The absence of EU-wide regulations has raised significant concerns about the trade of spyware and its implications for human rights, as emphasized by the European Parliament's recommendations and the Commission's White Paper on export controls.

To strengthen the EU's response, immediate actions are demanded, including the publication of a Commission communication to clarify the intersection of EU law and national security, and full implementation of recommendations from the PEGA Committee.

The Pall Mall Process, initiated in 2024 by France and the UK, seeks to tackle the misuse of commercial cyber capabilities, yet its non-binding nature raises concerns about legitimizing surveillance technologies that conflict with human rights.

Recent reports from Citizen Lab have confirmed that Graphite spyware, developed by Paragon Solutions, has been deployed across multiple EU member states, including Italy, Denmark, and Cyprus, affecting potentially more victims than the 90 initially reported.

Certain EU member states, notably Spain, Italy, and Cyprus, have emerged as key hubs for the spyware industry, exacerbated by a lack of a cohesive EU regulatory framework that allows for the unchecked proliferation of commercial spyware.

The call for action follows revelations that Graphite spyware targeted Italian journalists and human rights activists, prompting an official investigation by Italian authorities.

In light of the growing spyware proliferation, the EU is urged to implement coordinated regulatory actions across various domains, including fundamental rights, rule of law, single market regulation, export controls, and cybersecurity.

The letter from the group stresses the necessity for immediate policy and regulatory measures from EU institutions to safeguard privacy, media freedom, and civic integrity against the invasive nature of spyware.

The Spyware Coordination Group, representing civil society and journalist organizations, has urgently called on EU institutions to address the escalating threat of spyware technologies that jeopardize fundamental rights and digital security in Europe.

Civil society groups have expressed their readiness to assist EU institutions in developing effective policies to combat spyware and enhance digital infrastructure in alignment with fundamental rights and the rule of law.

Current spyware technologies are argued by civil society groups to violate fundamental rights and are incompatible with International Human Rights Law.

The urgent need for coordinated action to address the human rights implications of spyware has been highlighted by the European Parliament's recommendations and the Commission's White Paper on export controls.