European Commission Publishes Guidelines for Cyber-surveillance Exporters
BRUSSELS - The European Commission published guidelines on the export of cyber-surveillance items, aiming to raise awareness of the risks associated with misuse of cyber-surveillance technologies and provide exporters with practical tools to evaluate human rights, a press release stated by the Commission.
The guidelines are therefore expected to make EU controls more effective and consistent across Member States.
The guidelines are designed to help EU exporters navigate the export controls pertaining to cyber-surveillance items, including how to conduct due diligence through a step-by-step approach to transaction screening.
The new guidelines will help exporters assess whether exports of specific cyber-surveillance items could pose a risk for internal repression or serious violations of human rights and international humanitarian law in the importing country. In cases where such a risk is identified, the exporter is required to send an export notification to the national competent authority.
The guidelines also clarify what types of items fall under the notion of cyber-surveillance and how EU exporters should interpret key concepts such as “internal repression” as well as “serious violations of human rights and international humanitarian law”.
Altogether, the guidelines will reinforce the “protect” pillar of the European Economic Security Strategy (from June 2023) by promoting the effective use of existing tools to safeguard the EU against threats to its security.
Background
The Dual-Use Regulation (2021/821), as updated in 2021, introduces an obligation for EU Member States to control exports of cyber-surveillance items which have legitimate civilian uses - in law enforcement or network monitoring, for example - but which could also be misused for internal repression or serious violations of human rights and international humanitarian law. This obligation applies to cyber-surveillance items that have not already been listed in Annex I of the Dual-Use Regulation.
