NSO Group, a prominent and controversial maker of government spyware, released a new transparency report on Wednesday. The company described this as entering “a new phase of accountability.” However, unlike previous annual disclosures, this report lacks specific details about how many customers were rejected, investigated, suspended, or terminated due to human rights abuses involving its surveillance tools. While the report contains promises to respect human rights and to demand the same from its customers, it provides no concrete evidence to support these claims.
Experts and critics who have followed NSO and the spyware market for years believe the report is part of a campaign by the company to get the U.S. government to remove it from a blocklist known as the Entity List. NSO hopes to enter the U.S. market with new financial backers and executives at the helm. Last year, a group of U.S. investors acquired the company. Since then, NSO has undergone a transition involving high-profile personnel changes. Former Trump official David Friedman was appointed the new executive chairman. CEO Yaron Shohat stepped down, and Omri Lavie, the last remaining founder still involved in the company, also left.
In the report, Friedman wrote, “When NSO’s products are in the right hands within the right countries, the world is a far safer place. That will always be our overriding mission.” The report does not mention any specific countries where NSO operates.
Natalia Krapiva, the senior tech-legal counsel at the digital rights organization Access Now, stated that NSO is clearly campaigning for removal from the U.S. Entity List and needs to show it has dramatically changed as a company. She noted that changing leadership and publishing a transparency report are parts of this effort. However, she cautioned that similar actions by NSO and other spyware companies in the past have resulted in empty reports while abuses continued. Krapiva concluded, “This is nothing but another attempt at window dressing and the U.S. government should not be taken for a fool.”
Since the Biden administration added NSO to the Entity List, the company has lobbied to have its restrictions lifted. These efforts intensified after President Donald Trump took office again last year. However, as of May last year, NSO had failed to sway the new administration. In late December, the Trump administration lifted sanctions against three executives tied to the Intellexa spyware consortium, which some saw as a shift in the administration’s attitude toward spyware makers.
This year’s transparency report, covering 2025, has fewer details than reports from previous years. For example, a report covering 2024 stated NSO opened three investigations of potential misuse. It said it cut ties with one customer and imposed remediation measures on another, but provided no information on the third investigation. NSO also said it rejected more than $20 million in new business due to human rights concerns in 2024. A report covering 2022 and 2023 stated the company suspended or terminated six government customers, resulting in a revenue loss of $57 million. In 2021, NSO said it had disconnected five customers since 2016 following misuse investigations, with an estimated revenue loss of over $100 million.
The newest report does not include the total number of customers NSO has, a statistic consistently present in previous reports. A request for similar statistics and figures from an NSO spokesperson went unanswered by press time.
John Scott-Railton, a senior researcher at The Citizen Lab, criticized NSO for the lack of substantive information. He stated he was expecting information and numbers, and that nothing in the document allows outsiders to verify NSO’s claims. He characterized this as business as usual for a company with a decade-long history of making claims that later turned out to be misrepresentation.