The new rules for export control of cyber-surveillance items in the EU

The European Union recently adopted new rules for the export control of dual use goods - the recast Dual Use Regulation. These rules also contain a new framework for export control of cyber-surveillance items. The Dutch Ministry of Foreign Affairs engaged the Institute for Information Law to write a report on the scope of this term and the application of this framework.

The study provides valuable insights on the application of the new Dual Use Regulation. One part of the study focuses on the definition. Most importantly, the authors contend that the term 'cyber-surveillance item' must be understood in light of the aim of the new framework, which is to prevent human rights infringements. In the report, an assessment is made whether five technologies fall within the scope of the definition. Another part focuses on the authorisation requirements. Here, the authors contend that inspiration can be drawn from the guidance on military export control, the Council Common Position. Finally, the authors suggest that the European Commission together with member states must provide further guidance on this new framework. The report has been sent to the Dutch Parliament and presented to delegates of the European member states at the Dual Use Working Party.