14 November, 2024

New guidelines for the export of information surveillance products according to Recommendation (EU) 2024/2659 of the Commission

With the adoption of Recommendation (EU) 2024/2659, the European Commission has introduced updated guidance criteria for the export of information surveillance technologies not listed in Annex I of Regulation (EU) 2021/821. This recommendation aims to support businesses in implementing stricter controls on products that could be used for simulated surveillance purposes, helping to prevent potential misuse in contexts of repression or human rights violations.

This article aims to assist economic operators in implementing a secure export model that complies with European regulations, specifically under Recommendation (EU) 2024/2659. It focuses on responsibly managing export risks, especially concerning information surveillance technologies not listed in Annex I of Regulation (EU) 2021/821, yet which could potentially be used in repressive settings or for human rights violations.

More specifically, the article seeks to:

  • Provide clarity and guidance to exporters on the new criteria introduced by the Recommendation for managing the export of dual-use technologies. It explains how to apply enhanced due diligence on exported products to identify possible misuse risks.
  • Prevent misuse of surveillance products: Emphasize the importance of recognizing warning signs (red flags) and understanding the operational context of end-users, especially in markets and countries with high risks of internal repression or human rights violations.
  • Adopt compliance and legal protection practices: Outline best compliance practices and highlight how non-compliance with these guidelines may expose businesses to financial and legal sanctions, along with severe reputational risks. Suggested measures include partner verification, thorough screening, and continuous monitoring of transactions to prevent diversion of products to third countries that may reintroduce them into restricted markets.
  • Inform on EU restrictions towards Russia: Due to the geopolitical situation, the document underlines how restrictions and sanctions on Russia have expanded the scope of export controls to prevent European products and technologies from supporting Russian military or repressive operations.

Overview of Recommendation (EU) 2024/2659 and Information Surveillance Products

On October 11, 2024, the European Commission adopted Recommendation (EU) 2024/2659 to provide interpretative guidance for exporters of dual-use technologies. Specifically, the Recommendation concerns products not listed in Annex I of the Regulation, namely surveillance products designed for covert monitoring of personal data.

Risks associated with these products are particularly noted when information surveillance products are designed for access to information and telecommunications systems, allowing the covert monitoring and analysis of personal data. Products developed solely for commercial purposes, such as billing, marketing, service quality, or network security, are generally excluded from this risk category.

Examples of such technologies include advanced facial recognition systems, biometric data extraction, and telecommunications monitoring tools.

This Recommendation addresses the EU’s need to regulate products that, although not specifically designated as “dual-use” or not subject to mandatory control regulations, can be misused. These technologies are often employed in applications requiring discrete monitoring, data extraction, and analysis of sensitive data. Thus, the Recommendation seeks to limit the use of products that, if exported without control, could be used in repressive contexts or pose serious risks of human rights violations.

Definition of “Information Surveillance Products” for Regulatory Purposes

The Regulation describes “information surveillance products” as tools specifically designed to “enable covert surveillance of individuals,” including the monitoring, collection, and analysis of data from information and telecommunications systems.

A product is considered “specifically designed” when its primary function is to covertly monitor individuals. The “covert” aspect refers to surveillance that is not perceivable by those monitored, who, unaware of the surveillance, cannot avoid it or alter their behavior accordingly.

Due Diligence and Responsibility for Exporters

In compliance with the obligations of Regulation (EU) 2021/821, the Recommendation encourages exporters to implement enhanced due diligence (Article 5 of the Regulation). Operators are required to:

  • Identify warning signs (red flags): Exporters should be alert to warning signs, such as orders from regimes known for repressive practices, involvement of entities associated with human rights abuses, or requests for products with specific advanced surveillance features.
  • Screen end-users: Exporters must ensure that end-users and product users are not entities on sanctions lists or known for repressive practices. This includes an evaluation of the operational context, declared purposes of the product’s use, and its intended usage, ensuring that exported products are not aimed at repressive or non-consensual surveillance purposes.
  • Monitor and document the intended use of exported products: It is important to document assessments, including due diligence results, and monitor changes in the intended use or parties involved.

EU Export Restrictions on Russia: Compliance Measures

In response to military aggression in Ukraine, the European Union has strengthened export controls toward Russia, extending sanctions to products and services that could support the Russian military sector and providing guidelines to raise awareness among operators of the risks related to sanctions evasion. Measures include:

  • Export Bans: Strict restrictions on products deemed strategic for the Russian military sector, including advanced information technology, communication devices, surveillance products, and network security tools.

Conclusion

Recommendation (EU) 2024/2659 is a significant step in establishing a clear regulatory framework for exporters of information surveillance products. Although non-binding, the document provides practical guidance on how to apply Regulation (EU) 2021/821, particularly regarding exports that may present misuse risks, such as internal repression or human rights violations.

These guidelines underscore exporters’ responsibility to adopt thorough due diligence measures to prevent their products from being used inappropriately. In this context, companies are called to develop risk assessment tools that accurately identify the final use and recipient of exported products.

In summary, the Recommendation urges a proactive and collaborative commitment from economic operators to monitor and prevent export risks. This multidimensional approach represents an essential contribution to a consistent application of Regulation provisions, adequately addressing the EU’s international commitments regarding security, stability, and human rights protection.

 

Leave a Reply

Your email address will not be published. Required fields are marked *


Contact Us