Ask whether a particular spyware company is “sanctioned” and you will get a confident answer that is usually wrong. A company might be on the US Commerce Department's export-control list, or on the Treasury's asset-blocking sanctions list, or on the FCC's equipment rules, or on none of them — and each of those is a different legal fact with a different consequence. The record exists, scattered across government gazettes and press releases. What does not exist, in one place, is the join. SpyLedger is that join, for the industry that builds the tools of surveillance.
It is a source-cited record of the public corporate identity and government-designation status of 26 marquee vendors — from NSO Group, Intellexa, and Candiru to Hikvision, Huawei, and China's facial-recognition champions — carrying 32 designations from US and EU authorities, each rebuilt from a primary public source and linked. It is part of Voidly, which measures what the network hides; SpyLedger documents the industry that helps hide it. This is how it is built, why the taxonomy matters, and why it deliberately stops where it does.
The core insight: a designation is not a designation
The single most important thing SpyLedger does is refuse to flatten four very different government actions into the word “sanctioned.” Every entry is tagged with its authority and its legal type:
- Export control (e.g. the BIS Entity List): a license is required to send US-origin technology to the company, usually under a presumption of denial. It is not an asset freeze. NSO Group and Candiru sit here — widely reported as “sanctioned,” they are in fact export-controlled.
- Sanction (the OFAC SDN list): property within US jurisdiction is blocked and US persons generally cannot deal with the entity. Among the tracked vendors, the Intellexa-linked entities and Russia's Positive Technologies are the ones carrying true blocking sanctions.
- Equipment-authorization restriction (the FCC Covered List): covered gear cannot get new FCC authorization for certain national-security purposes. It is not a ban on all the company's products. Hikvision, Dahua, and Huawei are here — and SpyLedger renders the verbatim, limited scope rather than the headline.
- Investment restriction (Treasury's NS-CMIC list): US persons cannot buy or sell the company's publicly traded securities. Not an asset freeze, not a trade ban.
Collapsing these is not just sloppy; against a litigious company it is a defamation-shaped error. The methodology publishes the taxonomy in full so the distinction can be cited, not just trusted.
Track the watchers, not the watched
SpyLedger is the deliberate inverse of surveillance. It documents the vendors and the governments that regulate them — the powerful side of the ledger — and it carries no victim or target identities, ever, no individual personal data below the corporate-officer line, and no raw leaked material. Where a fact derives from a leak, the rule is to cite the published analysis, never the dump. The whole point is accountability of the surveillance-industrial complex, not more surveillance of the surveilled.
Conservative by construction
Inclusion in SpyLedger is not an accusation. Four of the twenty-six vendors — Paragon, Cellebrite, Geedge, and Protei — carry no designation at all, and the record says so plainly rather than implying otherwise. A listing that was later removed (Sandvine's 2024 BIS listing, rescinded after corporate reforms) is shown as historical, not active. And a designation against one legal entity is never attributed to a similarly named affiliate unless the primary record names it — the kind of look-alike-entity care that separates a record from a smear.
Built from primary sources, verified adversarially
Every designation is rebuilt from a primary public-domain feed — the BIS Entity List, the OFAC SDN list, the Treasury NS-CMIC list, the FCC Covered List, the EU consolidated list — and each row carries a link to that source. The compilation was run as a research pass followed by an independent adversarial verification of every claim: confirm the source supports it, the authority and date are right, and the scope is not overstated. Anything that could not be independently confirmed was dropped. Accuracy is the operative safeguard here, so the record states its as-of date and asks readers to confirm against the linked source before relying on a status.
Static, agent-first, CC BY
Like the rest of Voidly, SpyLedger ships as plain static content: pre-rendered per-vendor dossiers and a single keyless JSON file an agent can read in one request. No key, no rate limit, no server to rate-limit you out of an investigation.
import requests
# The whole record is one static JSON file. No key, no rate limit, no server.
data = requests.get("https://ai-analytics.org/spyledger/index.json", timeout=30).json()
# "Which tracked vendors carry a US BIS Entity List (export-control) listing?"
for v in data["vendors"]:
for d in v["designations"]:
if d["authority"].startswith("US BIS") and "REMOVED" not in d["program"]:
print(v["vendor"], "-", d["program"], d["date"])
# Read a designation's TYPE before quoting it — they are not interchangeable.
nso = next(v for v in data["vendors"] if v["slug"] == "nso-group")
for d in nso["designations"]:
print(d["authorityType"], "::", d["scopeNote"][:80], "...")
# -> export_control :: it is NOT an asset-blocking sanction ...Where it stops — on purpose
SpyLedger v0 publishes designation status only. The obvious next layer — which government is a customer of which vendor — is the highest-value and highest-risk claim in this field, and it is deliberately absent. Naming a customer government on thin evidence both defames the wrong party and blurs the watcher/watched line when a forensic fingerprint actually marks a victim's location. That layer belongs behind sustained, sourced human curation, not an automated pass, and SpyLedger would rather publish less and be citable than publish more and be wrong.
Related writing: Verboten: Building a Queryable Index of Where Books Are Banned — the sister Voidly index that applies the same source-cited, static, agent-first approach to book censorship.
DarkRegister: Tracking the Rollback of Corporate-Ownership Transparency — the other Voidly accountability index, applying the same privacy-careful, source-cited approach to who-owns-whom data.
See also: Trade, Sanctions, and Export Controls — the federal-data deep-dive on how OFAC, BIS, and Census trade data fit together, the same authorities SpyLedger draws on.