WhatsApp sued NSO in 2019, alleging that NSO used its Pegasus spyware to hack into the devices of at least 1,400 WhatsApp users—including journalists, diplomats, activists, and dissidents—by exploiting WhatsApp’s calling feature to bypass encryption. These hacks were allegedly carried out on behalf of various foreign governments, including Bahrain, the UAE, and Mexico. WhatsApp won summary judgment of liability against NSO in December 2024. A trial on damages is presently scheduled to begin on April 28, 2025, though it may be continued to permit additional discovery.

Impact on NSO

Notably, in November 2021, the U.S. Department of Commerce placed NSO Group on the Entity List, effectively banning American companies from doing business with it. The reason cited: NSO’s tools were used for “transnational repression.”  WhatsApp’s case strengthens the legal and evidentiary basis for that designation.  All of this combines to create enormous financial pressure on NSO.  It has suffered sharply reduced revenue because of the sanctions and the reputational harm caused by the litigation. NSO’s debt load is increasing.  It has no clear path to additional sources of debt finance and investor appetite has shriveled while NSO faces mounting criticism and similar claims brought by Apple in 2021.

Impact beyond NSO

But this case isn’t just about damages for WhatsApp. It’s a rare legal battle that pierces the veil of state-sanctioned hacking, with ripple effects on:

• U.S. foreign policy and tech regulation
• Israel’s national tech identity and export economy
• Global debates on digital rights, sovereignty, and surveillance

If NSO’s client behaviors are further exposed through this litigation—it could mark a watershed moment for reining in spyware globally.

The outcome of this case will likely have repercussions beyond the parties themselves in three main categories.  First, this case could become a landmark in holding spyware vendors accountable for the actions of their clients, especially when they use the NSO product to garner information to harm democratic institutions or abuse human rights.  While NSO frames its products as essential for national security (e.g., fighting terrorism or child abuse), this case fuels the narrative that such tools are weaponized against civil society—which strains the balance the U.S. and allies try to maintain between national security collaboration and human rights advocacy.

Second, NSO is emblematic of Israel’s powerful cybersecurity ecosystem, often tied to military intelligence expertise. A ruling that limits or punishes NSO’s business model could trigger stricter international scrutiny and regulation of similar companies, pressure the Israeli government to tighten export controls on surveillance technology and potentially harm the reputation of Israel’s cybersecurity sector, negatively impacting global partnerships and investments.

Third, if WhatsApp wins substantial damages, it may embolden other tech firms to sue spyware makers, reinforcing the message that private platforms have legal recourse when state-affiliated hacking tools are used. Other global spyware vendors will be forced to rethink their potential liabilities and compliance policies. Indeed, the outcome in this case may create sufficient consensus to support an international agreement governing the responsible use of spyware across borders.