EU parliament overwhelmingly backs recommending a ban on Kaspersky products

A huge majority of EU lawmakers backed a cyber defense resolution to boost cooperation between EU states and with NATO, citing threats from Russia, North Korea and China. 

The resolution was passed with 476 MEPs voting in favor, 151 MEPs voting against, and 36 abstaining.   

The resolution, though not binding, could spell more trouble for Kaspersky Lab, which calls on Europe to ban its antivirus in EU institutions. This follows a US ban on Kaspersky antivirus in government after US officials accused the company of working with Russian intelligence. Kaspersky Lab has denied those allegations.  

US president Donald Trump in December signed a defense spending bill that included a ban on Kaspersky antivirus from use on civilian and military government systems.     

The UK in December also banned all Russian antivirus software from systems processing SECRET information, while the Netherlands in May moved to phase out Kaspersky specifically, because of Russian government hacking and that Kaspersky Lab was subject to Russian laws that could force it to comply with Russian agencies.   

In a section on public-private partnerships, the resolution calls on the EU to review software and IT systems in European institutions “in order to exclude potentially dangerous programmes and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab.”

In response to the EU parliament vote, Kaspersky Lab founder Eugene Kaspersky said it would stop cooperating with Europol until the resolution was withdrawn.

“We have protected the EU for 20 years working with law enforcement leading to multiple arrests of CYBERCRIMINALS. Based upon today’s decision from the EU Parliament, we are forced to freeze our cooperation with orgs including @Europol & #NoMoreRansom," wrote Kaspersky.

“The way we conducted public-private partnership is unfortunately ceased until the withdraw of the European Parliament decision.”

Ahead of today’s vote, Kaspersky published a blog post accusing US and Dutch media of publishing fake news stories about the company. Kaspersky on May 25 filed a defamation suit against Dutch paper De Telegraaf and former Dutch minister Willem Vermeend over a story about a breach of Kaspersky Lab’s Dutch office that was alleged to have assisted Russia intelligence gathering. 

The EU parliament’s report notes that it is currently vulnerable “due mainly to the fragmentation of European defence strategies and capabilities, allowing foreign intelligence agencies to repeatedly exploit the security vulnerabilities of IT systems and networks essential to European security,” 

In a statement annoucing the adoption of the resolution, MEPs said that “Russia, China and North Korea, but also non-state actors, have carried out malicious cyber attacks on critical infrastructure in the EU, engaged in cyber espionage and mass surveillance of EU citizens, run disinformation campaigns and taken internet access hostage (e.g. Wannacry, NonPetya).”