Ireland Proposes New Law Allowing Police to Use Spyware

Ireland Proposes Spyware Law for Police Surveillance

Ireland is moving forward with controversial legislation that would grant police the legal authority to deploy commercial-grade spyware—like tools from NSO Group and Intellexa—on suspects’ devices. The proposed Communications (Interception and Lawful Access) Bill, unveiled this week by Justice Minister Jim O’Callaghan, aims to modernize surveillance powers originally established in 1993, long before encrypted messaging apps like Signal or WhatsApp became mainstream. But while officials insist the bill includes “robust safeguards,” digital rights advocates warn it could open the door to unchecked state surveillance.

Credit: Liam McBurney/PA Images / Getty Images 

Why Ireland Needs New Surveillance Powers—According to the Government

The Irish government argues that current laws are dangerously outdated. The existing framework, the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993, was written before smartphones, cloud storage, and end-to-end encryption reshaped how people communicate. Today, criminals—including those involved in organized crime, terrorism, and child exploitation—increasingly rely on encrypted platforms that traditional wiretaps can’t penetrate.

“Criminals aren’t using landlines anymore,” said Minister O’Callaghan in a press briefing. “They’re using encrypted apps that shield their communications from lawful oversight. This bill ensures our law enforcement can keep pace with evolving threats—without compromising democratic values.”

Under the new proposal, Irish police would be able to legally install spyware on suspects’ phones or computers, granting access to messages, photos, location data, microphone feeds, and even camera activation—all without the target’s knowledge.

What Spyware Tools Could Irish Police Use?

While the bill doesn’t name specific vendors, it explicitly references “lawful interception technologies” from companies like NSO Group, Intellexa, and Paragon Solutions—all known for selling powerful surveillance software to governments worldwide. These tools, often called “lawful hacking” solutions, can bypass encryption by infecting a device directly, turning it into a real-time surveillance hub.

For example, Intellexa’s “Predator” spyware—linked to operations across Europe—can extract data from encrypted apps, track movements via GPS, and even record ambient audio through the device’s microphone. Such capabilities are undetectable to most users and require no interaction beyond clicking a malicious link.

Critics argue that authorizing these tools—even with judicial oversight—normalizes the use of offensive cyber capabilities against civilians, blurring the line between investigation and intrusion.

Built-In Safeguards: Are They Enough?

Minister O’Callaghan emphasized that the bill includes “necessary and proportionate” safeguards. According to government documents, any spyware deployment would require:

• Prior authorization from a High Court judge
• A demonstration that less intrusive methods have failed or are impractical
• Strict time limits on surveillance operations
• Mandatory reporting and audits by an independent oversight body

These measures echo frameworks used in countries like Germany and France, which also permit limited spyware use under judicial supervision. However, past incidents raise red flags. In 2023, an EU investigation revealed that Greek intelligence services had used Predator spyware against journalists and politicians—despite similar legal constraints.

“Ireland’s safeguards sound strong on paper,” said Dr. Fiona Ní Chonaill, a digital rights researcher at Trinity College Dublin. “But history shows that once these tools enter the system, mission creep is almost inevitable. Who watches the watchers?”

Privacy Advocates Sound the Alarm

Civil society groups have reacted swiftly—and skeptically. Digital Rights Ireland called the proposal “a seismic shift in state power,” warning that spyware inherently compromises device integrity and user security. Unlike traditional wiretaps, which intercept data in transit, spyware embeds itself inside personal devices, creating vulnerabilities that could be exploited by bad actors if the software is leaked or reverse-engineered.

Moreover, the bill’s broad definition of “serious crime”—which includes offenses carrying sentences of five years or more—could sweep in non-violent suspects, such as financial fraud defendants or activists involved in protest-related charges.

“This isn’t just about catching terrorists,” said Eoin Higgins, policy lead at the Irish Council for Civil Liberties. “It’s about giving police unprecedented access to the most intimate corners of people’s digital lives. Once that precedent is set, rolling it back becomes nearly impossible.”

International Context: A Growing Trend in Europe

Ireland isn’t alone. Across Europe, governments are racing to update surveillance laws in response to encryption’s rise. Spain, Italy, and the Netherlands have all explored or implemented spyware-friendly legislation in recent years. The European Commission has even floated proposals for “client-side scanning” to detect illegal content before it’s encrypted—a move privacy experts call “backdoor by another name.”

Yet Ireland’s approach stands out for its explicit endorsement of commercial spyware vendors—many of whom operate in legal gray zones and have been sanctioned by the U.S. government for human rights abuses. NSO Group, for instance, remains blacklisted by the U.S. Commerce Department over its role in targeting dissidents and journalists.

This raises uncomfortable questions: Can Ireland ensure these tools won’t be misused? And can it guarantee that data collected won’t be shared with authoritarian regimes through intelligence-sharing agreements?

What Happens Next?

The bill is now entering the parliamentary review phase, where it will face scrutiny from opposition parties, legal experts, and civil society. A public consultation period is expected in early February 2026, giving citizens and organizations a chance to voice concerns.

If passed, Ireland would become one of the few EU nations with a clear legal pathway for police to deploy offensive cyber tools domestically. Implementation could begin as early as late 2026, pending final approval and the establishment of oversight mechanisms.

Supporters say the law is a necessary evil in a digital age where criminals operate with near-total anonymity. Opponents fear it sacrifices fundamental rights for the illusion of security.

Security vs. Liberty in the Digital Age

At its core, this debate isn’t just about spyware—it’s about what kind of society Ireland wants to be. In an era where your smartphone holds more personal data than your home ever did, the line between legitimate investigation and digital overreach has never been thinner.

The government insists this law targets only the worst offenders. But history teaches us that surveillance powers, once granted, rarely stay confined to their original purpose. From the USA PATRIOT Act to the UK’s Investigatory Powers Act, expansive surveillance laws often outlive their emergencies.

As Ireland weighs its next steps, the world watches closely. Will it become a model for responsible, rights-respecting digital policing—or another cautionary tale of privacy eroded in the name of safety?

One thing is certain: in 2026, the battle for digital rights isn’t being fought in courtrooms alone—it’s happening in code, in parliament, and on the screens we carry in our pockets every day.