Eight victims of Greece’s Predatorgate spyware scandal filed a civil lawsuit against Intellexa SA and 13 individuals associated with the company — including founder Tal Dilian — on July 7, seeking €8 million in moral damages for having their devices surveilled with Predator spyware. The case, scheduled for a hearing in a Greek court in April 2027, targets the commercial spyware manufacturer rather than the government officials who ordered the surveillance.
The Plaintiffs: Who Was Surveilled and When
The eight plaintiffs represent the cross-section of high-profile Predatorgate targets who were subjected to device surveillance between 2020 and 2021. The group includes investigative journalist Thanasis Koukakis — one of the most publicly documented victims of Predator spyware in Greece — alongside lawyers, intelligence officials, and law enforcement personnel. Each plaintiff is seeking €1 million in moral damages.
Koukakis publicly disclosed his phone infection in 2022, which, combined with the disclosure by the then-leader of a centre-left Greek political party that his device had also been infected, triggered the broader Predatorgate scandal. The revelations prompted a European Parliament investigation through its PEGA committee, which documented how multiple EU member states deployed commercial spyware against journalists, politicians, and lawyers.
Why the Lawsuit Targets Intellexa Rather Than the Officials Who Directed the Surveillance
Greek courts convicted several officials in the Predatorgate case in February 2026 through criminal proceedings. The July 7 civil action is a separate legal strategy that pursues Intellexa as the technology provider rather than the government actors who directed the spyware’s use against targets. By placing the manufacturer in the dock for civil damages, the plaintiffs are testing whether a European court will hold a surveillance technology company financially liable for the harm caused by how its product was deployed — regardless of who authorized the surveillance.
This legal theory does not require proving that Intellexa ordered the surveillance of any specific individual. The plaintiffs’ claim is that Intellexa built, sold, and maintained a spyware product that was used to surveil them, and that Intellexa bears civil responsibility for the resulting harm. Whether Greek courts accept that theory as a basis for damages against the manufacturer will determine the case’s precedential impact.
US Treasury Sanctions and the Separate Civil Damages Track
The US Treasury’s Office of Foreign Assets Control sanctioned Tal Dilian and multiple Intellexa entities in 2023, restricting their access to the US financial system and US counterparties. The OFAC sanctions represent a government-to-government accountability mechanism. The July 7 Greek civil lawsuit is a private damages action operating on a separate track, in a different jurisdiction, with a different evidentiary standard and a different form of accountability — financial compensation to individual victims rather than regulatory restriction on the company.
A successful civil judgment in Greece would not duplicate or replace the OFAC sanctions; it would create a new form of liability, establishing that a European court found Intellexa civilly responsible for the surveillance harm to named private individuals. That distinction matters to the broader commercial spyware industry: OFAC sanctions signal that a government has designated a company as a national security concern, while civil damages judgments signal that courts in the EU jurisdiction where the product was deployed can find the developer financially liable to victims.
What the Case Tests About Commercial Spyware Accountability in Europe
European policymakers have repeatedly called for stronger legal accountability for surveillance technology vendors following the PEGA investigation’s findings. Existing mechanisms — export controls, sanctions, and criminal prosecutions of the officials who use the tools — address the supply side and the demand side of commercial spyware. Civil litigation against the developer introduces a third track: accountability through private damages claims by the individuals harmed.
The Predatorgate plaintiffs are not the first individuals to attempt civil action against a commercial spyware firm, but the Greek case is notable for the profile of the plaintiffs — including a named investigative journalist and law enforcement personnel — and for proceeding within the same EU jurisdiction where the surveillance occurred. A hearing is scheduled for April 2027. An adverse judgment against Intellexa could establish civil liability precedent applicable to other commercial spyware vendors whose products are deployed within EU member states and subject their developers to damages claims from surveillance targets in European courts.
