Bulgarian licenses enabled EU surveillance exports to repressive regimes

Published: 18 June 2026
Avoiding internet surveillance techniques

Bulgarian licenses cleared the way for surveillance company Circles to legally export its tech to countries accused of spying on journalists, activists, and crack down on dissent, according to a report by Human Rights Watch. Clients included intelligence services, military and police bodies, regional governments, and private companies.

Key takeaways:
  • Bulgaria licensed surveillance tech exports to countries with human rights abuses.
  • Circles reportedly exploits weaknesses in global mobile networks to intercept calls and texts.
  • Human Rights Watch report highlights EU failures in surveillance export controls.

Bulgaria and the EU allowed the legal export of surveillance tech to Azerbaijan, Bahrain, Brazil, the Dominican Republic, El Salvador, Ghana, Guatemala, Israel, Jordan, Malaysia, Mexico, Morocco, Panama, Serbia, and the United Arab Emirates (UAE).

ADVERTISEMENT

Between 2018 and 2023, Circles in Bulgaria was granted licenses to sell telecommunication interception systems, communications monitoring software, and other surveillance technologies to countries that were likely to use them for internal repression, according to a report by Human Rights Watch (HRW) that analyzed documents previously unavailable to the public.

Circles is a surveillance firm that exploits weaknesses in the global mobile phone system to snoop on calls, texts, and locations without needing to hack the phone itself, according to a previous Citizen Lab report. The company was first registered in Cyprus and has been operating from Bulgaria.

While Circles might be a lesser-known surveillance brand, it is affiliated with NSO Group, which develops the notorious Pegasus spyware. Circles cofounder, Israeli Tal Dillian, is also the founder of Intellexa, the Greek spyware company sanctioned by the US, which previously surveilled Greek journalists, politicians, and businesspeople.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The new documents only confirm that the exports of cybersurveillance tech were legally allowed, but they do not reveal any actual sales. Clients reportedly included intelligence services, military and police bodies, regional governments, and private companies.

“Issuing the licenses demonstrates a major flaw in how individual governments implement EU export controls for surveillance technology,” the HRW’s report reads.

“New documents provide further evidence that the European Commission, which oversees and implements the law, is failing to achieve that goal.

What tech is Circles selling?

ADVERTISEMENT

According to Bulgarian export documents, Circles offers 4 types of products:

  • “Landmark” software: a network-based solution which allows users to “collect, process, validate and manage information for conducting intelligence operations, based on the location of mobile subscribers.”
  • “Voice Over Location Enabler (VOLE)” software: likely relies on the SS7 protocol to “remotely intercept targets’ incoming and outgoing voice calls” and their locations.
  • “Saphire” software: “allows a command to be sent to a mobile operator via a remote terminal to assign a new IP address to a specific device,” most likely for the targeted interception of communications.
  • “Pixcell” line of IMSI-catchers: described as a “tactical SIGINT [signal intelligence] system that intercepts voice data, messages, and internet data for specific cellular devices.”

Circles didn’t respond to HRV’s inquiries for comment. However, the Bulgarian Minister of Economy and Industry assured the organization that “[e]xports that contradict the country’s national, European and international commitments, including with regard to the protection of human rights, are not allowed.” The ministry also said it maintains a consistent zero-tolerance policy for abuses.

HRW urges EU institutions to tighten the surveillance technology export controls.

“All EU governments should be clamping down on exports of tools that can be used for repression, not rubber-stamping them,” said Zach Campbell, senior surveillance researcher at Human Rights Watch.

“The European Commission has evidence that EU governments have been issuing licenses seemingly without conducting serious human rights due diligence, and yet it appears to have taken no action despite having the legal framework to control this.”

Meanwhile, the Commission said that EU member states are themselves “solely responsible for licensing decisions on dual-use exports.”

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked