A new Franco-British cyber strategy emerges
The governments of France and the United Kingdom are aligning to regulate cyber activities tied to private sector work, including cyber attacks and espionage. Through this initiative, Paris and London aim to strengthen security and stability in cyberspace by addressing the instability of a largely unregulated space, according to the French Ministry of Foreign Affairs.
The plan was highlighted at this year’s Peace Forum in Paris, a yearly gathering supported at high levels by France’s leadership. While the forum has seen varying influence since its peak moments in 2018, it remains a venue for multilateral dialogue and cooperative measures in cyberspace and digital security.
The Franco-British approach grows from concerns about the growing importance of specialized programs in cyber operations and the shifting landscape of cyber espionage. State actors, activist groups, and hackers increasingly interact with traditional companies in a broader ecosystem. There is a wide array of components, key products, services, and ecosystems that support investors, the Foreign Ministry notes, adding that unregulated use threatens both security and human rights in cyberspace. A broader international framework is being discussed to curb such risks and to ensure responsible handling of dual use technologies. (Source: French Ministry of Foreign Affairs)
A venture still in its early stages
The status of the program between France and the United Kingdom remains in its infancy. Both nations plan to host a dedicated summit on British soil next year and in France in 2025. Earlier in the year, a joint declaration signed by Paris, London, and ten other countries outlined commitments to curb the dissemination and abuse linked to commercial espionage programs. Spain was not part of the pledge. Acknowledging the evolving landscape, observers see this as the initial step in a longer process of building common norms and safeguards for private sector cyber tools. (Source: government communiqués)
One ongoing challenge for the private sector in cybersecurity is ensuring that tools designed for defense are not easily repurposed for espionage or offensive actions. The French ministry acknowledged that changes to software lines can alter a tool’s use. To address this risk, an international framework exists to control exports of dual use technologies with civilian and military applications. Compliance with these regulations depends on state cooperation and enforcement.
Spy programs across Europe
The investigative media and journalistic coalitions reported that the Pegasus spying program, developed by the Israeli company NSO, was used by Spain, Morocco, Poland, Hungary and several other states in 2021. The tool has also been associated with surveillance of high-level figures, including European leaders. Beyond Pegasus, other similar programs exist, such as Wild Animal, created by a French group named Nexa.
Recent reporting by Amnesty International highlighted how a French-made program sold to various authoritarian regimes has reportedly been used by groups linked to the Vietnamese government to monitor European Union leaders and institutions. This line of reporting illustrates how private sector technologies intersect with political power. The Digital Media section noted how a former security chief from the Elysée collaborated with Nexa to market Predator to certain regimes, including Saudi Arabia. These dynamics underscore the difficulties in regulating the sector when corporate influence extends into military and state structures. Acknowledging these concerns, analysts stress the need for robust governance, transparency, and independent oversight to prevent abuse. (Source: investigative journalism reports)