciaran Martin questioned whether the UK’s £1.5 billion loan guarantee to Jaguar Land Rover set an unfortunate precedent. He urged a clearer framework — whether compulsory insurance, tax incentives, or defined triggers for state intervention — instead of ad hoc bailouts. Tracey Paul of Pool Re warned of a growing cyber insurance protection gap and argued structured public‑private partnerships are needed to bridge it. Analysts cautioned that blanket government backstops risk creating moral hazard and reducing investment in cyber resilience.

🚨 The head of the UK's National Crime Agency, Graeme Biggar, warned at the launch of the NCA's National Strategic Assessment that online platforms and algorithms are 'radicalizing' teenagers into cybercrime, alongside other harms. He said technology is reshaping crime and that tech companies must take responsibility. Biggar highlighted rising UK-based attackers, surges in online fraud and sextortion, and the creation of the Online Crime Centre to speed data sharing across government and industry.

🔒China is planning to develop national post-quantum cryptography standards within three years, prioritizing finance and energy for early migration. Chinese experts say they favor structureless lattice algorithms over the algebraic lattice designs adopted elsewhere, arguing better long-term security. Organizations should begin hybrid deployments now to reduce 'harvest now, decrypt later' risk and to maintain flexibility for future compliance.

🔒 The FCA has issued clarified rules on reporting cyber-related incidents and supplier outages to give firms greater certainty about what to report and when. The update creates a streamlined regime coordinated with the PRA and the Bank of England, introduces a single reporting portal, removes duplicated reporting for payment service providers and credit rating agencies, and refines required information so most firms can use a short form. Firms have 12 months to prepare; the changes take effect on 18 March 2027.

🔒The Trump administration's ban on Anthropic as a supply-chain risk forces CISOs to locate, isolate, and potentially remove a specific AI model across complex environments. The Pentagon memo gives 180 days and requires contractor certification, but enterprises lack comprehensive inventories and visibility into AI usage. Experts debate whether existing SBOM methods suffice and warn that removal can be disruptive without careful governance.

🚨 The U.S. Department of the Treasury's Office of Foreign Assets Control has sanctioned six individuals and two entities tied to a DPRK-run IT worker scheme that secured remote jobs, stole data, and funneled salaries back to North Korea to finance weapons programs. The operation—tracked as Coral Sleet/Jasper Sleet (also called PurpleDelta/Wagemole)—used stolen identities, fabricated personas, VPN services, and AI-enabled tools to conceal origins, launder funds, and deploy malware or extort victims. OFAC named Amnokgang Technology Development Company and several facilitators, currency converters, and account enablers; security firms and Microsoft warn the campaign leverages Astrill VPN, AI faceswaps, agentic LLM misuse, and offshore operations to maintain persistent, low-cost access.