The European Council has approved comprehensive guidelines to help exporters comply with controls on online surveillance technologies that can be used to violate human rights or internal repression.
The guidelines, approved at a Council meeting on 15 October, clarify the EU export control framework established under Regulation (EU) 2021/821, with a particular focus on “unlisted” cyber surveillance projects.
The document provides a specific definition of cyber surveillance programs, defining them as “dual-use programs specifically designed to conduct covert surveillance of natural persons by monitoring, extracting, collecting, or analyzing data from information and telecommunications systems.”
The guidance states that “items used for purely commercial applications, such as billing, marketing, quality service, user satisfaction, or network security, are generally not considered to pose such risks” and excludes these items from the control requirements .
The guidance specifically addresses emerging technologies such as facial recognition systems. While there are many legitimate uses for such technology, the document states that “facial and emotion recognition technology that can be used to monitor or analyze stored video images may fall within the scope of the definition of a cyber surveillance program.”
The framework reflects what the document calls “the EU’s commitment to effectively address the risk of cyber surveillance programs being used for internal repression and/or serious violations of human rights and international humanitarian law”.
Exporters are now required to notify authorities when they become aware that their products may be used for repression or rights violations. The guidance clearly states that “‘knowledge’ means that the exporter has clear knowledge of its intended abuse.” The mere possibility of such a risk is not sufficient to create awareness.
The Council added: “Arbitrary or unlawful surveillance may also violate other human rights, such as the rights to freedom of expression, association and assembly, freedom of thought, conscience and religion, as well as the right to equal treatment or the prohibition of discrimination, and the right to free, equal and secret elections. right.”
It advises: “In certain circumstances, surveillance, including the surveillance or collection of information on natural persons, such as human rights defenders, activists, politicians, vulnerable groups and journalists, may lead to intimidation, repression, arbitrary detention, torture or even extrajudicial Executions. Exporters should therefore include these aspects related to serious human rights violations in their assessments.
The guidance provides detailed due diligence requirements for exporters, including the need to review items for potential misuse, assess the stakeholders involved in the transaction, and develop plans to prevent and mitigate potential adverse impacts.
They also provide an appendix listing specific types of controlled network surveillance items, including telecommunications interception systems, internet monitoring systems, intrusion software and forensic/investigative tools.
Leave a Reply Cancel reply
You must be logged in to post a comment.