Priority question for written answer P-003661/2021 to the Commission Rule 138 Sophia in 't Veld (Renew)

Subject: Pegasus Project

On 18 July 2021, it was revealed that governments have massively targeted human rights activists, journalists, politicians and government officials across the world using Pegasus, a hacking software sold by NSO Group Technologies. It has been reported that the governments of Morocco, Saudi Arabia, the United Arab Emirates and Azerbaijan, among others, are all clients of Pegasus. The Hungarian Government is also believed to use this surveillance software to target the phones of independent journalists1. NSO Group Technologies is an Israeli company that also exports its products from Bulgaria and Cyprus2.

1. Can the Commission explain whether any EU funding has ever directly or indirectly funded NSO Group Technologies, and whether or not the Commission has ever been in contact with this company? If so, why?

2. Will the Commission investigate how the EU policy for the control of exports and for the transfer, brokering and transit of dual-use items has been followed in this case, and whether or not the Bulgarian and/or Cypriot export control authorities have been involved?

3. Will the Commission immediately investigate and assess whether or not Hungary has respected its obligations under the Treaties and the Charter, including the General Data Protection Regulation and the Law Enforcement Directive? If not, when will the Commission start infringement procedures?

1 https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance- weapon-nso-group-pegasus 2 https://www.nsogroup.com/wp-content/uploads/2021/06/ReportBooklet.pdf

PE696.764v01-00