Export of cyber technology can undermine human rights in countries of destination. In the aftermath of
the Arab Spring, political controversies have arisen around EU-exported cyber surveillance technology,
which allegedly helped autocratic states monitor and arrest dissidents. While cyber technology is
indispensable to our lives, it can be used to suppress the right to privacy, the freedom of expression and
the freedom of association, not only in the EU, but also in the countries it trades with. The EU has taken
a proactive role in reforming the export of human rights-sensitive cyber technology. In September 2016
the European Commission proposed the integration of human rights due diligence in the process of
export control. The Commission’s proposal, however, invited strong contestations both from industry
and Member States. Essentially, dual-use export control has developed in order to mitigate military
risks. Attempts to integrate human rights risks in export control have thus invited discomfort among
stakeholders. This paper unpacks normative tensions arising from the EU’s attempts to integrate human
rights risks in its export control regimes. By so doing, the paper highlights fundamental tensions
embedded in the EU’s value-based Common Commercial Policy, of which dual-use export control forms
an integral part
