A growing crisis is brewing in the European Union over the unchecked proliferation of spyware. This week, the European Digital Rights (EDRi) network has formally called on EU institutions to implement a full ban on all forms of spyware—its development, production, sale, export, and use.
According to EDRi’s newly published position paper, spyware is no longer a fringe threat. It has become a systemic danger to fundamental rights, democracy, and cybersecurity across the region.
Spyware’s Widespread Use Poses Democratic and Security Risks
EDRi cites findings from the Atlantic Council showing that at least 14 EU countries have deployed commercial spyware to monitor political figures, activists, and journalists. The group argues that spyware’s quiet expansion into civil society has come with little accountability and almost no regulatory controls.
“The use of spyware has become one of the most pressing threats to democracy, fundamental rights, and cybersecurity in the European Union and globally,”
EDRi states in its paper.
Commercial spyware tools are capable of silently infiltrating devices, collecting sensitive data, and enabling real-time surveillance. Civil society organizations and journalists have repeatedly documented the use of these tools against democratic actors—raising serious concerns about abuse and repression.
Europe as a Hub for the Spyware Trade
EDRi says the EU has become a key center for spyware development and exports, largely due to weak oversight and legal loopholes that allow the industry to thrive without scrutiny. The organization argues that Europe’s permissiveness has helped normalize the use of invasive surveillance tools, contributing to erosion of digital rights and state accountability.
“The spyware industry has flourished under a system of permissiveness, legal loopholes, and weak regulatory oversight,”
the group warns.
Despite a growing body of evidence highlighting abuse and exploitation, the EU has yet to adopt binding legislation to restrict the use of spyware.
EDRi’s Proposal: A Total Ban to Protect Civil Liberties and Cybersecurity
In response to the ongoing risks, EDRi is calling for a comprehensive EU-wide ban. The proposal includes strict prohibitions on:
- The development, production, marketing, and sale of spyware
- The export of spyware from EU countries
- The operation of spyware vendors and investors within the bloc
- The commercial trade of software vulnerabilities that enable spyware development
The group emphasizes that partial measures or regulatory tweaks will not be enough. Only a full ban, backed by enforcement, can meaningfully protect individuals and democratic systems from surveillance abuse.
Addressing Past Spyware Abuse: Legal Remedies and Accountability
Beyond prevention, EDRi urges the EU to establish mechanisms to support victims of unlawful surveillance. The group proposes the creation of legal and judicial pathways to ensure accountability and redress, including:
- Access to judicial remedies for individuals
- Reparation mechanisms for victims
- Investigations and prosecutions of perpetrators
- Sanctions against companies and states involved
- Formal recognition of state responsibility in unlawful spyware use
EDRi argues that closing the chapter on commercial spyware also means helping those already impacted, many of whom have faced violations of privacy and suppression of free expression.
The Pressure Is Now on the EU
As calls for action grow louder, the European Union faces increasing pressure to take a firm stance on commercial surveillance. For years, spyware has been sold and used with little interference—creating a market that thrives on secrecy, access to zero-day exploits, and political demand for covert tools.
EDRi’s latest position sends a clear signal: if the EU does not move to ban spyware now, it risks further damage to its democratic institutions, global credibility, and the safety of its citizens.
