2025 was a hard year for digital rights—and an even harder one to ignore. From invasive spyware and AI-driven warfare to Europe quietly rolling back privacy protections, the past 12 months exposed just how fragile online freedoms have become. According to digital rights group Access Now, the year was defined by “surveillance, censorship, and shrinking civic space.”
And yet, the story isn’t only bleak. Beneath the headlines, resistance grew. Communities pushed back. And as Access Now’s executive director Alejandro Mayoral Baños puts it, “people refused to disappear.”
Here’s a clear, human-friendly breakdown of the biggest digital rights trends of 2025—and why they matter as we head into 2026.
Spyware Isn’t Going Away—It’s Getting Smarter
Four years after the Pegasus Project exposed the global spyware industry, surveillance tools are still spreading—and evolving faster than protections.
In 2025, a spyware tool called Graphite, developed by Paragon Solutions, was linked to the monitoring of journalists and human rights activists in Europe. An Italian parliamentary committee confirmed government use of the spyware against activists—while stopping short of admitting journalists were also targeted.
What makes this especially alarming? The attacks exploited zero-day vulnerabilities—unknown software flaws that even companies like Apple and WhatsApp didn’t know existed at the time.
Why Zero-Day Spyware Is So Dangerous
Unlike phishing scams or malware, this form of spyware doesn’t rely on human error.
- No suspicious links
- No malicious attachments
- No clicks required
Once installed, spyware can access virtually everything: keystrokes, messages, microphone audio, camera feeds—your entire digital life.
As Rand Hammoud, Surveillance Campaigns Lead at Access Now, warns:
“Mercenary spyware continued to prove that it is evolving faster than safeguards.”
While vendors patch known vulnerabilities, the spyware industry feeds off a shadowy global market where hackers sell undisclosed flaws to governments and private buyers. It’s a lucrative ecosystem—and a resilient one.
Some Progress—But Enforcement Is the Real Test
There were small wins for digital rights defenders in 2025.
In April, the Pall Mall Process introduced a voluntary Code of Practice for States, aimed at increasing transparency, oversight, and accountability in government spyware use.
The European Union also updated its export control rules to include human rights language. But Access Now warns these measures lack teeth.
Weak enforcement, inconsistent national practices, and loopholes in “dual-use” surveillance regulations still allow companies to sidestep accountability.
As Hammoud puts it:
“2025 shifted the question from ‘Do we need rules?’ to ‘Who will actually enforce them?’”
AI and the Rise of Digital Warfare
While spyware targets individuals, Access Now observed something even more unsettling this year: the rapid rise of AI-enabled warfare.
Marwa Fatafta, MENA Policy and Advocacy Director at Access Now, describes a “troubling shift” where civilian technologies—data, apps, AI models—are being militarized at scale.
Nowhere is this clearer than in Gaza.
“Gaza stands as a stark example of how warfare evolves when mass surveillance and AI-driven systems are woven into military operations with no restraints,” Fatafta said.
AI-powered systems can now generate targets faster than any human analyst—combining mass data collection with automated decision-making tools. The result is speed without accountability.
The UN has already condemned autonomous weapons—often called “killer robots”—as morally unacceptable. Yet meaningful global regulation remains elusive.
The warning from Access Now is clear: digital warfare is no longer a future problem—it’s a present one.
The EU’s Quiet Retreat From Privacy Leadership
Perhaps the most unexpected development of 2025 came from the European Union.
Once seen as the global gold standard for privacy regulation, the EU is now facing criticism for weakening the very protections it helped define.
According to Daniel Leufer, Emerging Technologies Policy Lead at Access Now, recent proposals threaten:
- End-to-end encryption
- No-log VPN protections
- Private digital communications
New measures promoting “lawful access” to encrypted data could effectively end true privacy-first services across Europe.
Leufer warns this is part of a broader shift, with regulators increasingly accommodating aggressive industry and law enforcement demands—often at the expense of fundamental rights.
And 2026 may bring more of the same.
What to Expect Next
As the world moves into 2026, the digital rights battle is far from over.
Groups like Access Now are pushing for:
- Stronger enforcement against mercenary spyware
- Clear limits on AI-driven weapons
- Renewed commitments to data protection and privacy
Meanwhile, technologists are responding with privacy-by-design tools—think decentralized platforms, no-log VPNs, and messaging apps exploring post-quantum encryption.
For Baños, the goal isn’t to return to business as usual:
“Not to return to normal, but to build a stronger, fairer, and more accountable digital rights ecosystem.”
Final Takeaway
2025 exposed how fragile digital freedoms really are—but it also showed that resistance still matters.
The big question for 2026: Will governments double down on surveillance, or will enforcement finally catch up with principles?
If digital rights matter to you, this is a conversation worth sharing.
