Human Rights Watch said Tuesday that the European Union has failed to stop member states from exporting surveillance technology to governments with documented histories of using such tools against activists, journalists, and other critics.
The 54-page report, titled "Looking the Other Way: EU Failure to Prevent Surveillance Exports to Rights Violators," assessed how the E.U.'s Dual-Use Regulation — landmark legislation adopted in 2021 to restrict exports of technologies that can be used for both civilian and military purposes — is functioning in practice. Human Rights Watch found the regulation is not being implemented effectively.
Responses came from roughly half of the bloc's 27 member states after Human Rights Watch filed freedom of information requests with each of them seeking export licensing data. The records revealed that a minimum of six member states had licensed sales of surveillance tools to upwards of two dozen governments whose track records include systematic persecution of dissidents, Bloomberg reported.
Among the examples cited in the report: Licensing records from Bulgaria's Ministry of Economy and Industry showed the country had shipped intrusion software, telecom interception equipment, or a combination of both, to Azerbaijan at some point across a three-year span running from 2020 through 2023. The Bulgarian data further documented shipments of surveillance equipment to recipients in Bosnia and Herzegovina, the United Arab Emirates, Vietnam, Uganda, and roughly twenty additional destinations. Records supplied by Poland's Ministry of Entrepreneurship and Technology indicated that one or more Polish firms had transferred telecommunications interception technology to Rwanda during 2023.
Zach Campbell, who serves as Human Rights Watch's senior surveillance researcher, said the evidence points to a systemic regulatory breakdown. "European surveillance tech is being licensed for export to countries with long, well-documented histories of using similar technology to violate rights," he said. "It is apparent that European institutions that should be controlling these exports are failing to do so."
Human Rights Watch also found that the European Commission has undermined the Dual-Use Regulation's transparency requirements through guidelines issued in January 2024. Those guidelines direct member states to report data on exported technology types and destination countries separately, making it impossible to determine which technologies went to which countries. The commission told Human Rights Watch the approach was driven by concern that publishing combined data could violate commercial confidentiality, given only a limited number of companies export such items.
A European Commission spokesperson issued a statement saying the body "attaches great importance to the issue of cyber-surveillance items" and acknowledged that export controls must be periodically revised to "adjust to evolving security risks and threats."
The commission is scheduled to begin a formal evaluation of the Dual-Use Regulation in September 2026. Human Rights Watch called on E.U. institutions to use that process to strengthen due diligence requirements, block exports where human rights risks are identified, and mandate meaningful transparency over surveillance technology sales.
France, Germany, Greece, Italy, and Spain — all identified by Human Rights Watch as significant exporters of surveillance equipment — refused to hand over records when the group submitted its freedom of information requests.