MIL-OSI Europe: Answer to a written question – Violations of the confidentiality of communications in Greece – E-000868/2025(ASW)

The Commission strongly condemns any illegal access or any form of unlawful interception of users’ communications. EU law on data protection and privacy offers comprehensive protection to the confidentiality of communications and users’ personal data and terminal equipment.

Without prejudice to the Commission’s role as guardian of the Treaties, the monitoring and enforcement of the EU laws lies primarily with the competent national authorities and courts.

Moreover, EU Member States are required under Directive 2013/40/EU[1] on attacks against information systems to ensure that cyberattacks, such as illegal system interference and illegal interception, are punishable as criminal offences. The responsibility for the investigation and prosecution of such offences falls under the responsibility of competent national authorities.

The 2024 Rule of Law Report[2], which was published on 24 July 2024, follows up on developments concerning the alleged illegal use of spyware in the context of the functioning of national checks and balances in response to such allegations. The Commission continues to monitor developments in this area in the context of the 2025 Rule of Law Report.

• [1] https://eur-lex.europa.eu/eli/dir/2013/40/oj/eng
• [2] 2024 Rule of Law Report, country chapter on the rule of law situation in Greece. Available at: https://commission.europa.eu/document/download/6741f4b2-6a10-44ba-b40c-97a5a38e6827_en?filename=21_1_58062_coun_chap_greece_en.pdf