World

EU Funds for Spyware: Why MEPs Demand Answers and a Full Review

MEPs demand answers on EU funds to spyware firms. Millions of euros went to firms tied to unlawful surveillance.

October 2, 2025, 9:00 PM

A digital map of Europe is overlaid with EU stars, a lock icon, and glowing nodes.

A digital representation of Europe, featuring EU stars, a lock icon, and glowing nodes, symbolizes EU funds for spyware. By MDL.

Executive Summary

Investigations reveal millions of euros from EU programs and national funds have supported firms such as Intellexa, Cy4Gate, and Nexa Technologies, whose technologies are linked to unlawful surveillance within the EU and in countries with poor human rights records.

MEPs are deeply concerned that the EU might be enabling tools that erode democracy and fundamental rights, urging an immediate public review of subsidies, exclusion of all spyware vendors from future EU funding, and implementation of the PEGA inquiry recommendations.

The Story So Far

The current demand from MEPs for an explanation regarding EU funds allocated to commercial spyware companies builds upon the findings of the 2022 PEGA inquiry, which had already exposed the pervasive and unlawful use of spyware like Pegasus by EU governments, deeming it a “severe violation of EU values.” Recent investigative journalism has further revealed that national and EU public financing has continued to flow to firms such as Intellexa and Cy4Gate, whose technologies are implicated in the surveillance of journalists and human rights defenders. This persistent funding of companies linked to human rights abuses, despite previous warnings, raises significant concerns about the European Union’s financial oversight and its commitment to upholding democratic principles and fundamental rights.

Why This Matters

The demand from 39 MEPs for an explanation regarding EU funds allocated to commercial spyware companies, despite their links to unlawful surveillance and human rights abuses, poses a significant challenge to the European Commission’s financial oversight and commitment to democratic principles. This pressure could lead to a comprehensive review of EU funding mechanisms, a potential ban on future funding for spyware vendors, and a stronger push to implement the PEGA inquiry’s recommendations, ultimately impacting the EU’s regulatory stance on surveillance technology and its global credibility on human rights.

Who Thinks What?

39 Members of the European Parliament are deeply concerned that EU funds are supporting commercial spyware companies linked to unlawful surveillance, demanding immediate accountability, transparency, a review of past funding, and a commitment to exclude spyware vendors from future EU funding instruments.

Commissioners Henna Virkkunen, Michael McGrath, and Piotr Serafin are being formally requested to provide explanations regarding the integrity of entities receiving funds, risk assessments before investments in spyware companies, the total amount awarded to such organizations, and how funding mechanisms align with human rights and digital resilience stances.

Researchers and policy advisors from organizations like Amnesty Tech and European Digital Rights (EDRi) support the MEPs’ call for a review and ban on commercial spyware, arguing that the EU’s funding might be “fanning the flames” of a crisis that fuels human rights abuses and that spyware use is “inherently incompatible with fundamental rights.”

A coalition of 39 Members of the European Parliament (MEPs) has formally requested an explanation from senior European Commissioners regarding the allocation of EU funds to commercial spyware companies. This demand follows recent investigations revealing that millions of euros in taxpayer money have supported firms such as Intellexa and Cy4Gate, whose technologies are linked to unlawful surveillance within the EU and in countries with poor human rights records, raising significant concerns about the Union’s financial oversight and commitment to democratic values.

MEPs Demand Accountability

The group of politicians has cited recent investigative journalism, including reports from Follow The Money, which detailed how countries like Italy, Greece, Hungary, Poland, and Spain have directed public financing, including EU programs, towards commercial spyware makers. These findings indicate that entities such as Intellexa, Cy4Gate, Verint, and Cognyte have benefited from these funds, despite their technologies being associated with the unlawful surveillance of journalists, human rights defenders, and political figures.

In their letter, the MEPs stated that this situation “raises serious questions about the governance, transparency, and accountability of the Union’s funding mechanisms.” They expressed deep concern that the EU might be “directly or indirectly enabling tools that erode democracy, fundamental rights, and the rule of law,” especially in light of past scandals and the recommendations from the PEGA inquiry.

Specific Funding Allegations

Investigations highlighted several instances of public funding. Spain’s Centre for the Development Of Industrial Technology (CDTI), a public-funded institution, reportedly provided €1.3 million (approximately $1.5 million) to Mollitiam Industries, a now-defunct spyware vendor. The EU science research program Horizon 2020 allegedly awarded €1.74 million (around $2 million) to projects involving Innova, a company known for supplying surveillance tools to Italian prosecutors’ offices.

Further reports suggest the European Regional Development Fund and the European Social Fund contributed approximately €41,350 to Innova. The European Regional Development Fund also reportedly covered about three-quarters of the costs for a project run by Movia, a developer of Spider spyware, between 2019 and 2021. Other EU programs are claimed to have funded spyware companies like Area, Memento Labs (formerly Hacking Team), and Negg Group.

Perhaps most controversially, the European Commission itself awarded a €60,000 (about $70,500) contract to France-based Nexa Technologies in 2015. At the time, Nexa was part of the Intellexa Alliance, which has been linked to the Intellexa Consortium, previously sanctioned by the US for its involvement in the Predator spyware. Additionally, Italy’s state-owned bank, Mediocredito Centrale, acted as a guarantor for a €2.5 million (approximately $2.9 million) loan to Dataflow Security, an Italy-based commercial spyware developer. While the investigations did not prove that the money was directly used for spyware development, the funding itself is a point of contention.

Questions for the Commission

The letter, addressed to Commissioners Henna Virkkunen (overseeing tech), Michael McGrath (justice), and Piotr Serafin (anti-fraud), requests greater transparency regarding EU fund distribution. MEPs asked how the European Commission verifies the integrity of entities receiving funds, whether risk assessments are conducted before investments in spyware companies, and the total amount of money awarded to such organizations.

They also sought clarification on how the Commission plans to align its funding mechanisms with its human rights and digital resilience stances, and why it has not implemented the recommendations of the PEGA inquiry. The European Commission has been approached for a response to the letter.

Background: The PEGA Inquiry

The PEGA inquiry was initiated in 2022 following reports of several EU governments using NSO Group’s Pegasus spyware. Its findings, published in 2023, described the pervasive use of spyware as “Europe’s Watergate” and a “severe violation of all the values of the European Union.”

The inquiry’s report concluded that the spyware scandal was not merely a series of isolated incidents but a “full-blown European affair,” with Member State governments using spyware for political purposes and to conceal corruption. Key recommendations included restricting law enforcement’s use of spyware to exceptional cases, protecting sensitive targets such as politicians and journalists, and establishing clear conditions for legal use.

Calls for Review and Ban

The 39 MEPs have urged the European Commission to launch an immediate public review of EU subsidies flowing into spyware companies. They specifically requested details on all funds issued to spyware companies since 2015, a commitment to excluding all spyware vendors from future EU funding instruments, and a follow-up on the PEGA recommendations. The MEPs emphasized that “Citizens of the Union have the right to know whether their taxes are being used to finance technologies that endanger their fundamental rights.”

Rebecca White, a researcher and advisor at Amnesty Tech’s Security Lab, expressed support for the letter, highlighting the Commission’s perceived silence on the issue. She stated that the allegations suggest the EU is “fanning the flames” of the spyware crisis, which fuels human rights abuses globally. Aljosa Ajanovic Andelic, policy advisor at European Digital Rights (EDRi), echoed the MEPs’ call for a ban on commercial spyware, asserting that its use is “inherently incompatible with fundamental rights.”

Future Implications

The ongoing controversy highlights a critical juncture for the European Union, prompting a re-evaluation of its funding mechanisms and their alignment with core democratic principles. As calls for a comprehensive ban on commercial spyware grow, the Commission faces increasing pressure to address concerns that its financial support may inadvertently contribute to human rights abuses and undermine the rule of law both within and beyond its borders.