The Olam
Sovereign & Strategic Capital

NSO, Cellebrite, and the Export-Control Regime: Israel's National Security Adjacency

By The Olam Editorial Team · May 26, 2026
NSO, Cellebrite, and the Export-Control Regime: Israel's National Security Adjacency

NSO Group (Pegasus, on US Entity List since Nov 2021), Cellebrite (NASDAQ: CLBT, mobile forensics), Paragon, Candiru, and the broader Israeli cyber-surveillance category operate under the Israeli MoD export-control regime and the national security adjacency architecture.

NSO Group, Cellebrite, and the broader Israeli cyber-surveillance and digital-forensics category operate inside one of the most institutionally complex regulatory environments of the Israeli technology ecosystem — anchored by the Israeli Ministry of Defense export-control regime, the Israeli national security adjacency architecture, and the documented US, European, and multi-jurisdictional regulatory engagement across the past decade. The category sits inside the broader Israeli Cyber 50 architecture but operates under structurally different institutional rules than conventional Israeli cybersecurity operators.

NSO Group

NSO Group is the Israeli developer of the Pegasus spyware platform, operating under documented Israeli Ministry of Defense export-control oversight and across a multi-decade customer base spanning sovereign government clients. The company is headquartered in Herzliya, Israel, and has been the subject of extensive international regulatory, legal, and journalistic attention across the past decade.

Per US Department of Commerce disclosures, NSO Group was added to the US Entity List in November 2021, materially restricting the company's commercial engagement with US persons and entities. The Entity List designation has been the subject of subsequent regulatory and political engagement across multiple US administrations.

The NSO institutional position represents one of the most documented cases of the structural tension between Israeli defense-technology export, sovereign-government surveillance procurement, and the broader international human-rights and civil-society regulatory environment.

Cellebrite

Cellebrite (NASDAQ: CLBT) is the Israeli developer of the Cellebrite UFED mobile-forensics platform, operating across a multi-decade customer base spanning law-enforcement agencies, government investigators, and corporate-forensics customers. The company is headquartered in Petah Tikva, Israel, and has been a publicly traded company on Nasdaq since 2021 following a SPAC merger.

Per Cellebrite SEC filings and institutional disclosures, the company operates across documented government, law-enforcement, and corporate customer segments globally. The institutional positioning is structurally distinct from NSO — Cellebrite's UFED platform is principally used for evidence extraction from devices physically in law-enforcement custody, rather than for remote surveillance of target devices.

Paragon and the broader category

Paragon Solutions, Candiru, and additional Israeli cyber-surveillance operators populate the broader category alongside NSO and Cellebrite. Per trade-press reporting and documented institutional disclosures, the broader Israeli cyber-surveillance and digital-forensics category includes multiple operators across cyber-surveillance, mobile forensics, intelligence-collection technology, and adjacent capability segments.

The category operates inside the structural tension between Israeli defense-technology commercial export, sovereign customer procurement, and the international regulatory and human-rights environment. The institutional architecture is documented across multiple international regulatory proceedings, US Entity List designations, EU regulatory engagement, and broader journalistic reporting.

The export-control regime

Israeli cyber-surveillance and digital-forensics exports operate under the Israeli Ministry of Defense's Defense Export Controls Agency (DECA), which administers Israeli defense-technology export licensing across the broader defense and cyber-surveillance categories. Per documented Israeli Ministry of Defense reporting, DECA's institutional architecture has materially expanded since 2021–2022, reflecting the documented international regulatory environment around Israeli cyber-surveillance exports.

The institutional read: Israeli cyber-surveillance operators operate inside a materially more constrained export-licensing environment than other Israeli defense-technology operators. The structural constraint extends across customer-eligibility review, jurisdiction-specific licensing, and post-export operational oversight.

The national security adjacency

The Israeli cyber-surveillance category sits inside what trade-press reporting has documented as the Israeli national security adjacency architecture — the institutional positioning of certain Israeli defense and intelligence-adjacent commercial operators inside the broader Israeli national security and foreign policy architecture. The structural adjacency is documented across multiple institutional disclosures and reflects the structural intersection of commercial export, sovereign customer relationships, and Israeli national security architecture.

The structural read

The Israeli cyber-surveillance and digital-forensics category Q1 2026 operates inside a structurally complex regulatory, commercial, and institutional environment. NSO Group's continued operation under Entity List designation, Cellebrite's continuing operation as a publicly traded US-listed Israeli operator, and the broader category's continued positioning inside the Israeli national security adjacency architecture together anchor a documented institutional position.

The next institutional questions: whether the US Entity List status of NSO Group resolves in either direction inside 2026; whether additional Israeli cyber-surveillance operators face regulatory designation in the US, EU, or other jurisdictions; and how the Israeli export-control regime continues to evolve in response to the documented international regulatory environment.

Source data: NSO Group and Cellebrite institutional disclosures; US Department of Commerce Entity List documentation; Israeli Ministry of Defense Defense Export Controls Agency public reporting; coverage in Globes, Calcalist, Bloomberg, Reuters, The New York Times, Washington Post, Haaretz, The Guardian, and broader international press reporting. Related coverage: The Israeli Cyber 50: Q1 2026 Ranking. Data current as of Q1 2026.

Crypto & Digital Assets

View all →
The Digital Shekel Programme
Crypto & Digital Assets · May 26, 2026
The Digital Shekel Programme

The Bank of Israel's digital-shekel project is one of the more advanced central-bank digital currency (CBDC) programmes globally. The 2026 s…

StarkNet and the L2 Race
Crypto & Digital Assets · May 26, 2026
StarkNet and the L2 Race

StarkNet is the only Israeli-originated Ethereum Layer 2 with meaningful adoption. Its position in the broader L2 competitive landscape is t…

Fireblocks and the Institutional Custody Moat
Crypto & Digital Assets · May 26, 2026
Fireblocks and the Institutional Custody Moat

Fireblocks is the Israeli company most embedded in traditional financial institutions adopting digital assets. The MPC custody franchise is…

The Olam Newsletter

Intelligence on the global Jewish economy — in your inbox.

Defense, capital, AI, cyber, venture, aliyah, real estate, and the cross-border architecture connecting them.

Free. No spam. Unsubscribe anytime.