The Israeli surveillance technology firm NSO Group, globally recognized as the originator of the highly controversial Pegasus spyware, has recently attempted to reshape its corporate narrative, publishing a new Transparency and Responsibility Report that the company asserts marks a "new phase of accountability." However, this latest disclosure, covering operations for 2025, has been met with immediate and profound skepticism from digital rights advocates, cybersecurity researchers, and policy analysts, primarily due to its striking lack of the quantifiable metrics that characterized previous annual reports. The absence of specific data regarding customer rejections, internal investigations, and contract terminations linked to human rights violations suggests that the document serves less as an honest assessment of corporate governance and more as a crucial piece of a sophisticated lobbying strategy aimed squarely at the United States government.
This concerted effort by NSO is widely understood to be an attempt to secure removal from the U.S. Commerce Department’s Entity List. Since its designation in November 2021, which effectively prohibits American companies from exporting technology or engaging in trade with NSO, the company has faced existential financial pressures and been severely restricted in its global market operations. The move to produce a conceptually transparent but statistically opaque report is seen by critics as a necessary performance designed to signal regulatory compliance without sacrificing the operational secrecy essential to the surveillance industry.
The content of the latest report is thin on verifiable details. While it contains broad affirmations of NSO’s commitment to respecting human rights and maintaining rigorous controls to enforce ethical usage among its client states, it fails to provide concrete evidence supporting these claims. Notably absent are key statistics that NSO had consistently included in prior disclosures: the total number of customers, the precise count of investigations into alleged misuse, and the financial value of new business opportunities rejected due to ethical concerns. This deliberate statistical void stands in sharp contrast to earlier reports, raising serious questions about the depth and sincerity of the company’s claimed transition toward greater responsibility.
The push for US market entry is inextricably linked to a dramatic corporate restructuring finalized last year. NSO Group was acquired by a consortium of US investors, initiating a significant overhaul of its executive leadership. This transition saw the appointment of former Trump administration official David Friedman as the new executive chairman. Concurrently, long-time executives, including CEO Yaron Shohat, stepped down, and Omri Lavie, the last remaining co-founder still involved with the company, also departed. This high-profile executive cleansing, observers suggest, is a critical element of the re-entry strategy, designed to ‘Americanize’ the face of the company and lend it a veneer of political acceptability in Washington D.C.
Friedman, in the new report, articulated the company’s overriding mission as ensuring that NSO’s products are "in the right hands within the right countries," thereby making the world "a far safer place." This rhetorical framing, however, offers no insight into which countries NSO currently deems "right" or what specific governance framework ensures that its powerful tools are not used to target political opposition, journalists, or human rights defenders—the very abuses that led to the Entity List designation in the first place.
Natalia Krapiva, Senior Tech-Legal Counsel at Access Now, a prominent digital rights organization, characterized the current report and the leadership changes as a coordinated maneuver. She noted that NSO is "clearly on a campaign to get removed from the U.S. Entity List" and must demonstrate a fundamental transformation since its blacklisting. However, Krapiva expressed deep cynicism, asserting that the industry has a well-documented history of companies engaging in superficial rebranding, changing names and leadership, and publishing "empty transparency or ethics reports" while systemic abuses continue unabated. She concluded that the current effort is "nothing but another attempt at window dressing" and cautioned the US government against accepting such facile gestures.
The Erosion of Quantifiable Accountability
A comprehensive comparison with NSO’s previous disclosures reveals the extent of the current report’s dilution of accountability. Historically, NSO reports provided specific, if unverified, metrics to illustrate its internal compliance mechanisms.
For instance, the transparency report covering 2024 detailed that NSO had opened three investigations into potential misuse. It claimed to have severed ties with one customer and imposed "alternative remediation measures" on another, including mandatory human rights training and monitoring of system usage. Furthermore, the 2024 report claimed the company rejected over $20 million in new business opportunities based on human rights concerns.
The report published the year prior, covering 2022 and 2023, offered even more striking figures. NSO asserted it had suspended or terminated six government customers, leading to a substantial claimed revenue loss of $57 million. Going further back, the 2021 report stated that NSO had "disconnected" the systems of five customers since 2016 following misuse investigations, resulting in an estimated loss of revenue exceeding $100 million, alongside discontinuing engagements with five other customers specifically due to human rights concerns.
The complete withdrawal of these specific, if self-reported, statistics in the latest disclosure signals a retreat from even the semblance of external scrutiny. John Scott-Railton, a senior researcher at The Citizen Lab, an organization that has meticulously tracked the deployment and abuse of commercial spyware for over a decade, strongly criticized this obfuscation. He noted the expectation of "information, numbers" and stressed that "Nothing in this document allows outsiders to verify NSO’s claims, which is business as usual from a company that has a decade-long history of making claims that later turned out to be misrepresentation." The pivot from providing specific dollar figures and customer counts to generalized statements about mission and ethical controls effectively renders the report useless for genuine oversight.
Background Context: The Global Spyware Crisis
To understand NSO’s current maneuvers, one must appreciate the severity of the crisis triggered by the widespread exposure of the Pegasus spyware’s abuse. The revelations, which began in earnest around 2016 and intensified dramatically in 2021, demonstrated that Pegasus—a tool designed ostensibly for tracking terrorists and serious criminals—was routinely deployed by client states to surveil lawyers, opposition politicians, journalists (including those working for major international news outlets), and human rights activists across dozens of countries.
This systemic abuse forced a global reckoning on the regulation of Offensive Cyber Capabilities (OCC). The US Entity List designation was a landmark event, placing a significant economic barrier on NSO and signaling that the Biden administration would take concrete steps against foreign technology firms whose products enable transnational repression. The designation, however, did not eliminate the global demand for such powerful surveillance tools. Instead, it accelerated the fragmentation of the cyber-mercenary market, allowing competitors like the Greek-based Intellexa consortium to gain traction.
NSO’s intense lobbying efforts to reverse its blacklisting began immediately after the 2021 action. These efforts intensified significantly following the most recent US presidential election, targeting key political figures and leveraging the relationships established by its new leadership structure. The political climate remains fluid; late last year, the administration lifted sanctions against three executives tied to the Intellexa consortium. This move, while targeting a different entity, was interpreted by some analysts as a potential signal that the US government might be reconsidering its hardline stance on certain elements of the commercial spyware industry, possibly swayed by arguments that these tools are necessary for Western intelligence and law enforcement operations, provided they are managed responsibly.
Industry Implications and Regulatory Dilemmas
The NSO saga is a microcosm of the broader regulatory challenge facing democratic governments: how to control the proliferation of powerful, sophisticated surveillance technologies developed by private companies that operate globally, often with minimal state oversight.
The commercial spyware market, valued in the billions, thrives on secrecy and the geopolitical advantage its tools offer to purchasing states. If NSO successfully achieves delisting, the implications for the entire OCC industry will be profound. It would validate the strategy of corporate rebranding and executive shuffling as an effective means of circumventing international sanctions imposed due to human rights violations. This precedent could encourage other controversial firms to adopt similar strategies, making genuine, structural accountability less likely.
Experts emphasize that the current transparency report is a calculated risk. By omitting specific figures, NSO protects its clients—governments whose identities NSO is contractually bound to conceal—and avoids providing further ammunition to human rights investigators like Citizen Lab, who routinely use NSO’s self-reported figures as starting points for their own investigations into misuse. The decision to prioritize customer secrecy over verifiable accountability highlights where the company’s true loyalties lie, regardless of the rhetoric in its glossy reports.
Furthermore, the involvement of high-profile US figures, like Friedman, suggests NSO is attempting to reframe the issue from one of human rights abuse to one of national security alignment. The underlying argument is that restricting Israeli technology firms that work closely with Western intelligence agencies weakens the collective security apparatus against adversarial nations like China or Russia, who are also developing and deploying sophisticated surveillance tools. This national security argument is powerful in Washington, but it directly conflicts with the foundational ethical principles the US claims to uphold globally.
Future Impact and the US Policy Trajectory
The future trajectory of NSO hinges entirely on the US administration’s decision regarding the Entity List. Delisting is not a simple administrative procedure; it requires compelling evidence that the risk posed by the company has fundamentally changed. The current report fails spectacularly to provide this evidence.
Should NSO succeed in its lobbying efforts, the immediate impact would be access to critical American components, software, and financial markets, which are essential for scaling modern technology operations. This influx of resources would likely revitalize the company’s competitive edge against rivals.
However, the political cost of delisting NSO would be significant. It would be viewed internationally as a betrayal of the Biden administration’s commitment to curbing the proliferation of digital authoritarianism and would severely strain relations with global civil society organizations that have documented the victims of Pegasus. It would also contradict Executive Orders previously issued by the White House aimed at preventing US government use of commercial spyware that poses counterintelligence risks or has been linked to misuse.
The ultimate decision will test the resolve of US regulators. They face pressure from powerful lobbyists arguing for the strategic utility of NSO’s tools and counter-pressure from the human rights community demanding adherence to international norms. For genuine accountability to be established, analysts argue, NSO would need to implement not just internal policy changes, but external, verifiable oversight mechanisms—such as allowing independent audits of customer contracts and usage logs by a recognized international body—a step the company has consistently refused to take.
In conclusion, NSO Group’s latest transparency report represents a highly strategic, yet deeply flawed, public relations exercise. By replacing detailed statistical disclosure with vague promises, the company hopes to satisfy the procedural requirements necessary for Entity List removal while minimizing actual operational transparency. This approach has only intensified the skepticism from expert communities, who view the move as the latest iteration of a cyclical strategy: deploying sophisticated tools for profit, facing global condemnation, undertaking superficial corporate restructuring, and then leveraging political connections to re-enter lucrative markets. Until NSO provides concrete, verifiable evidence of systemic reform and verifiable accountability for past abuses, its push for US market acceptance will remain characterized by profound distrust.