Live

Article by Elisabetta Rosso – Journalist, Fanpage.it

European Union public funds, intended to support innovation and startups, were used to finance Paragon Solution . This Israeli software company has been accused of spying on activists, citizens, and journalists , including Francesco Cancellato , director of Fanpage.it. The European funds reached Paragon through an indirect route involving multiple actors.

It all began in 2020 when the European Investment Fund (EIF) decided to allocate €21.2 million to Aurora Europe SCSp—a fund of funds specializing in technology—which in turn invested in smaller funds. One of these, Red Dot Capital Partners II LP, decided to finance Paragon. This completed the chain of investments that brought European public funds to the spyware company .

The case raises questions about the oversight and transparency of European Union funding mechanisms. As Saskia Bricmont, MEP for the Greens/EFA group, explained to Fanpage.it: “It’s clear that the safeguards and rules to prevent European funds from supporting companies and projects that violate EU standards are not being applied.

European taxpayers, Bricmont emphasized, “are funding an industry that spies on them with the support of EU institutions, in violation of European treaties and legislation, including fundamental rights and the right to privacy. The EU is also funding the conditions of its own vulnerability and dependence on Israel. Not only that, it is directly or indirectly enabling tools that erode democracy, fundamental rights, and the rule of law.”

How European funds arrived at Paragon

The EIF does not invest directly in companies, but provides capital to venture capital funds, which then invest in startups. As Apache magazine, which first reported the news, explained in January 2020, the European fund allocated €21.2 million to Aurora Europe SCSp, a Fund of Funds—an investment fund that purchases shares in other mutual funds or variable capital investment companies—with a total capital of €85 million.

“Aurora Europe SCSp subsequently invested in 31 funds, which collectively invested in over 900 companies,” explained a spokesperson for the European Investment Bank Group. “One of these funds, Red Dot Capital Partners II LP, specializing in cybersecurity, artificial intelligence, and machine learning, invested in 10 companies, including Paragon Solutions in October 2020. Red Dot divested from Paragon Solutions in December 2024.”

Paragon was acquired for $900 million by Florida-based private equity firm AE Industrial Partners. The company was then merged with REDLattice, a Virginia-based cyber intelligence firm. It is unknown how much Red Dot initially invested or how much it earned from the sale, and the EIF has not provided clarification on these matters.

The labyrinth of European funds and the risks of indirect financing

The investment was made under the InnovFin Equity Facility for Early Stage (IFE), a financial instrument created under Horizon 2020, the EU’s framework program for research and innovation. Israel participated as an “associated country.” According to the EIB, all eligibility requirements were met, and it also reiterated that the EIF relies on intermediary funds to verify final beneficiaries. However, the control system appears to be lax: the EIF does not directly verify companies, and public funds risk supporting activities that violate fundamental rights.

“The criteria used by the EIB Group are too broad, and monitoring is insufficient,” explained Frank Vanaerschot, director of Counter Balance, an NGO that also monitors the EIB. “The EIB Group assumes that intermediaries comply with the rules, but doesn’t verify this directly. The use of multiple funds, with one private fund investing in another, also makes monitoring more difficult.”

Not only that. As Bricmont explained to Fanpage.it, we’re facing a broader problem. “The European Commission itself doesn’t seem to consider it a relevant issue, as it has done nothing to regulate the industry and the use or trade of surveillance technologies, despite the Pegasus scandal revealing to the world the illegal use of intrusive spyware by European governments, in violation of fundamental rights and the right to privacy.”

Finally, Bricmont added, “we cannot ignore the connection between this scandal and the EU’s complicit inaction in the face of Israel’s genocide. There is no justification; it is unacceptable. For this reason, along with other colleagues, I have submitted a request for access to all relevant documents and a list of unanswered questions to the European Commission. I expect a detailed and swift response.”

Digital Espionage and Public Funds: The Paragon Case

The accusations are clear: the EIF does not directly audit companies, and public funds risk supporting activities that violate fundamental rights. Indeed, Paragon’s Graphite spyware has already been the subject of investigations and complaints. It has infected the phones of journalists and activists, as documented by the University of Toronto’s Citizen Lab, which monitors and identifies digital threats against civil society.

In January 2025, Meta alerted Francesco Cancellato, editor-in-chief of Fanpage.it, that his account had been targeted with Graphite—a “zero-click” program so sophisticated it could infect phones without any user action. Citizen Lab later confirmed that Ciro Pellegrino, Fanpage.it’s Naples editorial director, had also been targeted by the same attack.

“Spyware must be clearly excluded from the eligibility criteria for EU funds and EIB projects,” Bricmont explained. “This should already be the case, if only the recommendations of the PEGA Commission of Inquiry had been implemented. But the Commission continues to turn a deaf ear to our appeals.”

Greater transparency and accountability is also needed from the European Commission and EU institutions in the use of European funds, as well as thorough monitoring of all beneficiaries, Bricmont stressed.

The case raises serious concerns about the governance, transparency and accountability of the Union’s funding mechanisms, “more generally, its support for surveillance technologies and the private companies that develop them.”

Digital Espionage and Public Funds: The Paragon Case

The accusations are clear: the EIF does not directly audit companies, and public funds risk supporting activities that violate fundamental rights. Indeed, Paragon’s Graphite spyware has already been the subject of investigations and complaints. It has infected the phones of journalists and activists, as documented by the University of Toronto’s Citizen Lab, which monitors and identifies digital threats against civil society.

In January 2025, Meta alerted Francesco Cancellato, editor-in-chief of Fanpage.it, that his account had been targeted with Graphite—a “zero-click” program so sophisticated it could infect phones without any user action. Citizen Lab later confirmed that Ciro Pellegrino , editor-in-chief of Fanpage.it in Naples, had also been targeted by the same attack.

“Spyware must be clearly excluded from the eligibility criteria for EU funds and EIB projects,” Bricmont explained. “This should already be the case, if only the recommendations of the PEGA Commission of Inquiry had been implemented. But the Commission continues to turn a deaf ear to our appeals.”

Greater transparency and accountability is also needed from the European Commission and EU institutions in the use of European funds, as well as thorough monitoring of all beneficiaries, Bricmont stressed.

The case raises serious concerns about the governance, transparency and accountability of the Union’s funding mechanisms, “more generally, its support for surveillance technologies and the private companies that develop them.”

Written by

Shape the conversation

Do you have anything to add to this story? Any ideas for interviews or angles we should explore? Let us know if you’d like to write a follow-up, a counterpoint, or share a similar story.

Write a counterargument article Write a related article