A leaked document proposing amendments to the Regulation (EC) No. 428/2009, setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items, reveals that the European Union may introduce new export controls for cyber–surveillance technologies.

The leaked draft, which should be published in its final form in September, extends the definition of “dual–use items” to include cyber–surveillance technologies, which can be used in cases of serious violations of human rights or international humanitarian law, or in the presence of threats to international security or to the essential security interests of the EU and its Member States.

The use of European–origin surveillance technologies has indeed been a security issue in the EU in recent years, reflecting growing fears that these tools can be misused by repressive regimes in violation of human rights or against the security of the EU. To cope with such threat, in December 2014 the European Commission had adopted a delegated regulation updating the European legislation on dual–use items to include the so–called “intrusion software”, which ensure “covert” access to information and telecommunications systems.

If they were implemented, the new measures would require companies to go through lengthy authorization processes when exporting technologies such as location–tracking devices, and biometric and surveillance equipment. Producers and distributors of smartphones and GPS devices will be among those who will be more likely affected by these changes, because of the location–tracking capabilities of these devices.