H.E. Agnieszka Bartol
Acting Permanent Representative of the Republic of Poland to the European Union
Dear Ambassador Bartol,
On behalf of civil society organisations, many of which are members of the Spyware Coordination Group, a coalition of civil society and journalist organisations advocating for transparency, accountability, and respect for fundamental rights in relation to spyware technologies, we write to urge the Polish Presidency of the Council of the European Union to prioritise decisive action against the misuse of spyware technologies during your term.
Spyware poses a grave threat to fundamental rights and rule of law principles across the EU and globally. As the former UN Special Rapporteur on Counter-terrorism stated in 2023 that spyware “has proliferated internationally out of all control and poses substantial risks to the promotion and protection of human rights.” International organisations such as the UN, and individual countries, including Poland and other EU member states, are recognising the proliferation of commercial spyware as a threat to their own national security, foreign policy interests and the fundamental rights of their citizens.
In the EU, the European Data Protection Supervisor and the European Parliament have denounced the widespread abuse of spyware by EU governments, calling for urgent EU-wide measures, such as stricter regulation of spyware exports and use, alongside improved safeguards for individuals and the rule of law. Despite these calls, EU institutions have yet to deliver effective solutions or adopt a comprehensive approach to address the numerous reports of maladministration and abuse of power by Member States during the previous legislative term. This lack of decisive action contrasts sharply with countries like the United States, which have implemented significant measures, including placing a ban on the operational use of commercial sp yware by all federal agencies, imposing sanctions on vendors, and enforcing visa restrictions.
Furthermore, France and the U.K. are spearheading the Pall Mall Process, an international initiative bringing together additional nations, the private sector, and civil society, focusing on addressing the spread and reckless use of cyberintrusion tools, including commercial spyware globally. The Pall Mall process is based on a growing consensus amongst key nations, including Poland and the majority of EU Member States, that failing to act on spyware is no longer acceptable for democratic states, given the escalating risks to national security and the rule of law stemming from its misuse.
We acknowledge the actions taken by the Polish Government to investigate spyware abuses at the national level and to ensure accountability and redress for victims. As Poland assumes the rotating Presidency, we encourage the Polish Government to extend such commitments to the EU level. Poland, alongside 10 other EU Member States, has signed the Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware. Recognising the serious threat commercial spyware poses to national security and fundamental rights, signatory governments have pledged to “work within [their] respective systems to establish robust guardrails and procedures to ensure that any commercial spyware use by [their] governments is consistent with respect for universal human rights, the rule of law, and civil rights and civil liberties,” and to collaborate closely with civil society groups “to inform [their] approach, help raise awareness, and set appropriate standards.”
To further these goals, the Spyware Coordination Group adopted a Joint Statement on the Use of Surveillance Spyware in the EU and Beyond earlier this year, which outlines key recommendations for the new EU institutions. We strongly encourage the Polish Presidency to consider this document as a guide to inform its approach to addressing the proliferation and misuse of spyware technologies.
The European Union holds significant potential to position itself as a global leader in addressing spyware abuse through a comprehensive and coordinated approach. However, realising this potential requires strong political and institutional leadership to bridge the gap between intention and action. As the Polish Presidency of the Council of the EU assumes its role, it bears the critical responsibility to prioritise and advance these essential reforms.
To support your efforts, we would welcome the opportunity to meet with representatives of the Polish Presidency to present our recommendations and discuss how we can contribute to advancing measures to combat the misuse of spyware and to increase the security of our digital infrastructure. We believe that such a dialogue would be invaluable in helping to translate commitments into impactful policies and actions.
We trust that under your leadership, the EU will demonstrate the ambition and resolve needed to respect and protect fundamental rights, strengthen the rule of laws, and effectively counter spyware abuse.
Yours sincerely,
Access Now
Amnesty International ARTICLE 19
Centre for Democracy and Technology Europe (CDT Europe) Civil Liberties Union for Europe (Liberties)
Committee to Protect Journalists (CPJ) Data Rights
Deutsche Vereinigung für Datenschutz e.V. (DVD) European Digital Rights (EDRi)
Electronic Privacy Information Center (EPIC)
Epicenter.works – for digital rights European Federation of Journalists (EFJ)
Hungarian Civil Liberties Union (HCLU)
Panoptykon Foundation