EU pressed to respond after Pegasus found on phone of spyware inquiry MEP

Rights groups and researchers are urging the European Union to move faster on spyware oversight after Citizen Lab said a former member of the European Parliament was targeted with Pegasus while servin...

Rights groups and researchers are urging the European Union to move faster on spyware oversight after Citizen Lab said a former member of the European Parliament was targeted with Pegasus while serving on a major inquiry into spyware abuse.

The device belonged to Stelios Kouloglou, a Greek MEP from 2014 to 2023 and a substitute member of the PEGA Committee, which examined the use of Pegasus and similar surveillance tools across Europe. According to Citizen Lab, his iPhone was infected in October 2022 and again in March 2023, around the time Parliament was discussing the committee’s final recommendations.

Amnesty International and other civil liberties organizations said the case raises serious questions about the independence of democratic oversight inside the EU. They argue that a person directly involved in investigating spyware misuse should not have been exposed to that kind of surveillance without a strong institutional response.

Calls for investigation and reform

In a joint statement, the groups called on the EU’s Directorate-General for Information Technologies and Cybersecurity to investigate the intrusion, identify who was behind it, and explain what has been done to implement the PEGA Committee’s proposals. Those recommendations, issued in May 2023, stopped short of banning spyware sales outright, but called for tighter controls, independent oversight, and closer involvement from Europol when member states claim a lawful need to use such tools.

Citizen Lab said it could not conclusively determine which NSO Group customer was responsible for the attacks. It also said it found no evidence that the Greek government carried them out, despite Greece’s earlier history of spyware controversies. Researchers suggested the same operator may have been involved in attacks against exiled activists and journalists from Russia, Latvia, and Belarus in 2024.

Broader pressure on EU policy

  • Campaigners want the EU to publicly say which PEGA recommendations have been adopted and which remain unfulfilled.
  • They are also asking for clearer remedies for victims, including access to evidence and notification of surveillance.
  • Activists want reforms to the EU’s Dual-Use Regulation, which governs exports of surveillance technology.

The issue comes amid wider criticism that Europe has not enforced spyware rules consistently. Past scandals in Greece, Spain, Poland, and elsewhere have fueled concern that surveillance tools continue to spread without enough accountability. For critics, the Kouloglou case is another sign that the bloc still lacks effective safeguards against abuse.