computerweekly.com - The Austrian government is likely to face legal challenges after it succeeded on its fifth attempt to pass a law this month giving the country’s intelligence service legal powers to deploy spyware on phones and computers. Civil society groups are holding discussions with MPs on far-right Freedom Party (FPO) and the Greens, both of which voted against the new surveillance measures, regarding a legal challenge to Austria’s constitutional court.

Austria’s lower house passed the law on 9 July 2025, giving the Austrian intelligence service – the Directorate of State Protection and Intelligence (DSN) – the capability to deploy spyware, known as “a state trojan”, to monitor encrypted communications on services such as WhatsApp and Signal.

The three coalition governing parties, ÖVP, SPÖ and NEOS, agreed to changes to the State Protection and Intelligence Service Act (SNG), the Telecommunications Act 2021, the Security Police Act (SPG) and other laws to allow the state to spy on encrypted messages and gather other data stored on electronic devices.

The coalition government, headed by chancellor Christian Stocker, argued that Austria should have a legal framework to enable it to monitor encrypted messaging services in line with countries such as the UK and the US.

Austrian politicians pressed the case after a tip-off from the US Central Intelligence Agency (CIA) warning of an impending attack at a Taylor Swift concert, part of the Eras Tour, in August 2024 led to the cancellation of three concerts in the country. US intelligence reportedly identified that one of the suspects pledged to ISIS-K on the Telegram messaging app.

Former chancellor Karl Nehammer also cited Austria’s biggest spying scandal, the Egisto Ott affair, as a reason for the DSN to be given more tools to act against foreign intelligence services, including the ability to intercept encrypted messaging services.

The new law has been criticised by civil society groups and some technology companies, which argue that the introduction of a “state trojan” will undermine internet security for Austrian citizens.

In July, 50 civil society groups from 16 countries wrote an open letter to MPs and the Austrian National Council, warning that the move to increase state surveillance would be a historic step backwards for IT security.

The civil society groups said the draft law was based on a “legal fiction” that would mean that, rather than protecting the population from cyber security risks, the state would instead promote and maintain security vulnerabilities, which will inevitably be discovered and exploited by hackers and hostile nation-states.

They point to the WannaCry ransomware attacks, which exploited a security vulnerability developed by the US National Security Agency (NSA) to infiltrate computer systems, causing severe disruption of hospitals, trains and mobile phone networks in 2017.

Thomas Lohninger, executive director of digital rights organisation Epicenter.Works, told Computer Weekly, that his organisation will “try everything” to challenge the new law in Austria’s constitutional court. This includes bringing a constitutional challenge from the opposition Green Party and far right FPÖ MPs before the law is enacted – a move that requires support from a third of MPs.