Sign up to save your podcasts
Or
Share Blueprint for a Shadow Network Series: Section 2.3.1 Structural Weaknesses of the Wassenaar Arrangement
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Blueprint for a Shadow Network Series: Section 2.3.1 Structural Weaknesses of the Wassenaar Arrangement
Geneva, Switzerland
Founders’ Political Compromise: Voluntary Compliance and Sovereignty
The Wassenaar Arrangement was formally established in 1995, emerging as a deliberate and strategically nuanced evolution of the Cold War era Coordinating Committee for Multilateral Export Controls (COCOM). For over four decades, from 1949 until its dissolution in 1994, COCOM operated as a rigid, binding export control regime among Western allies, specifically designed to prevent the transfer of military and dual-use technologies to Soviet aligned states and the Eastern bloc.
COCOM’s architecture reflected the bipolar geopolitical tensions of the Cold War period. Its enforceability stemmed from a tightly knit alliance among ideologically aligned states, which mutually committed to binding export restrictions and effective enforcement mechanisms. Within this narrow coalition, states were equipped with veto powers over export licenses, facilitating coordinated embargoes and denials for sensitive goods.
The dissolution of the Soviet Union and the Warsaw Pact fundamentally altered international security dynamics. Former adversaries and newly independent states integrated into global trade networks, while the advent of rapid technological innovation expanded the scope and complexity of sensitive dual-use goods. In this radically transformed context, COCOM’s exclusionary and rigid framework was no longer fit for purpose.
Recognizing these shifts, the founding parties of the Wassenaar Arrangement sought to create a broader, more inclusive export control architecture capable of addressing the proliferating risks posed by dual-use technologies while accommodating a multipolar world order. This necessitated a political compromise emphasizing voluntary compliance and state sovereignty.
In the Wassenaar context, “dual-use” refers to goods, software, and technical knowledge that can be used for both civilian and military or internal security purposes. This includes not only obvious military adjacent items such as advanced electronics, sensors, and cryptographic systems, but also surveillance platforms, intrusion software, network monitoring tools, and data analytics systems that can be deployed either for legitimate law enforcement and commercial security or for internal repression, espionage, and targeted harassment. The breadth and ambiguity of this category make intent and end use difficult to assess in practice, which is precisely why uniform and predictable controls matter so much.
Unlike COCOM, the Wassenaar Arrangement was designed as a consensus based, non-binding forum. Member states agreed to cooperate by sharing information and aligning their national export policies on a best efforts basis, but crucially, enforcement was left to individual states’ discretion. There is no supranational enforcement mechanism, no binding treaty obligations, and no legal framework to compel compliance or sanction malfeasance. Decisions taken in Wassenaar are implemented only through national legislation and administrative practice, which can differ substantially from one jurisdiction to another.
Institutionally, the Arrangement operates through an annual plenary meeting in Vienna, where participating states review developments, exchange information on sensitive transfers and denials, and decide on updates to the control lists. Between plenaries, expert working groups and technical panels refine the “List of Dual-Use Goods and Technologies” and the “Munitions List,” draft best practice guidelines, and prepare proposed amendments. A small Secretariat in Vienna supports these processes administratively, but it has no independent regulatory or investigative authority. Once agreed, changes to lists or guidelines have force only to the extent that each government chooses to transpose them into its own domestic export control system.
This governance structure allowed for an expanding membership, now over forty states, including many former Eastern bloc countries and neutral nations and facilitated diplomatic engagement among a wide range of political systems and economic interests. Broad participation enhanced the Arrangement’s legitimacy and offered a platform for cooperation concerning both conventional arms and dual-use goods with military or security applications.
However, this voluntary, sovereignty respecting design embedded inherent structural weaknesses. Member countries maintain significant discretion over control definitions, export licensing, and compliance enforcement. Interpretation of what constitutes “dual-use” technology varies, reflecting divergent legal traditions, industrial strategies, and security doctrines. A surveillance platform, intrusion suite, or predictive analytics tool that one state classifies as highly sensitive may be treated as a commercial IT product by another, especially where domestic industries lobby for export opportunities or where foreign policy priorities favor particular client regimes.
The result of such heterogeneity is a fragmented and inconsistent regulatory environment. Exporters and defense contractors exploit these gaps, engaging in regulatory arbitrage by routing transactions through subsidiaries or permissive jurisdictions, and deploying complex corporate structures to mask true end users or the nature of exported goods and services. A company headquartered in a relatively restrictive state can, for example, establish a subsidiary in a jurisdiction with looser interpretations of “dual-use,” rebrand its product, and obtain licenses there, while formally remaining in compliance with its home state’s laws.
Furthermore, the informal oversight mechanisms rely heavily on trust, voluntary reporting, and peer pressure rather than legally enforceable commitments. There is no standing inspectorate to audit national licensing decisions, no obligation to publish or notify all approvals, and no independent tribunal to adjudicate disputes over whether a state has undercut agreed standards. This weakness means that even well-intentioned member states can struggle to ensure that their counterparts fully apply agreed controls, and that states inclined to prioritize commercial or geopolitical interests over restraint can do so with limited reputational cost.
In summary, the Wassenaar Arrangement is a carefully balanced diplomatic architecture optimized for inclusivity and sovereignty protection, but this same delicate balance limits its enforceability, uniformity, and adaptability. The sovereignty and discretion that made Wassenaar politically attractive in the mid-1990s now also allow states to license or tolerate exports of highly intrusive surveillance and cyber-intelligence tools, even when other members view those transfers as dangerous. These structural features were not incidental to later scandals like NSO Group’s Pegasus spyware; they were enabling conditions. Israel, for example, like every other member, retained full discretion to interpret “dual-use” and “national security” in ways that justified licensing Pegasus and related systems, despite the severe human rights risks perceived by other states and civil society. The same founding compromise that made Wassenaar possible also built in the fault lines that contemporary digital repression has exploited.
Next, we examine how Wassenaar’s consensus driven decision-making amplifies these structural weaknesses. Section 2.3.2 will explore the delays, blockages, and “policy paralysis” that arise when every substantive change requires unanimous agreement, and how these procedural constraints have directly affected the regulation of sensitive dual-use technologies like intrusion software.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit drtamaradixon.substack.com
View all episodes
By Dispatches from inside the FireGeneva, Switzerland
Founders’ Political Compromise: Voluntary Compliance and Sovereignty
The Wassenaar Arrangement was formally established in 1995, emerging as a deliberate and strategically nuanced evolution of the Cold War era Coordinating Committee for Multilateral Export Controls (COCOM). For over four decades, from 1949 until its dissolution in 1994, COCOM operated as a rigid, binding export control regime among Western allies, specifically designed to prevent the transfer of military and dual-use technologies to Soviet aligned states and the Eastern bloc.
COCOM’s architecture reflected the bipolar geopolitical tensions of the Cold War period. Its enforceability stemmed from a tightly knit alliance among ideologically aligned states, which mutually committed to binding export restrictions and effective enforcement mechanisms. Within this narrow coalition, states were equipped with veto powers over export licenses, facilitating coordinated embargoes and denials for sensitive goods.
The dissolution of the Soviet Union and the Warsaw Pact fundamentally altered international security dynamics. Former adversaries and newly independent states integrated into global trade networks, while the advent of rapid technological innovation expanded the scope and complexity of sensitive dual-use goods. In this radically transformed context, COCOM’s exclusionary and rigid framework was no longer fit for purpose.
Recognizing these shifts, the founding parties of the Wassenaar Arrangement sought to create a broader, more inclusive export control architecture capable of addressing the proliferating risks posed by dual-use technologies while accommodating a multipolar world order. This necessitated a political compromise emphasizing voluntary compliance and state sovereignty.
In the Wassenaar context, “dual-use” refers to goods, software, and technical knowledge that can be used for both civilian and military or internal security purposes. This includes not only obvious military adjacent items such as advanced electronics, sensors, and cryptographic systems, but also surveillance platforms, intrusion software, network monitoring tools, and data analytics systems that can be deployed either for legitimate law enforcement and commercial security or for internal repression, espionage, and targeted harassment. The breadth and ambiguity of this category make intent and end use difficult to assess in practice, which is precisely why uniform and predictable controls matter so much.
Unlike COCOM, the Wassenaar Arrangement was designed as a consensus based, non-binding forum. Member states agreed to cooperate by sharing information and aligning their national export policies on a best efforts basis, but crucially, enforcement was left to individual states’ discretion. There is no supranational enforcement mechanism, no binding treaty obligations, and no legal framework to compel compliance or sanction malfeasance. Decisions taken in Wassenaar are implemented only through national legislation and administrative practice, which can differ substantially from one jurisdiction to another.
Institutionally, the Arrangement operates through an annual plenary meeting in Vienna, where participating states review developments, exchange information on sensitive transfers and denials, and decide on updates to the control lists. Between plenaries, expert working groups and technical panels refine the “List of Dual-Use Goods and Technologies” and the “Munitions List,” draft best practice guidelines, and prepare proposed amendments. A small Secretariat in Vienna supports these processes administratively, but it has no independent regulatory or investigative authority. Once agreed, changes to lists or guidelines have force only to the extent that each government chooses to transpose them into its own domestic export control system.
This governance structure allowed for an expanding membership, now over forty states, including many former Eastern bloc countries and neutral nations and facilitated diplomatic engagement among a wide range of political systems and economic interests. Broad participation enhanced the Arrangement’s legitimacy and offered a platform for cooperation concerning both conventional arms and dual-use goods with military or security applications.
However, this voluntary, sovereignty respecting design embedded inherent structural weaknesses. Member countries maintain significant discretion over control definitions, export licensing, and compliance enforcement. Interpretation of what constitutes “dual-use” technology varies, reflecting divergent legal traditions, industrial strategies, and security doctrines. A surveillance platform, intrusion suite, or predictive analytics tool that one state classifies as highly sensitive may be treated as a commercial IT product by another, especially where domestic industries lobby for export opportunities or where foreign policy priorities favor particular client regimes.
The result of such heterogeneity is a fragmented and inconsistent regulatory environment. Exporters and defense contractors exploit these gaps, engaging in regulatory arbitrage by routing transactions through subsidiaries or permissive jurisdictions, and deploying complex corporate structures to mask true end users or the nature of exported goods and services. A company headquartered in a relatively restrictive state can, for example, establish a subsidiary in a jurisdiction with looser interpretations of “dual-use,” rebrand its product, and obtain licenses there, while formally remaining in compliance with its home state’s laws.
Furthermore, the informal oversight mechanisms rely heavily on trust, voluntary reporting, and peer pressure rather than legally enforceable commitments. There is no standing inspectorate to audit national licensing decisions, no obligation to publish or notify all approvals, and no independent tribunal to adjudicate disputes over whether a state has undercut agreed standards. This weakness means that even well-intentioned member states can struggle to ensure that their counterparts fully apply agreed controls, and that states inclined to prioritize commercial or geopolitical interests over restraint can do so with limited reputational cost.
In summary, the Wassenaar Arrangement is a carefully balanced diplomatic architecture optimized for inclusivity and sovereignty protection, but this same delicate balance limits its enforceability, uniformity, and adaptability. The sovereignty and discretion that made Wassenaar politically attractive in the mid-1990s now also allow states to license or tolerate exports of highly intrusive surveillance and cyber-intelligence tools, even when other members view those transfers as dangerous. These structural features were not incidental to later scandals like NSO Group’s Pegasus spyware; they were enabling conditions. Israel, for example, like every other member, retained full discretion to interpret “dual-use” and “national security” in ways that justified licensing Pegasus and related systems, despite the severe human rights risks perceived by other states and civil society. The same founding compromise that made Wassenaar possible also built in the fault lines that contemporary digital repression has exploited.
Next, we examine how Wassenaar’s consensus driven decision-making amplifies these structural weaknesses. Section 2.3.2 will explore the delays, blockages, and “policy paralysis” that arise when every substantive change requires unanimous agreement, and how these procedural constraints have directly affected the regulation of sensitive dual-use technologies like intrusion software.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit drtamaradixon.substack.com