From France to Ireland, the EU spyware problem is even worse than we thought

Close-up shot of Emmanuel Macron, France's president, during the NATO summit on July 12, 2023 in Vilnius, Lithuania.
The France-based Nexa group reportedly has strong ties with President Emmanuel Macron, allegedly hiring his former bodyguard and personal security adviser Alexandre Benalla to try to sell spyware to Saudi Arabia. (Image credit: Photo by Thomas Trutschel/Photothek via Getty Images)

About two years after the Pegasus scandal drew back the curtains to reveal the lengths governments can go to spy on their citizens, another investigation has revealed that the EU has a spyware problem bigger than we could possibly imagine.

According to Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab, Predator "is arguably worse" than similar NSO-developed software. This is primarily because the tool wasn't just used across the EU this time, but was developed, sold, and exported by EU-based firms mainly operating across France, Ireland, and Greece.

Now, a joint year-long investigation by media partners from the European Investigative Collaborations (EIC) and Amnesty International's Security Lab can reveal the failures of the EU in regulating highly lucrative and unethical surveillance business.

A EU-based spying alliance

"The Predator Files investigation shows what we have long feared: that highly invasive surveillance products are being traded on a near industrial scale and are free to operate in the shadows without oversight or any genuine accountability," said Agnès Callamard, Amnesty International’s Secretary General. 

What is Predator spyware?


(Image credit: Shutterstock)

Predator spyware is a highly invasive phone hacking software, designed to access all stored and shared data (such as messages, calls, photos, and passwords) while leaving no trace on the target device. It can infiltrate a smartphone via a malicious link or through tactical attacks launched on unsecure networks by nearby devices. 

"It proves, yet again, that European countries and institutions have failed to effectively regulate the sale and transfer of these products." 

The so-called Intellexa Alliance is, in fact, a group of companies among which many are EU-based and should adhere to EU laws. However, evidence suggests that this corporate spying consortium acted undisturbed for years with little or no transparency over its internal operations and business relationships.

Signed-off in 2019, Amnesty explained the Alliance has evolved over time into "a complex corporate structure" with ties in many countries across the world. It comes as a commercial coalition mainly between two groups of tech companies, namely the Nexa and Intellexa group.

The Intellexa group was founded in 2018 by Tal Dilian, a former Israeli army officer, and some of his associates. It appears to be controlled by Ireland-based holding company Thalestris and includes other tech firms located across Cyprus, Greece, North Macedonia, and Hungary. The group produced the spyware software, all while describing itself as an "EU-regulated company."

The Nexa group, which mainly operated from France and the UAE, was revealed to have strong ties with President Emmanuel Macron. The company allegedly hired his former bodyguard and personal security adviser, Alexandre Benalla, to try to sell spyware to Saudi Arabia—MediaPart reported—a repressive government thought to have used Pegasus spyware to track and murder dissident journalist Jamal Khashoggi in 2018. The group seems to have been operating since 2012 after it took over the surveillance business of the French firm Amesys. 

Predator spyware started making headlines back in 2021, as the new surveillance-for-hire software was used to spy on journalists, civil societies, and politicians across Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia—a CitizenLAb forensic report exposed at that time.

In 2022, an investigation around what's known as the Greek wiretapping scandal provided even more insights into state intelligence spying operations on political grounds conducted directly on EU soil.  

Now, new evidence has revealed that at least 25 more countries across Europe, Asia, the Middle East, and Africa have been using the Intellexa alliance’s mass surveillance products to undermine human rights, press freedom, and social movements across the globe since 2007. 

Their most prominent clients include notorious authoritarian regimes like Sudan, the UAE, Kazakhstan, Egypt, and Vietnam, together with European democracies such as Switzerland, Austria, and Germany.

The Intellexa Alliance repeatedly claims to have "scrupulously respected export regulations" despite acknowledging the establishment of "commercial relations with far from perfect countries in terms of the rule of law," Amnesty reported.

How the EU can fix its spyware issue

So, how could such an intricate mercenary spying group with ties to European democratic governments have managed to conduct its shady business operations for so long?

According to experts at Amnesty, the opaque and complex corporate structure has helped Intellexa avoid accountability, transparency, and government regulation. The whole truth is that the EU should have done better in the aftermath of the Pegasus Project disclosures. 

As Callamard explained, EU-based surveillance technology companies are subject to the EU Dual Use Regulation, a series of export controls aiming to prevent human rights harms linked with the sale of spyware and similar software.

At least 25 more countries across Europe, Asia, the Middle East and Africa have been using Intellexa alliance’s mass surveillance products to undermine human rights since 2007.

Yet, "as the Predator Files investigation demonstrates, EU regulators are unable or unwilling to control and prevent human rights harms in relation to the export of spyware," she said.

In March 2022, the European Parliament even formed the Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware (PEGA) with the scope of regulating the use of spyware technologies. However, experts lamented a lack of political will among EU member states to come up with a unified response to the issue.

There's also the problem around the technical features of Predator spyware and similar software, which are designed to leave no traces and prevent any independent audits over potential abuses. Once again, this seems to show, as Amnesty put it, that "human rights abuse is a feature of the industry, not a bug." 

That's why a call to completely ban the use of spyware technology get stronger and stronger. Callamard said: "There is only one possible conclusion: given the ineffectiveness of the regulation, proven time and time again, the use of highly invasive spyware like Predator must be outlawed."

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to