The SITuation, with Dr Erin Young Geopolitical turbulence, EU AI Action Plan, and cybersecurity

Global turbulence: volatility breeds (tech) uncertainty  

Every twist and turn in this month’s tariff saga left me wondering how to cover it, given the next U-turn could be imminent. Although smartphones, computers and other electronics including semiconductors appeared exempt from the tariffs (including the 145% tariffs on Chinese goods), President Trump has said that they’re “just moving to a different tariff ‘bucket’”, with details pending. At the time of writing, it seems that chip tariffs may be looming. Rumours also swirled that UK and EU regulations designed to protect citizens from online harms and foster competition might have been on the negotiating table. Things have outwardly calmed somewhat – for now – with deal negotiations underway during the 90-day pause. But a bigger message is clear: trade tensions and geopolitical upheaval are driving uncertainty across the science, innovation and technology landscape; uncertainty which won’t easily be unwound.

The era of peak globalisation, and how this shaped tech development and diffusion, appears to be ending. Governments globally, with the US an extreme case, are adapting to this shifting paradigm where national resilience, protectionism and sovereignty are prioritised over cross-border cooperation. (Note, however, that the US push for domestic production of advanced technologies doesn’t seem to factor in the complexities, cost and how long it would actually take). For directors and investors who built careers in a globalised world, this is unfamiliar and unstable territory. The global economy may eventually settle into new regional alliances – but for now, uncertainty is a defining condition. Businesses must revisit their assumptions, investments and crucially, supply chains. The modern tech ecosystem has been built on globalised supply chains and the relatively free movement of components, materials and services across borders. Trade chaos now threatens these foundations precisely as tech giants are committing unprecedented capital to AI and other frontier technologies.

The instability has spooked investors and disrupted production, potentially stifling the very innovation the policies aim to stimulate – including in the UK, where reliance on US tech remains. Uncertainty breeds risk aversion, slower deal cycles, and fewer bold investments and collaborations – not to mention the knock-on impacts from US- or China-dependent supply chains (see the Apple and Nvidia dramas). So, how is the UK government riding the waves? With a “calm and steady” approach, hoping to stay on good terms with both the US and EU in attempts to buffer against some of the world’s raging economic, political and technological tides. Buckle up…

When a(n AI Action) Plan comes together in Europe 

For over two decades, digital technology – and more recently frontier AI – development has increasingly been concentrated geographically in a few areas in the US, and ever more in China. While Europe has world-class researchers and vibrant startup communities, producing some incredibly innovative unicorns, it hasn’t developed a tech hub to rival Silicon Valley. Not one European tech company ranks in the global top 20 by market cap. Instead, Europe has staked out a position as the leading digital rule-maker, developing policies and laws governing data privacy, online competition, and content moderation and AI. But amid shifting geopolitical tides, with questions mounting around the reliability of the US as a close ally, especially on defence and climate – as well as in the wake of the Draghi Report on the future of European competitiveness – the EU is rethinking its approach. (See Policy Advisor Emma’s recent EU Affairs blog on ‘Dealing with the US’).

Enter the European Commission’s newly published ‘AI Continent Action Plan’, detailing an ambitious new European AI ecosystem. €200 billion has been earmarked for AI investment, with €20 billion dedicated to AI Gigafactories to scale the EU’s public compute infrastructure to support foundation model training and development. The Plan also includes AI Factories for use by startups, scaleups and SMEs, a new data sharing strategy, a commitment to clearer guidance and streamlined compliance for the AI Act, and new education, training and talent programmes.

So, how far behind is Europe in the so-called AI race? I discussed this in detail on a recent IoD Directors’ Briefing podcast. While the US and China has established early dominance in frontier AI innovation, Europe seems to remain stuck in a ‘middle technology trap’ focussed on traditional legacy sectors. As such the European digital landscape is dominated by US firms; US companies make up two-thirds of the European cloud market, a key element of the AI value chain. Europe produces only 8% of the world’s semiconductors. Research by McKinsey suggests that European organisations lag behind their US counterparts on AI adoption by 45-70%. Why? Factors include differences in startup and scaleup capital deployment and investment priorities (since 2022, >90% of LLM-related funding has taken place outside of Europe, with US institutions producing 40 ‘notable AI models’, China 15, and Europe just 3), energy costs, access to talent, regulatory environments, R&D commercialisation, cultural attitudes to risk, and the European fragmented market.

The AI Continent Action Plan is a bold re-positioning on AI for Europe, echoing the UK’s own Action Plan (which I discussed in my last blog post). Both plans signal a strategic shift from prioritising AI safety and risk mitigation, towards investment, development and innovation. This mirrors the broader global moves towards national self-sufficiency, independence and sovereignty (even if capturing an entire AI supply chain may be a distant or even impossible dream). The EU’s Plan has been widely welcomed. Many are praising its alignment with European values, and its reimagining of what European innovation at scale could look like, building on industrial and scientific strengths. However, the Plan also faces criticism, with some arguing that it overly mimics Big Tech’s large-model, data-hungry, compute-intensive line, neglecting more frugal, bespoke AI approaches. Others have also questioned its reliance on hyped yet vaguely-defined terms like AGI, the environmental impact, and its implicit assumption that AI is inherently useful – overwhelming a more nuanced approach considering different AI technologies, their limitations and where application value lies.

Since the US and China are already dominant first-movers, perhaps Europe’s best bet isn’t to try to be a fast-follower, but to focus on AI diffusion – strategic cross-economy AI adoption – where long-term value may ultimately concentrate. This came up at a recent House of Lords roundtable to which I was invited, “Building a Collaborative Roadmap: Addressing Key Industry and Policy Challenges in Technology for Social Purpose”, which brought together industry leaders, policymakers and academics in a nuanced discussion on the challenges around AI development, deployment and diffusion. Indeed, doesn’t the sweeping, generalised AI discourse make policymaking and implementation globally more difficult?

A busy month for UK cybersecurity 

While the US is flexing its trade muscles and Europe is plotting an AI renaissance, the UK has been more quietly pushing forward on cybersecurity – and with good reason. This month saw the release of the UK Cyber Security Breaches Survey 2025, commissioned by the Department for Science, Innovation and Technology (DSIT) and the Home Office. While the survey found that fewer UK businesses reported cybersecurity breaches or attacks (43%, down from 50% last year), cybercrime remains high. The drop was largely attributed to fewer phishing incidents among small businesses, but ransomware incidents are on the rise: 1% of all UK businesses reported being targeted by ransomware this year, compared with <0.5% in 2024. This suggests a rise in more complex cyber threats. Forms of AI have long been used to bolster cyber defences, but as systems scale, new capabilities present new and enhanced threats. 78% of Chief Information Security Officers (CISOs) believe AI is already having an impact on cybersecurity, according to recent research by Darktrace. AI agents (also discussed in my last blog post), for example, could soon be used to execute more sophisticated, frequent and costly cyberattacks.

The launch of the Cyber Governance Code of Practice by DSIT earlier this month is a welcome step. Co-designed with the National Cyber Security Centre (NCSC) and governance experts including members of the Institute of Directors, the Code focuses on the actions that boards and senior leaders should take to govern and build resilience to cyber risks across their organisation. The framework covers accountability for cyber risk across five domains: risk management, strategy, people, incident response and recovery, and assurance – and makes it clear that cyber is a board-level issue. The Code forms part of the government’s free package of support on cyber governance. This also includes Cyber Governance Training, which helps boards and directors to strengthen their understanding of why and how to govern cybersecurity risks; complimentary cybersecurity codes of practice (aligned with Cyber Essentials which provides baseline controls for cyber risk management); and the Cyber Security Toolkit for Boards, which supports boards in implementing the actions set out in the Code. (Watch this space for further collaboration between DSIT and the IoD on this!).

These initiatives also pave the way for the Cyber Security and Resilience Bill, expected in Parliament later this year. Secretary of State for Science, Innovation and Technology Peter Kyle MP said the Bill will aim to “boost the protection of supply chains and critical national services, including IT service providers and suppliers”. Proposed measures include expanding regulatory scope, improving incident reporting, and enhancing regulators’ powers to better identify systemic vulnerabilities. Incidents such as the recent cyberattack on M&S underscore the urgency of strengthening cyber resilience across UK businesses.

Bytes of Insight 

AI Energy Council launched: Co-chaired by the UK Technology and Energy Secretaries, the new Council brings together tech and energy leaders and aims to ensure the UK’s energy system can support AI and compute infrastructure ambitions sustainably. Important reminder: AI uses a lot of energy, and British electricity prices are among the highest in Europe.

Stanford AI Index: The latest annual AI Index report from Stanford’s Institute for Human-Centred AI (HAI) shows growing global AI affordability and adoption, with China closing the model performance gap with the US. (See also ‘AI 2027’ for hypothetical scenarios on AI’s trajectory).

Happy World Quantum Day: To celebrate, the UK Government announced £121 million of investment in a range of quantum projects under the National Quantum Technologies Programme.

Playing (Big Tech) Monopoly: A US judge has ruled that Google has an illegal monopoly in ad tech. Google is also facing a class action lawsuit in the UK over alleged price inflation. Meanwhile, the EU has fined Apple €500 million and Meta €200 million under the Digital Markets Act – and Zuckerberg has testified in a landmark antitrust case brought against Meta by the US Federal Trade Commission.

Shopify’s AI memo: A leaked internal memo from Shopify CEO Tobias Lütke, in which he states “Using AI effectively is now a fundamental expectation of everyone at Shopify”, has quietly gone viral in executive circles.