According to a recent report from The Times, the UK is set to roll out digital driving licences in 2025, as a voluntary initiative, accessible via a government smartphone app.

What Are Digital Driving Licences?

Digital driving licences are virtual versions of the traditional photocard driving licence. Stored on a secure government app, they will serve the same purpose as physical licences, i.e. proving the holder’s right to drive and acting as a form of identification. However, unlike physical licences, digital ones will only be accessible via a smartphone or other smart device, and will incorporate more advanced security features such as biometrics and two-factor authentication.

Why Are They Being Introduced?

The government says the move is part of its broader ambition to modernise public services through digital innovation. It’s understood that the UK government is particularly interested not just in the enhanced security compared to physical documents, but also in the fact that they could streamline everyday interactions, such as age verification when buying alcohol or voting, while maintaining robust privacy safeguards.

Other Countries Have Them Already

Other countries, including Australia, Denmark, Iceland, and Norway, have already adopted digital driving licences. Also, EU member states are required to implement at least one form of official digital ID by 2026. The UK’s introduction of digital driving licences, therefore, places it among a growing list of nations embracing this technology.

How Will Digital Driving Licences Work?

The digital licences will be available via a new app developed by the UK government, tentatively named Gov.uk Wallet. This app will act as a central hub for various public services, potentially including tax payments, benefits claims, and National Insurance numbers. The app will feature an in-built digital wallet that securely stores the virtual licence, much like banking apps.

To access the licence, users will need to authenticate their identity using advanced security measures, such as fingerprint or facial recognition, and multi-factor authentication. The app will also include features for users to check endorsements, view their driving record, and renew their licence.

Won’t Replace Physical Licences Yet

Although digital licences are not intended to replace physical cards, they may offer a convenient alternative for those who prefer not to carry physical documentation. For example, they could be used for age verification at supermarket self-checkouts, eliminating the need for assistance from staff.

Benefits of Digital Driving Licences

The introduction of digital driving licences may offer several potential advantages, such as:

– Convenience. Drivers will no longer need to carry a physical card, as their licence will be accessible on their smartphone.

– Enhanced Security. Advanced security features make digital licences harder to forge or lose compared to their physical counterparts.

– Flexibility. Users can hide sensitive information, such as their address, when presenting their licence in certain situations, such as in bars or shops.

– Real-Time Updates. The digital licence will automatically reflect changes in the holder’s driving status, such as endorsements or penalty points.

What Are The Drawbacks?

While digital driving licences may offer several advantages, there are also concerns and potential drawbacks to consider:

– Privacy issues. For example, privacy advocacy groups, such as Big Brother Watch, have expressed concerns about the potential misuse of personal data. Silkie Carlo, the group’s director, previously called such digitalisation “one of the biggest assaults on privacy ever seen in the UK.” Critics also argue that integrating multiple services into a single app could lead to increased surveillance. The government has, however, stated that the app will not serve as a comprehensive digital ID card and reassured the public that physical licences will remain available.

– A digital divide. Not everyone owns a smartphone or is comfortable using apps, potentially excluding certain groups, such as the elderly or those in low-income households.

– A reliance on technology. The system’s success depends on robust app performance and reliable internet connectivity. This means that any technical glitches or outages could cause inconvenience.

– Their non-mandatory nature. Digital licences will be voluntary – as highlighted by a government spokesperson who said: “Technology now makes it possible for digital identities to be more secure than physical ones, but we remain clear that they will not be made mandatory.” However, because they will be voluntary, their adoption may be quite slow, and some organisations could, therefore, be hesitant to accept them as a valid form of identification.

When Will They Be Available?

The government plans to introduce digital driving licences later this year, with an official launch date expected to be announced soon. The rollout will likely follow a phased approach, with initial availability for specific groups before wider public access.

Costs and Accessibility

The digital driving licence will be free to use for those who already hold a physical licence. However, the cost of developing and maintaining the app will likely be covered by taxpayers. The government has not yet disclosed specific details regarding the app’s budget or funding.

Broader Implications

The introduction of digital driving licences represents a step towards the digital transformation of public services in the UK. If successful, the initiative could pave the way for further innovations, such as integrating other forms of identification and government services into the app. However, the government will need to carefully address concerns about privacy and accessibility to ensure public confidence.

What Does This Mean For Your Business?

By leveraging the convenience of smartphones and advanced security features, the government says it’s aiming to simplify everyday interactions and enhance the safety of personal data. This initiative aligns with global trends, e.g. other nations already have digital identification systems, and the EU has set a 2026 deadline for member states to implement similar measures. However, the path forward is not without its challenges.

On one hand, the potential benefits of digital driving licences are compelling, i.e. the convenience of having a secure, easily accessible licence on a smartphone is clear, particularly in situations such as age verification at checkouts or renewing a licence online. The use of advanced security measures, including biometrics and multi-factor authentication, should also make digital licences more robust against forgery or loss. Also, the ability to update driving records in real-time should ensure accuracy and eliminate the need for reissuing physical licences to reflect changes such as penalty points. These advantages could enhance the user experience for many drivers.

On the other hand, there are valid concerns about digital driving licences and using them as part of a broader way of keeping track of citizens. For example, privacy advocates have raised alarms about the integration of multiple government services into a single app, which some fear could lead to increased surveillance or misuse of personal data. While the government has assured that digital licences will not serve as a comprehensive digital ID card, scepticism remains, particularly among those wary of such centralised systems. The voluntary nature of the scheme (it’s voluntary for now) is reassuring to many, but it may also lead to slow adoption and uneven acceptance by organisations and businesses.

Also, the digital divide poses a significant barrier. Not everyone has access to the necessary technology or feels comfortable using smartphone apps, potentially excluding vulnerable groups such as the elderly or low-income households. The reliance on technology also introduces risks such as technical glitches, cybersecurity threats, or connectivity issues disrupting access to this critical identification tool. These challenges highlight the importance of maintaining the current physical licences as a reliable fallback.

As the rollout approaches, the government will want to strike a careful balance between innovation and inclusion. Efforts to educate the public about the app, ensure robust privacy protections, and maintain the accessibility of physical licences will be crucial in building trust and confidence in the new system. While the initiative has the potential to transform the way drivers interact with public services, its success will ultimately depend on addressing these challenges and ensuring that no one is left behind in the transition.

Digital driving licences appear to represent a promising step towards modernisation, offering clear benefits in terms of convenience and security. However, their introduction must be carefully managed to mitigate the risks and ensure that they enhance, rather than hinder, accessibility and privacy. As with any technological advancement, public confidence will be the cornerstone of their successful adoption, making transparency and inclusivity key priorities for the government.

Following UK Prime Minister Keir Starmer’s speech promising that the government plans to use AI across the UK to boost growth and deliver services more efficiently, we look at what this actually means and how it could be done.

Speech

The UK government has unveiled a transformative plan to harness artificial intelligence (AI) as the cornerstone of a decade-long national renewal, with the aim of revolutionising public services, stimulating economic growth, and (hopefully) positioning the UK as a global AI superpower. Prime Minister Sir Keir Starmer presented this ambitious blueprint during a speech at University College London (UCL) East on 13 January 2025, where he outlined how AI will be integrated into all facets of public and private life to drive efficiency, create jobs, and improve living standards.

A Comprehensive Strategy for Change

The “AI Opportunities Action Plan” encompasses 50 recommendations devised by Matt Clifford, the Prime Minister’s AI adviser. With a central focus on fostering innovation, enhancing public service delivery, and boosting economic productivity, the plan has already garnered commitments of £14 billion from leading tech firms, expected to create 13,250 jobs across the UK.

The Key Pillars of the Plan

The government has pledged to transform the UK into a hub for AI innovation and investment, targeting a global leadership position in this rapidly evolving field. To do this, the government says its AI plan has 3 key pillars, which are:

1. Laying the foundations for AI growth (i.e. the AI Growth Zones). Central to the strategy is the creation of dedicated AI Growth Zones, with the first located in Culham, Oxfordshire. Culham, home to the UK Atomic Energy Authority and cutting-edge fusion research, offers the energy infrastructure needed to power AI’s computational demands (AI uses a vast amount of energy). The government says additional zones will be announced later this year, prioritising de-industrialised regions with access to energy and strong local government support. These zones will benefit from expedited planning approvals and enhanced connectivity to energy grids.

The government has also said that it plans to build a state-of-the-art supercomputer, thereby increasing the UK’s compute capacity twentyfold by 2030. It’s hoped that infrastructure will underpin the development and deployment of AI applications, enabling the UK to compete with global leaders such as the US and China. As PM Sir Keir Starmer says, “This supercomputer will ensure the UK remains at the forefront of AI research and application, demonstrating our commitment to innovation and technological progress.”

2. Driving adoption across sectors. AI is already being deployed in sectors such as healthcare, where it assists in diagnosing conditions like breast cancer and improving patient care. The plan, therefore, aims to expand AI’s reach into other public services, reducing administrative burdens for teachers and social workers, automating road maintenance by detecting potholes via cameras, and accelerating planning consultations.

Private sector adoption is also said to be a priority. The government has also tasked each department with integrating AI into their operations to improve efficiency and service delivery. With this in mind, a new digital centre within the Department for Science, Innovation, and Technology (DSIT) will oversee this transition, identifying pilot projects and scaling successful initiatives across the public sector.

As PM Sir Keir says, “AI will drive incredible change in our country. From teachers personalising lessons to speeding up planning applications, it has the potential to transform the lives of working people.”

3. Ensuring global competitiveness. The UK has long wanted to be a global tech power, and this latest plan involves the UK establishing a National Data Library to securely provide high-quality public data for AI training, fostering innovation while ensuring privacy and security. An AI Energy Council, chaired by the Science and Energy Secretaries, will address the energy demands of AI technologies, supporting the government’s broader clean energy objectives.

As Science, Innovation, and Technology Secretary Peter Kyle says, “We already have remarkable strengths we can tap into when it comes to AI – building our status as the cradle of computer science and intelligent machines and establishing ourselves as the third largest AI market in the world.”

The plan also includes support for AI scale-ups and startups, with targeted initiatives to attract international investment and talent. Sir Demis Hassabis, Nobel Prize winner and AI pioneer, has been appointed to provide expertise, alongside Matt Clifford, to guide the UK’s AI strategy. Hassabis says, “The AI Opportunities Action Plan will help the UK unleash AI’s potential to drive growth, accelerate scientific discovery, and tackle important, real-world problems.”

Investment and Costs

In terms of how much this is all going to cost, the government says it’s secured significant private sector investment as part of this initiative. Notable commitments, so far, include:

– Vantage Data Centres making a £12 billion investment to develop one of Europe’s largest data centre campuses in Wales, creating over 11,500 jobs.

– Kyndryl, which plans to establish a tech hub in Liverpool, generating up to 1,000 AI-related jobs.

– Nscale (a Norway-based hyperscaler engineered for AI) is embarking on a $2.5 billion project to construct the UK’s largest sovereign AI data centre in Loughton, Essex, by 2026.

These investments should complement the £25 billion announced at the International Investment Summit last year, underscoring the UK’s appeal as a destination for AI-related enterprises.

Benefits and Challenges

In terms of the benefits, financially, the International Monetary Fund (IMF) estimates that fully embracing AI could boost UK productivity by up to 1.5 percentage points annually, potentially adding £47 billion to the economy each year. More broadly, the government’s plan aims to translate these gains into tangible benefits for UK citizens, including higher living standards, improved public services, and increased economic opportunities.

However, the scale of this undertaking is going to present some challenges. For example, critics have raised concerns about the upfront costs, estimated at billions of pounds, and the time required to realise those benefits, particularly given the stretched public finances and rising borrowing costs. Also, the pivot away from a safety-first narrative, which characterised previous government approaches, has sparked debate about the potential risks of unregulated AI deployment.

In addition to these concerns, there is growing unease about the potential impact of AI on employment. While automation and AI technologies promise to create new opportunities, many fear they could displace significant numbers of jobs, particularly in industries heavily reliant on repetitive or manual labour. The government acknowledges these risks and has emphasised the importance of re-skilling and up-skilling the workforce to meet the demands of an AI-driven economy. Initiatives to support education and training are expected to play a crucial role in mitigating these impacts and ensuring the benefits of AI are shared equitably across the population.

A Vision for the Future

Sir Keir Starmer’s speech at UCL East mainly emphasised the transformative potential of AI, describing it as “a fantastic opportunity that will transform lives”. He also reiterated the government’s commitment to ensuring that AI delivers benefits for all citizens, not just select industries or regions, saying: “Our plan will make Britain the world leader,” and that “It will give the industry the foundation it needs and will turbocharge the Plan for Change. That means more jobs and investment in the UK, more money in people’s pockets, and transformed public services.”

Science, Innovation, and Technology Secretary Peter Kyle has also echoed this sentiment, saying: “This government is determined that the UK is not left behind in the global race for AI. The actions we commit to today will ensure that the benefits are spread throughout the UK so all citizens will reap the rewards of the bet we make today.”

The government’s AI Opportunities Action Plan, therefore, appears to show a bold and comprehensive approach to embracing technological change. By addressing infrastructure, investment, and adoption simultaneously, the UK is hoping to establish itself as a global leader in AI, thereby ensuring the technology benefits the entire nation. As the plan unfolds, its success will depend on sustained commitment, collaboration between public and private sectors, and careful management of risks and resources.

What Does This Mean For Your Business?

The AI Opportunities Action Plan is a bold and optimistic vision for the UK’s future which aims to transform the UK into a global leader in AI. However, its ultimate success will depend on careful implementation and sustained commitment from both the public and private sectors and, crucially, being able to afford it, given the many other priorities in the UK at the moment. The potential rewards are significant and tempting (i.e. enhanced public services, economic growth, and global competitiveness). However, there is no escaping the challenges posed by the scale of investment required, the technical and ethical complexities of AI, and the need to balance innovation with regulation.

At the same time, there are widespread concerns about how AI could disrupt the job market, with automation potentially threatening many roles. Critics argue that while AI may create new opportunities, the risk of job displacement can’t be ignored. The government has sought to reassure people by highlighting the thousands of jobs that AI infrastructure projects are expected to generate. For example, PM Sir Keir Starmer says, “This will change the work that people do, but it won’t just lead to lots of job losses. On the contrary, because of the investment in AI we’ve announced, we are creating brand-new jobs and opportunities.”

To address these fears, fostering public trust and ensuring equitable access to new opportunities will be critical. The government must also prioritise re-skilling and up-skilling initiatives to prepare the workforce for the AI-driven economy. Without such measures, the benefits of AI could become unevenly distributed, exacerbating inequalities rather than alleviating them.

To achieve its goals and deliver on the vision, the government must really ensure that this ambitious plan is not just about headline-grabbing announcements but translates into tangible results that benefit all citizens. Key to this will be fostering public trust, ensuring equitable access to the opportunities created, and maintaining a focus on responsible AI development. With the right measures, the UK has the potential to not only navigate these challenges but also to shape the future of AI on the global stage. For now, all eyes are on how the government delivers on its promises and whether AI can truly become the engine of a decade-long national renewal.

The UK communications regulator, Ofcom, has announced robust new measures to prevent children from accessing online pornography (plus other potentially harmful content), a key component of the Online Safety Act.

By July

These new regulations will require websites and apps to implement highly effective age assurance systems by July 2025, marking a significant step towards creating a safer digital environment.

What Kind of Websites and Apps Will The New Regs Apply To?

Ofcom says its new regulations will apply to websites and apps that host pornographic content, including those that publish their own material and platforms with user-generated content, such as social media, tube sites, and cam sites. The rules will extend to services that allow harmful content and are likely to be accessed by children. Also, they cover platforms with user-to-user or search functionalities where children may encounter inappropriate material. These categories are defined under the “Part 3” and “Part 5” provisions of the Online Safety Act.

What’s The Problem?

Children in the UK are encountering explicit material online at alarmingly young ages. For example, research from the Children’s Commissioner for England shows that among those who have seen online pornography, the average age of first exposure is just 13. Alarmingly, more than a quarter of children (27 per cent) encounter explicit content by the age of 11, and one in ten as young as nine!

This pervasive exposure poses significant risks to children’s mental health and understanding of relationships, consent, and self-worth. However, despite these dangers, it seems that many platforms have operated without adequate safeguards, allowing harmful material to reach young users with ease.

As Melanie Dawes, Ofcom’s Chief Executive, puts it: “For too long, many online services which allow porn and other harmful material have ignored the fact that children are accessing their services. Today, this starts to change.”

Also, up until now, it seems that self-declared age verification methods, such as ticking a box to confirm your age, have proven ineffective. Platforms frequently treat all users as if they are adults and fail to provide meaningful barriers to prevent children’s access to explicit content.

A New Era of Online Safety

To tackle this issue, Ofcom has published detailed guidance for implementing effective age assurance measures as mandated by the UK’s Online Safety Act (passed in October 2023). These measures form a cornerstone of the Act, which aims to make online platforms accountable for their content.

What the new Ofcom regulations will mean for the platforms include:

– Immediate action for pornographic services. Platforms hosting their own pornography (‘Part 5’ services) must start introducing robust age checks immediately.

– Measures for user-generated content. Social media platforms and other user-to-user services (‘Part 3’ services) that allow user-generated pornography must implement highly effective age checks by July 2025.

– Children’s risk assessments. All user-to-user and search services likely to be accessed by children must complete a children’s access assessment by April 2025, with detailed risk assessments required by July.

What Is ‘Highly Effective’ Age Assurance?

Ofcom defines “highly effective” age assurance as methods that are accurate, robust, reliable, and fair. These methods must go beyond basic checks and address technical and practical challenges to ensure children cannot bypass safeguards.

For example, approved technologies include:

– Photo ID matching. Verification using government-issued identification.

– Facial age estimation. Analysing users’ facial features to estimate age.

– Open banking and credit card checks. Ensuring users’ ages align with financial account requirements.

– Mobile network age verification. Checks conducted through mobile operators.

– Digital identity services. Systems leveraging verified digital identities.

Self-Declaration Methods No Longer Acceptable

Critically, methods like self-declaration of age and payment processes not requiring proof of adulthood are no longer deemed acceptable. Also, platforms must ensure explicit content is not visible to users during the verification process and prevent efforts to circumvent the age assurance system.

A Gradual Rollout with Broad Implications

Ofcom says the introduction of these measures will roll out incrementally, with adults beginning to notice changes in how they access certain services. For example, platforms may require users to upload ID, verify through biometric data, or use credit card checks.

As Ofcom’s CEO, Melanie Dawes, says: “As age checks start to roll out in the coming months, adults will start to notice a difference in how they access certain online services. Services which host their own pornography must start to introduce age checks immediately, while other user-to-user services – including social media – which allow pornography and certain other types of harmful content will have to follow suit by July at the latest.”

While these measures aim to protect children, Ofcom has also emphasised the importance of balancing privacy rights for adults. Notably, a survey by Yonder Consulting found that 80 per cent of UK adults support the implementation of age assurance measures to prevent children’s exposure to pornography.

How Will It Be Enforced?

To enforce compliance, Ofcom has launched an enforcement programme targeting platforms that fail to engage or comply with the new requirements. Non-compliance could result in fines and other penalties.

Benefits of the New Rules

Clearly, a key benefit of the new rules should be to protect children from harmful online content and the hope is that by mandating robust age checks, platforms can significantly reduce the likelihood of children encountering explicit material, promoting safer and healthier online experiences.

Also, as regards safeguarding children, these measures appear to reinforce the UK’s leadership in the tech-safety sector. For example, according to research by Paladin Capital and PUBLIC, the UK accounts for 23 per cent of the global safety tech workforce, with 28 per cent of safety tech companies based in the UK. The introduction of age assurance measures is, therefore, expected to stimulate further innovation and growth within this burgeoning industry.

Julie Dawson, chief regulatory and policy officer at age verification platform Yoti, emphasised the importance of the guidance, saying: “It is essential for creating safe spaces online. Age assurance must be enforced across pornographic sites of all sizes, creating a level playing field and providing age-appropriate access for adults.”

Challenges and Criticisms

Despite the obvious benefit of protecting children, privacy and rights campaigners have raised significant concerns about Ofcom’s new age verification regulations under the Online Safety Act, warning of potential risks to privacy, security, and user rights. For example, The Open Rights Group (ORG), a digital rights advocacy organisation, has been vocal in highlighting these issues. Abigail Burke, ORG’s Programme Manager for Platform Power, has stated, “Age verification technologies for pornography risk sensitive personal data being breached, collected, shared, or sold.”

The ORG has also pointed to similar proposals that were abandoned in Australia due to privacy and security concerns, suggesting that the UK should carefully consider these issues to avoid unintended consequences. Civil society groups have similarly criticised Ofcom for allegedly prioritising changes suggested by the tech industry over recommendations from privacy advocates to strengthen the codes.

Campaign group Big Brother Watch has also highlighted risks associated with age assurance methods, including data breaches, digital exclusion, and the erosion of online privacy. They argue that while protecting children online is essential, many age verification technologies could create new vulnerabilities, particularly around data security.

Some critics have also drawn attention to unintended consequences observed in similar initiatives elsewhere. For instance, when Louisiana introduced age verification laws for pornography sites, traffic to regulated platforms dropped by 80 per cent. However, users did not stop accessing explicit material and instead migrated to less-regulated and potentially more harmful corners of the internet.

This sentiment has also been echoed by Aylo, the parent company of Pornhub, which has criticised the measures as “ineffective, haphazard and dangerous.” The company warned: “These people did not stop looking for porn; they just migrated to darker corners of the internet that don’t ask users to verify age. In practice, the laws have just made the internet more dangerous for adults and children.”

These criticisms highlight the tension between enhancing online safety for children and preserving individual privacy rights in the digital realm. While the regulations aim to protect vulnerable users, critics argue that their implementation must be carefully managed to avoid creating new risks or driving harmful behaviours underground.

Looking Ahead

Ofcom’s guidelines are a step forward in addressing the long-standing issue of children’s exposure to harmful online content. By enforcing robust age assurance, it’s hoped that the measures can foster a safer online environment while balancing privacy considerations for adults.

As the July 2025 deadline approaches, the challenge will lie in ensuring that platforms adopt these measures effectively, without creating unintended consequences or compromising user rights. With rigorous enforcement and collaboration between regulators, platforms, and the safety tech industry, these changes could redefine online safety in the UK.

What Does This Mean For Your Business?

The introduction of Ofcom’s age verification regulations could be a pivotal moment in the effort to create a safer digital environment, particularly for children. By requiring websites and apps to implement robust age assurance systems, the UK aims to address the significant risks posed by children’s exposure to harmful online content, ensuring they are protected during formative years.

The potential benefits are clear, i.e. stronger safeguards for children, a reduction in exposure to inappropriate material, and a reinforcement of the UK’s leadership in tech-safety innovation. These measures signal progress in holding platforms accountable for their content and prioritising the safety of vulnerable users. As Julie Dawson of Yoti points out, creating “safe spaces online” is essential, and the consistent enforcement of age assurance can help achieve this goal.

However, this ambitious undertaking is not without its challenges. Privacy and rights campaigners have raised (valid) concerns about the risks of data breaches, digital exclusion, and the potential erosion of online privacy. The possibility of unintended consequences, such as users migrating to less-regulated corners of the internet, further complicates the picture. Critics, including Aylo and Big Brother Watch, have emphasised the need for careful implementation to avoid exacerbating existing risks.

For platforms, the regulations will demand a shift in how they manage user access and content. Implementing robust age verification systems will likely require significant investment in new technologies, such as photo ID matching or facial age estimation. Smaller platforms, in particular, may face challenges in meeting these requirements without external support or resources. Also, platforms must carefully balance compliance with privacy concerns to maintain user trust, particularly as adults begin to notice changes in how they access services.

Advertisers, too, will need to adapt. Platforms that introduce age verification systems may see shifts in user demographics, potentially affecting audience reach and targeting strategies. Advertisers that rely on platforms hosting adult content may need to navigate a changing landscape where regulated and unregulated spaces coexist, with a heightened emphasis on compliance and ethical advertising.

The success of these regulations will, therefore, ultimately depend on how well they balance the protection of children with the rights and privacy of all users. Ofcom’s approach, which allows space for technological innovation while setting clear standards, provides a solid foundation. However, ongoing dialogue and collaboration between regulators, platforms, advertisers, and advocacy groups will be essential to address concerns and adapt to unforeseen challenges.

As the July 2025 deadline draws closer, the spotlight will remain on how platforms respond to these requirements, how advertisers adjust their strategies, and how effectively Ofcom enforces the new rules. If managed successfully, the hope is that these measures could set a global benchmark for online safety, shaping a digital landscape where safety, privacy, and commercial interests coexist harmoniously.

The US International Trade Commission (ITC) has issued a scathing complaint against web-hosting giant GoDaddy, accusing the company of failing to implement basic cybersecurity tools and practices since 2018.

What Is the ITC, and What Is the Complaint?

The ITC is a US federal agency responsible for enforcing trade laws, addressing unfair trade practices, and protecting industries from harm. Although its remit typically covers trade-related matters, it has increasingly expanded its oversight to include consumer protection, particularly in cases where corporate failings have broader implications for commerce and public interest.

In a recent formal complaint, the ITC alleged that GoDaddy violated Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive business practices. Despite marketing itself as a secure and reliable hosting provider, GoDaddy (according to the ITC) failed to live up to its claims, thereby leaving millions of customer websites vulnerable, resulting in multiple security breaches and significant data compromises.

The Allegations in More Detail

The ITC’s complaint paints a troubling picture of GoDaddy’s cybersecurity practices (or lack of them). It accuses the company of failing to implement even the most rudimentary safeguards to protect its hosting environment. Among the lapses cited by the ITC are the absence of essential measures such as multi-factor authentication (MFA), proper asset inventory, and robust threat monitoring.

Specifically, the ITC’s complaint (published online) identified the following failings:

– No centralised asset management. As of 2020, GoDaddy had visibility over only 15,000 devices out of the approximately 450,000 in its environment.

– Irregular patch management. Despite a policy requiring critical updates to be applied within 30 days, GoDaddy relied on scattered teams to handle patches with no central oversight, leading to unpatched vulnerabilities across thousands of servers.

– Inadequate logging and monitoring. Security-related events were inconsistently logged, making it difficult to investigate breaches or suspicious activity.

– Weak authentication practices. The company relied on username/password combinations without requiring MFA for privileged accounts until 2020, thereby exposing sensitive systems to unauthorised access.

– Network mismanagement. A lack of segmentation between shared hosting and other services enabled threat actors to move laterally within GoDaddy’s infrastructure.

– API insecurity. GoDaddy’s APIs, critical for managing customer data, used outdated protocols, such as plaintext credentials, leaving them highly susceptible to interception and exploitation.

A History of Breaches and Consequences

The ITC report also details several high-profile security incidents that occurred under GoDaddy’s watch, starting back in 2019. The ITC alleges that these breaches highlight the tangible risks posed by the company’s inadequate security measures.

The 2019-2020 Breaches

A breach in October 2019 saw attackers exploit vulnerabilities in GoDaddy’s infrastructure to move laterally into its shared hosting environment. Threat actors replaced critical server files with malicious versions, ultimately compromising customer and employee login credentials. Shockingly, these intrusions went undetected for six months until another unrelated event in March 2020 prompted an external security audit.

During this time, attackers reportedly stole credentials for over 28,000 customer accounts and 199 employees, gaining administrative access to key systems. The breach also involved the theft of approximately 1,000 payment card details.

2021 WordPress API Breach

In November 2021, GoDaddy discovered another breach targeting its Managed WordPress hosting service. This time, attackers exploited an exposed API, obtaining data for 1.2 million customers, including email addresses, private encryption keys, and login credentials for WordPress and database management tools. Evidence suggests the attackers used this access to plant malware and commit search engine optimisation (SEO) fraud, misleading visitors and search engines alike.

2022 Malware Resurgence

The most recent breach, in December 2022, saw the same threat actors return to exploit remnants of the 2019-2020 compromise. This time, attackers deployed malware that redirected visitors to customers’ websites to malicious destinations, such as phishing pages or explicit content. Despite the repeated nature of these attacks, the ITC alleges that GoDaddy failed to proactively detect the intrusion, learning of it only through customer complaints.

Impact on Customers and the Broader Ecosystem

The consequences of GoDaddy’s (alleged) failings have been far-reaching. Small businesses that rely on its hosting services have endured significant disruptions, including compromised websites, stolen customer data, and tarnished reputations. Some customers have faced financial fraud or identity theft, while others have spent substantial time and resources remediating the damage caused by breaches.

The ITC’s complaint makes the point that these harms were entirely avoidable had GoDaddy employed widely available, low-cost security measures. Also, it accuses the company of misleading customers by marketing its services as secure while failing to back these claims with appropriate protections.

GoDaddy’s Response and the Way Forward

In response to the ITC’s allegations, GoDaddy has neither admitted nor denied the charges but has agreed to implement a comprehensive security overhaul. This includes creating a centralised inventory of its hardware and software, adopting SIEM (Security Information and Event Management) tools for real-time threat detection, and enforcing MFA across all privileged accounts.

A spokesperson for the company stated: “We are committed to safeguarding our customers’ data and continually improving our security posture. Many of the measures outlined in the settlement are already underway.”

The Settlement

Despite the gravity of the accusations and the scale of harm outlined in the ITC’s complaint, the settlement agreement struck with GoDaddy has left some questioning its adequacy. Under the terms of the proposed deal, GoDaddy must implement sweeping improvements to its cybersecurity practices. This includes undergoing regular, independent third-party assessments of its security programme and adhering to a ban on making deceptive claims about its data protection efforts in the future.

Notably, the ITC has not imposed any fines but has warned that future violations could result in penalties of up to $51,744 per breach.

What’s Next?

The ITC has opened the settlement for public comment, and its finalisation will mark a critical juncture for GoDaddy. The case serves as a cautionary tale for other companies, demonstrating the risks of neglecting cybersecurity in an increasingly hostile digital landscape.

What If You’re A Business Customer of GoDaddy’s?

For businesses that rely on GoDaddy’s hosting services, the revelations in the ITC’s complaint may understandably be a little unsettling. Many may now be questioning whether their websites or customer data were compromised in the breaches. Those who suspect they have been affected can review communications from GoDaddy, as the company has stated that it notified impacted customers following major incidents. Also, another option for businesses may be to engage independent security experts to audit their sites and data for any lingering vulnerabilities. Moving forward, customers will need to think carefully about whether GoDaddy’s promised security enhancements can restore their confidence or if alternative hosting providers may better meet their needs.

What Does This Mean For Your Business?

As one of the largest web-hosting providers, GoDaddy holds a significant position of responsibility, safeguarding not only its customers but also the broader ecosystem of internet users who interact with its hosted websites. The ITC’s findings, therefore, paint a very concerning picture of (allegedly) some very basic and systemic failures in cybersecurity practices over several years, leading to serious breaches that have impacted countless businesses and their customers.

For GoDaddy, the settlement offers a chance to repair its reputation and demonstrate a renewed commitment to cybersecurity. Although the lack of financial penalties has been surprising to some, it appears to be more of a case of getting some swift remedial action rather than prolonged litigation. However, it is understandable that some stakeholders may view the resolution as lenient, given the scale of the alleged failings and the potential harm caused. The onus is clearly now on GoDaddy to follow through on its promises and implement the sweeping changes outlined in the settlement.

For businesses affected by the breaches, the road to recovery may be a long and complex one. While GoDaddy’s notification efforts and security improvements may offer some reassurance, the damage to customer trust and the potential for lingering vulnerabilities remain pressing concerns. Businesses should, perhaps, weigh the risks and benefits of continuing their reliance on GoDaddy and consider proactive steps to safeguard their operations, regardless of the hosting provider they choose.

This case serves as a wake-up call for the entire tech industry, underscoring the need for vigilance in an era of evolving cyber threats. Basic security hygiene, while often viewed as a standard requirement, is essential to maintaining trust and preventing harm on a global scale. For organisations of GoDaddy’s stature, the stakes are even higher, as lapses in security can reverberate far beyond their own systems.

The ITC’s intervention, therefore, not only holds GoDaddy to account in some way but also sends a clear message to the industry, i.e. that data protection and cybersecurity are not optional. As businesses and consumers alike navigate the fallout, the hope is that this episode will lead to meaningful changes, not just for GoDaddy but for the industry as a whole, ensuring a more secure digital landscape for everyone.

Discover how to use Windows 11 Energy Saver to extend your laptop’s battery life and reduce energy consumption, with straightforward steps to customise it to your needs.

What Is The Energy Saver Feature?

Windows 11 includes a robust Energy Saver feature designed to help laptops run longer on battery power by optimising system settings. This tool adjusts background processes, screen brightness, and other power-intensive tasks to strike the right balance between performance and energy efficiency. So, whether you’re working remotely, travelling, or just trying to reduce electricity costs, here’s how to make the most of this feature.

Step 1: Ensure Your System is Compatible

To use the Energy Saver feature, your laptop must be running Windows 11 version 24H2 or later. To confirm your version:

– Press the Windows key and click Settings.

– Navigate to System and select About at the bottom of the sidebar.

– Under “Windows specifications,” check the version number listed next to Version. If it reads “24H2” or higher, you’re ready to proceed.

– If your version is older, click Windows Update in the same menu and then select Check for updates. Install any available updates to ensure you’re running the latest version.

Step 2: Enable Energy Saver Mode

Once you’ve confirmed compatibility:

– Open Settings and go to System, then click Power & battery.

– Scroll down to the Battery section and expand the Energy saver menu.

– Enable the Always use Energy Saver option to have it active at all times, or choose to activate it automatically when your battery reaches a specified level. For example, setting this to 20 per cent ensures Energy Saver kicks in when the battery is running low.

Step 3: Adjust Screen Brightness Settings

The laptop screen is one of the largest power drains. Energy Saver can reduce the screen’s brightness automatically:

– In the Power & battery menu, enable Lower screen brightness when using Energy Saver. This dims the screen slightly whenever Energy Saver is active, helping conserve battery power.

– If you find the dimmed brightness too low for your needs (e.g. in bright environments), you can turn this setting off or manually adjust the screen brightness using the slider in the system tray.

Step 4: Optimise Sleep and Screen Time-Outs

To minimise energy waste when your laptop is idle:

In the Power & battery menu, click Screen, sleep, & hibernate time-outs.

– Set shorter intervals for Turn my screen off after and Make my device sleep after. For example, choosing 3 minutes for screen off and 10 minutes for sleep ensures your laptop conserves power when inactive.

Step 5: Configure Power Modes

Customise how your laptop balances performance and efficiency:

– In Power & battery, scroll up to Power Mode and select your preferred setting:

– Best power efficiency: Minimises energy consumption, ideal when running on battery.

– Balanced: Offers a mix of energy savings and performance, dynamically adjusting settings.

– Best performance: Prioritises speed over energy savings, more suitable when plugged in.

– Selecting Best Power Efficiency ensures maximum battery longevity.

Step 6: Explore Energy Recommendations

Windows 11 provides tailored recommendations to further optimise energy usage:

– At the top of the Power & battery page, click Energy recommendations.

– Work through the suggestions listed, which may include enabling dark mode or fine-tuning other settings. Green ticks indicate recommendations already applied.

Step 7: Manage Background Apps

Some applications running in the background can unnecessarily drain battery power. To control this:

– In Settings, go to Apps, then Installed apps.

– Locate any app you wish to manage, click the three dots next to it, and select Advanced options.

– Under Background app permissions, set the app to Power optimised (recommended) or Never to prevent it from running when not in use.

– By limiting unnecessary background activity, your laptop will conserve power more effectively.

Enjoy Longer Battery Life

Using the Energy Saver feature and additional power management tools in Windows 11, you can significantly extend your laptop’s battery life without compromising functionality. Whether you’re conserving energy at home or ensuring your laptop lasts through a long workday, these steps provide a straightforward way to optimise your device for efficiency. Try these adjustments today to experience the difference.

The UK government is consulting on plans to ban ransomware payments by public sector bodies and critical national infrastructure (CNI) to disrupt the financial model underpinning cybercrime.

The proposals also include mandatory reporting of ransomware attacks and measures to block payments to criminal groups, aiming to reduce the threat and support law enforcement investigations.

Ransomware is the most serious cybercrime threat to the UK, with attacks on organisations like the NHS and Royal Mail causing widespread disruption and recovery costs. Security Minister Dan Jarvis highlighted the urgency of action, noting $1 billion was paid globally to ransomware groups in 2023.

Banning payments would make public organisations less attractive targets, while mandatory reporting would provide intelligence to help disrupt criminal networks. Penalties for non-compliance, such as fines or leadership bans, are also being considered to ensure adherence.

This initiative is part of a wider strategy to strengthen the UK’s cyber resilience, complementing global efforts like the disruption of the LockBit network and sanctions against major ransomware groups.

Businesses are advised to adopt strong cybersecurity measures, including frameworks like Cyber Essentials, regular data backups, and tested incident response plans, to mitigate the risk and impact of ransomware attacks.