MEPs approve export controls tailored to stop government surveillance

MEPs approved new EU rules that will make it harder for companies to export technologies that can be used for spying. German Green Klaus Buchner authored the report. [European Parliament]

MEPs approved stricter rules on Wednesday (17 January) to control how European companies export technologies including software that could be used for surveillance, and any products that may violate human rights.

The draft export rules on so-called dual use items drew a backlash from the tech industry, which argued that the legislation defines “human rights” too broadly and that companies will struggle to make sure their products cannot be misused. Dual use products can be used for either civilian or military purposes.

But after months of heated debate between political groups in the European Parliament, a broad majority of MEPs backed the bill, with 571 in favour, 29 opposed and 29 abstentions.

The Commission’s 2016 proposal pulled technology products that can be used for ‘cybersurveillance’ under the export controls after it emerged that governments in Bahrain, Egypt and other countries used software from European countries to spy on Arab Spring protesters.

In one recent revelation about European firms’ surveillance business, the BBC reported last year that British arms manufacturer BAE Systems sold its Evident product, which can conduct large-scale surveillance of digital communications, to Saudi Arabia, the United Arab Emirates, Qatar, Oman, Morocco and Algeria. The company said its exports complied with the law.

“Anyone who can afford it can buy systems that collect massive amounts of data, can break into people’s devices without the consent of the user and information can be removed unnoticed,” said Dutch Liberal MEP Marietje Schaake, who negotiated the bill on behalf of the Parliament’s Liberal political group.

The legislation must still be approved in three-way talks between the Parliament, national governments and the Commission before it can go into effect. Diplomats from EU member states have not yet agreed on an identical version of the legislation.

EU Trade Commissioner Cecilia Malmström called the export control bill an example of “value-based trade policy” during a debate with MEPs on Tuesday evening. The current EU export control rules for dual use products date back to 2009.

MEPs want human rights safeguard on tech exports

MEPs steering a controversial export control bill through the European Parliament have agreed to apply stricter human rights safeguards for technologies that can be used for online surveillance.

DigitalEurope, a lobby group that represents large tech companies including Google and Microsoft, has criticised the bill’s reference to ‘human rights’.

The association said in a statement that it has “always supported the objectives of the reform proposal to protect and promote human rights. Yet, we see the urgent need to further confine the application of the ‘catch-all clause’ to make the proposal workable for companies in practice.” The bill’s catch-all clause imposes a general requirement for all dual use products to comply with human rights safeguards.

The Commission argues that other measures in the draft bill will speed up companies’ exports.

Malmström said that the new legislation will make it easier for businesses to have exports approved by authorities: she pointed to a measure that will allow companies to apply for longer-lasting, blanket EU-wide authorisation in order to export a product.

That would replace the current process firms use to apply to national authorities every few years before they can sell an item abroad that has been classified as ‘dual use’. Some companies complain that the process for applying for such licenses forces them to frequently repeat the same lengthy administrative steps.

The new system will please NGOs because it could also close loopholes that create an imbalance between more lax national authorities in some member states and others that approve fewer exports.

“We need to end the notion of so-called license shopping, where a company may be rejected a license in, for example, the Netherlands but can granted one in, for example, Italy,” Schaake said.

Commission plans export controls for surveillance technology

EXCLUSIVE / Technology companies may face stricter licensing requirements to export products that could be used to violate human rights, as part of a change to EU rules.

MEPs also tried to clamp down on abuse of the current EU rules by adding a measure to the bill that will crack down on subsidiaries of European companies that are located outside the bloc. That will extend the export controls to so-called brokers that have European parent companies and transfer dual use products within the company before exporting them.

“Such things can be pursued, you can trace them and follow them back to the regime and in that way you might be able to prevent its use,” Klaus Buchner, the German Green (Ökologisch-Demokratische Partei) MEP who authored the Parliament report, said during Tuesday’s debate.

The Parliament bill will give the Commission the power to sanction companies that circumvent EU rules by exporting dual use products through foreign-based brokers.

One controversial part of Buchner’s bill did not end up in the final version approved by MEPs. He had proposed adding a restriction to the rules that would prevent companies from exporting all dual use products to Turkey, citing human rights concerns. But Buchner withdrew that amendment before the Parliament vote to avoid political horse-trading over other measures.

Schaake proposed adding a measure to the bill that would get rid of all EU export controls on encryption technologies. The full liberalisation of export controls for encryption was not part of the final bill that MEPs approved.

But Malmström said during the debate with MEPs that she is open to looser rules on encryption. “We share your concerns that trade in advanced IT products that contain encryption should not be unduly restricted at the time when we race towards the internet of things,” she said.

The Commission’s original proposal includes somewhat relaxed export requirements for encryption products. The draft creates a  so-called general authorisation for products that contain encryption to be exported—meaning it will become easier and faster for companies to sell them abroad.

Tech industry groups have complained that current EU export restrictions on encryption create a barrier that puts European firms at a disadvantage compared to competitors in the United States.

DigitalEurope said in a statement that it “welcomes the [Parliament’s] strong support for the introduction of new EU general authorisations for encryption and intra-company transfers, putting the EU industry on the same competitive level as many of our trading partners.”

Trade MEPs want to scrap all EU export restrictions on encryption

MEPs want the European Commission to remove export control restrictions on technology products that use encryption.


This stakeholder supports EURACTIV's coverage of Cybersecurity. This support enables EURACTIV to devote additional editorial resources to cover the topic more widely and deeply. EURACTIV's editorial content is independent from the views of its supporters.


Subscribe to our newsletters