Geneva – South Korea's agreement to cooperate with the United Arab Emirates in the Stargate UAE project to build a large artificial intelligence data centre is deeply alarming. The initiative is led by G42, a company linked to the UAE authorities, alongside an international technical alliance.
The project poses serious risks to privacy and individual freedoms, given the documented record of both the UAE authorities and G42 in the unlawful use of surveillance and hacking technologies and the absence of credible safeguards or independent governance for such a highly sensitive venture.
The danger of this project, announced by South Korea on Tuesday, 18 November, goes far beyond the potential misuse of collected data. It includes the prospect of using the centre's vast artificial intelligence capabilities to reinforce existing tools of digital repression, such as mass surveillance, facial recognition, tracking activists and opponents, and analysing digital and behavioural patterns on an unprecedented scale. Such practices would endanger the core rights to privacy, freedom of expression and freedom of association.
Stargate UAE could grant access to sensitive data to companies closely linked to the UAE security services and other repressive regimes
Stargate UAE could grant access to sensitive data to companies closely linked to the UAE security services and other repressive regimes, enabling the development of advanced targeting systems for political or security purposes outside the law. These risks are heightened by the absence of clear guarantees on where the data is processed, who exercises actual control over the servers and algorithms, and what limits exist on security services' access.
Proceeding with this cooperation without a strict framework for transparency and independent oversight would expose all parties to significant legal and ethical risks. The project could lead to cross-border violations of individuals' rights, including those of dissidents, human rights defenders, and foreign residents and workers, particularly given the likelihood of processing and transferring sensitive data within environments or technologies that are insufficiently regulated.
The international technology companies involved in the project, including OpenAI, Oracle, Nvidia, SoftBank, and other infrastructure, chip, and cloud service providers, bear direct responsibility under the United Nations Guiding Principles on Business and Human Rights (UNGPs). These principles require firms to conduct comprehensive human rights due diligence, particularly in high-risk environments, and to take effective measures to avoid causing, contributing to, or being linked to violations through their business relationships. By supplying the expertise, technology, and computing power that could enable mass surveillance in the absence of strict safeguards, these companies risk breaching these principles and exposing themselves to liability for foreseeable harm.
These concerns are not theoretical but grounded in documented precedents showing the involvement of G42 and its affiliated entities in developing and deploying advanced surveillance tools for state authorities. This record includes, for example, its ownership of the ToTok messaging application, which international reports found was used to track user data and digital activity, as well as use in cyberattacks and the systematic digital targeting of journalists, political dissidents, and human rights activists across the region.
The structure of G42 and its record of associations pose serious legal risks. Independent international reports show that current and former senior figures in the company have been involved in cyber entities subjected to extensive investigations for violating privacy and freedom of expression, most notably the DarkMatter Group, which has been accused of using hacking and surveillance tools to target journalists, dissidents, and activists as part of wider "transnational digital repression" practices.
This institutional linkage reflects a high-risk environment under the UNGPs, particularly regarding companies' responsibility to avoid causing or contributing to violations and their duty to conduct effective due diligence in highly sensitive contexts. It renders the company's role in implementing the project a foreseeable legal risk, given the potential for replicating previously documented patterns of technological exploitation in the region.
Granting a company with a documented history of building digital surveillance infrastructure the authority to implement a project on the scale of Stargate UAE could entrench impunity and turn the initiative from a platform for technological development into a vehicle for expanding state control over the digital space. It could also enable repressive profiling and targeting based on opinion, political affiliation, or background.
The risks arising from cooperation between South Korea and the UAE on this project cannot be separated from the UAE's documented record of using digital technology as a tool of control and a means to restrict public freedoms. Credible reports have shown that the UAE authorities targeted opponents and activists with sophisticated spyware such as the Israeli-developed Pegasus, among others, to monitor dissidents, journalists, and human rights defenders. They have also employed various forms of digital surveillance and harassment against individuals for peacefully expressing their views, including during high-profile events such as the COP28 climate summit.
UAE authorities have consistently enabled these unlawful practices through a loose legal framework, including Federal Decree Law No. 34 of 2021 on Combatting Rumours and Cybercrimes. This law grants broad powers that allow the criminalisation of peaceful activities and facilitate surveillance, effectively formalising ongoing violations of privacy.
The risks extend beyond the companies involved to partner states, including South Korea and the countries in which the participating firms are based. These states bear binding obligations under the International Covenant on Civil and Political Rights and other human rights instruments to protect individuals from violations of privacy and freedom of expression linked to the activities of companies under their jurisdiction, including when those companies operate abroad. This includes regulating and monitoring exports of dual-use technologies, enforcing rigorous human rights due diligence, and ensuring effective mechanisms for victim redress. The UN Guiding Principles on Business and Human Rights reinforce these duties by requiring states to ensure that the trade and technology relationships they authorise or support do not enable foreseeable abuses of individuals' rights.
International stakeholders, particularly the South Korean government and global technology companies, must urgently reassess their involvement and suspend any further implementation of Stargate UAE until an independent and comprehensive human rights impact assessment is carried out. They must secure clear, written guarantees, including, at a minimum, a public commitment not to use the project's infrastructure for mass surveillance or for targeting individuals based on political opinion, human rights activity, affiliation, or geographical background. They must also ensure full transparency regarding where data will be stored and processed, who exercises actual control over the servers and algorithms, and that any access by security agencies is subject to effective, independent judicial oversight. Finally, they must establish accessible and credible mechanisms for redress and compensation for affected individuals, including those outside the UAE.
The UAE government and G42 must demonstrate full transparency regarding Project Stargate UAE and provide detailed, rights-based guarantees on how data will be collected, stored, processed, and used. This should include publishing clear data protection policies and ensuring that users and potential stakeholders have access to information about their rights and available avenues for redress. Euro-Med Monitor calls for the creation of independent and effective governance mechanisms, overseen by credible external regulators, to prevent any security or political interference in the project's operation and to ensure that the AI infrastructure is not used for control, repressive profiling, or digital exclusion.
Relevant UN and international bodies, particularly the Special Rapporteur on the right to privacy, the Special Rapporteur on freedom of opinion and expression, and the Special Rapporteur on human rights defenders, should closely monitor Stargate UAE and similar initiatives. They must scrutinise the project's governance and its compliance with individual rights and take proactive measures to prevent the creation of an international precedent in which advanced technology is deployed to serve repressive regimes. Such a precedent would threaten global data protection and human rights frameworks and undermine public trust in the use of artificial intelligence worldwide.
