Spyware has been abused in certain EU member states, posing a threat to democracy and the rule of law, Jeroen Lenaers, president of the Pega committee, said on Wednesday.

Speaking at a press conference in Strasbourg, he warned that action must be taken at the European level. The European Parliament is expected to finalise its proposals with a vote set for Thursday.

Last month, the European Parliament’s committee of inquiry investigating the use of Pegasus and equivalent surveillance spyware (Pega) issued its final report, covering several countries, including Cyprus.

In the accompanying Recommendation Compromises document, Pega concluded “there is evidence of maladministration in the implementation of the EU Dual-Use Regulation in Cyprus which requires close scrutiny.”

The wording is a thinned-down version of an earlier recommendation, which had read: “contraventions and maladministration in the implementation of union law are likely to have taken place in Cyprus.”

Pega’s final report also calls on Cypriot authorities to “thoroughly assess all export licences issued for spyware and repeal them where appropriate,” and to “thoroughly assess the shipment of spyware material within the EU’s internal market between member states and map the different Israeli companies or companies owned and run by Israeli citizens that are registered in Cyprus and that are involved in such activities.”

The committee also expressed concerns about the impact of such applications’ abuse on democracy, civil society, and the media in several EU member states.

Lenaers added on Wednesday that they expect a response from the European Commission after the adoption of the recommendations, adding that the European Parliament must continue to push for the implementation of these recommendations.

Earlier last month, Pega report rapporteur Sophie in ‘t Veld said that there is no evidence that Cyprus is a hub for the export of illegal surveillance software because the authorities of the states involved are not cooperating.

Answering a question by CyBC correspondent Tasos Christodoulou, she said that there are sufficient indications of illegal exports of malicious software from Cyprus, Greece and Bulgaria.

However, she questioned whether the authorities are willing to cooperate in clearing up the scandal since some of them may have been involved in the use or export of illegal surveillance software.

At the same time, she called on the European Commission to assume its responsibilities for full and proper implementation of European Union law, reminding that it is the relevant authority.

“I find it unacceptable hearing the European Commissioner say that ‘we have no powers, we cannot do anything.’ Yes. They can,” she said.