Bulgaria has authorized the export of surveillance technology to intelligence and security agencies in nations with documented records of human rights abuses, according to a report by Politico. Documents reveal that the Bulgarian export control authority licensed Sofia-based firm Circles BG to sell interception systems and mobile tracking infrastructure to Azerbaijan, Serbia, Malaysia, and Mexico between 2018 and 2023. These findings, detailed by Human Rights Watch, highlight ongoing gaps in the enforcement of European Union export regulations regarding dual-use surveillance tools.
How does the EU regulate surveillance exports?
Under current EU legislation, national authorities must evaluate whether cyber-surveillance tools could facilitate internal repression or human rights violations before granting an export license. Despite this, critics argue that enforcement remains inconsistent. Zach Campbell, a senior researcher at Human Rights Watch, stated that these licenses provide clear evidence that Bulgaria has authorized the export of surveillance technology to military and intelligence agencies in countries with histories of using such tools to suppress rights. The European Commission is expected to propose a review of the EU’s dual-use export regime by early 2027 to address whether existing rules are sufficient to prevent these technologies from reaching problematic end-users.
Many surveillance systems blur the line between standard telecommunications hardware and invasive spyware. Because these kits often combine commercial servers with specialized interception software, export authorities frequently struggle to categorize them during the licensing process.
What are the risks of dual-use technology?
The primary concern involves the “dual-use” nature of the equipment, which can be marketed for legitimate law enforcement but repurposed for political tracking. For example, documents show that the Azerbaijan foreign intelligence service purchased $42,000 worth of server infrastructure and mobile tracking hardware from Circles BG in 2022. This equipment remained active during the post-2020 conflict in Nagorno-Karabakh. Similarly, the Serbian Ministry of Interior acquired mobile tracking gear just months before the December 2023 elections. While the Bulgarian Ministry of Foreign Affairs maintains that all licenses were vetted for “preventing and investigating crime and terrorism,” international observers like Amnesty International have repeatedly linked these specific technologies to the monitoring of journalists and civil society activists.
How do these companies connect to global spyware scandals?
Circles BG shares corporate ties with the NSO Group, the Israeli firm behind the Pegasus spyware used to monitor public figures globally, including French President Emmanuel Macron. Tal Dilian, a founder of Circles, has faced significant scrutiny; he was sanctioned by the U.S. in 2024 for his role in developing surveillance software used against journalists and government officials. Furthermore, Dilian founded Intellexa, the consortium behind the Predator spyware that triggered the “Predatorgate” scandal in Greece. While Circles BG itself does not appear on U.S. export control lists, the NSO Group was blacklisted by the U.S. Department of Commerce in 2021 due to allegations of misuse against civil society.
Comparison: Export Oversight vs. Reported Usage
| Entity | Stated Purpose | Reported Allegations |
|---|---|---|
| Circles BG (Bulgaria) | Anti-terrorism & rescue | Suppression of civil society |
| NSO Group (Israel) | National security | Monitoring political figures |
Frequently Asked Questions
- Is the export of these surveillance tools illegal?
No. According to the findings, there is no evidence that these exports violated Bulgarian or EU law at the time they were approved. - Why is Bulgaria under scrutiny?
Human Rights Watch identified that Bulgaria issued licenses to agencies in countries with documented human rights concerns, raising questions about how strictly the government vets “end-use” documentation. - What is the difference between Pegasus and Circles technology?
Both are linked through shared founders and corporate ties, but while Pegasus is known for exploiting mobile OS vulnerabilities, Circles often focuses on infrastructure that intercepts signals directly from cellular networks.
Stay informed on the intersection of technology, law, and human rights. Subscribe to our newsletter for weekly updates on digital privacy and global security trends.
