The International Bar Association has refreshed its business and human rights guidance for bar associations and lawyers, and that renewal matters for anyone who works with surveillance technologies. The 2024 update reasserts that bar associations have a role in helping lawyers understand and apply the UN Guiding Principles on Business and Human Rights in practice.

Why this is important now: digital surveillance tools have grown in capability and become more widely exported and used by states and private entities. The IBA has highlighted the human rights threat posed by modern digital surveillance technologies, noting that unchecked deployment can injure privacy, freedom of expression, and other fundamental rights. That framing pushes legal professionals away from a narrow transactional mindset and toward risk assessment and rights-based counsel.

Practical risks lawyers and bar associations should treat as real, assessable problems

  • Client and vendor risk: selling, supplying, or advising on surveillance tools can create downstream liability if the tools are used to violate rights. Lawyers must evaluate customers, uses, and end user controls.
  • Regulatory and export risk: surveillance capabilities are increasingly the subject of export controls and human rights scrutiny. Lawyers advising companies that build or trade in surveillance products need to understand licensing regimes and human rights due diligence obligations.
  • Reputational and compliance risk: opaque procurement, secret service contracts, and customization for targeting increase the chance of exposure and sanctions. Civil society disclosures have already produced political and legal backlash against suppliers and buyers.

Five concrete actions for lawyers and bar associations 1) Integrate human rights due diligence into standard client intake and vendor review. Require documented assessments for any matter that touches on surveillance technology, including customer vetting and use-case limitations. Use the IBA guidance as a framework for the policies you build. 2) Demand and document transparency from clients who procure surveillance tools. Ask for clear statements on intended use, legal authorization, oversight mechanisms, data retention policies, and remedies for abuse. If clients refuse, counsel them on the reputational and legal consequences. 3) Train lawyers on technical basics and human rights standards. Bar associations should offer modules on spyware, bulk interception, facial recognition, and lawful-authorisation standards so lawyers can spot red flags and advise effectively. The IBA update explicitly positions bar associations to play this educational role. 4) Use human rights impact assessments for high-risk technologies. Practical FRIA or FRIA-like processes help move a discussion from abstract ethics to measurable mitigation steps, and they create a defensible record if questions arise. International guidance and civil society resources offer templates and principles to adapt. 5) Advocate for stronger oversight and export controls where appropriate. Lawyers are gatekeepers who can press for clear statutory authorisation, independent judicial or parliamentary review, and transparency reporting from both states and vendors. The policy debate now includes calls for export restrictions and human rights-based review of surveillance transfers.

How to operationalize these actions inside a firm or bar

  • Create a surveillance technology checklist to be required on matters involving government contracts, cybersecurity vendors, or data interception services. Include items on legal basis, oversight, data flows, and redress.
  • Add a mandatory escalation path. If intake flags a serious risk, the matter should go to a designated ethics or human rights review panel before advice is delivered or a contract is signed.
  • Publish model clauses for contracts, including prohibitions on misuse, audit rights, and termination for rights-violating conduct. Bar associations can collate and distribute such templates to smaller firms and in-house counsel.

Balancing legitimate security needs with rights protections Surveillance can serve law enforcement and national security aims. That does not remove the need for legal authorization, necessity and proportionality tests, or effective remedies. International human rights bodies have repeatedly emphasised that extraordinary powers must not become normalised practice. Lawyers must push clients to design systems that are as minimally intrusive as possible, subject to independent oversight, and coupled with remedy mechanisms.

What bar associations should prioritize now

  • Education and guidance for members on surveillance-related ethics, leveraging the IBA updated guidance as a core resource.
  • Public advocacy for procedural safeguards and export controls that tie transfers of surveillance capabilities to human rights assessments.
  • Convening stakeholders. Bring together technologists, civil society, government oversight bodies, and firms to translate guidance into workable contractual, audit, and oversight mechanisms. Collaboration reduces ambiguity and produces standards that lawyers can use in daily practice.

Final note for practitioners The IBA update is more than paperwork. It is a practical nudge toward embedding human rights into legal practice where surveillance technologies are involved. Lawyers who treat that nudge as optional will expose clients and themselves to legal, regulatory, and reputational harm. Lawyers and bar associations can use the guidance to make a tangible contribution to safer, rights-respecting deployment of surveillance technologies, by insisting on due diligence, oversight, and remedies every time the tech is on the table.