Pall Mall Process faces criticism over impact on commercial hacking tools

The Pall Mall Process, which was launched in 2023 by the British and French governments to address the proliferation of commercial cyber intrusion capabilities, has drawn criticism for its limited impact, according to The Record, a news site by cybersecurity firm Recorded Future.

Despite widespread acknowledgment of the growing threats posed by CCICs to national security and human rights, participating nations have struggled to implement effective measures against its misuse. Key CCIC exporting nations such as Israel, India, and Austria did not participate in the initiative, and many CCIC vendors with controversial practices remain unengaged. The 56-page consultation report from the initiative highlights ongoing concerns about its ability to influence governments and companies that resist regulation. Contributors noted the lack of unified definitions for “national security” and criticized the voluntary norms proposed, which may prove insufficient to curb abuses. The United States has taken stronger actions, including sanctions, visa restrictions, and an executive order banning federal agencies from using certain spyware linked to human rights violations. However, similar measures have not been adopted by other nations. Critics argue that the disparity in actions between leading and developing nations exacerbates global inequities in CCIC governance, with countries like the United Kingdom and France promoting their spyware industries while restricting access for others.