European Parliament paves path for tighter spyware export controls

The EU is cracking down on authoritarian regimes' access to surveillance tech.
Cell phone

The European Parliament announced Monday that it is taking steps to curtail the exportation of surveillance technologies, including spyware, outside of the European Union.

The action clears the path for the European Union to establish new ground rules for the export and sale of so-called dual-use technologies, which can be used in legitimate but also malicious ways that violate human rights. The premise of the new rules is to limit authoritarian regimes’ ability to “secretly get their hands on European cyber-surveillance,” Markéta Gregorovà, a member of European Parliament and a lead negotiator of the new scheme, said in a statement.

The new guardrails will include an update to European export controls, such as inclusion of licensing criteria that more heavily emphasizes human rights, and an EU-wide scheme that dictates stricter export reporting requirements for member states.

“Parliament’s perseverance and assertiveness against a blockade by some member states has paid off: respect for human rights will become an export standard,” Bernd Lange, a head of the negotiating delegation and member of European Parliament, said in a statement. “It is an EU milestone, as export rules for surveillance technologies have been agreed for the first time. Economic interests must not take precedence over human rights.”


Human rights groups and advocates have been trying to make inroads in limiting the export of spyware in recent years around the world, but have been obstructed by courts and lack of political will. The EU’s forthcoming stricter controls on the transfer of spyware marks a step forward for those trying to stymie human rights abuses that can result when surveillance technologies fall into the wrong hands.

Officials at the United Nations called last year for a moratorium on the sale, transfer, and export of spyware worldwide. Security researchers have also called for stricter controls on state-sponsored malware and surveillance tools.

But when lawyers from Amnesty International asked a judge in Israel to revoke the export license of Israeli software surveillance firm NSO Group over allegations its technologies were used against dissidents and human rights activists, they were rejected.

European Parliament’s announcement is not entirely a surprise — the EU has been working to better control dual-use technologies for years. The move comes four years after the European Commission tabled a proposal on how EU member states sell dual-use goods outside the bloc, in which negotiators argued surveillance technologies must be included in consideration.

“The type of arms most relevant for armed conflicts have changed over time and continue to change rapidly,” the negotiators wrote in an explanatory statement. “The EU needs to react to this threat by including cyber technologies in the EU export control regime, so that this technology is not used to seriously violate human rights and, thereby, undermine security, democracy, pluralism and freedom of expression.”


The action is not finalized yet, as the International Trade Committee, Parliament, and the Council still need to endorse the agreement, according to European Parliament.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts