The U.S. has recently made public that a number of countries have joined a pledge to implement export controls on spyware technology. This is part of a broader initiative to establish trade barriers for cyber-related items that could potentially be used in human rights abuses.

On March 18, Finland, Germany, Ireland, Japan, Poland, and South Korea became part of the commitment, joining the U.S., Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, and the U.K. The initial group of 11 countries first made the statement during the second annual Summit for Democracy under the Biden administration last year, emphasizing the need for stringent domestic and international controls on the spread and use of such technology.

During the third Summit for Democracy held in Seoul in March, as part of the updated commitment, the 17 countries pledged to work towards preventing the export of software, technology, and equipment to end-users who are likely to use them for harmful cyber activities, including unauthorized access to information systems. This will be done in line with their respective legal, regulatory, and policy approaches and suitable existing export control regimes.

While the specific legal implications for new-joiner countries off the back of these commitments are to be determined, high-level insights from our experts from Poland, Germany, South Korea and Japan on these developments are provided below:

Poland: Poland’s signing of an anti-spyware commitment has a wider dimension. The previous Polish government had purchased spyware available on the commercial market. This software was allegedly used for illegal purposes, such as eavesdropping on the opposition. Poland was subject to an investigation conducted by EU authorities into alleged contraventions and maladministration in the application of Union law with respect to the use of spyware. A debate about using spyware is currently underway in Poland, and it may result in new regulations restricting the use and sale of spyware in the future.

Germany: After initial hesitation, Germany decided to sign the nearly one-year-old agreement. This decision is in line with the German government’s coalition agreement, which aims to close IT security gaps, raise the intervention thresholds for the use of both state and commercial surveillance software and to adjust existing powers for investigators by ensuring compliance with the German Constitutional Court’s requirements for secret online searches at all times. The requirements entail inter alia strict adherence to the principle of proportionality and the preservation of an inviolable core area of private life that may not be intruded upon through secret surveillance.

South Korea:  The details of how these commitments to control the export of spyware technology will be implemented appear to be under review by the government. Korea already has a robust legal framework to combat spyware within its borders, generally prohibiting distributions of spywares and requiring data controllers to protect against spywares. In contrast, Korea’s export control regime has focused primarily on end-users who plan to import strategic goods or suspected of proliferating weapons of mass destruction. There is currently no explicit legal basis for restricting the export of spyware technology on human rights grounds. However, it is expected that upcoming amendments to the Foreign Trade Act scheduled in August 2024 will provide a clear foundation for expanding the government’s authority to control technology exports following multilateral commitments that Korea has already made. This could provide the necessary framework for implementing necessary commitments including controls of spyware exports. More details on Korea’s approach are expected to be announced in the coming months.

Japan: The Japanese government has been analyzing and discussing participation in this international framework of control commitments for spyware tech and recognizing its significance from various perspective including human rights protection. However, at this moment, the Japanese government has not yet announced officially the details or background of its signing on a commitment to place export controls around spyware technology. It is likely that the details of how this agreement will be reflected in the domestic regulations are still under consideration or review. For example, the scope of the technologies to be controlled, whether there are any difference depending on the destination countries, to what extent the strength of control should be, may need further consideration from commercial perspective as well as human rights protection perspective. We will see further details to be updated by the Japanese government.


Alexander advises clients on the international, European and public law governing international trade. His practice encompasses advising on sanctions and embargoes, trade defense instruments, export control regulations, foreign investment review and international investment law as well as human rights and sustainability due diligence and compliance, including on the German Supply Chain Due Diligence Act and the EU Directives on ESG compliance. Alexander furthermore advices on trade policy, free trade agreements, disputes arising out of these and customs matters.


Mr. Beomsu Kim’s practice focuses on commercial arbitration, investor-state disputes, cross-border litigation. He heads the Dispute Resolution Practice Group for Baker McKenzie & KL Partners Joint Venture Law Firm.


Junko focuses her practice on commercial and trade laws and regulations, WTO dispute settlement, civil and criminal litigation, antitrust law, bankruptcy law and general corporate law. She has extensive experience advising clients on issues involving trade remedy matters such as anti-dumping and countervailing duties, and import restrictions. She also advises on customs matters, classification and valuation issues, export control and sanctions, tariff treatment, FTA/EPA applications, public procurement, and handles antitrust compliance programs for clients.