Regulating Rambo

Private Security Companies are indispensable on the modern battle-field, but they need to be regulated. The EU may succeed where national governments and self-regulation have failed.

The latest incident of Iraqi civilian deaths at the hands of American private security contractors has again brought to the fore a tricky issue: how to regulate the work of private security companies in war-zones, especially in places like Iraq where they represent the second largest troop contingent.

Stories of derring-do antics, military wannabes and Hollywoodesque names – Executive Outcomes, Blackwater – have drawn attention to this million-dollar industry, which, more than any other, has benefited financially from the Iraq War. Books, cloak-and-dagger conferences and numerous articles have dealt with the subject. See Robert Kaplan's views and RUSI's articles.

To be sure, cases of abuse and incompetence abound. At the same time, no military – even the 2 million personnel U.S armed forces – can undertake all the necessary security assignments in a very hostile environment. Private support is required and contractors are, generally, reliable, and professional.

Most analysts agree that when effectively regulated, private security actors can make a valuable contribution to the provision of security. Military Professional Resources Incorporated (MPRI) played a key role in helping Croatian forces expel the Serbian army in the late 1990s clearing the way for the Dayton peace negotiations. Executive Outcomes changed the conflict in Sierra Leone in the mid-1990s. With over 60 companies employing more than 20,000 private personnel providing military and security-related services, private companies are effectively the second largest contingent in Iraq after US forces. However, an uncontrolled or poorly regulated sector can function as an obstacle to peacebuilding, good governance and sustainable development especially in transitional or post-conflict states like Iraq.

Until now, national regulation and the use of contracts have not guaranteed the required standards. A broader framework is required. The time has come for a European Union directive covering all private security companies – regardless of where they operate. This may, in turn, become the springboard for more global regulation – perhaps through a UN convention – or simply better global standards – through the power of example.

Regulations Increase

There has for a long time existed an obligation within international law for national governments to introduce what Professor Francoise Hampson, a leading scholar, calls a “ban on unlawful participation in armed conflict abroad”. Key legal milestones include the Hague Convention of 1907, Article 3 common to the four 1949 Geneva Conventions, and a number of other conventions – all of which have limited the use of mercenaries and foreign soldiers. One UN declaration called on states to prevent “irregular forces or armed bands, including mercenaries, for incursion into the territory of another State”. Regional organisations, like the OAU, also sought to proscribe mercenaries in law.

Similarly, national statutes regulating mercenaries have existed for a long time. In the UK, the UK Foreign Enlistment Act from 1870 was introduced to prevent Brits fighting in foreign wars for a country at peace with Britain. The Act actually had extraterritorial application – although it was never enforced.

But to equate mercenaries with private security contractors is problematic and for this reason many of the international and national statutes have not been useful. Moreover, since the 1980s outsourcing of security services has gone beyond facilities protection. Today, security companies offer a range of services. Corporations, for example, are heavily involved in creating the analytical products that underlie intelligence operations.

Therefore, in recent years a number of regulatory frameworks have come into being specifically targeted at the modern phenomenon of private security companies. Many countries have developed national regulations of the private security sector and its relationship with state security providers, i.e. the police, in order to ensure the highest possible standards.

EU Standards Vary

In 2002, the British government took a run at national regulation, producing a number of options including a licensing regime that “would require companies or individuals to obtain a license for contracts for military and security services abroad.” Parliament's Defense Committee also conducted an inquiry. But after months of consultations, no regulation was developed. Contracts remain the main mode of governing British security companies working for the British government. In addition, employees can be subject to domestic criminal law and civil liability in the contracting country, the country of operation and in the employee's country of citizenship.

Across the EU, various standards exist. Finland, France, and Portugal have tighter private security services. Other countries such as Spain have no or only narrowly defined regulations. Most focus on mercenaries of citizens serving in armies of other countries. For example, the Austrian criminal code deals with military associations, weapons caches, but there is no legal reference to private military companies. In Greece, recruiting mercenaries is illegal. Similarly, in the Netherlands, recruitment of personnel for a foreign military service is an offence punishable with a maximum of one year.

In Germany, regulations have existed since 1927 through the German Trade Code (Gewerbeordnung) and since 1995 special legislation for security services (Bewachungsgewerberecht). Moreover, private military services are partially regulated by the German Export Control Order (Aussenwirtschaftsverordnung).  Bristol University's Elke Krahmann has done great comparative research. The main point about these regulations, however, is that they are in the main concerned with domestic, not foreign operations.

Heal Thy Self

The industry itself has also worked hard to increase non-binding, but self-imposed standards in part to weed out less-than savory operators. In 2006, the so-called “Sarajevo Process” was initiated in which stakeholders from the Bosnian Government, client groups and international organizations came together to improve standards within the private security industry in Bosnia and Herzegovina. The result was “The Sarajevo Code of Conduct for Private Security Companies”, which seeks to improve basic standards of professionalism and service. It covers a wide range of areas, including: The selection and recruitment of employees; Standards of training for personnel; The use of force and firearms; Relationships between companies and contractors, competitors and other affiliations etc.

Bandying together in trade associations – like the British Association of Private Security Companies, on the web at industry has also sought to promote “best practice”, issue guidelines for its members and offer training. Like all trade associations, they represent different views. Some members lobby against regulation – see Sandlines's own paper, but others see the benefit of light-touch regulation both for their image, but also to weed out the industry's genuine “cowboy” operators. 

Problem Remains

Despite these efforts, there is clearly a regulatory gap, especially when contractors operate in hostile, war-like theatres where the host governments – and their international helpmates – may not be in a position to regulate and fairly enforce – the requisite standards. National regulation – i.e. where the company is registered – has proven limited. Even though South Africa has a system of extra-territorial legislation, if a South African registered company is operating abroad, any misdeed cannot practically be addressed by the South African authorities until the individuals' return. Conducting investigations of alleged incidents, especially if they have taken place in hostile environments, can be difficult if not impossible. National regulation suffer from another problem: if companies find national regulation cumbersome, they can easily arbitrage – that is, move their corporate headquarters into jurisdictions that have more lax regimes.

Enter the EU

The UN is unlikely to provide an answer. An Expert Working Group on Mercenaries and PMCs did undertake work a few years ago, but little resulted. The reason is simple: while theoretically appealing, it is unlikely that the UN would be able to agree on, establish and enforce a regulatory system. At best, it could play a role in improving transparency in the market, as in the case of the UN Register on Arms. This leaves regional approaches as the only viable option for regulatory standards. There has already been an attempt at harmonizing – through the Services Directive – the operation and use of private security companies inside the EU, but this has as of yet come to little.

In addition, companies bidding for contracts – and public organizations rewarding them – have to follow the now-standardized and transparency-inducing EU procedures for tenders. But these regulations have not adequately dealt with the problem. And as Britain's NAO has shown, using contracts to regulate all aspects of a company's operation is not sufficiently comprehensive.

The time may have come for EU regulation to cover the operation of European private security companies in foreign theatres. Caroline Holmqvist has made a good case for using one of several avenues: Expanding the 1998 EU Code of Conduct on Arms Exports to include private security services; or through the harmonization of national laws on private policing, regulated under the Internal Market. See her excellent 2005 paper.

The details of such a regulation would have to be developed, but taking DCAF's suggestions as a starting point, a minimum regulation should include:

  • A binding Code of Conduct with explicit reference to the Law of Armed Conflict and relevant human rights frameworks, but also details of corporate responsibility in times of   
  • A registration/licensing system with a detailed listing of the services provided by the companies; notification prior to bidding and registration of the individuals working for the companies;
  • Minimum requirements for licensing in regard to employment and backgrounds of personnel, the company's corporate structure;
  • Details of the oversight of the companies' activities, both financial and operational;
  • Minimum requirements of competitiveness and transparency in the procurement, bidding and contracting processes.

How to implement the standards – investigating incidents, ensuring compliance etc – will be a particularly thorny question. Either the Union could develop a specialized agency – like the UK's Security Industry Association – to police compliance, or implementation could be left to Member States and their national organs. In both scenarios, a specific security “fee” could be levied to pay for implementation.

No doubt putting a regulatory framework in place will be fraught with difficulties. But current attempts at regulating the industry have not proven adequate and the damage done by incidents such as those in Iraq not only damage European credibility, but may ultimately undermine a key military capability.





The European Council on Foreign Relations does not take collective positions. ECFR publications only represent the views of their individual authors.


ECFR Alumni · Former Senior Policy Fellow

Subscribe to our weekly newsletter

We will store your email address and gather analytics on how you interact with our mailings. You can unsubscribe or opt-out at any time. Find out more in our privacy notice.