At a hearing before the European Parliament’s Committee on Civil Liberties (LIBE), on Thursday 7 May, Martin Schauer, Head of Unit in the European Commission’s Directorate-General for Communications Networks, Content and Technology, and Gauthier Monjanel, Adviser to the Chief Executive of the European Investment Fund (EIF), spoke about recent revelations concerning the use of European funds by spyware companies, in particular the Israeli company Paragon Solutions.
Mr Schauer opened the session by assuring the audience that the European Union “strongly condemns any illegal access to interpersonal communications and other data”. He detailed the existing regulatory arsenal, from the General Data Protection Regulation (GDPR) to the future Cyber Resilience Act, while emphasising that the EU does not fund any project the purpose of which is prohibited by law.
In his view, the current control system is based on a rigorous exclusion system: any entity guilty of “serious professional misconduct” - a concept that now includes violating the Union’s values - is banned from receiving any funding.
For his part, Mr Monjanel clarified the financial package that benefited Paragon Solutions. He explained that this was a “cascade” investment via a “fund of funds”, pointing out that at the time the company was developing “lawful interception” tools intended solely for democratic governments in the fight against terrorism.
He nevertheless announced a tightening of the rules: the EIF now refuses to invest in fund of funds structures and excludes all support for defence-related cybersecurity companies outside the EU and the European Free Trade Association (EFTA).
However, these explanations did not appease MEPs. Saskia Bricmont (Greens/EFA, Belgian) denounced the problem as “eminently political”, expressing indignation that European taxpayers’ money was indirectly supporting tools used to oppress civilians.
She was followed by Birgit Sippel (S&D, German), who pointed out that exclusion criteria based on actual convictions have obvious limitations, because “if it is the government using spyware against their own citizens, of course the company will never be judged”.
While admitting the limitations of such a procedure, Mr Schauer defended himself by pointing out that the Commission has no power to conduct criminal investigations: competence lies exclusively with the national authorities, over which the Commission has no budgetary control. (Original version in French by Justine Manaud)