AI + ML

I am not a number! I am a free agent (that just happens to have a number)

Estonia plans to allow AI agents to have their own digital identities so they can act on behalf of people in a way that can be verified and audited.

The initiative, backed by the country’s Eesti.ai advisory board, calls for the development of ID codes that AI agents can use to take actions, subject to some unspecified authorization and task delegation process.

Academics and corporate technical folk have already made related proposals in recognition of the absence of agentic technical infrastructure. Last month, researchers under the flag of OWASP proposed the Agent Name Service for agent discovery and interoperability. DNS for AI Discovery is another such project.

But these have more to do with platform plumbing while Estonia, known for its embrace of technology, is more focused on permission and punishment. Establishing digital identities for AI agents and authorizing limited powers will help avoid scenarios where individuals are required to delegate broad authority to an agent at the expense of their rights, the government says.

“In the future, AI will increasingly carry out digital tasks on our behalf, compiling reports, preparing declarations or interacting with information systems,” said Prime Minister Kristen Michal in a statement. “To that end, it must be clear who is acting on whose behalf with what rights, and who is ultimately responsible.”

By taking this step, Estonia casts itself as “first country to create digital identities for AI agents.” 

Two weeks ago, Argentina’s President Javier Milei endorsed a similar idea, legislation to allow “non-human corporations,” managed by software, with limited liability. 

“Limited liability is not a luxury for such entities; it is a precondition for their existence,” Milei wrote in a Financial Times op-ed.

Several decades ago, IBM took a similar line on liability but reached the opposite conclusion about automated decision making: “A computer can never be held accountable, therefore a computer must never make a management decision.” 

Despite the citation of that passage from IBM’s 1979 Training Manual in a 2025 blog post, Big Blue’s designated author Doug Bonderud sounds less certain about the impermissibility of AI action these days.

“Should AI be used for management decisions?” he mused. “Maybe. Will it be used to make some of these decisions? Almost certainly.”

While governments work on legal changes that will allow AI agents to operate, private sector companies are already taking a stance, at least with respect to external AI agent usage by customers.

Target Corporation earlier this year revised its Terms & Conditions with a section titled Agentic Commerce and Delegated Access. It states, “Purchases and other actions taken by an Agentic Commerce Agent that you have authorized are considered transactions authorized by you.”

American Express meanwhile has taken the opposite tack by assuming liability for errant agentic commerce. “In the future, if a Card Member authorizes an AI agent to make a purchase and that agent sends American Express the customer’s authenticated purchase intent, American Express will protect eligible customers from charges related to AI agent error,” the company said in April when it introduced its agentic commerce developer kit.

In a pre-print paper last year titled “AI Agents and the Law,” Georgia Institute of Technology professors Mark Riedl and Deven Desai observe that once AI agents have the ability to act in a way that changes the state of the world – e-commerce transactions as opposed to output that requires human interaction for effect – concerns about harm become more pressing.

They note that while the law is well equipped to deal with conflicts arising from human agents, it’s not well-suited to the possibilities of software agents.

“Put simply, although computer science and law have similar notions of agents, a software agent is not the same as a human agent,” they write “For example, agency law disciplines agents by imposing legal liabilities on agents when they misbehave. Human agents can face financial and even criminal penalties; that is not so for software agents.”

To date, AI companies have done their best to limit liability for AI harms. But they’ve not been entirely successful: A Canadian court held Air Canada liable for bad chatbot advice, and a German court held Google liable for inaccurate AI Overview content.

It may be a while before the rules for AI agents get hammered out and harmonized to whatever extent is possible. But in the interim we’ll at least have digital identifiers to call out bad agents by name. ®

from the global-surveillance dept

The internet is an essential resource for young people and adults to access information, explore community, and find themselves—both inside countries and across continents. Yet governments around the world continue to introduce and implement legislation requiring all online users to verify their ages before accessing the digital space. In some cases, politicians are going further, putting forth proposals to ban social media for younger users.  

In late 2025, Australia’s government rolled out the first complete ban on users under 16 from having social media accounts. In this sweeping regime, platforms are required to introduce age assurance tools to block under-16s, demonstrate that they have taken “reasonable steps” to deactivate accounts used by under-16s, and prevent any new accounts being created, or face fines of up to 49.5 million Australian dollars ($32 million USD). The 10 banned platforms—Instagram, Facebook, Threads, Snapchat, YouTube, TikTok, Kick, Reddit, Twitch, and X—have each said they’ll comply with the legislation, which led to young people losing access to their accounts overnight. Reddit is currently challenging the law in Australian courts on constitutional grounds. Recent research notes how the ban is preventing teenagers from accessing news in the country. 

In the United Kingdom, rules took effect in mid-2025 under the Online Safety Act that require all online services available in the country to assess whether they host content considered harmful to children; if so, these services must introduce age checks to prevent children from accessing such content. Online services are also required to change their algorithms and moderation systems to ensure that content defined as harmful, like violent imagery, is not shown to young people. 

This approach is reckless, short-sighted, and we’ve already seen it introduce more harm to the young people that it is trying to protect. The UK’s scramble to find an effective age verification method shows us that there isn’t one, and we’ve spent years urging UK politicians to abandon any measures that require platforms to collect data or remove privacy protections around users’ identities. 

Earlier this year, Indonesia’s Communications and Digital Affairs Minister, Meutya Hafid, announced that users under 16 would have their accounts on “high risk” platforms deactivated from 28 March. The platforms subject to this ban are YouTube, TikTok, Facebook, Instagram, Threads, X, Bigo Live, and Roblox; with Hafid noting how this policy would make Indonesia “the first non-Western country to delay children’s access to digital spaces according to age.”

Similarly, the Malaysian government has recently pushed forward with plans to ban users under 16 from having accounts on social media platforms with at least 8 million users in Malaysia, including Facebook, Instagram, TikTok, and YouTube. Users under the age of 16 are being told to download or transfer their data from these platforms in one month before the restrictions are applied. Platforms failing to comply with the ban may face penalties of up to $2.5 million USD.

In Latin America, Brazil approved a new law in 2025 establishing that providers of information technology products and services directed to children and teenagers, or likely to be accessed by them, must conduct age checks when their products and services offer risks to underage users. Regulation requires age assurance for products and services that are not allowed for children and adolescents in accordance with Brazilian legislation. App stores and operating systems are required to provide age signals for other providers. 

While the law is already in force, full compliance with its obligations is expected for early 2027, after the approval of further regulations and a transition period, and the authority responsible for enforcing the law is the Brazilian National Data Protection Agency. The list of concerns regarding the implementation of the law include: the wide scope of products and services that may fall within age-check obligations, how these obligations can affect non-proprietary operating systems and free software projects, and how effective the law’s crucial data protection safeguards will be in a context of likely widespread age checks for accessing content online.

Similarly, the European Union has taken large steps towards mandatory age verification that could undermine privacy, expression, and participation rights for everyone. Politicians are promoting an EU-wide approach to age verification through its age verification “app,” which will be fully interoperable with the Digital Identity Wallet. While this mini-app has been announced as technically ready to be rolled out “for citizens to use,” it comes with its own realm of potential privacy and security concerns, such as long-term identifiers (which could result in tracking) and over-exposure of personal information. 

The European Commission also supports age verification in various legislative initiatives, from proposals that would allow or mandate companies to scan our communication (“Chat Control”) to non-binding guidelines of existing laws, such as the Digital Services Act. The EU Parliament, too, has proposed an EU digital minimum age of 16 for access to social media, a move that aligns with EU Commission’s president Ursula von der Leyen’s recent public support for measures inspired by Australia’s model. To all these initiatives EFF has provided one consistent response: mandatory age verification measures are not the right way to protect young people. 

These proposals restrict the fundamental rights of young people to speak to each other and to access information. They also force all internet users, not just those under a certain age, to upload private data—like a face scan or passport—in order to access a website or service. In considering the vast scope of privacy issues pertaining to the collection, storage, and sharing of this personal information, the problems of age verification in restricting free speech are compounded by these reckless and harmful approaches to verification. 

The problem of censorship and surveillance goes far beyond the borders of the internet. EFF continues to explore support for legislative and litigation challenges that recognize how these laws harm everyone’s rights to privacy, free expression and due process.

Republished from the EFF’s Deeplinks blog.

Filed Under: age verification, australia, brazil, eu, indonesia, malaysia, uk

The rising cost of RAM and storage has become a growing problem for the tech industry. Apple has largely kept those increases from affecting customers, but according to a recent Wall Street Journal report, that may be about to change.

Speaking to the publication, Apple CEO Tim Cook said price increases are now “unavoidable” as the cost of DRAM memory and NAND storage continues to climb. The surge is being driven largely by the AI boom, as cloud providers and AI companies compete for the same chips used in consumer devices. Apple has largely shielded customers from those increases so far, but Cook indicated that strategy has reached its limits.

Apple held the line longer than most rivals

Apple’s ability to avoid major price hikes has not happened by accident. The company entered 2026 with inventory secured before memory prices accelerated and used its scale to negotiate supply agreements that many competitors could not match. Earlier this year, Apple also relied on product configuration changes, such as removing lower-capacity options from some Macs, instead of directly raising sticker prices.

The challenge is becoming harder as Apple prepares a new generation of AI-focused products. Following WWDC, the company is already testing its next-generation Siri experience and broader Apple Intelligence upgrades. Those features place greater demands on memory, which helps explain why some of Apple’s most advanced Siri capabilities are currently limited to devices with higher RAM configurations.

Apple is also expected to launch new Macs and its long-rumored foldable iPhone later this year, both of which could require larger memory allocations to support increasingly capable on-device AI features. Reports have already suggested that the iPhone 18 Pro could start at around $1,399 this fall, a $300 increase over its predecessor.

AI is forcing Apple’s hand

Cook told the Wall Street Journal that Apple is willing to use its financial resources to help secure memory supply, but he ruled out building Apple-owned memory or storage manufacturing facilities. “We can’t do everything. We know what we’re good at,” Cook said. Despite Apple’s influence over suppliers, that leaves the company exposed to the same market forces affecting the rest of the industry.

With memory suppliers increasingly prioritizing AI infrastructure customers and analysts warning that shortages could persist into 2027, Apple’s long streak of absorbing those costs may finally be coming to an end.

China’s top diplomat Wang Yi announced on Wednesday that Beijing is “accelerating the establishment of a global AI cooperation organization” and invited all countries to join. The comments came as the G7 summit in France wrapped up with discussions about giving “trusted partners” access to leading US AI models, according to Reuters. Two competing visions of AI governance are now diverging in public.

Wang was speaking at the release of China’s global governance whitepaper, which criticised trade wars and emphasised support for the Global South. Vice chair Zhao Haibing of China’s top economic agency pushed back on “closed, exclusive and monopolistic approaches to tech development.” The language was aimed directly at Washington.

The timing is deliberate. The US Commerce Department ordered Anthropic to shut down Fable 5 and Mythos 5 last week, cutting off every foreign user. Anthropic and Google DeepMind used the G7 to call for a US-led AI coalition that would set international rules. Canada agreed. China was not invited.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The contrast in approaches is stark. US AI models are subscription-only and increasingly subject to export controls. China’s efforts have focused on cheap or free models that can be downloaded in their entirety. DeepSeek, Qwen, and other Chinese open-weight models are available to anyone with an internet connection. The Global South, which cannot afford enterprise AI subscriptions and was not consulted on the G7’s “trusted partner” framework, has a clear choice between the two.

China is routing its AI diplomacy through existing multilateral bodies. Wang pointed to cooperation through BRICs and the Shanghai Cooperation Organisation. Zhao cited China’s “AI Capacity Building for All” initiative, support for the UN in leading global AI governance, and programmes to help developing countries with technology and talent.

The US and China said last month they would work on AI guardrails together, but few details have emerged. President Xi Jinping proposed a “Global Governance Initiative” at the SCO last summer. Premier Li Qiang announced the global AI cooperation organisation at a Shanghai conference in July 2025, just days after the Trump administration released its own AI action plan supporting US tech development overseas.

The structural split is now visible. The US is building an alliance of wealthy democracies with controlled access to its most powerful models. China is building data exchanges, exporting governance via the Digital Silk Road, and treating AI distribution as a geopolitical tool. For the 6 billion people who live outside the G7, the question is not which system is better. It is which system shows up first.

Tesco is also dealing with migration challenges related to data security because its new, unnamed virtualization software is incompatible with the Veeam and Zerto products it uses.

“Manifestly unfair and excessive” price hike

Tesco initially requested at least 100 million pounds (about $133.6 million) in damages each from Broadcom, VMware, and reseller Computacenter, plus interest.

In its recent filings, Tesco said it turned down at least four offers from Broadcom to continue using VMware and Broadcom’s mainframe tech. One offer charged $23.5 million (about 17.6 million pounds) for VMware Cloud Foundation 9.0 and mainframe software and support services for a year, The Register reported. Tesco said that was “around 175 percent” more expensive than what it believes it should have had to pay for VMware and a 350 percent price hike for the mainframe offerings. The prices were “manifestly unfair and excessive,” one of Tesco’s filings said, according to The Register.

In an amended defense, Broadcom denied that the price hike was unfair, The Register reported. Additionally, Broadcom argued that it shouldn’t have to pay damages in relation to Tesco struggling to find VMware and Broadcom alternatives before Tesco’s support expired, as the retail firm has since found replacement products.

The case is expected to go to court between November 1, 2027, and February 25, 2028, The Register reported. Afterward, it could go to trial.

Although the companies will continue their dispute in UK courts, the disagreement mirrors frustrations that VMware customers and partners around the world have expressed since Broadcom bought VMware. With users often being heavily dependent on VMware products, many have delayed or avoided migration or are only moving some workloads, due to complications around cost, time, support, and compatibility.

Still, virtualization rivals, like Hewlett Packard Enterprise and Nutanix, have been making aggressive pushes to attract disgruntled VMware users.

Simultaneously, Broadcom has stuck to its VMware strategy and has reported financial success, especially among its target of large enterprises. It has also dealt with other public legal disputes with large customers, including AT&T, with which it reached an undisclosed settlement, and Siemens, which Broadcom accused of software pirating in an ongoing case in the US District Court for the District of Delaware.