Adopted today by the European Parliament after nearly a decade of negotiations, the regulations aim to prevent digital surveillance technology produced by European companies being used to commit human rights violations outside the EU. While hailing certain positive aspects of the compromise agreement that has finally been reached, RSF and the NGO coalition’s other members regret that the EU missing an opportunity to adopt more ambitious regulations that would have included stronger protections needed to safeguard human rights and security.
Human Rights Organizations’s Statement in Response to the Adoption of the New EU Dual Use Export Control Rules
"We, the undersigned organisations, welcome the positive elements adopted by the EU legislators to reform the European Union’s Dual Use Regulation aimed at preventing human rights harm resulting from digital surveillance by establishing export controls for surveillance technology exported by EU-based companies. At the same time, the overall resulting agreement is a missed opportunity for a more ambitious regulation that includes stronger protections needed to safeguard human rights and security.
While certain positive elements of the compromise agreement are welcome, including the requirement for EU authorities to provide publicly detailed information about which export licenses have been approved or denied and the human rights risks associated with the applications for export licenses by companies, the agreement falls short of providing explicit and strong conditions on Member State authorities and exporters. These conditions have been voiced to the EU legislature many times. It is evident that while some parliamentarians and Member States have recognised the need for greater protections throughout negotiations, other Member States have prioritised the narrow interests of industry over their obligations to protect human rights.
It should not have taken almost a decade of lawmaking to finalize this process. As negotiations stalled and the stronger provisions in the original Commission’s proposal were watered down, EU-based companies have continued to undermine people’s human rights by selling and exporting surveillance technology around the world, including into the hands of known rights abusers. Further, vital measures that would have placed meaningful constraints on the export of dual use technology were not agreed upon.
However, now, it is vital that all Member States robustly implement the positive elements of the agreement. EU Member States and the Commission also need to go further than the new compromise in order to meet their international human rights obligations and ensure that the continued export of sophisticated surveillance tools by EU companies does not facilitate human rights violations of people around the world.
The Commission should expeditiously develop in consultation with civil society, clear guidelines to ensure adherence to the new measures and disseminate them among all national and business stakeholders. Most importantly the Commission should closely monitor Member States’ implementation of the new regulation, and adopt all necessary measures under EU law to prevent, discipline, and remedy any possible breach that may occur.
The newly adopted regulation should be considered a minimum baseline. To fulfil their international obligations to protect human rights, and under close monitoring and clear guidance by the Commission, Member States should in implementing this agreement:
- Interpret “cyber-surveillance” to include the following items which are already subject to export licensing:
- Mobile telecommunications interception or jamming equipment;
- Intrusion software;
- IP network communications surveillance systems or equipment;
- Software specially designed or modified for monitoring or analysis by law enforcement;
- Laser acoustic detection equipment;
- Forensic tools which extract raw data' from a computing or communications device and circumvent "authentication" or authorisation controls of the device;
- Electronic systems or equipment, designed either for surveillance and monitoring of the electro-magnetic spectrum for military intelligence or security purpose; and
- Unmanned Aerial Vehicles capable of conducting surveillance.
- Ensure without delay that systems specially designed to perform biometric identification of natural persons for security purposes are subject to control within the EU control list and within the Wassenaar Arrangement in a transparent and consultative process and interpret these items to constitute “cyber-surveillance.”
- Ensure detailed reports describing export license applications made to authorities concerning all dual use items are made publicly available on a regular basis, preferably monthly. These reports should at a minimum include the number of license applications per item, the exporter name, a description of the end user and destination, the value of the license, and whether the license was granted or denied and why.
- Ensure national legislation governing the assessment of export licenses takes into account relevant European human rights protections, such as the EU Charter of Fundamental Rights as well as those developed by the Court of Justice of the European Union and the European Court of Human Rights, as well as evidence by civil society and human rights experts.
- Ensure European legislation requiring corporate actors to respect human rights and implement human rights due diligence measures as prescribed by the United Nations Guiding Principles on Business and Human Rights (UNGPs). Corporate actors should be required to identify, prevent, and mitigate potential and actual adverse human rights impact of their operations and throughout their value chain. Transaction screening measures by Member States should include an assessment of the strategic nature of the items and the risks they represent for the violation of human rights. National authorities should report on the implementation activities with regard to due diligence responsibilities and obligations and encourage companies to inform the public about the scope, nature, and transferable findings of the human rights due diligence procedures they implemented. Member States and companies should also establish mechanisms to provide an effective remedy for human rights violations committed using the transferred technology.
The full joint statement is available here.
- Access Now
- Amnesty International
- Committee to Protect Journalists
- FIDH (International Federation for Human Rights)
- Human Rights Watch
- Privacy International
- Reporters Without Borders (RSF)