Pall Mall process: Global spyware regulation gains ground
The process acknowledges the need for greater international action while recognizing legitimate uses for cyber intrusion capabilities. It aims to establish guiding principles and policy options for various stakeholders involved in the development, facilitation, purchase, and use of these technologies
In early April 2025, 21 nations – including France, the UK, Japan, and 18 EU member states – signed the Pall Mall Pact, a voluntary agreement aimed at establishing best practices for the use of commercial cyber intrusion tools, commonly known as spyware. The pact seeks to address concerns over the misuse of such tools against journalists, activists, and political opponents. Notably, the United States was absent from the initial signing but has since indicated plans to join the agreement. Major technology companies, including Google, Microsoft, Apple, and Meta, have also endorsed the initiative.
However, some countries have opted not to participate. Most notably, Israel, a significant exporter of spyware technologies, has not signed the declaration. Other non-signatories include Hungary, Mexico, and Spain.
The core objectives of the Pall Mall Process include promoting a whole-of-society approach to cyberspace, emphasising the importance of public-private partnerships, and encouraging multistakeholder collaboration to achieve a more secure and trustworthy digital environment. By engaging diverse participants, the initiative seeks to harmonise efforts in combating the misuse of cyber intrusion capabilities and to uphold human rights in the digital realm.
The Pall Mall Pact, initiated by France and the UK in February 2024, is part of a broader effort to regulate the commercial spyware industry. While the agreement is non-binding, it represents a collective commitment to promote transparency and accountability in the development and deployment of surveillance technologies.
