Experts have compared Regin to Stuxnet, with which Iran’s nuclear facilities were attacked a few years ago, and found it in countries like Russia, Mexico, Saudi Arabia and Iran. And while it is popular to look to China or Russia as perpetrators of such sophisticated attacks, the research published today leads me to believe these systems may well have been made in Europe. Even if developed for intelligence services, technologies proliferate very easily. They get smaller, faster and cheaper every day. Imagine the non-state actors active in this unregulated market.
All over the world these technologies help in violating human rights and harming our critical infrastructure and sensitive data. This billion euro market in digital arms could be the biggest boomerang we have ever seen. The irresponsible vacuums in export legislation need to be filled, and systems that facilitate mass surveillance and hacking into peoples’ devices without legal basis and without their consent should be much more closely scrutinised. We need transparency and accountability as well as licensing requirements, a level playing field and certainty for companies.
I am interested to know whether the Commissioner will present a positive or negative list of countries or technologies and how adjustments to crisis will be made. Will you, Commissioner, work with a catch-all mechanism? I think it would be a good idea. I also urge for impact assessments in the R&D phase to know earlier on what dangers systems can pose, while allowing researchers to do their work. We need future-proof and smart legislation very soon, and much more than what the Council adopted on Friday. Waiting longer is, frankly, irresponsible and dangerous.