25/01/2018 |

European exports and Dual-use Regulations for cyber-surveillance

SIPRI has announced the release of a new report: “Export controls, human security and cyber-surveillance technology: Examining the proposed changes to the EU Dual-use Regulation”.

The European Commission is proposing a recast of the European Union Dual-use Regulation. This Regulation is the main regulatory instrument for EU member states’ controls on the trade in dual-use items and systems. The proposal, which is currently being examined by the European Parliament and Council of the European Union, is part of a review of the Regulation which was launched in 2011. This SIPRI Report, available here, informs on this proposal. It is authored by Mark Bromley, Director of the SIPRI Dual-Use and Arms Trade Control Programme.

One of the most controversial aspects of the Commission’s proposal is a series of amendments to the Regulation that would give human rights, international humanitarian law (IHL) and terrorism a more central role in member states’ dual-use export controls, also creating an expanded set of controls on exports of so-called cyber-surveillance technology. Many of these aspects of the proposal have been broadly welcomed by the European Parliament and NGOs, which have been pushing for tighter EU controls on the trade in cyber-surveillance technology since 2011.

However, other stakeholders—particularly the sections of EU industry affected by dual-export controls—have warned of the potential for confusion and unintended side-effects to be generated by the language used.

In order to provide context for these debates, the report outlines the existing relationship between human rights, international humanitarian law (IHL), terrorism and dual-use export controls. It also details the origins of the discussion about applying export controls to cyber-surveillance technology and describes the measures that have been adopted to date within the Wassenaar Arrangement and the EU. The report analyses those aspects of the Commission’s proposal which are focused on human rights, IHL, terrorism and cyber-surveillance technology while also detailing the responses and alternative formulations put forward by key stakeholders. The report ends by presenting some conclusions and recommendations, focused particularly on the issues that should be addressed as the review process continues during 2018. For instance, it states that “Any assessment that is carried out should also examine how the controls adopted by the Wassennaar Arrangement in 2012 and 2013 are being applied by EU member states. In particular, it would be useful to assess how EU member states are assessing exports of the cyber-surveillance technologies that have been made subject to control: which criteria are being applied, how they are being applied, which sources of information are being used and which exports have been approved or denied. It should also examine how the aspects of the EU sanctions on Iran and Syria that cover cyber-surveillance technology have been implemented by EU member states”. Moreover, one issue that was not addressed in the Commission’s proposal is public transparency. The proposal includes a number of mechanisms that would increase the amount of information that EU member states share with each other about how controls are applied, but no requirements for EU member states to make any of this information publicly available. A small number of EU member states have systems in place for publishing data on export licences issued and denied for dual-use items, but “the majority do not release any data in this area”.

As a related information, the BBC has informed that BAE, the Britain’s biggest arms company, secretly sold mass surveillance technology to six Middle Eastern governments that are repressing their citizens. The sophisticated technology can be used to spy on a huge number of people’s emails and mobile phones. Human rights campaigners have raised accusations that these systems are being used to silence or jail dissidents.

The Report concludes that although the process of reviewing the Dual-use Regulation is well advanced, it is still continuing and may not conclude until early 2019. As such, there is still time to ensure that the Regulation as a whole (and particularly the sections focused on human rights, IHL and terrorism-related concerns and cyber-surveillance technology) are framed in a balanced and effective manner.

Read the SIPRI Report