EU Legislator Investigating Spyware Compromised by Pegasus
A European politician serving on the EU's spyware investigation committee was found to have had their smartphone compromised by Pegasus, spyware developed by Israeli firm NSO Group, during their tenure. The breach was reportedly executed by NSO Group's government clients, revealing the grave situation where an investigator was surveilled by the very tool under investigation.

A European politician serving on the EU's spyware investigation committee was found to have had their smartphone hacked during their tenure. The tool used was Pegasus, spyware developed by Israeli surveillance technology firm NSO Group, allegedly executed by NSO Group's government clients.
Pegasus is a sophisticated surveillance tool that can penetrate target smartphones without detection and access all data including calls, messages, and location information. It is sold exclusively to government agencies of various nations, and NSO Group, its developer, has claimed that it operates under the premise of "legitimate use for criminal investigation and security purposes." However, cases of misuse against journalists, human rights activists, and politicians have been repeatedly reported in the past, and the company has faced continued international criticism.
The politician who was hacked was serving as a member of a specialized committee established by the EU to investigate spyware issues. Despite the investigation's focus on Pegasus itself, the device was compromised during the committee's activities—this is the crux of the matter. It has been confirmed that the breach was executed by an NSO Group government client, though which specific government was involved remains undisclosed at present.
The significance of this incident extends beyond technical concerns. The fact that a person tasked with monitoring and correcting spyware abuse was themselves surveilled by that very spyware represents a threat to democratic oversight mechanisms themselves. If investigative bodies and parliaments can become targets, the effectiveness of legal and institutional countermeasures comes into fundamental question.
The EU has previously considered strengthening regulations against commercial spyware, including Pegasus. The European Parliament's investigation committee has issued reports expressing concern about member states' misuse of spyware and calling for a review of the legal framework. This incident is a case directly relevant to that discussion and is expected to be referenced as concrete evidence supporting the necessity of regulation.
Issues surrounding commercial spyware are expanding as a concern for international society as a whole. The United States has added NSO Group to its export control list, and multiple democracies are pursuing international efforts toward regulating commercial spyware. Going forward, attention will focus on whether the government responsible for this breach will be identified and how it will affect EU regulatory discussions.
This article is an original work independently written and edited by the AI issue editorial team based on factual reporting. © AI issue. Unauthorized reproduction, redistribution, or use for AI training is prohibited.