Pall Mall Process Shifts Toward Voluntary Industry Standards for Commercial Spyware
An international initiative known as the Pall Mall Process is moving from government-focused norms to developing opt-in guidelines for the commercial cyber intrusion/spyware industry, amid debate over how to define the market and constrain abuse without eliminating tools used for legitimate purposes such as law enforcement. Participants have been grappling with core design questions including who the rules should apply to, how to draw boundaries between legitimate security research and illicit intrusion activity, and whether the scope should include adjacent capabilities such as reconnaissance tooling.
At a discussion held under Chatham House rules alongside Washington, D.C.-area events, stakeholders from government, industry, and civil society weighed how to incentivize participation and measure compliance, and how to handle vendors with a “checkered past.” Commentary around the effort emphasized that voluntary, non-binding standards may have limited impact without stronger state action, pointing to existing government levers already used to shape the market—such as Entity List designations, financial sanctions, and visa restrictions targeting actors involved in the misuse of commercial spyware.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
AE Industrial Partners acquires Paragon for $500 million
Paragon Solutions was later acquired by AE Industrial Partners in a deal reportedly valued at $500 million. The acquisition underscored the continued commercial viability of spyware vendors amid international debate over regulation and accountability.
Paragon receives US ICE contract
After the Italy-related controversy, Paragon Solutions later received a contract from US Immigration and Customs Enforcement. The development was highlighted in discussion of how governments continue to engage commercial spyware vendors despite abuse concerns.
Paragon reportedly cuts ties with Italian government after spyware abuse claims
Paragon Solutions reportedly ended its relationship with the Italian government after its spyware was allegedly used in Italy to target journalists and activists. The case was cited as an example of a spyware vendor trying to present itself as compliant despite controversy over prior use.
DistrictCon participants debate scope and enforcement of vendor standards
At DistrictCon in Washington, D.C., government, industry, and civil society representatives debated what the voluntary standards should cover, including reconnaissance tools, customer due diligence, and possible vendor kill switches. They also discussed how procurement pressure and other incentives might encourage compliance without driving vendors toward non-participating governments.
Pall Mall Process shifts toward industry-facing hacking tool guidelines
Participants in the Pall Mall Process moved from government-use rules toward drafting voluntary standards for commercial cyber intrusion vendors. The effort is intended to shape expectations for vendor behavior even though the guidelines would be non-binding.
Pall Mall Process begins with government-use code of conduct work
The international Pall Mall Process initially focused on developing a voluntary code of conduct for how governments should use commercial cyber intrusion tools. This first phase preceded later work on standards aimed directly at the commercial hacking industry.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Commercial Spyware Policy Debate Amid Shifting US Enforcement
US policy toward the **commercial spyware** industry is facing renewed scrutiny as sanctions, contract decisions, and legal actions send mixed signals about how aggressively Washington intends to constrain vendors linked to surveillance abuse. Dark Reading reports that opponents of the spyware market fear recent moves — including rescinded sanctions and reactivated government contracts — could weaken pressure on firms whose tools have been used against journalists, activists, political figures, and officials, even after a Greek court convicted figures tied to the **Predator** spyware scandal. The broader policy discussion also reflects concern that governments are emphasizing disruption of cybercrime while easing pressure on software and security accountability elsewhere. A CyberScoop opinion piece argues that recent US action has focused on raising costs for cyber-enabled fraud operators, but that rollback of prior federal software supply-chain assurance measures risks leaving systemic weaknesses unaddressed. A weekly roundup mentioning multiple unrelated incidents, including an alleged **Handala** attack on Stryker and an Aadhaar bug bounty, does not describe the same spyware-policy story and should be excluded.
May 7, 2026
Ireland Proposes Communications Bill to Legalize Police Spyware and Expand Interception Powers
Ireland’s government announced plans to introduce the **Communications (Interception and Lawful Access) Bill**, a legislative overhaul intended to modernize the country’s lawful interception framework and explicitly provide a legal basis for law enforcement use of **spyware**. Officials said the existing **Postal Packets and Telecommunications Messages (Regulation) Act 1993** predates modern communications, particularly end-to-end encrypted messaging, and argued a new framework is needed to address serious crime and security threats while adding “robust” safeguards to ensure powers are necessary and proportionate. The proposed bill is described as covering **“all forms of communications, whether encrypted or not,”** and enabling access to both **content and metadata**, expanding scope to services and device categories such as electronic messaging platforms, email, and **IoT** communications. While the announcement emphasizes privacy/security safeguards and increased technical cooperation between state agencies and service providers, reporting notes it does not clearly explain the technical mechanism for accessing encrypted communications—an outcome that in practice often requires **device compromise** (e.g., government-grade spyware) or local forensic extraction tools (e.g., *Cellebrite*). The government also indicated alignment with the EU Commission’s roadmap on lawful access and encryption-related interception issues.
Mar 21, 2026
UK Court Awards Damages for Saudi Pegasus Spyware Targeting as NSO Seeks Legitimacy via Pall Mall Process
A UK court ordered the Kingdom of **Saudi Arabia** to pay **£3 million** in damages to London-based Saudi dissident **Ghanem Al-Masarir** after finding his iPhones were infected with **NSO Group’s Pegasus** spyware as part of a 2018 targeting campaign attributed to a Saudi operator dubbed **KINGDOM**. The ruling credited expert evidence from **Citizen Lab** researcher **Bill Marczak**, and the damages award covered injury, costs, and lost earnings tied to the spyware targeting and related harms; the decision was framed by advocates as a rare avenue for accountability for victims of mercenary spyware and transnational repression. Separately, civil society groups warned that spyware vendors linked to human rights abuses are attempting to launder their reputations by engaging with diplomatic initiatives intended to curb misuse of commercial hacking tools. The criticism followed an **NSO Group** “transparency report” highlighting its claimed participation in the **Pall Mall Process**—a French- and UK-led effort to develop governance for *Commercial Cyber Intrusion Capabilities (CCICs)*—even as officials said NSO was not invited and participation does not equate to human-rights compliance; critics pointed to continued allegations of Pegasus abuse, including reported targeting of journalists and civil society in countries such as **Serbia**.
Mar 21, 2026