These Bulgaria surveillance exports, approved between 2018 and 2023, allowed Circles BG to sell its tools to agencies in Azerbaijan, Serbia, the UAE, and at least a dozen other nations, according to findings published by Human Rights Watch. Circles is an affiliate of NSO Group, the company behind the infamous Pegasus spyware, linking these surveillance exports to one of the most controversial names in digital espionage. The leaked licences shed light on a shadowy network that you might not have known existed, revealing how European countries can become conduits for powerful monitoring technology.
The Circles BG-NSO Group Connection: Pegasus Spyware’s Affiliate
Understanding how Circles BG is intertwined with NSO Group and its notorious Pegasus spyware is key to grasping the significance of the leaked licences. This connection reveals a complex corporate structure that makes the Bulgarian export approvals particularly alarming. Circles was acquired in 2014 by a company that also owns NSO Group, under the Q Cyber Technologies umbrella. This shared ownership means that the two firms are more than just business partners—they are corporate siblings operating within the same surveillance ecosystem.

The financial ties between them are concrete and documented. In October 2021, NSO Group purchased equipment worth $119,941 from Circles. That equipment was then transferred to the Israeli Ministry of Defence‘s Home Front Command. This transaction shows that Circles provides more than just generic telecom services; it supplies hardware that directly supports NSO Group’s operations, including its flagship product.
You might recognize Pegasus spyware from global headlines. It has been used to target journalists, politicians, and human rights defenders worldwide. The spyware can infiltrate smartphones without the user’s knowledge, extracting messages, calls, and location data. When a company like Circles—an NSO Group affiliate—exports surveillance equipment from Bulgaria, it creates a potential backdoor for this powerful technology to reach new markets. The leaked licences therefore do not just expose a single company’s activities; they illuminate a broader network that connects a Bulgarian firm directly to one of the most controversial spyware developers on the planet. This Bulgaria surveillance exports case shows how a European nation can become a critical link in a global surveillance supply chain.
Which Countries Bought Bulgaria’s Surveillance Exports?
Now, the leaked licences reveal exactly who was on the receiving end of that supply chain. They name specific buyers and equipment, giving you a clear picture of how far these Bulgaria surveillance exports reached. Among the customers is Azerbaijan’s Foreign Intelligence Service, which purchased a mobile-phone tracking system along with Dell server infrastructure — a deal worth over $42,000. This is a concrete example of how interception systems can be transferred from a European exporter to a state intelligence agency.

Another buyer is Serbia’s interior ministry. Months before the December 2023 elections, it purchased a portable mobile-phone surveillance device for $18,254. The timing raises questions about how such equipment might be used during political events. For context, in 2020 Citizen Lab identified Circles — the company behind these exports — as operating surveillance systems across at least 25 countries. That gives you a sense of the scale: these are not isolated deals but part of a broader network.
While you can see specific transactions for Azerbaijan and Serbia, the exact list of the “at least a dozen other countries” that received licences is not specified in the leaked documents. That leaves a gap in the full picture, but it also highlights how opaque this trade can be. The known purchases for Azerbaijan surveillance and Serbia surveillance are just the tip of the iceberg, showing how mobile phone tracking technology can move across borders with relative ease when export controls are greenlit.
Tal Dilian and Intellexa: The Broader Spyware Network
The co-founder of Circles BG, Tal Dilian, didn’t stop at mobile phone tracking. He later became a central figure in another major spyware scandal, showing just how connected the surveillance industry really is. While Circles focused on location data and call interception, Dilian moved on to something more invasive: full device takeover spyware.

Dilian was a key player at Intellexa, the company behind the notorious Predator spyware. Predator works differently from the passive tracking you saw with Circles. It can infect a target’s phone, read messages, steal photos, and even turn on the microphone or camera remotely. The scale of this threat caught the attention of governments worldwide. In March 2024, the United States sanctioned Dilian for his role at Intellexa, freezing any U.S.-based assets and barring American companies from doing business with him. These Tal Dilian sanctions sent a clear message: the U.S. viewed commercial spyware as a national security risk.
The legal fallout didn’t end there. In February 2026, a Greek court convicted Dilian and three others for their involvement in Intellexa, sentencing them to eight years in prison. This Greek conviction marked one of the first major criminal penalties for executives behind commercial surveillance tools. It underscores the legal risks you face when operating in this shadowy industry. For anyone following Bulgaria surveillance exports, Dilian’s story shows how one country’s greenlit technology can end up fueling spyware networks that operate across continents. The same tools that track a phone’s location can also be used to hijack that phone entirely, blurring the line between lawful surveillance and outright espionage.
Why Is Circles BG Not on US Sanctions Lists Despite NSO Group’s Blacklisting?
This brings you to a puzzling gap in enforcement. When NSO Group was placed on the US Commerce Department’s Entity List in November 2021, it was a clear signal that American regulators considered its spyware a threat to national security. The Entity List restricts US companies from selling technology or software to blacklisted firms without a special license. Yet Circles BG, a Bulgarian company that builds the very cellular interception gear NSO relies on, does not appear on any US sanctions or export-control blacklists. Why the discrepancy?

Part of the answer lies in how export controls work. The Entity List targets the final seller of surveillance tools — the company that packages and markets the complete spyware solution. Circles BG, by contrast, positions itself as a hardware and infrastructure provider, not a spyware vendor. That technical distinction may help it fly under the radar of US sanctions. It also means that even as NSO faces restrictions, the supply chain feeding it remains open. Bulgarian authorities have licensed surveillance exports to Circles BG, and because the company is not blacklisted, those shipments can continue without triggering American trade penalties.
This enforcement gap matters for you as a reader tracking global surveillance trends. It shows that blacklisting a single company like NSO does not automatically cut off the tools it needs to operate. The Bulgaria surveillance exports that pass through Circles BG can keep flowing, potentially supplying spyware networks even after their primary vendor is sanctioned. Without broader controls on hardware suppliers, the Entity List becomes a partial barrier rather than a full blockade. You are left asking whether more companies in the surveillance supply chain should face the same restrictions to make export controls truly effective.
How Did Bulgaria Become a Gateway for Surveillance Exports Despite EU Controls?
Bulgaria’s approval of these exports despite EU dual-use regulations raises serious questions about oversight and enforcement. The European Union maintains a strict legal framework for dual-use items—goods and software that can be used for both civilian and military purposes. Surveillance tools like phone-trackers and interception equipment fall squarely into this category. So, how did Bulgaria issue licences that seem to bypass these controls?
The short answer is that the specific technical capabilities of the exported tools beyond ‘phone-tracking’ and ‘interception’ are not detailed in the leaked documents. This lack of detail makes it difficult to assess whether the licences violated EU rules or exploited a loophole. It is possible that the licences covered equipment with legitimate commercial applications, such as network diagnostics, which might have justified the approvals under existing regulations. Without full technical specifications, you cannot be sure whether the items were restricted or permitted.
Furthermore, the broader question of why Bulgaria served as a gateway despite EU dual-use export controls is not explained by the available information. It could be that Bulgarian export licences were issued under national discretion clauses, which allow member states to authorize exports for certain purposes. Alternatively, weak regulatory oversight or limited resources for compliance checks might have created an environment where surveillance exports flowed more easily. The total value or volume of all licensed exports is not provided, so you cannot gauge the scale of the activity. Whether Bulgaria took any regulatory action after the leak is not stated, leaving you uncertain about the country’s commitment to tightening its procedures.
What this case highlights is the gap between the rules on paper and their real-world application. For you, this means staying aware that national licensing systems can create variance within the EU’s unified framework. The leak serves as a reminder that Bulgaria surveillance exports are part of a larger story about how states interpret and enforce EU dual-use export controls. Without more transparency around Bulgarian export licences, the system remains vulnerable to exploitation. The real lesson here is that regulatory oversight is only as strong as the countries tasked with implementing it.
Frequently Asked Questions
How did the leaked licences confirm Bulgaria’s role in surveillance exports?
The leaked licences show that Bulgarian authorities formally approved the export of surveillance equipment to multiple countries. This documentation provides a direct paper trail confirming that Bulgaria greenlit surveillance exports, even when the end users raised potential human rights concerns.
Why is Circles BG important and how does it connect to NSO Group and Pegasus?
Circles BG is a Bulgarian company that allegedly acted as a reseller of Pegasus spyware, which was developed by Israel’s NSO Group. Its importance lies in demonstrating how Bulgaria surveillance exports can serve as a distribution channel for powerful surveillance tools, bypassing stricter export controls in other nations. This linkage raises practical questions about the effectiveness of international oversight.
Why is Circles BG not on US sanctions lists when NSO Group is?
The US placed NSO Group on the Entity List for developing spyware linked to human rights abuses, but Circles BG remains off the list. This discrepancy may be because Circles operates as a separate Bulgarian legal entity with different export destinations. However, the leaked licences suggest that Bulgaria surveillance exports through Circles could still enable similar surveillance activities, leaving a regulatory gap that concerns many observers.






