Israel has tightened its end-user requirements for cyber exports in the wake of the NSO Group/Pegasus spyware scandal. (Getty Images)
Israel's Defence Export Controls Agency (DECA) announced on 6 December that it was updating the end user requirements for cyber and intelligence products that require export licences from Israeli firms.
End users acquiring controlled cyber and intelligence products from Israeli companies must now agree that the products will be used for the prevention of terrorism or for the investigation of serious crimes.
In an appendix to a template end-use certificate, “an act of expressing an opinion or criticism, as well as presenting data regarding the state, including any of its institutions, shall not, in and of itself, constitute a terrorist act”.
Similarly, a “serious crime” is defined as one that carries a term of imprisonment of six years or more under the buyer's national law. “An act of expressing an opinion or criticism, as well as presenting data regarding the state, including any of its institutions, shall not, in and of itself, constitute a serious crime,” according to the documentation.
The definition stipulates that a system's use should be in accordance with an acquiring country's national laws, including privacy regulations, and that appropriate legal approvals should be sought ahead of use. Systems should also not be used to “inflict harm on an individual or a group of individuals, merely due to their religion, sex or gender, race, ethnic group, sexual orientation, nationality, country of origin, opinion, political affiliation, age or personal status”.
Intelligence, information, and cyber systems accounted for 5% of Israel's USD8.3 billion of defence exports in 2020 according to the country's Ministry of Defence in June.