NextFin News - In a significant move for the global digital forensics industry, the Israeli-headquartered firm Cellebrite has officially terminated its relationship with Serbian law enforcement agencies. The decision, confirmed on February 19, 2026, follows a series of investigative reports alleging that the company’s powerful phone-cracking technology was weaponized by Serbian authorities to target journalists and political activists. According to TechCrunch, the company cited a breach of its ethical standards after forensic evidence linked its Universal Forensic Extraction Device (UFED) to the unauthorized installation of spyware on the devices of civil society members.
The catalyst for this withdrawal was a detailed technical investigation by Amnesty International and the University of Toronto’s Citizen Lab. The researchers documented cases where Serbian police, after confiscating phones during routine traffic stops or interviews, used Cellebrite tools to bypass encryption and subsequently install a previously unknown spyware strain dubbed "NoviSpy." One notable case involved investigative reporter Slaviša Milanov, whose device was compromised while in police custody in early 2024. Forensic logs revealed that the extraction process exploited a Qualcomm chipset vulnerability (CVE-2024-43047) to gain deep system access, a capability provided by Cellebrite’s high-end forensic suite.
Cellebrite’s decision to exit the Serbian market reflects a broader shift in the regulatory landscape for surveillance technology. Since U.S. President Trump took office in 2025, there has been a renewed focus on the export of dual-use technologies that could be utilized by authoritarian regimes. While the current administration has emphasized American technological dominance, it has also maintained pressure on international partners to ensure that forensic tools do not become instruments of political repression. According to The Record, Cellebrite stated that it assesses national governments on an "annual and ad-hoc basis" and determined that the current political climate in Serbia no longer met its compliance thresholds.
However, the move has sparked a debate over the consistency of the company’s human rights policies. While Serbia has been cut off, reports from Citizen Lab suggest that similar abuses may be occurring in Jordan and Kenya. In Jordan, traces of Cellebrite software were allegedly found on the phones of protesters, yet the company has not suspended services there, citing a lack of "direct evidence." Victor Cooper, a spokesperson for Cellebrite, noted that the situations are "incomparable," though he declined to provide specific criteria for what triggers a total service termination. This discrepancy suggests that geopolitical considerations and market size may still play a role in corporate enforcement decisions.
From a financial perspective, the digital forensics market is currently valued at over $12 billion globally, with Cellebrite serving more than 7,000 law enforcement agencies in 100 countries. For a publicly traded company, withdrawing from a national market is a complex decision that involves balancing reputational risk against revenue loss. In 2021, the company previously halted sales to Russia, Belarus, and China due to similar concerns. The exit from Serbia indicates that the "reputational tax" of being associated with spyware scandals is becoming too high for Western-aligned tech firms to ignore, especially as institutional investors increasingly prioritize Environmental, Social, and Governance (ESG) metrics.
Looking forward, the industry is likely to see a move toward "locked-down" forensic tools that include built-in audit trails and remote-kill switches. If a government is found to be using a tool outside of a judicial warrant, the manufacturer could theoretically revoke the license instantly. However, as John Scott-Railton of Citizen Lab points out, the lack of transparency in these vetting processes remains a hurdle. For the surveillance tech sector, the Serbia case serves as a warning: as forensic tools become more invasive, the window for "neutral" technology provision is closing, and companies will increasingly be held responsible for the actions of their end-users.
Explore more exclusive insights at nextfin.ai.
