2025 Digital rights review: Spyware, AI war & EU regulations
Date:
Mon, 05 Jan 2026 09:52:57 +0000
Description:
We spoke to the digital rights organization Access Now about the most significant developments of the past 12 months. Here's what they said.
FULL STORY
This year was defined by surveillance, censorship, and shrinking civic space according to Access Now s executive director, Alejandro Mayoral Baos .
Despite the sobering headlines, the US-based digital rights organization says theres still hope. Resistance has continued and, as Baos puts it, communities refused to disappear.
I spoke to members of Access Now about the most pressing developments from
the past 12 months. Heres what they told me.
Spyware continues to proliferate
Four years on from the Pegasus Project revelations , reports suggest that spyware remains a significant threat to privacy.
This year, Graphite a tool developed by Paragon Solutions was found to have been used to track journalists and activists in Europe . While an Italian parliamentary committee report confirmed the government had used the spyware against human rights activists, it stopped short of admitting to the
monitoring of journalists.
Apple and WhatsApp were unaware of the floors that Paragons products were exploiting. In other words, the attackers were targeting zero-day vulnerabilities .
Traditional cybersecurity best practices offer little help against this type
of threat. While a trusted VPN provider protects your data while it is moving across the internet, spyware targets a device's operating system.
By attacking the device in this way, spyware operators can often gain total access to your digital life capturing every keystroke, eavesdropping through your microphone, and even turning on your camera.
Most dangerously, these are often zero-click attacks, meaning that unlike traditional attacks, the target doesnt have to click a suspicious link or
open a file.
Mercenary spyware continued to prove that it is evolving faster than safeguards, says Rand Hammoud, Surveillance Campaigns Lead at Access Now.
While WhatsApp and Apple confirmed they had patched the specific vulnerabilities exploited, the mercenary spyware industry is incredibly resilient. It continues to source new entry points via the murky
international market for zero-day vulnerabilities.
This secretive global market involves hackers selling unpatched software
flaws to the highest bidder usually governments or private companies that then use them to break into devices before the manufacturers even know the vulnerability exists.
Fortunately, there was some progress for digital rights defenders this year. Most notably, the Pall Mall Process launched a new Code of Practice for
States in April, as Hammound explained.
The Code is a voluntary, non-binding document which pushes for greater accountability, oversight, and transparency among participating nations.
There was also progress at the EU level, where the blocs export control rules integrated human rights language. However, Hammoud warns that the dual-use control list which governs how EU-based companies sell and transfer surveillance equipment is undermined by weak catch-all clauses and uneven national practices that leave room for evasion.
Bottom line: 2025 shifted the question from do we need rules? to who will actually enforce them? because victims cant be protected by principles
alone, Hammoud said.
AI-enabled digital warfare
While spyware is highly targeted, Access Now has also monitored a much larger shift: the development of AI-driven systems designed for use during active conflict.
Marwa Fatafta, MENA Policy and Advocacy Director at Access Now, said theres been a troubling shift in recent years with the rapid militarization of civilian technologies and personal data. Its a process that has blurred the lines between the tools we use for daily life and the systems now being used
on the battlefield.
Gaza stands as a stark example of how warfare evolves when mass surveillance and AI-driven systems are woven into military operations with no restraints Fatafta said.
The technology is varied but is often used to generate targets at a speed no human analyst can match. Thats down to a deadly combination of automated systems, such as Lavender, alongside AI tracking tools that use
mass-collected data. The technologies being used have raised significant ethical concerns , particularly due to a lack of accountability, control and accuracy.
Earlier this year, the head of the United Nations called such "killer robots" politically unacceptable and "morally repugnant." Despite mounting international pressure, however, there remain few meaningful regulations on
its use.
We can no longer afford to treat digital warfare as a peripheral issue,
Fatafta concludes.
EU rolls back digital rights protections
An organization once expected to introduce meaningful protections the European Union now seems to be moving in the opposite direction. According
to Access Now, the bloc is failing to live up to its reputation as a "privacy-first" regulator.
After several years of being at the forefront of regulating digital rights protections, the European Union seems to be turning its back on the very gold standards it worked so hard to establish, according to Daniel Leufer,
Emerging Technologies Policy Lead at Access Now.
A wave of regulatory moves over the past 12 months has placed end-to-end encryption in the crosshairs, including proposals to expand mandatory data retention and increase the monitoring of private conversations .
The stakes are high: current proposals seek to establish "lawful access" to encrypted data. This could effectively end the era of truly "no-log" VPN services in Europe.
These are part of a broader shift, according to Leufer, in which the European Commission has been bending over backwards to accommodate the most excessive demands of industry lobbying and undermining key digital rights safeguards.
And the future doesnt look promising. Leufer warns that the policies proposed in 2025 may only be the beginning. He suggest that digital rights advocates must now brace for a significant struggle to preserve hard-won protections across data protection, privacy, and artificial intelligence.
What's next?
As 2026 approaches, significant hurdles remain in the fight to protect fundamental human rights online. Organizations like Access Now will continue
to push for better regulatory constraints on everything from mercenary
spyware to AI-enabled weapons, alongside a renewed fight for meaningful data protection around the globe.
Alongside these high-level regulatory efforts, the tech community will
continue to build its own safeguards. Expect new privacy-by-design products ranging from decentralized, no-log VPNs to messaging apps that offer post-quantum encryption.
For Access Now, the mission for the coming year is clear. The goal is, says Baos, not to return to normal, but to build a stronger, fairer, and more accountable digital rights ecosystem." It's a vision that privacy advocates around the world will doubtless share.
======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-privacy-security/2025-digital-rights-review- spyware-ai-war-and-eu-regulations
$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/105)