Your Blog on Export Controls & Economic Sanctions

Recast of the EU Dual-Use Regulation Part III – Concerns About Cyber-Surveillance Technology

photodune-11647734-cyber-security-sAs reported in one of our earlier posts on the leaked proposal for recasting the EU control regime for dual-use items (Regulation 428/2009), the Commission specifically aims to subject cyber-surveillance technology to control. This is part of a broader move to introduce human rights as a factor for consideration when exporting dual-use items (see also our post on export controls as a toolbox for human rights policy). Given the potential for abuse of cyber-surveillance technology by repressive governments this is undoubtedly a welcome development. But there is concern that the proposal is too inarticulate in this respect such that it will also inhibit trade in technology used for legitimate purposes.

By Gerard Kreijen and Bert Gevers, 29 August 2016.

As observed by watchdog Privacy International, dual-use technologies ‘are not just used by government agencies, but across industry and other sectors, and individuals too’. Subjecting these technologies to unqualified controls is a double-edged sword. Restrictions on the export of cyber-surveillance technology may indeed curb abuse by authoritarian regimes, but if they are too broad they may also cripple legitimate activities that aim to ensure the rule of law. Excessive control of cyber-surveillance technology may be the enemy of good government, considering that such technology is widely used for the maintenance of public security, for law enforcement and the combatting of terrorism and, yes, for the protection of human rights.

Pursuant to the leaked proposal, cyber-surveillance technology is to be included in the definition of ‘dual-use items’. In its present form, however, the proposal appears to lack the precision required to strike a fair balance between combatting oppression and guaranteeing freedom. It does not provide specific types of items covered by the definition of cyber-surveillance technology, instead only referring to broad categories of such technology. In addition, the language required to determine the exact scope of control appears to be missing.

‘This lack of detail makes it difficult to fully assess the implications of the proposed rules’, according to Privacy International. To be fair, the proposal is a draft and a leaked document at that. But it is clear that in order to prevent it from backfiring at the very aims it seeks to achieve, there is still some work to be done. Stronger language will have to be included and effective risk assessment scenarios should be applied. An important task for all stakeholders lies ahead.


Authors of this post are :

Gerard Kreijen
Gerard Kreijen
Bert Gevers
Bert Gevers

Gerard Kreijen

Attorney at law at Loyens & Loeff
Gerard co-heads the Loyens & Loeff International Trade Team . He specializes in public international law, with a particular focus on sanctions and export controls, the law of foreign investment, and anti-bribery and corruption issues. With respect to sanctions and export controls he advises companies active in e-commerce, aircraft manufacturing, the defense industry, the shipping and logistics sector, software development, and the renewables sector.

Gerard is a regular speaker at international trade conferences and a guest lecturer at the University of Amsterdam and the Radboud University. He has published two treatises on international law, State, Sovereignty, and International Governance (Oxford University Press, 2002) and State Failure, Sovereignty, and Effectiveness. Legal Lessons from the Decolonization of Sub-Saharan Africa (Brill Academic Publishers - Martinus Nijhoff Publishers, 2004).

Gerard took a PhD in international law (with honours) from the University of Leiden (2003). He was educated at the University of Edinburgh (European law and legal theory) and the University of Leiden (Dutch law and public international law).
Gerard Kreijen

Latest from Dual use items

Go to Top