On November 21, President Ilham Aliyev signed a decree establishing a centralized digital platform that significantly expands state surveillance powers. Known as the Centralized Information and Digital Analytics System (MİRAS), the system will be controlled by the State Security Service and is expected to be fully operational by May 2026.
MİRAS is intended to consolidate public data from multiple state bodies, including the Special State Service for communications and information security and the Interior Ministry. It will centralize processing and storage, giving security services broad access to personal information. An explanatory document detailing the system’s scope was briefly published online and then removed, raising concerns about transparency and the scale of data collection.
The platform is authorized to collect and analyze a wide range of personal data, including identity documents, migration history, family details, health records, property and financial data, criminal and administrative records, and some communications metadata. The State Security Service can integrate these sources to generate forecasts, risk assessments, and analytical reports.
Azerbaijan’s authoritarian environment, with a history of unlawful digital surveillance of journalists, human rights defenders, and activists, heightens concerns over MİRAS. Previous investigations have documented the government’s use of spyware and internet traffic monitoring tools to intimidate critics, and a centralized system without independent oversight risks arbitrary and disproportionate surveillance.
As a Council of Europe member, Azerbaijan is bound by the European Convention on Human Rights, including Article 8 on the right to privacy. European Court of Human Rights rulings require that surveillance measures meet strict standards of legality, necessity, and proportionality, and include independent oversight, transparent rules, and effective remedies.
The MİRAS regulation currently lacks these safeguards. It does not specify when or how personal data may be accessed, requires no judicial or independent authorization, provides no retention limits or minimization standards, and includes no external audit mechanisms. Control is entirely centralized within the State Security Service, and there are no provisions for public reporting or for individuals to access or correct their data.
Given these risks, Azerbaijan should suspend the implementation of MİRAS and adopt robust privacy protections. International partners, including the Council of Europe, should urge the authorities to ensure that digital governance reforms do not entrench unchecked surveillance powers.
