Good Practice Guide on Applying Export Controls to Transfers of Commercial Cyber Intrusion Capabilities

States supporting the Pall Mall Process (PMP) Code of Practice for States have committed to using export controls to help ensure accountability across the market for commercial cyber intrusion capabilities (CCICs) and to mitigate risks of potential irresponsible use of CCICs. Export controls can prevent transfers of CCICs that threaten human rights and national security by enabling the application of risk assessment frameworks to export licence applications, and can improve oversight of the international market for CCICs by enabling the sharing and publishing of export licence approvals and denials. However, the potential application of export controls to the transfer of CCICs is limited by the complexities associated with their establishment, implementation and enforcement, and a lack of guidance to inform national practices.

This SIPRI good practice guide aims to strengthen national efforts by PMP Code of Practice supporters by clarifying how export controls can be applied to CCICs and informing multilateral discussions on using export controls to tackle their proliferation and misuse.