Tech Republic

The U.S. Department of Health and Human Services issued a proposed rule on Jan. 6 to improve cybersecurity and better protect the U.S. health care system from a growing number of cyberattacks. The latest proposed amendments to the Health Insurance Portability and Accountability Act represent the department’s first major updates since 2013, addressing some of the most pressing cybersecurity challenges. However, they also highlight areas where further innovation is needed to protect sensitive patient information in an increasingly interconnected world. If finalized, these amendments will impose stricter requirements on HIPAA-covered entities — such as health care providers and insurers — and their business associates, emphasizing proactive cybersecurity measures. Stakeholders are encouraged to review the proposed changes and submit comments by March 7. 1 Semperis Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Large, Enterprise Features Advanced Attacks Detection, Advanced Automation, Anywhere Recovery, and more 2 ESET PROTECT Advanced Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Advanced Threat Defense, Full Disk Encryption , Modern Endpoint Protection, and more 3 ManageEngine Log360 Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise Features Activity Monitoring, Blacklisting, Dashboard, and more New measures aim to protect data security — but companies still have work to do The proposed HIPAA Security Rule introduces mandatory measures that reflect the growing sophistication of cyber threats. These include end-to-end encryption, which ensures electronic Protected Health Information remains unreadable to unauthorized users throughout its lifecycle. Multi-factor authentication has also become mandatory for systems containing ePHI, balancing robust security with the operational demands of clinical settings. Additionally, continuous monitoring would replace periodic risk assessments, enabling organizations to proactively identify and address potential threats through automated systems that track access and maintain detailed audit logs. While these measures bolster defenses, they primarily focus on internal systems, leaving c gaps in third-party interactions and global data-sharing practices. SEE: China-Linked Cyber Threat Group Hacks US Treasury Department Addressing third-party risks Modern health care ecosystems depend on sharing sensitive content with vendors, subcontractors, and research collaborators. However, this approach introduces substantial risks. Research shows that nearly four in 10 health care organizations share sensitive content with 2,500 or more third parties. Centralized systems with encryption and access controls are essential for managing data exchanges securely. These platforms provide visibility into external data handling while enforcing consistent security measures. Clear third-party agreements are critical in mitigating risks by outlining specific security protocols, breach responses, and reporting requirements. Regular audits and real-time monitoring further strengthen defenses, helping organizations detect and address vulnerabilities promptly. Even a minor breach in one entity can expose the entire network to significant threats without such measures. Global research collaborations add another layer of complexity, requiring alignment with international standards such as GDPR. Policies safeguarding cross-border data sharing ensure sensitive information is protected across jurisdictions, enabling organizations to maintain compliance and collaboration in an interconnected health care landscape. Must-read security coverage Leveraging AI for compliance and cybersecurity Artificial intelligence holds transformative potential for cybersecurity — but its integration into HIPAA compliance remains underexplored. AI can monitor systems in real time, detect anomalies in file and email sharing, file transfer, and other sensitive content communication channels, and analyze historical data to anticipate and counter emerging threats. Predictive threat modeling and automated compliance tools simplify documentation and generate actionable insights. Clear regulatory standards are needed to harness AI’s potential. This includes validation protocols and ethical guidelines for its deployment. Integrating AI-driven solutions with existing security frameworks will enhance compliance and create a dynamic and adaptive defense against evolving cyber threats. SEE: Timeline: 15 Notable Cyberattacks and Data Breaches How AI plays a role in detecting and addressing cyber threats Real-time monitoring has significantly improved data security, but its effectiveness depends on integrating advanced technologies. Centralized audit logs are crucial, offering a consolidated view of data access and changes, which supports continuous monitoring and incident response. By maintaining detailed records, organizations can quickly detect and address anomalies. AI plays a pivotal role in enhancing these efforts. Machine learning algorithms dynamically analyze risks, identifying potential vulnerabilities before they escalate. AI can also detect patterns indicative of data misuse or unauthorized collaboration, ensuring proactive threat mitigation. Additionally, blockchain technology complements these efforts by providing immutable records that enhance transparency and accountability. Together, these innovations create a robust framework for continuous monitoring, making systems more resilient to sophisticated cyberattacks. Bridging the gaps in compliance Despite progress, several compliance challenges persist. Smaller providers often face difficulties in creating comprehensive documentation due to limited resources. The absence of standardized benchmarks across the industry leads to inconsistencies, while the lack of uniform reporting frameworks complicates audit processes. Centralized audit logs are key to addressing these gaps. Audit logs provide clear, actionable insights into data access, usage, and potential vulnerabilities by consolidating all compliance-related activities into a single system. These logs enable organizations to streamline reporting, ensure consistency, and simplify compliance audits by offering a transparent, real-time view of all activities. To further enhance compliance, organizations should adopt platforms that integrate automated reporting tools and dashboards with these audit logs. Real-time assessments and AI-driven analysis can identify anomalies and help prevent compliance breaches. Collaboration with trusted technology providers can also result in tailored solutions that address specific security and compliance challenges. By centralizing compliance management and leveraging technology, health care organizations can build scalable frameworks that align with regulatory requirements and enhance overall data protection. Ample patient-centric benefits of cybersecurity Stronger cybersecurity measures do more than prevent breaches; they foster trust. Patients are more likely to engage with providers who are committed to protecting their data. This trust supports broader innovations, such as personalized medicine and real-time health monitoring, ultimately enhancing the quality of care. Health care organizations can achieve operational

The Linux Foundation announced on Thursday a fund to support and organize open projects to build Chromium-based browsers. The Supporters of Chromium-Based Browsers now accepts new members. “With the launch of the Supporters of Chromium-Based Browsers, we are taking another step forward in empowering the open source community,” said Jim Zemlin, executive director of the Linux Foundation, in a press release. “This project will provide much-needed funding and development support for open development of projects within the Chromium ecosystem.” Many browsers, including Arc, Microsoft Edge, and Opera, use Google’s Chromium as their underlying infrastructure. Interested potential partners can apply with the Linux Foundation. What’s hot at TechRepublic What is the Supporters of Chromium-Based Browsers group? The purpose of the Supporters of Chromium-Based Browsers group is to “provide a neutral space where industry leaders, academia, developers, and the broader open source community can work together to support projects within the Chromium ecosystem,” the Linux Foundation wrote. As such, the group will “remove barriers to innovation, expand adoption, and ensure that projects within the Chromium ecosystem receive the resources they need to thrive.” Google, Meta, Microsoft, and Opera have endorsed the Supporters of Chromium-Based Browsers. The initiative will be a “neutral space” for “industry leaders, academia, developers, and the broader open source community,” the Linux Foundation said. Nothing will change about existing Chromium products as a result of this announcement, according to the Linux Foundation. Instead, the Supporters of Chromium-Based Browsers will be a new group within the Linux Foundation, following an “open governance model,” the foundation said. In addition, a technical advisory committee will shape the development of the initiative and align it with the needs of the larger Chromium community. “This initiative aligns with our commitment to the web platform through meaningful and positive contributions, engagement in collaborative engineering, and partnerships with the community to achieve the best outcome for everyone using the web,” said Meghan Perez, vice president of Microsoft Edge, in the press release. SEE: The U.K.’s competition regulator probed Apple in November regarding the dominance of the WebKit browser engine required on iOS. “With the incredible support of the Linux Foundation, we believe the Supporters of Chromium-Based Browsers is an important opportunity to create a sustainable platform to support industry leaders, academia, developers, and the broader open source community in the continued development and innovation of the Chromium ecosystem,” said Parisa Tabriz, vice president of Chrome, in the press release. Google will continue to contribute to Chromium Chromium was released alongside proprietary browser Chrome in 2008 as an open-source framework option. The creation of the Supporters of Chromium-Based Browsers comes within months of the U.S. government ordering Google to divest from Chrome to prevent a monopoly. While the Supporters initiative is not linked directly to the divestiture, it does provide some structure for Chromium going forward. Google makes the majority (about 94 percent) of contributions to Chromium, according to a Jan. 9 blog from Chrome. “Others” and the open source cooperative Igalia are distant second and third top contributors. “While we have no intention of reducing this investment, we continue to welcome others stepping up to invest more,” the blog states. Those contributions include running thousands of servers and responding to hundreds of bugs per day, Chrome said. source

Omnichannel marketing, sales, and service facilitate engagement with leads and customers through various SMS, phone, email, and social media channels. This strategy helps brands reach more potential customers while keeping the content personalized and consistently branded. Using CRM software to integrate all these channels through one hub helps users manage brand voice and generate data-driven insights for lead nurturing. 1 Pipedrive CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Calendar, Collaboration Tools, Contact Management, and more 2 Creatio CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features Dashboard, Document Management / Sharing, Email / Marketing Automation, and more 3 HubSpot CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees) Micro, Small, Medium, Large What is omnichannel? Omnichannel is a marketing, sales, and business term for integrating multiple channels to engage with customers. Channels include social media, telephony, email, SMS, and other digital platforms. Omnichannel is a customer-centric engagement strategy that focuses on the experience your customers have with your business from the beginning of a sales process through to post-sale. In terms of CRM software, omnichannel features are highly sought after to maximize customer engagement in the lead nurturing phase of the sales process. What is omnichannel marketing? Omnichannel marketing is a strategy that intentionally curates a brand experience for customers that stretches across multiple selling channels. Omnichannel marketing gives businesses more opportunities to target ideal customers directly and engage with them exactly where and how they prefer. Teams utilize CRM systems to streamline sales processes and use available add-ons for marketing functionality. For example, sales reps can take calls through the CRM, while also deploying email campaigns and creating new lead profiles from social media. With the help of the right CRM software, businesses can do all of this while also centralizing knowledge bases and providing data to support the sales team. Omnichannel vs multichannel While it might seem like omnichannel and multichannel could be interchangeable terms, there are key differences. A multichannel experience for a customer is more channel-centric and focuses on customer engagement across many channels. This experience is meant to promote and sell a product or service independently through many channels. Comparatively, an omnichannel experience is more customer-centric and focuses on customer support across many channels. Omnichannel connects different channels, devices, and platforms with the same information and adapts to the customer’s preferences based on behavior. Choosing a CRM with omnichannel features prioritizes the customer’s journey with your brand and uses data-backed customer insights to better understand marketing and sales strategy. Benefits and challenges of omnichannel The benefits of omnichannel marketing and the benefits of CRM slightly overlap in the way they both can improve the overall experience your customer has with your business. Some standout benefits include: Boosts personalization: Prioritize customer experience with personalized or targeted content that is relevant and engaging. Increases brand awareness: When customers are targeted across channels with their experience in mind, they are more motivated to familiarize themselves with your brand. Offers convenience: Customers can communicate with sales or support reps through any channel without jumping to a designated portal. As for challenges, omnichannel marketing might present the following: Consistency: It may take a lot of resources to ensure the brand experience is consistent for customers through all touchpoints. Data integration: When integrating multiple channels, there is a risk of delayed or missing data reporting if any system faces downtime. Best CRM Software Omnichannel examples Social media Social media can be a huge help in lead generation. When social media is connected to a CRM platform, reps and managers can track conversations about their brand. This way, the business has an unfiltered view of how their brand is received online. Channels like Facebook, Instagram, and LinkedIn are all powerful tools that can generate new leads directly into the CRM for further nurturing. Zoho CRM customer profiles with social media integration. Image: Zoho CRM Phone Telephony functionality can be a built-in or integrated feature with CRM software. It allows users to answer inbound calls or dial directly from the interface. This cuts out the time it might take to use a separate dialer or manually fact-check numbers. This is especially useful when all past interactions and notes are stored in the CRM software as well. Sales reps can access that information while on the phone with customers to troubleshoot in real-time. Zoho CRM telephony feature embedded into CRM. Image: Zoho CRM SEE: Learn how customer service teams can support sales reps with our list of the top CRM software for contact centers. Email Email is a go-to business communication tool that helps sales and marketing teams engage with new leads and current or past customers. Email marketing and drip campaigns are easy to deploy from CRM software. With preset templates and automations, various actions can trigger a drip campaign by sending customers engaging, targeted content. Example email segmentation tool from Pipedrive. Image: Pipedrive Website Your company’s website should provide you as much value and information as it does potential customers. With the help of landing pages, web forms, and live chat software, your website can be a channel for lead capturing and customer service. These forms and templates can be branded with your brand style and voice for consistent customer experience. CRM functionality can be useful for small businesses who want to level up their website and make it a functional communication tool. HubSpot webform builder with templates. Image: HubSpot Future of omnichannel marketing The rise of online engagement and digital marketing makes introducing omnichannel marketing into your business strategy necessary. As more social media platforms gain popularity and convenience, which is a driving motivator, customers want you to meet them where they are. The top CRM software options

Open-source software is common throughout the tech world, and tools like software composition analysis can spot dependencies and secure them. However, working with open source presents security challenges compared with proprietary software. Chris Hughes, chief security advisor at open-source software security startup Endor Labs, spoke to TechRepublic about the state of open-source software security today and where it might go in the next year. “Organizations are starting to try to get some foundational things like governance in place to understand what we are using in terms of open source,” Hughes said. “Where does it reside in our enterprise? What applications are running it?” Open source security trends for 2025 For his work, Hughes defined open source as software for which source code is freely available and can be used to build other projects, possibly with some restrictions. Last year, Harvard Business School found organizations would need to invest $8.8 trillion in technology and labor time to recreate the software used in business if open-source software wasn’t available. “The estimates are 70-90% of all applications have open source, and roughly 90% of those code bases are entirely made up of open source,” Hughes said. For 2025, Hughes predicts: Widespread open-source software adoption will be accompanied by increasingly sophisticated attacks on OSS by malicious actors. Organizations will continue to put foundational OSS governance in place. More companies will use open-source and commercial tools to help them start to understand their OSS consumption. Organizations will perform risk-informed consumption of OSS. Enterprises will continue to push for vendor transparency regarding what OSS they use in their products. However, no widespread mandates will arise for this process. AI will continue to impact application security and open source in various ways, including organizations using AI to analyze code and remediate issues. Attackers will target widely used OSS AI libraries, projects, models, and more to launch supply chain attacks on the OSS AI community and commercial vendors. AI code governance, where organizations have more visibility into AI models, will become more common. Organizations increasingly want to know how secure their open source software is, including “how well is it maintained, who’s maintaining it and how quickly do they address vulnerabilities when they occur,” Hughes said. He highlighted the attack in April 2024 in which a string of social engineering attempts threatened open-source utilities, particularly opening a backdoor in the XZ Utils utility. “That one was really kind of sinister because the open source ecosystem is largely sustained by unpaid volunteers, folks doing this in their free time … and often not compensated, unpaid, etc.,” Hughes said. “So, taking advantage of that and preying on that was a pretty nefarious thing that got a lot of people’s attention.” Open source: Must-read coverage How is AI changing open-source security? In October 2024, the Open Source Initiative established a definition for open-source AI. According to the initiative, open-source AI has four key elements: the freedom to use, study, modify, and share the system for any purpose. Hughes said that defining open-source AI was important because of the rise of distribution platforms like Hugging Face. “These AI models, especially the open source ones, are widely used by many organizations and individuals around the world,” he said. “So we’re back to asking: What exactly is in this, and who contributed to it, and where is it f rom? And are there vulnerable components?” Hughes said that large corporations may have a better chance of talking transparently with their vendors about the entirety of their software supply chain than small companies. Therefore, the problem of not having visibility into the AI models used in their software can grow exponentially for smaller companies. SEE: Smart home device makers will soon be able to apply for a U.S. government seal of security approval. CISA encourages open-source software development security In March 2024, CISA finalized the secure software development self-attestation form, meant for developers of software used by the U.S. federal government to confirm they use secure development practices. Federal agencies may ask for other forms and attestations as well. On the commercial side, organizations may build similar requirements into their procurement processes. There is still an element of trust involved since the organization needs to trust the vendor will keep to their word. But the conversation is happening more often now than it did last year, in the wake of attacks on open source utilities, Hughes said. Solutions for the future of open source software security Performing software composition analysis isn’t enough going into 2025, Hughes said. IT professionals and security professionals should know that as software becomes more complex, the number of vulnerabilities has grown “to where it’s becoming a tax on developers to even navigate what needs to be fixed and what order of priority,” Hughes said. Companies like Endor Labs can provide insights on dependencies within open-source code, including indirect or transitive dependencies. “Being able to point to things like reachability and exploitability … could be a big benefit from the compliance perspective too, in terms of the burden on the organization and your development team,” he said. source

Businesses would rather scale back their sustainability commitments than miss out on realising the benefits of generative artificial intelligence, according to a new report from Capgemini. Of those implementing the technology across most or all functions, 47% have “had to relook” at their original environmental goals. In July, Google came under fire after its annual environmental report revealed that its emissions had increased by 48% in four years thanks to the expansion of its data centres to support AI developments. It also stated that its goal to reach net-zero emissions across all its operations and value chain by 2030 is now “extremely ambitious” and “will require (Google) to navigate significant uncertainty.” For “Developing Sustainable GenAI,” the Capgemini Research Institute surveyed executives from 2,000 large organisations worldwide that were already working with GenAI. Almost half (47%) said their organisation’s greenhouse gas emissions had increased in the last year by an average of 6%, and a similar proportion (48%) linked a rise to their AI usage. Generative AI demands a substantial amount of energy and water GenAI has an aggressive environmental impact. The graphics processing units central to the technology’s operation require rare Earth metals that must be mined, releasing greenhouse gases. The hardware behind it also requires frequent upgrades, with studies suggesting this could create up to five million tonnes of e-waste by 2030. It is estimated that data centres will be responsible for up to 4% of global power demand by 2030, driven, at least in part, by AI. Training OpenAI’s GPT-4, with 1.76 trillion parameters, consumed an amount of energy equivalent to the annual power usage of five thousand U.S. households. This doesn’t even include the electricity required for inference, where the AI generates outputs based on new data. A substantial amount of water is also required to cool the servers. Running an inference of between 10 and 50 queries on a large language model uses about 500 ml of water. SEE: Sending One Email With ChatGPT is the Equivalent of Consuming One Bottle of Water The E.U. has the lofty goal of reducing the region’s 2030 greenhouse gas emissions to at least 11.7% lower than projected at the start of the decade. However, demand for bit barns in Europe is predicted to triple in that time, increasing their share of the region’s total energy demand by 3% and pushing that goal out of reach. More must-read AI coverage Businesses may not know, or even care, about the emissions attached to their AI usage Many businesses use AI now, with 80% having increased their investment in it since 2023, according to Capgemini. Nearly a quarter are now integrating generative AI into some or most of their locations or functions, up from 6% in 2023. SEE: 31% of Organizations Using Generative AI Ask It To Write Code However, the new report highlights that awareness of AI’s electricity and water demands is patchy. Only 38% of executives surveyed claim to be aware of the environmental impact of the GenAI they use, and 12% say their company measures its footprint. Of those surveyed that are aware of the impact, 51% say that AI use is one of the primary reasons for their organisation’s rise in emissions. They also expect it to increase the proportion of their emissions that come from internal operations within the next two years by 2.2%. The lack of businesses monitoring the environmental impact of their GenAI usage is not due to a lack of effort. Almost three-quarters (74%) of those surveyed said doing so is challenging due to limited transparency from hyperscalers and model providers. A report from the Uptime Institute found that fewer than half of data center owners and operators track metrics like renewable energy consumption and water usage. The emissions of data centres owned by Google, Microsoft, Meta, and Apple are likely to be about 662% higher than officially reported, according to The Guardian. This is largely due to renewable energy certificates and carbon offset schemes, which allow companies to claim they use renewable energy when they don’t. SEE: Power Shortages Stall Data Centre Growth in UK, Europe On the other hand, executives may not be concerned about the impact of AI usage on their company’s emissions. Only a fifth of respondents to the Capgemini survey ranked the environmental footprint among the top five factors when selecting or building GenAI models. Cost competitiveness was ranked among the top five considerations by 53% of executives. However, this is fundamentally connected to energy use, according to Samuel Young, AI practice manager at research firm Energy Systems Catapult. He said: “When implementing at scale, organisations quickly become sensitive to inference costs. They therefore have an incentive to adopt less energy-intensive models, which can reduce carbon impact.” source

CES brought this year’s top AI products and consumer devices to Las Vegas for a week of reveals. NVIDIA shaped many of these trends as the company that contributed to and benefitted from the artificial intelligence boom the most. TechRepublic has rounded up the top trends in commercial products and AI from the show. Video Overview: Agentic AI is the next step for generative bots Agentic AI, a buzzword throughout the last half of 2024, was a hot topic at CES. Agentic AI typically strings together multiple actions by several generative AI services to automatically perform tasks that would otherwise have taken a human worker hours or days to complete. NVIDIA’s Blueprints for agentic AI are pre-built packages of NIM microservices and technologies from AI partners. For example, LangChain uses its own LangGraph, plus Llama 3.3 70B NVIDIA NIM microservices, to create reports. The agent searches the web and interprets the user’s request to provide the report in a given format. Accenture sees agentic AI as useful for managing inventory, personalizing care for patients in clinical trials, and troubleshooting problems with industrial equipment. The company partnered with NVIDIA on its AI Refinery platform for deploying agents in business environments. “Advancements in digitizing knowledge, new AI models, agentic AI systems and architecture enables enterprises to create their own unique cognitive digital brains,” said Karthik Narain, group chief executive of technology and chief technology officer at Accenture, in a press release. Next-generation GPUs revealed The chips powering generative AI training and inference and processors for laptops and PCs were at the top of my mind at CES 2025. The major processor announcements were: The GeForce RTX 5090 GPU is a beneficiary of NVIDIA’s top-of-the-line Blackwell architecture. Developers can also look at the $3,000 Project DIGITS, which NVIDIA calls a desktop supercomputer. Project DIGITS uses the one-pentaflop NVIDIA GB10 Grace Blackwell Superchip for prototyping, tuning, and deploying generative AI models. The Project DIGITS desktop can run a petaflop of AI computing. Image: NVIDIA “Fusing AI-driven neural rendering and ray tracing, Blackwell is the most significant computer graphics innovation since we introduced programmable shading 25 years ago,” NVIDIA CEO Jensen Huang said in a press release. SEE: Microsoft gives laptops from various manufacturers the Copilot+ label if the devices can run generative AI locally. More must-read AI coverage Could AI make humanoid robots happen? Huang expressed optimism about today’s generative AI finally making humanoid robot assistants a reality. Humanoid robots tend to garner attention for their sci-fi swagger. However, the attempt to commercialize them has been rocky, from the quiet retirement of Boston Dynamics’ Atlas robot to a human operator controlling an allegedly autonomous Optimus robot at a Tesla promotional event in October. NVIDIA’s differentiator is the Cosmos, which Huang called the “world foundation model platform.” The platform applies vast amounts of synthetic motion data to the problem. It builds on the Isaac GR00T research platform, which developers can access now. While GR00T helps a simulated robot learn from human movement, Cosmos creates physics-aware videos and models of physical environments to teach robots about navigating the world. AI comes to autonomous and augmented driving Autonomous cars are another CES staple. Full autonomy has remained a dream, but Waymo’s success marks a careful foray into making autonomous cars more common. NVIDIA wants a place in self-driving cars as well. Huang announced that NVIDIA’s self-driving platform, NVIDIA DRIVE AGX Hyperion, has passed two industry safety benchmarks. Toyota and others signed onto NVIDIA’s driver assistance operating system. Plus, Uber will use the Cosmos model to experiment with AI-powered self-driving vehicles. “Generative AI will power the future of mobility, requiring both rich data and very powerful computing,” said Dara Khosrowshahi, CEO of Uber, in a press release. “By working with NVIDIA, we are confident that we can help supercharge the timeline for safe and scalable autonomous driving solutions for the industry.” Elsewhere in automotive software, Bosch developed a cloud-based system to warn drivers — and the drivers nearby using the same program — when they’re driving against the flow of traffic. New laptops and laptop rebrandings go all-in on AI As a consumer-focused show, CES offered many more devices, including high-definition TVs and powerful gaming PCs. But we found the featured laptops to be most remarkable for business. Dell announced a new naming scheme and line of business laptops at CES 2025, among several other laptop and AI PC offerings. Lenovo leaned into AI with the ThinkBook Plus Gen 6 Rollable laptop, which unfolds from a 14-inch display to 16.7 inches and can run generative AI tools. Don’t try to roll the ThinkBook Plus Gen 6 Rollable into a tube shape, but the display does fold out. Image: Lenovo The Snapdragon X Plus CPU and AI features are in the remarkably light (2.2 pounds) Asus Zenbook A14. Samsung announced a new Galaxy Book5 line powered by Samsung’s Galaxy AI. “We are thrilled to make Galaxy AI and cutting-edge innovation accessible to more people than ever before, addressing their unique productivity needs on PC and other Galaxy devices,” said Changtae Kim, EVP and head of the new computing R&D team for mobile experience business at Samsung Electronics. TechRepublic covered CES 2025 remotely. source

Google is the first company investigated for potential strategic market status under the new U.K. Digital Markets, Competition and Consumers Act. If it receives the designation, bespoke conduct requirements will be drafted for the company to follow, preventing anti-competitive practices. “The investigation will assess Google’s position in search and search advertising services and how this impacts consumers and businesses, including advertisers, news publishers, and rival search engines,” the Competition and Markets Authority said in a press release. More Google news & tips What is the DMCCA? The DMCCA, which came into force on Jan. 1, is designed to regulate the behaviour of major digital firms with significant market power in the country. It grants the CMA new powers to impose requirements on tech companies with “Strategic Market Status,” reminiscent of the “gatekeeper” organisations that must abide by the E.U.’s Digital Markets Act. For the investigation into Google, the CMA will look at whether it is using its position to prevent innovation by others, such as withholding resources or designing AI services to limit how competing search engines could create equivalent features. The CMA will also assess whether the tech giant is using its dominant position to prioritise its search services (such as for shopping or travel), collecting and using consumer data without informed consent, and using publisher content without fair terms and conditions. SEE: Google Abusing Dominant Position in Ad Tech Sector, Says U.K. Government The DMCCA gives new enforcement powers to a group established inside the CMA called the Digital Markets Unit. It will draft a unique set of conduct requirements for each company designated as SMS, which they must abide by even before exhibiting anti-competitive practices to prevent them from occurring. Additionally, the DMU can make “pro-competition interventions” that will actively address a company’s adverse effects on competition that stem from its disproportionate market power. Conduct requirements for Google might include forcing it to make the user data it collects available to competitors or giving publishers more control over how their data is used, including in Google’s AI services. The CMA can continue to amend them even after completing the SMS investigation. SMS-designated firms must have substantial market power in digital activity, strategic significance, and either a global turnover of more than £25 billion or a U.K. turnover of more than £1 billion. The CMA will conduct investigations into each firm before applying for SMS status, which usually takes about nine months. In Google’s case, a decision will be made by October 2025, while interested parties can submit comments until Feb. 3. In August, the CMA rejected Google’s proposed policy changes regarding purchases made within apps listed on its Play Store, which had spurred an investigation. This suggested that the company would be one of the first to achieve SMS because, if the CMA accepted the changes, it would be limited in what actions it could take under the DMCCA. Search and search advertising, where an advertiser pays for its advert to appear next to the results from a user’s search, is the first of two areas of digital activity in which the CMA will launch SMS designation investigations this month. SEE: Regulator CMA to Scrutinize Microsoft and Other Cloud Service Providers in the UK “Millions of people and businesses across the UK rely on Google’s search and advertising services – with 90 per cent of searches happening on their platform and more than 200,000 UK businesses advertising there,” Sarah Cardell, chief executive of the CMA, said in a press release. “That’s why it’s so important to ensure these services are delivering good outcomes for people and businesses and that there is a level playing field, especially as AI has the potential to transform search services.” E.U. and U.S. also take issue with Google’s anticompetitive practices in Search In March 2024, Google temporarily removed some Search widgets, such as Google Flights, to allow more access to individual businesses in response to the E.U.’s Digital Markets Act coming into force. However, just a few weeks later, the E.U. opened an ongoing non-compliance investigation, as regulators claim it is promoting its own services above third parties’ in search results. In December, Google announced several more changes to its Search features to comply with the Act. In September 2024, the European Court of Justice upheld a €2.42 billion fine against Google for violating E.U. antitrust rules by favouring its own comparison shopping service, Google Shopping, in search results. Additionally, in August 2024, a federal judge ruled that the tech company monopolizes general search services and text ads, breaking antitrust law in the U.S. However, Google is not going down without a fight. The tech company successfully overturned a €1.5 billion antitrust fine it received from the European Commission in 2019 for preventing third parties using its AdSense platform from displaying competitor ads next to Google search results. Google was also handed a €4.34 billion fine from the European Commission in 2018 for abusing its dominance by pre-installing Google Search into Android devices but has since escalated an appeal to the European Court of Justice. source

The European Commission on Jan. 10 conditionally approved the $35 billion acquisition of simulation software company Ansys by chip design software provider Synopsys. It represents the biggest tech deal since Broadcom acquired VMware for $69 billion in 2023. The approval is subject to Synopsys divesting its optics and photonics software arm and Ansys selling its PowerArtist tool, which is used for analysing power consumption in digital chips. These divestitures will require separate E.U. approval before the merger can proceed. “In a world where complex chips need increasing amounts of power, innovative software tools, like those offered by both Synopsys and Ansys, help chip designers build chips that consume less power to the benefit of customers and the environment,” Teresa Ribera, executive VP for Clean, Just and Competitive Transition, said in a statement. “We were concerned that this acquisition may have significantly harmed competition in certain global markets for design software for chips or other products.” What’s hot at TechRepublic Competition concerns addressed Synopsys first announced the acquisition in January 2024, claiming it wanted to expand its reach across silicon-to-systems designs, combining its expertise in electronic design automation with Ansys’ in simulation. Ansys accepted the deal to accelerate its growth and offer more integrated solutions to its customers. The two had already been working together for several years up to this point. Synopsys and Ansys compete in three key sectors, according to the EC and U.K. Competition and Markets Authority. The first is register transfer level power consumption analysis, which assesses a chip’s power demands and usage. The other two are optics and photonics software, both used to design and model light-related products like camera lenses, TV displays, car headlights, and lasers. The EC was concerned that the merger would result in “high combined market shares” and “high concentration levels” in these areas, leading to fewer competitors and inflated customer prices. To address this concern, the commission is demanding the sale of the Synopsys products CODE V, LightTools, LucidShape, RSoft, and ImSym, as well as Ansys’ PowerArtist. Synopsys has previously agreed to sell all these modelling solutions to another company once the Ansys acquisition has closed. “The commitments fully address the competition concerns by ensuring that there will be sufficient competition and choice in the global markets for the supply of optics, photonics, and register-transfer-level power consumption analysis software,” the Commission stated in its press release. Ansys confirmed it would divest its PowerArtist software on Jan. 6, stating it was  “to obtain regulatory approval for Synopsys’ proposed acquisition.” SEE: EU Approves NVIDIA Deal With Run:ai U.K. poised to approve the merger, but U.S. and China are still investigating The CMA announced that it had completed a preliminary investigation into the Synopsys-Ansys merger on Dec. 20. It found that the merger has the potential to substantially lessen competition in the chip design and light simulation market but may still approve it if the two companies submit acceptable mitigations. On top of reducing the choice of products in these areas, the CMA also suspected the deal would allow Synopsys and Ansys to limit their products’ interoperability to maintain dominance. However, the investigation found that this element is so important to their customers that they would switch providers if it was compromised, so they don’t have the incentive to do so. On Jan. 8, the CMA announced it was considering accepting the undertakings offered by Synopsys and Ansys to address competition concerns that involve divesting certain businesses. It has until March 5 to finally decide, but they could extend the deadline to May 6. Synopsys said it had “already taken steps to address all concerns raised by the CMA” in a statement. SEE: UK Regulator Probes Apple’s Mobile Browser Dominance Meanwhile, Synopsys is actively collaborating with the Federal Trade Commission to conclude its equivalent investigation and review of the proposed remedies, the company states. Synopsys also claims that China’s State Administration for Market Regulation is reviewing the merger filing, and it has been reported that the authority will request China-specific behavioral remedies. source

The U.K. government has released its “AI Opportunities Action Plan,” outlining the 50 ways it will build out the AI sector and turn the country into a “world leader.” The strategy involves boosting public computing capacity twentyfold, creating a training data library, and building AI hubs in deindustrialised areas. Innovation is front and centre in this new plan, marking a clear turn from the risk-averse approach of the previous Conservative government, exemplified by its AI Safety Summit and safety pledges. Most recommendations focus on developing AI infrastructure, boosting adoption, growing talent, and attracting investment. “Our plan will make Britain the world leader,” Prime Minister Keir Starmer said in a press release, emphasising the creation of “more jobs and investment in the UK, more money in people’s pockets, and transformed public services.” Plan designed to boost AI use countrywide to ‘win the global race’ There are strong arguments for this shot in the arm for the tech sector. In August 2024, the number of tech startups founded in the U.K. suffered its first “marked decline” since 2022. This metric is seen as an indicator of industry growth — or lack thereof. The U.K. ranks third in the world for AI readiness according to Stanford University research, falling well behind the U.S. and China. Tech giants like Google have also spoken out about the laws in the U.K. that prevent AI models from being trained on copyrighted materials and called for a “pro-innovation regulatory framework” to prevent the country from being left behind. SEE: UK Government Announces £32m of AI Projects On the other hand, evidence suggests that AI safety and regulation still have significant room for improvement. A report from Microsoft found that almost half of U.K. SMEs do not use AI technologies in any capacity, and 72% cited concerns about their potential unreliability as a barrier to its adoption. In October 2023, research from the University of Cambridge ruled that the U.K. needs AI legislation in safety and transparency so companies can confidently put resources into AI development. The government tasked tech entrepreneur and newly-appointed AI Opportunities Adviser Matt Clifford to develop the Action Plan in July, which he discussed with venture capital firms. His 50 recommendations on how to grow AI and boost its adoption will be implemented in the U.K.’s plan. According to the International Monetary Fund, the AI Action Plan could see annual productivity gains of 1.5% and boost the economy by an average of £47 billion annually over a decade. Furthermore, Microsoft research found that adding just five years onto the time it takes to roll out AI in the U.K. could reduce its economic impact in 2035 by more than £150 billion. The Prime Minister said: “The AI industry needs a government that is on their side, one that won’t sit back and let opportunities slip through its fingers. And in a world of fierce competition, we cannot stand by. We must move fast and take action to win the global race.” More must-read AI coverage Clifford’s key recommendations Clifford’s proposals fall under three broad categories: laying the foundations for AI to flourish, boosting AI adoption in public and private sectors, and keeping the U.K. ahead. Thirty of the recommendations relate to the first category, which includes: Establish “AI Growth Zones” in deindustrialized areas: Within these zones, planning requests for data centres will be expedited, and AI infrastructure will have better access to the energy grid, ideally from clean sources like nuclear fusion. This is needed as the construction of new data centres in the U.K. is being held up due to insufficient electricity supply. Three private tech companies have already pledged £14 billion to this end. Increase public compute capacity twentyfold by 2030: Clifford found that this would give the U.K. the processing power it needs to fully embrace AI. As of November 2022, the U.K. had only 1.3% of global computing capacity, while Microsoft ranked the country 11th in the world for cloud infrastructure in May. This initiative will be started by building a new supercomputer, a change of tune since the government scrapped £1.3 billion for building these resources in August. Create a National Data Library: This will involve gathering “five high-impact public datasets” to be made available to private AI researchers, but there is little clarity on how this will be achieved “responsibly, securely, and ethically,” as claimed. Clifford also recommends creating a “copyright-cleared British media asset training data set,” which can be licensed internationally. This is unlikely to be accepted by creative industries, which, just last month, called for greater protection of copyright laws so artists retain control when licensing to AI firms. Be more aggressive with text and data mining: Similarly, Clifford states that “current uncertainty around intellectual property is hindering innovation and undermining our broader ambitions for AI.” He recommends reforming text and data mining practices. While he mentions leaving rights holders with control over the use of their content, the mandate suggests that this is not a priority. The government has launched a consultation on this recommendation. Require regulators to declare how they support AI innovation: Data regulators are far too risk-averse from Clifford’s perspective. He believes they should be making active steps to support the growth of AI, such as granting more licenses and AI resources and reporting them annually. If reporting mandates and deadlines do not provide enough pressure, he suggests employing a new central body with a “higher risk tolerance” to make such decisions. Nurture AI talent: The AI Action Plan contains several recommendations to support AI talent in the U.K., including assessing the skills gap, supporting higher education institutions to teach relevant skills and boost AI graduates, expanding the number of AI education pathways, using the immigration system to attract graduates from international universities, and actively promoting diversity. Indeed, only 28% of Coursera’s Generative AI course enrollments are from women. SEE: Red Hat: AI Is the Most In-Demand Skill in the UK for 2024. Details about the three categories of recommendations Compared

More Australian government agencies failed to meet the required levels of cyber security maturity in 2024 than in 2023, according to an assessment by the Australian Signals Directorate. The ASD reported that only 15% of entities achieved Maturity Level 2 on Australia’s Essential Eight cyber security framework in 2024 — a sharp decline from 25% in 2023. Under Australia’s Protective Security Policy Framework, agencies were required to implement all Essential Eight mitigation strategies to meet at least Maturity Level 2 by July 1, 2022. Some entities were also advised to consider whether their security environment warranted achieving the higher Maturity Level 3. SEE: Private sector tech investment to be led by cybersecurity in Australia in 2025 Despite these requirements, the ASD noted that the 2024 results highlight that achieving Level 2 compliance “remains low” among agencies. 1 Semperis Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Large, Enterprise Features Advanced Attacks Detection, Advanced Automation, Anywhere Recovery, and more 2 ESET PROTECT Advanced Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Advanced Threat Defense, Full Disk Encryption , Modern Endpoint Protection, and more 3 ManageEngine Log360 Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise Features Activity Monitoring, Blacklisting, Dashboard, and more Government agencies going backward on cyber security mitigation Australia’s Essential Eight framework outlines eight mitigation strategies to help entities reduce their vulnerability to security incidents and the impact of incidents if they do occur. These measures include: Patch applications. Patch operating systems. Multi-factor authentication. Restrict administrative privileges. Application control. Restrict Microsoft Office macros. User application hardening. Regular backups. The framework also describes four maturity levels’ characteristics, ranging from 0 to 3. Entities must meet a maturity level across all eight strategies to claim they have reached a higher maturity level. SEE: Australia passes groundbreaking cyber security law Where agencies are performing worst against the Essential Eight The mitigation strategies where the lowest proportion of agencies reached Maturity Level 2 were: Australian government agencies fared best against Maturity Level 2 for the following strategies: Restrict Microsoft Office macros (68%). Regular backups (59%). Patch operating systems (51%). Must-read security coverage A 2023 update may have impacted results The ASD suggested that several upgrades to the Essential Eight model in November 2023 may have contributed to agencies rating their maturity levels lower in 2024. “Changes to the Essential Eight Maturity Model mean entities which had not yet implemented new requirements would record a reduction in maturity level compared to 2023,” the ASD said in the report. For instance, 54% of agencies previously reported they were at Maturity Level 2 for Multi-Factor Authentication. New requirements for phishing-resistant MFA pushed the proportion down to 23%. SEE: Are Australia’s public sector agencies ready for a cyber attack? However, these updates were to “address cyber security threats informed by the evolution of tradecraft used by malicious actors,” which required advice “commensurate with the threat,” the ASD said. Agencies not keeping up with Essential Eight upgrades will essentially be exposed to an increased risk of compromise by malicious actors and suffer greater impact if a compromise does occur. Legacy IT also playing role in cyber security deficiency There were some areas of concern for the ASD, including the volume of incident reports it received. The percentage of entities reporting security incidents to the ASD remained low, with just 32% reporting at least half of the observed incidents on their networks in 2024. The ASD also said the proportion of entities applying effective email encryption decreased from 43% to 35%, according to scans conducted to assess cyber hygiene improvement. However, the use of legacy systems greatly contributed to many agencies’ ability to implement the Essential Eight. In 2024, 71% of entities indicated that using legacy technologies had impacted their ability to implement the Essential Eight — an increase from 52% of entities in 2023. Entities reported the most significant reason for still using legacy IT was: Lack of prioritisation of upgrades (25%). Insufficient dedicated funding (24%). Lack of a viable replacement (16%). Time to decommission systems (16%). In the report, the ASD said the ongoing problem with legacy IT in public sector agencies presented “significant and enduring risks to the cyber security posture of Australian Government entities.” “Legacy IT is more vulnerable to cyber attacks as vendors do not support the development of security updates, or limit security services,” the ASD said. “Malicious actors may be able to compromise legacy IT and use it to gain access to more modern systems in IT environments.” Agencies are doing some things right, says the ASD The ASD said Australian government agency cyber security postures were “well-established in some areas, and required improvement in others.” It singled out the establishment of corporate governance mechanisms to understand security risks and prepare for cyber threats as a positive area. The report found that most had planned for a cyber security incident and were ready to respond: In 2024, 75% of entities had a cyber security strategy, an increase from 735 in 2023. 86% of entities addressed cyber security disruptions in their business continuity and disaster recovery planning, an increase from 83% in 2023. 86% of entities had an incident response plan, an increase from 82% in 2023. ASD calls for public sector to improve security maturity The ASD concluded that agencies should continue to implement the upgraded Essential Eight mitigation strategies across their networks to at least Maturity Level 2, in line with current requirements. It also recommended that Australia’s public sector agencies increase cyber security incident reporting and share cyber threat information with ASD, implement strategies for managing legacy IT now and into the future, and maintain an incident response plan and exercise it at least every 2 years. source