Keep It Safe and Secure
In democratic societies, communication systems are vital for our lives and connections with others. Safe and secure communications and devices allow us to work, socialise, organise, express ourselves, and connect with each other.
We all want to be safe and secure
People’s ability to communicate without unjustified intrusion – whether online or offline – is vital for our rights and freedoms, as well as for the development of vibrant and secure communities, civil society and industry.
When people are under threat, they need privacy-preserving technologies to communicate with journalists and lawyers, coordinate protection for their families, and fight for their safety and rights.
Encryption is great for protecting the way our messages travel on the internet. Through “end to end encryption”, anyone can make sure that the content of an online conversation is can not be intruded upon, not even the server that facilitates the transmission.
Despite this, our communications, devices and with them our freedom and safety are under threat.
States and companies attack our devices and communications through spyware tools and encryption circumvention methods
We see more and more attacks on encryption, by state actors such as law enforcement agencies, or Europol. In 2022, we started our campaign “Stop Scanning Me” with a goal to protect encryption in EU’s CSAR proposal. But new commercial tools such as spyware are also emerging, and with them a whole unregulated market profiteering from exploiting our devices.
Attacks on Encryption
Europol and law enforcement are pushing to legalise hacking methods that weaken encryption. These methods rely on ordering a service provider (those who develop or maintain the software, computer system, network, or electronic device) to build vulnerabilities in their systems. With this demand, state actors want to enable the police or intelligence agencies to have access to our data and break encryption. Client-side scanning (scanning of all content such as text,images, videos, etc. on a device or shared in a communication channel) is a method proposed under the EU CSA Regulation. Key escrows or “key recovery”, involves placing decryption keys in a “vault” managed by a trusted authority or group of trusted authorities, who can break them out when access to the encrypted data is needed. Finally, ghost proposals refer to the modification of the encryption system to enable a third-party listener to be silently added to encrypted conversations.
Proliferation of Spyware
Modern spyware is, a software that can secretly get everything from your phone: your messages, photos, contacts, location, microphone, camera, and browsing history, without you ever knowing. These tools turn a personal device into a constant surveillance instrument, following you in your private life, work, and relationships. Spyware developers use systems vulnerabilities to get into your device, and their products are often used by States to spy on political dissidents, journalists, activists. The spyware industry depends on the abuse of software vulnerabilities, a practice that weakens cybersecurity for everyone:. At least 14 EU Governments have acquired or used spyware, and many private vendors are based in Europe: Thalestris Limited (the parent company of Intellexa) in Ireland, Greece, Switzerland and Cyprus, Memento Labs or Cy4Gate in Italy, DSIRF in Austria, QuaDream in Cyprus, Amesys and Nexa Technologies in France, Paragon in Germany or Paradigm Shift, Palm Beach Networks and Epsilon, companies based in Barcelona. Non-EU spyware is also used by European actors. The “Catalangate” scandal revealed thousands of direct and collateral victims from Pegasus – a spyware tool built by the Israeli company NSO Group. In many regions of the world, this spyware was used to limit dissent, political expression, organisation and journalism.
Europol and law enforcement are pushing to legalise hacking methods that weaken encryption. These methods rely on ordering a service provider (those who develop or maintain the software, computer system, network, or electronic device) to build vulnerabilities in their systems.
Read our analysis
Modern spyware is, a software that can secretly get everything from your phone: your messages, photos, contacts, location, microphone, camera, and browsing history, without you ever knowing. These tools turn a personal device into a constant surveillance instrument, following you in your private life, work, and relationships.
Read our analysisThe impact on people, society, economy
If we lose encryption, we will also lose trust in anything we do online, risking the security of our democratic society, economy and our human rights. We will all be impacted by the chilling effect of unreliable, unsafe communications: journalists engaging with sources or combating disinformation, lawyers consulting their clients, doctors and therapists supporting their patients, human rights defenders chatting online, youth organising protests, families chatting with each other.
If decision-makers allow the commercial spyware industry to continue unhinged, anyone who can pay enough will be able to target activists, politicians, investors, journalists and any of us, basically. The spyware market is a systemic threat not only to human rights, but also to cybersecurity, democratic stability, and global safety.
KISS Campaign partners and actions
The KISS Campaign is led by a group of civil society organisations active at national, European and international level, advocating for a ban on spyware and for measures to protect encryption.
Launched in February 2026, the KISS campaign is co-led by the EDRi (European Digital Rights) together with allies Iuridicum Remedium (Czechia), SHARE Foundation (Serbia), Access Now (International), EPIC (International), danes je nov dan (Slovenia), Alternatif Bilisim (Turkey), OsservatorioNessuno (Italy), Belgrade Centre for Human Rights (Serbia), Digitale Gesellschaft (Germany),Independent Journalists’ Association of Serbia (Serbia), PEGA Coalition (International), Lobby4Kids, Partners Serbia (Serbia).
We represent technologists, victims of spyware, journalists and human rights advocates.

- Share Foundation – A Privacy Nightmare: Understanding Spyware
- Danes Je Nov Dan – Is SOVA spying on me?
- Digitale Gesellschaft – Open Letter on Sicherheitspaket 2.0
- Alternatif Bilisim – Name and Shame the Harm
- IuRe – Nolong E2E Encrypted Services
- Iridia as part of Pegasus Coalition – Three executives of the NSO Group charged for their responsibility in the Pegasus espionage case
- HCLU as part of Pegasus Coalitionn – HCLU curbs unchecked intelligence powers and reinforces legal safeguards for citizens’ rights through legal proceedings in Hungarian Court and ECHR
Learn more about EDRi's work on Encryption and Spyware
-
EDRi launches new resource to document abuses and support a full ban on spyware in Europe
Spyware continues to spread across Europe despite years of scandals and undisputable evidence of fundamental rights violations. As the European Commission remains inactive, civil society, journalists and some...
-
Spyware and state abuse: The case for an EU-wide ban
EDRi’s position paper addresses the challenges posed by state use of spyware in the EU. It also tackles how spyware should be legally defined in a way...
-
Will the Brussels spyware scandal finally convince the EU to act?
In February, Brussels was rocked by reports of phone hacking and spyware attacks on members of the European Parliament’s defence and security committee. Such intrusions are a huge...
-
Position Paper: State access to encrypted data
EDRi’s new policy paper on encryption highlights that our privacy and security must be strongly protected, keeping into account the recent policy developments on encryption and law enforcement....
-
Moving past ‘Chat Control’ to solutions that truly protect kids and privacy
This article highlights evidence-based alternatives that strengthen child safety while safeguarding encryption and fundamental rights. It calls for better enforcement, more targeted tools, and meaningful support for child...
-
CSA Regulation Document Pool
This document pool contains updates and resources on the EU's proposed 'Regulation laying down rules to prevent and combat child sexual abuse' (CSA Regulation)
-
Resist Europol Document Pool
This document pool gathers all the relevant documentation regarding Europol’s powers and legislative reforms, critical analysis and research as well as tools for action.
-
European Parliament backs Europol expansion: “A dangerous step towards mass surveillance in the EU”
Today, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted in favour of a new Europol Regulation, part of the EU’s so-called Facilitators Package,...
-
How to request access to your personal data stored by Europol: a guide
This guide is for everyone who wishes to access personal data on them that is processed, or has been processed, by Europol. Access requests help us to...

