TL;DR
NSO Group published a new transparency report that claims a renewed focus on accountability but omits key, verifiable details about past customer investigations and remedial actions. Rights groups and researchers say the report looks aimed at persuading U.S. authorities to lift Entity List restrictions as the company pursues new investors and executives.
What happened
NSO Group issued a transparency report covering 2025 that reiterates commitments to respect human rights and to enforce controls on customers, but it provides little concrete, verifiable data about how the company has handled problematic clients. Unlike earlier disclosures, the new report does not specify numbers for customers rejected, investigated, suspended or terminated for misuse, nor does it include a total customer count or name countries of operation. Critics and watchdogs, including Access Now and The Citizen Lab, characterized the document as insufficient and questioned its timing amid NSO’s push to be removed from the U.S. Entity List. The company has undergone ownership and leadership changes since a group of U.S. investors acquired it last year. High-profile departures and appointments include the arrival of David Friedman as executive chairman and the exit of several senior executives; a TechCrunch request for further figures from NSO received no response by press time.
Why it matters
- Transparency and verifiable audits are central to decisions about export controls and licensing, including potential U.S. market access.
- Spyware tools have been linked to human rights abuses; credible remediation data matters for assessing future risk to civil liberties.
- Opaque disclosures make it difficult for regulators, reporters and researchers to verify whether past misuse was addressed.
- Company changes in ownership and leadership can affect governance, but claims of reform require evidence rather than statements.
Key facts
- NSO published a transparency report covering 2025 that emphasizes commitment to human rights controls but omits detailed figures and named cases.
- The new report lacks statistics on how many customers were rejected, investigated, suspended or terminated — information present in prior reports.
- NSO’s 2024 report had said the company opened three investigations, cut ties with one customer, and rejected more than $20 million in potential business due to human rights concerns.
- Earlier disclosures covering 2022–2023 said NSO suspended or terminated six government customers with an asserted revenue impact of $57 million.
- NSO previously reported disconnecting the systems of five customers since 2016 and citing an estimated revenue loss of more than $100 million (reported in 2021).
- A group of U.S. investors acquired NSO last year; the company has had notable leadership turnover, including David Friedman becoming executive chairman and the departure of CEO Yaron Shohat and founder Omri Lavie.
- NSO was placed on the U.S. Entity List during the Biden administration and has lobbied to have restrictions lifted; efforts intensified after political change but had not succeeded as of May last year.
- TechCrunch requested additional statistics from NSO spokesperson Gil Lanier but did not receive answers by press time.
- Advocates and researchers criticized the new report as lacking verifiable information and suggested it may be intended to influence U.S. policymakers.
What to watch next
- Whether U.S. authorities will change NSO’s status on the Entity List — not confirmed in the source.
- If future NSO disclosures include verifiable numbers on investigations, terminations and customer counts — not confirmed in the source.
- Any formal responses from U.S. regulators or updated public guidance regarding sales and exports to NSO — not confirmed in the source.
Quick glossary
- Entity List: A U.S. government trade restriction list that can limit exports, reexports and transfers of U.S.-origin items to named companies or individuals.
- Spyware: Software designed to covertly collect information from devices, often used for surveillance by governments or other actors.
- Transparency report: A public document in which a company outlines policies, incidents, and governance steps intended to inform stakeholders about its practices.
- Remediation: Actions taken by a company to address misuse or abuse of its products, such as suspending access, conducting investigations, or providing training.
Reader FAQ
Did NSO provide evidence that it has changed its practices?
The report reiterates commitments to human rights controls but does not include concrete, verifiable evidence of changes or detailed remediation figures.
Is NSO still on the U.S. Entity List?
The source reports that NSO was added to the Entity List by the Biden administration and has been lobbying to be removed; as of May last year, those efforts had not succeeded.
Who is leading NSO after recent changes?
A group of U.S. investors acquired NSO last year; David Friedman was named executive chairman, CEO Yaron Shohat stepped down, and founder Omri Lavie left.
Did NSO name abusive customers or countries in the new report?
No. The new report does not name specific customers or countries of operation.
NSO Group, one of the most well-known and controversial makers of government spyware, released a new transparency report on Wednesday, as the company enters what it described as “a new…
Sources
- Critics pan spyware maker NSO’s transparency claims amid its push to enter US market
- Insight: Pegasus spyware scandal: years of questions, no …
- Private equity executive sought to undermine NSO critics …
- Inside NSO, Israel's billion-dollar spyware giant
Related posts
- Patching UNIX v4’s su Buffer Overflow the 1973 Way, Rebuilt in 2025
- Cisco patches ISE flaw after public proof-of-concept exploit surfaced
- Near-total internet shutdown in Iran during nationwide economic protests