arXiv: Information Security in Small-Scale Protests: Surveillance of Ugandan Anti-EACOP Protesters

This paper, published on arXiv, presents a case study on the use of digital surveillance technologies against small-scale protesters in Uganda opposing the East African Crude Oil Pipeline (EACOP). It documents how state and corporate actors deploy mobile network monitoring, social media scraping, and facial recognition to track and suppress dissent. While not a formal regulatory change, this research highlights a critical gap in the current AI Safety framework, particularly regarding the extraterritorial application of EU AI Act provisions on biometric surveillance and social scoring.

The findings directly affect EU-based technology firms, cloud service providers, and financial institutions that supply surveillance tools or data infrastructure to projects in high-risk regions. Compliance teams in sectors like energy, telecommunications, and AI development should assess whether their supply chains or client relationships enable human rights abuses through AI-driven monitoring. This paper serves as a warning that such practices may soon trigger enforcement actions under the EU’s Corporate Sustainability Due Diligence Directive and the AI Act’s prohibitions on social scoring.

Compliance teams should immediately review their third-party risk assessments for any involvement in surveillance technologies deployed in conflict-prone or authoritarian contexts. They should also update their human rights impact assessments to include specific scenarios of protest monitoring and ensure that AI systems sold or licensed abroad meet the same ethical standards required within the EU. Proactive auditing of data flows and end-user agreements is recommended to mitigate legal and reputational exposure.