The European parliament is preparing to launch a committee of inquiry into the Pegasus spyware scandal after evidence emerged of government critics in Poland and Hungary being targeted with the surveillance software.
The cross-party body will seek testimony from member states’ intelligence services, elected politicians and senior officials, with a previous inquiry into alleged European facilitation of CIA “black sites” providing a model.
The move is the most significant yet from Brussels since a group of media organisations including the Guardian revealed that Pegasus software was being used against journalists, activists and politicians in numerous countries across the world including in Europe.
It follows the announcement from the Israeli government this week that it would investigate reports of Israeli police using Pegasus against its citizens. Local media reports claimed the list of targets included people involved in the corruption trial of the former prime minister Benjamin Netanyahu.
Pegasus allows an operator to take control of a target’s mobile device, access all data even from encrypted messaging apps and turn on audio or video recording.
The investigation by the Guardian and 16 other media organisations had been based on forensic analysis of phones and a leaked database of 50,000 numbers, including that of the French president, Emmanuel Macron, the European Council president, Charles Michel, and other heads of state and senior government, diplomatic and military officials in 34 countries.
The Israeli company that manufactures the software, NSO Group, has previously said the figure of 50,000 was “exaggerated” and that the list could not be a list of numbers “targeted by governments using Pegasus”.
The analysis of phones in Europe showed that journalists, activists and lawyers in Hungary had been targeted with Pegasus.
A senior Hungarian government official appeared to confirm in November that the software had been purchased by the state, but it was later denied and ministers have since declined to comment.
Hungarian journalists are planning to take legal action against the state and NSO.
In Poland, a senate commission saw documents in January that suggested that country’s Central Anti-Corruption Bureau (CBA) had bought Pegasus in 2017 using funds from the justice ministry.
Law and Justice, the lead party in the governing coalition, has boycotted the commission in the opposition-led senate.
The European parliament has launched a committee of inquiry on only a handful of occasions, and the proposal has already received the required political backing of a quarter of MEPs and the endorsement of the heads of political groups. It has been pushed by the Renew Europe political group in the parliament in which Macron’s La République en Marche MEPs sit, and is expected to be formally approved in a plenary session in Strasbourg next week.
Assuming that happens, the committee is expected to sit for 12 months from April, during which it will hold public sessions and call for relevant documents and oral and written testimony.
NSO Group did not immediately respond to a request for comment on the inquiry, but in previous answers to the Guardian it has said it could not confirm or deny whether particular countries were clients. It also insisted its tools were only meant for use against criminals and terrorists, and should not be used on dissidents, activists or journalists.
The president of the Renew Europe group, Stéphane Séjourné, said: “The Pegasus scandal is not just an assault on individual freedoms. It is an attack by autocratic regimes on the essence of our European democracies.
“When software developed to target terrorists is used against opposition politicians by European governments, this is very serious indeed.
“The scale of the allegations show why we need a European response and this is why we have led calls for the European parliament to launch an inquiry committee with teeth, that can consult experts and call witnesses from across Europe.”
Once the committee has completed its investigation it will file a report for national governments and the European Commission.
“Nothing should be off the table and no stone should be left unturned,” Séjourné said. “We don’t just want information about the scale of the scandal, we want recommendations put on the table of the European Commission and national governments, so this can never happen again.”
The EU’s justice commissioner, Didier Reynders, told MEPs in September that the European Commission “totally condemned” alleged attempts by national security services to illegally access information on political opponents through their phones.
He said it was already the case, as confirmed by the European court of justice, that governments could not “restrict the confidentiality and integrity of communications” except in “very strictly limited” scenarios.
He also said a pending EU privacy regulation would tighten the rules further, and called for MEPs and member states to urgently agree on the details of the new law in light of the spyware scandal.
