A former member of the European Parliament’s spyware inquiry committee had his phone infected with Pegasus spyware during critical hearings, prompting calls for urgent EU action to prevent further surveillance abuses.
- Pegasus spyware infected ex-MEP Kouloglou’s phone during parliamentary inquiry.
- Civil rights groups call for EU investigation and accountability measures.
- PEGA Committee’s recommendations on spyware regulation remain unimplemented.
What happened
Citizen Lab’s forensic analysis revealed that Stelios Kouloglou, a Greek former MEP and substitute member of the EU’s Pegasus spyware inquiry committee (PEGA Committee), had his iPhone infected with Pegasus in October 2022 and again in March 2023. These infections occurred while the committee was holding important hearings regarding formal recommendations to regulate spyware use in the EU.
The infections highlight that intrusive spyware typically only available to governments was used against a parliamentarian actively investigating digital espionage within the bloc. Amnesty International and other civil rights organizations condemned the targeting, describing it as a serious threat to the independence and integrity of European oversight mechanisms.
Why it matters
The Pegasus spyware infections underline the inadequacies of the EU’s current system in preventing and addressing spyware abuse. The PEGA Committee’s recommendations from May 2023, which include stricter regulation and independent oversight of spyware use in member states, have not been fully implemented, leaving the EU vulnerable to recurring privacy violations.
Civil liberties advocates worry that without urgent action, such breaches threaten the democratic process by compromising those investigating abuses of power. They have called on the EU’s Directorate-General for Information Technologies and Cybersecurity to open a thorough investigation to establish responsibility and hold perpetrators accountable.
What to watch next
The EU is expected to respond publicly to the PEGA Committee’s recommendations and provide clarity on what measures have been taken so far. This includes the extent to which member states have adhered to requirements for spyware oversight involving Europol and independent review bodies.
Reform of the EU’s 2021 Dual-Use Regulation, governing the export of spyware tools, is also under scrutiny. Observers will watch closely whether updates to this framework align with the committee’s recommendations to prevent misuse and ensure victims of spyware attacks have effective remedies and access to justice.