Skip to Content

European Policy, Government Surveillance

Civil Society Open Letter in Response to Recent Spyware Abuse Cases in the EU

/ Silvia Lorenzo Perez, Joanna Tricoli

CDT Europe, alongside twelve civil society and journalist organisations, all members of the Spyware Coordination Group, have published an open letter addressed to the EU Institutions, expressing grave concerns about the continued unchecked use of spyware within the European Union. We hence urge EU Institutions to take concrete, coordinated action to respond to the growing threats posed by spyware, strengthen the security and resilience of Europe’s digital infrastructure and cyberspace, and address the proliferation of commercial surveillance technologies within the EU internal market.

The letter highlights that despite continued evidence of spyware misuse, including recent cases involving the deployment of Paragon’s spyware against journalists and human rights defenders, little meaningful follow-up has occurred since the European Parliament’s PEGA Committee issued its key recommendations in 2022. 

The coalition also raises concerns that, in the absence of a EU regulatory framework, several EU Member States have reportedly emerged as key hubs for the spyware industry, a result of fragmented national laws and uneven oversight, which have allowed certain jurisdictions to become entry points for spyware vendors into the EU internal market.

While there is growing recognition of the need to regulate spyware, as reflected in international, non-binding multi-stakeholder efforts such as the Pall Mall Process, the letter stresses that the EU can provide the necessary political momentum, regulatory coherence, and oversight to translate national pledges made by Member States through the Pall Mall Code of Practice into an effective, union-wide response that upholds democratic values and fundamental rights.

The letter calls for urgent and coordinated EU action to address the ongoing violations and ensure the protection of the rule of law and fundamental rights enshrined in the EU Charter and European Convention on Human Rights. In particular, we urge EU Institutions to adopt transparent regulatory action, particularly in areas that fall within the EU’s competence, including fundamental rights, the rule of law, internal market regulation, export controls, and cybersecurity. 

Read the full letter.

Related Reading

Open Joint Letter against the Delaying and Reopening of the AI Act
"Lifting the Veil: Advancing Spyware Regulation in the EU" event visual

6th Civil Society Roundtable on Advancing Spyware Regulation in the EU
The CDT logo. A light and dark grey "cdt" alongside "Center for Democracy & Technology" on a white background.

Untargeted Facial Recognition is Unvetted and Unsafe: New Orleans City Council Should Reject It