The UK government has unveiled sweeping new cyber legislation that could see organisations hit with fines of up to £100,000 (per day!) if they fail to respond to threats in time – a move that dramatically raises the stakes for IT providers, critical service operators, plus their supply chains.

Tough New Rules Aimed at Critical Infrastructure and the Tech Supply Chain

The draft Cyber Security and Resilience (CSR) Bill, formally outlined this week by technology secretary Peter Kyle, seems to be setting out a more aggressive approach to cyber regulation in response to what ministers describe as “unprecedented threats” to the UK’s digital and physical infrastructure.

Crucially, the bill expands the scope of current regulations and will bring managed service providers (MSPs), IT suppliers, and potentially datacentre operators into the same regulatory framework as public utilities and emergency services. This means that for the first time, commercial tech firms (up to 1,000 of them by current estimates) could be legally obliged to meet strict cybersecurity standards or face financial penalties.

“Economic growth is the cornerstone of our Plan for Change,” said Kyle, “And ensuring the security of the vital services which will deliver that growth is non-negotiable.”

Three Core Pillars – and a Sharp Set of Teeth!

The new bill is built on three pillars. First, widening the scope of the UK’s existing Network and Information Systems (NIS) regulations to include more types of organisations. Second, giving regulators stronger powers to enforce those rules and third, allowing government to rapidly update the rules in response to new and emerging cyber threats.

What’s new (and raising a few eyebrows) is the addition of discretionary government powers to issue binding cyber directives in real-time. For example, if an in-scope organisation receives a formal order to patch a vulnerability or improve cyber defences in response to an active threat and fails to comply, it could face daily fines of up to £100,000, or 10% of turnover, whichever is higher.

The message, therefore, appears to be that falling short isn’t just risky but could be ruinously expensive.

Why Supply Chain Security Is Now Front and Centre

The bill changes how cyber risk is perceived at the national level. For example, instead of focusing solely on headline-grabbing ransomware events or attacks on high-profile utilities, the government now appears to be turning its attention to the digital supply chain, i.e. the vast network of IT support firms, software providers, and cloud service operators that underpin the UK economy.

For example, the Cloud Hopper espionage campaign, which targeted MSPs to indirectly infiltrate governments and corporations, is a cautionary tale of how supply chain vulnerabilities can be weaponised at scale. Likewise, the recent breach of the Ministry of Defence’s payroll system showed how even indirect routes into sensitive data can have real-world consequences.

The UK’s National Cyber Security Centre (NCSC) is backing the approach, and as NCSC CEO Richard Horne says: “The Cyber Security and Resilience Bill is a landmark moment,” adding that “It will improve the cyber defences of the critical services on which we rely every day, such as water, power and healthcare.”

Datacentres and the Next Phase of CNI Regulation

The government is also strongly considering bringing datacentre operators into the bill’s remit, a step it hinted at last year when these facilities were designated as critical national infrastructure (CNI).

If passed, this could affect more than 180 UK-based datacentres and over 60 operators, according to industry figures. While exact compliance requirements haven’t yet been defined, it’s expected that these facilities will be subject to the same incident reporting rules and real-time intervention powers as other in-scope entities.

What’s more, ministers are exploring the use of AI tools to help detect and respond to threats inside these physical and virtual infrastructure hubs.

Mandatory Incident Reporting Tightens Timelines

Another key change is a tightening of mandatory reporting timelines. Organisations in scope of the CSR Bill will need to notify regulators and the NCSC of significant incidents within 24 hours – faster than the 72-hour window required by both the EU’s NIS2 directive and the US’s CIRCIA.

A full report must follow within 72 hours, creating a dual-stage reporting process that places UK organisations under one of the most stringent regulatory regimes in the world.

As technology secretary Peter Kyle says: “This is not just red tape,” but rather “It’s about making sure we know, quickly, when something serious is happening – and being able to act fast.”

Why This Isn’t a ‘One and Done’ Job

Legal experts and cyber risk consultants are warning that the scale of the challenge posed by the new rules is significant, i.e. not just in terms of cost, but also the time and effort required. For example, even well-resourced organisations could find the process of aligning legacy infrastructure with modern cyber resilience standards a long and complex task.

The key point that many are making is that cyber security is not something that can be addressed once and then forgotten. With threats constantly evolving, businesses will need to build ongoing investment and regular system upgrades into their operations. The burden, therefore, isn’t going to be just technical, but will also demand sustained leadership focus and cultural change across entire workforces. In other words, achieving compliance in this case is going to be a continuous journey.

Statutory Powers and Strategic Priorities

As well as giving regulators sharper enforcement tools, the bill proposes that the government publish a unified Statement of Strategic Priorities (updated every three to five years) to guide the approach of different regulators. This aims to bring consistency and clarity to enforcement across sectors, ensuring that energy, healthcare, and IT providers all face comparable expectations.

The government would also be granted the power to issue emergency directions to organisations where needed. This could prove vital in responding to fast-moving attacks, such as zero-day exploits or geopolitical cyber events.

Rising Threats, Rising Costs

The need for faster, tougher intervention isn’t theoretical. In 2023, attacks on UK utility firms surged by 586 per cent, according to reinsurance firm Chaucer. The NCSC dealt with 89 nationally significant incidents (up from 62 the previous year) including 12 so serious they required COBR (Cabinet Office Briefing Rooms) meetings.

Notably, one of the most damaging incidents of last year (i.e. the ransomware attack on NHS blood testing partner Synnovis) cost the NHS an estimated £32 million! Analysts have suggested that a well-coordinated attack on the energy grid in southeast England could cost the UK economy up to £49 billion!

In light of this, the CSR Bill is not just about compliance, but is also about protecting national prosperity.

What Does This Mean For Your Business?

The details of the Cyber Security and Resilience Bill seem to show that the intention is to move things from reactive firefighting to proactive, enforceable standards. For UK businesses, particularly those in the technology supply chain, the message is that cybersecurity isn’t simply optional, nor is it simply an IT issue. It is now a board-level priority with legal and financial consequences attached.

While some organisations, especially larger providers, may already have mature systems in place, many will find that aligning with the new expectations demands more than just a policy refresh. Compliance will mean revisiting internal processes, investing in tools and training, and developing the ability to respond quickly and transparently to incidents. Smaller IT firms, regional MSPs, and niche datacentre operators, who may not have considered themselves part of critical national infrastructure until now, are likely to face the steepest learning curve.

The government’s aim appears to be to ensure the resilience of the UK’s digital backbone, and it is using both carrot and stick to get there. On one hand, businesses are being offered access to NCSC resources and support frameworks like Cyber Essentials. On the other, they face heavy penalties if they fail to take action when directed. Regulators, too, will be expected to step up, with clearer powers and more tools to enforce consistent, effective oversight across all sectors.

For regulators, IT service providers, and businesses that rely on outsourced digital infrastructure, the implications are far-reaching. In the short term, there may be uncertainty over exactly how these rules will be applied and interpreted, especially as the list of in-scope organisations grows. But in the long term, the bill signals a new era in which resilience and responsiveness are the benchmark for doing business in a connected economy.

The stakes are high but, looking on the positive side, so is the opportunity to build a more secure, digitally confident UK. With attacks becoming more frequent, more sophisticated, and more costly, the government is hoping that strong, enforceable rules are the best way to safeguard both national infrastructure and future economic growth. For those now falling under the scope of this legislation, the clock has started ticking.

Experts are warning AI-generated receipts are now so convincing that they could be used to cheat company expense systems.

OpenAI’s latest image generator, part of its ChatGPT 4o model, allows users to create fake receipts in seconds, complete with logos, stains, and creases. Online examples show how easily these images can bypass expense software, raising concerns among security experts.

For example, AI researcher Raphael Chenol has reported demonstrating how altering dates and prices on realistic-looking receipts now takes just seconds, where once it required graphic design skills. He warned that without safeguards, companies could soon face a flood of fraudulent claims.

Other security commentators say the risk isn’t limited to employee expense claims. It seems there are growing concerns that criminals could impersonate staff, submit fake receipts, and trick finance teams into making payments, particularly when paired with email-based scams targeting company accounts.

Although OpenAI says its images contain metadata showing they’re AI-generated, this can be removed. The company has defended the tool’s flexibility, saying it can also be used for education and creative work.

To reduce the risk, experts recommend multi-step approval processes and secure digital verification methods. As deepfake receipts become harder to spot, companies will need to rely less on visual checks, and more on trusted, auditable systems.

In a move towards sustainable space colonisation, scientists at the University of Potsdam (Germany) have created working solar panels from molten Moon dust, hopefully paving the way for lunar bases powered by materials already found on the Moon.

Why Haul It Up There If You Don’t Have To?

Transporting anything into space is expensive. In fact, launching just one kilogram of material to the Moon currently costs around one million euros! So, when the idea of building a future lunar base comes up, energy will become one of the trickiest challenges. For example, how do you supply enough power to sustain human life, scientific activity, and possibly even construction, without blowing the budget on rocket fuel?

That’s the question a team led by Dr. Felix Lang at the University of Potsdam’s Institute of Physics and Astronomy set out to answer. Together with colleagues from the Technical University of Berlin, they’ve now demonstrated that it may be possible to manufacture solar panels directly on the Moon using its most abundant resource, i.e. lunar regolith (moon dust).

Turning Moon Dust into Moonglass

Lunar regolith, the loose, dusty material that covers the Moon’s surface, has long been seen as a nuisance for astronauts. However, it now seems that it could become one of the Moon’s most valuable resources. This dusty substance, composed mostly of silicon dioxide (SiO₂), aluminium oxide (Al₂O₃), and calcium oxide (CaO), can be melted into glass with the right heat source.

Using a lunar regolith simulant based on Apollo mission samples, the researchers melted this Moon dust into what they’re calling “moonglass”. Then, they layered it with an ultra-thin coating of perovskite, a crystalline material that’s light, flexible, and highly efficient at converting solar energy.

The result was a lightweight, radiation-resistant solar cell built, crucially, using minimal resources from Earth.

Scalable, Simple, and Surprisingly Resilient

What makes this discovery stand out isn’t just the ingenuity, it’s the practicality. For example, the solar cells require only a tiny amount of imported material. According to Dr. Lang, “These solar cells require ultrathin absorber layers of 500 to 800 nanometres only, allowing the fabrication of 400 square metre solar cells with just one kilogram of perovskite raw material brought from Earth.”

That’s a dramatic reduction in launch mass, potentially slashing it by 99 per cent compared to conventional space-based solar panels, which typically rely on heavy glass and other Earth-manufactured materials.

Even better, the production process doesn’t need any complex refining or purification. “The highlight of our study is that we can extract the glass we need for our solar cells directly from the lunar regolith without any processing,” Lang explained. “The process is also scalable so that the solar cells can be produced with little equipment and very little energy input.”

The team even tested the feasibility of melting regolith using a large curved mirror and concentrated sunlight in order to demonstrate that solar power itself could drive the production of the panels.

How Efficient Are They?

As may be expected, using moonglass instead of conventional transparent glass presents some limitations. For example, the material is milky and varies in colour and opacity depending on the regolith source, which affects how much sunlight can pass through.

Current prototypes have reached efficiencies of around 12 per cent, which is less than half of the 26 per cent typically achieved by standard perovskite cells. However, this is no small feat given the conditions. As Lang says: “In the beginning, it was unclear whether we could produce them in sufficient quality on impure regolith lunar glass.”

Refinements

That said, computer models suggest that (with refinements) these solar cells could eventually match the performance of their Earth-bound counterparts. Given their resilience to solar and cosmic radiation, which is critical in the Moon’s harsh, atmosphere-free environment, the trade-off in early efficiency may be worth it.

Building the Infrastructure for a Lunar Power Plant

Producing solar panels from local materials is just one piece of a much bigger puzzle. For any lunar energy project to succeed, a full infrastructure is needed, e.g. from regolith collection and glass production to solar panel assembly and maintenance.

Dr. Michael Duke from the Lunar and Planetary Institute points out that this kind of manufacturing will require significant technological development. “From excavating regolith to connecting individual cells into arrays, the engineering challenges are considerable,” he said. However, if these hurdles can be overcome, the benefits could extend far beyond the Moon.

An example of one future possibility is using the Moon as a launchpad to produce solar cells for satellites or space stations. Since launching from the Moon takes far less energy than from Earth, a Moon-based solar factory could support a wider network of off-planet energy production.

Critics Cautiously Optimistic

As great as the invention sounds, not everyone is convinced just yet. For example, although Nicholas Bennett from the University of Technology Sydney called the work “a first successful use of moonglass in a functioning solar cell,” he cautioned that the next big challenge lies in scaling production outside of the lab.

Other commentators have noted the advantages of using regolith but have also highlighted how questions remain about how feasible it would be to build large-scale systems on the Moon’s surface, especially with current robotics and autonomous technologies still developing.

That said, there appears to be a strong scientific interest in pushing the concept forward. The Potsdam team is now investigating whether the glass quality could be improved by using magnets to filter out iron content before melting the regolith.

A Future Built on Dust and Light?

As the world gears up for a new era of space exploration, with NASA’s Artemis missions aiming to return humans to the Moon and establish a sustainable presence, technologies like this could prove pivotal. Space agencies and private companies alike are increasingly looking at “in-situ resource utilisation” (ISRU) as the key to long-term success.

It’s also worth noting here that this isn’t the only innovation involving lunar dust. Other research teams are exploring how to 3D-print Moon bases from regolith, extract oxygen from it for breathing or fuel, and even melt lunar ice using space mirrors to create drinkable water.

As Dr. Lang puts it, the work is already sparking the next wave of ideas: “We are already thinking, ‘Can we make this work with Mars regolith?’” It seems that the age-old annoyance of Moon dust could become a cornerstone of humanity’s off-world future.

What Does This Mean For Your Organisation?

The idea of building solar panels from Moon dust seems to be both clever and a logical response to the logistical and environmental costs of hauling materials from Earth. By proving that regolith can be turned into usable glass without any complex processing, the Potsdam team appears to have taken a major step toward true in-situ resource use. If scaled successfully, this method could allow future lunar bases to generate their own electricity with minimal imports, reducing reliance on costly Earth launches and drastically cutting the carbon footprint of long-term missions.

For space agencies, that means a more sustainable model for exploration, and one that’s not only greener, but also more resilient. For scientists, it opens up the possibility of powering instruments, life support systems and habitats in some of the harshest conditions imaginable. Also, for commercial space firms, it offers a route to building infrastructure directly on the Moon using fewer resources and less energy.

UK businesses involved in clean energy, advanced materials, aerospace engineering or autonomous systems could have a key role to play here. As space programmes increasingly look for Earth-based partners to develop and supply off-world technologies, firms that specialise in thin-film photovoltaics, automated construction, or regolith processing could find themselves part of the next space economy. With the UK already supporting innovation in lunar missions through partnerships with ESA and its own Space Agency initiatives, the groundwork is being laid for real involvement in future Moon infrastructure.

However, before getting too carried away, it’s worth noting that there’s still plenty to prove. For example, efficiency gains are needed, large-scale production methods must be tested, and robotic assembly systems will need to be far more advanced than what exists today. Accepting that there are still some major challenges, it’s also worth acknowledging that as a proof of concept, this research challenges long-held assumptions about what’s possible in space. It essentially means that the Moon is no longer just a blank canvas but is becoming a resource in its own right.

As the line between space innovation and sustainable engineering continues to blur, it’s increasingly likely that the breakthroughs made for lunar survival will feed directly back into how we build, power and conserve resources here on Earth.

ChatGPT has recently made a dramatic difference to the images you can produce and this video provides five examples of how it can be used – impressive stuff!

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Do you spend ages dragging emails into folders, forwarding the same replies, or flagging messages for follow-up? Outlook’s ‘Quick Steps’ can automate all of that, turning multi-click jobs into a single tap. Here’s how to use it:

Why it’s useful:

Quick Steps are great for saving time on repetitive actions. You can set up shortcuts to do things like:

– Move invoices into a specific folder and mark them as read.
– Forward a client message to your manager with a standard intro.
– Flag emails from important customers and categorise them in one go.
– Reply with a template and archive the thread immediately after.

How to set it up:

– Open Outlook and go to the Home tab.
– Look for the Quick Steps group in the ribbon, then click Create New.
– Give your step a name, choose the actions you want it to perform, and (optional) assign a shortcut key.
– Click Finish.

If you regularly deal with the same kinds of emails, Quick Steps can cut hours off your inbox admin over the course of a week. It’s one of those features that’s easy to miss, but once you start using it, you won’t go back.

ChatGPT’s image generation tools have just received a major upgrade, and while everyone is busy turning politicians into dreamy ‘Studio Ghibli’ characters, OpenAI’s (quiet) policy changes may prove to be the bigger story.

A New Visual Brain for ChatGPT

At the centre of this update is GPT-4o, OpenAI’s new omnimodal model. Unlike previous tools like DALL·E (which bolted image generation onto ChatGPT from the outside), GPT-4o builds it into the core of the chatbot. The result appears to be faster, sharper, and more context-aware image outputs.

This means ChatGPT can now:

– Generate photorealistic images directly from prompts.

– Follow detailed instructions more precisely (including rendering readable text in images).

– Edit existing pictures, including transforming or “inpainting” people and objects.

The upgrade is currently available for Pro users paying $200/month, with OpenAI promising access will “soon” be extended to Plus and free-tier users as well as API developers.

Users Experimenting

It’s been reported that users have been experimenting with the upgraded version, including uploading selfies and asking ChatGPT to transform them into Pixar-style avatars or place them in scenic landscapes. Others have reportedly been feeding the tool prompts like “Donald Trump in a Ghibli forest” (a dreamy, nature-filled setting inspired by Studio Ghibli films) or “South Park characters debating in Parliament” and got eerily convincing results.

Why Studio Ghibli Is Suddenly Everywhere

It seems it didn’t take long for social media to explode with whimsical, pastel-hued images that seemed plucked straight from ‘My Neighbour Totoro’ or ‘Spirited Away’, i.e. two of Studio Ghibli’s most iconic animated films. The reason is likely to be because GPT-4o’s new model was trained on a wide range of styles, including those reminiscent of iconic animation.

While OpenAI insists it avoids mimicking the work of any living artist (it actively blocks prompts that explicitly request such imitations) it seems clear to many that the model can now reproduce stylistic “vibes” with uncanny accuracy. This explains how the internet managed to flood X and Instagram with Ghibli-inspired memes within days.

However, this artistic mimicry has raised some eyebrows. A resurfaced 2016 video of Studio Ghibli co-founder Hayao Miyazaki calling AI-generated art “an insult to life itself” has been doing the rounds again, reigniting the debate around AI and artistic originality.

Soften the Rules, Sharpen the Debate

Perhaps the most quietly controversial part of this launch is what OpenAI removed. GPT-4o comes with a notably relaxed set of safeguards around image generation. While safety features still exist, especially for minors and violent or abusive content, the rules have actually changed quite significantly. For example, ChatGPT can now:

– Generate images of public figures like Elon Musk or Donald Trump.

– Depict racial features and body characteristics on request.

– Show hateful symbols (like swastikas) if done in educational or neutral contexts.

– Mimic the aesthetic of well-known studios (e.g. Pixar, Ghibli), though not named living artists.

Joanne Jang (OpenAI’s model behaviour expert) has explained the move as a shift from blanket refusals to more nuanced moderation, saying, “We’re focusing on preventing real-world harm,” and “Not just avoiding discomfort.”

For example, ChatGPT used to reject prompts like “make this person heavier” or “add Asian features,” assuming them to be inherently offensive. Now, such requests are allowed if they are presented in a neutral or user-specific context.

This reflects OpenAI’s broader philosophy that censorship by default may suppress creativity or unfairly judge user intent. As Jang wrote in a recent blog post, “Ships are safest in the harbour,” adding “but that’s not what ships — or models — are for.”

Safety Isn’t Gone, It’s Just Different

That’s not to say the floodgates are wide open. Despite the apparent loosening of rules, the new image generator still uses a layered safety stack that includes:

– Prompt blocking (for inappropriate text before image generation).

– Output blocking (for images that breach policy after they’re made).

– A sophisticated moderation system, including child safety classifiers.

– Refusal triggers for prompts involving living artists or sexualised content.

Also, unlike earlier tools, GPT-4o seems especially cautious around children. It won’t allow editing uploaded images of realistic children and applies stronger classifiers to detect potential misuse involving minors.

Performance metrics from OpenAI’s system card also show the updated safety stack performs better than previous versions, especially in areas like gender and racial diversity. It’s been reported that in one test, 4o image generation produced diverse outputs 100 per cent of the time for group prompts compared to 80–89 per cent for DALL·E 3.

The Benefits for Users

The new capabilities have clear commercial potential. Designers, marketers, developers and content creators can now produce custom visuals, mockups, product renders, and marketing illustrations with minimal friction. For example:

– A property developer could quickly visualise housing concepts in different styles.

– An education provider could create bespoke, text-rich diagrams for course materials.

– A social media agency could mock up viral meme formats in seconds.

With enhanced control over composition, text, and detail, plus the ability to edit and iterate on existing images, GPT-4o appears to be taking AI image generation a step closer to mainstream creative workflows. Also, with API access rolling out, this could also give rise to entirely new applications built on top of GPT-4o, from instant avatar builders to interior design preview tools.

Risks, Especially Around Trust and IP

Despite the excitement, this change is far from risk-free. For example, allowing depictions of public figures or sensitive racial and political symbols opens the door to misinformation, reputational damage, and potential misuse.

Even if OpenAI prohibits images that “praise extremist agendas,” critics worry that fringe users could find ways to skirt those limits or that mainstream users might be unaware of the implications of what they’re creating.

There’s also the ever-present issue of copyright. Training on “publicly available” data and corporate partnerships (e.g. with Shutterstock) may cover some ground but as Studio Ghibli-style memes go viral, the question of fair use resurfaces.

For businesses, this raises two key concerns:

1. Reputational risk. Could AI-generated visuals be misattributed, manipulated, or used maliciously?

2. Legal exposure. Could brand-generated content be seen as infringing on artistic or personal likeness rights?

As with previous AI developments, what’s technically possible may soon outpace what’s legally clear or culturally acceptable.

What It Means for the Wider AI Landscape

OpenAI’s move comes just weeks after Google faced backlash over Gemini’s historical inaccuracies and image bias, and amid growing political scrutiny. In the US, Republican lawmakers are probing tech firms over alleged censorship, a backdrop that likely informed OpenAI’s more libertarian-leaning policy update.

By relaxing its image generation rules now, OpenAI seems to be signalling that it trusts both its technology and its users enough to let go of some of the training wheels, and is (presumably) willing to weather the inevitable criticism if it means retaining or gaining ground against rising competitors like MetaAI.

What Does This Mean For Your Business?

OpenAI’s latest update appears to have placed ChatGPT on a new creative footing – one that blends impressive technical progress with a deliberately looser grip on content control. In doing so, the company looks like steering away from the more cautious posture that has defined much of the AI sector to date (with the notable exception of Grok). Whether that’s a bold move or a risky one depends very much on how the public, regulators, and commercial users respond in the months ahead.

For UK businesses in particular, the upgrade could mean the ability to generate high-quality, editable, and highly specific imagery using a chatbot could significantly reduce production times for everything from ad campaigns to training materials. The tools now on offer may make it far easier for SMEs and creative agencies to iterate visually without relying on third-party design services, a potential leveller in an increasingly competitive digital landscape. For marketing teams, the prospect of generating branded content, explainer graphics, or social media visuals with a single prompt is clearly appealing.

However, those same businesses will need to tread carefully. As copyright debates heat up and content provenance tools remain in their early stages, there’s a real risk that missteps (however unintentional) could carry legal or reputational consequences. The temptation to experiment with viral visual styles or public figures is likely to be strong, but so will the scrutiny. Companies looking to incorporate these tools into their workflows will likely need internal guidance, or even new policies, around AI-assisted visual content.

Meanwhile, for artists, regulators, and platform providers, the questions are only getting thornier. What counts as fair use in an age of style mimicry? Who decides whether a request is educational, offensive, or somewhere in between, and how do companies like OpenAI draw policy lines that are both ethically sound and commercially sustainable? The fact that ChatGPT now permits the creation of imagery that was off-limits just weeks ago, including depictions of politicians, sensitive racial traits, and even controversial symbols, now appears to reflect a broader change in how AI firms are interpreting their responsibilities.

In truth, it may be the AI market itself that forces the next evolution. With rivals like Google and Meta pursuing their own image-generation models and competing for developer mindshare, the pressure is on to deliver not just safety, but usability. OpenAI’s gamble appears to be that with the right blend of user freedom and behind-the-scenes safeguards, it can satisfy both the creative crowd and the cautious boardroom.