Answer given by Ms Gabriel on behalf of the Commission
The Commission takes concerns of compromised software being used as an entrypoint for unauthorised access seriously.
There has been very limited use of Kaspersky Lab software in the Commission. Analysts in the Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU) — an interinstitutional cybersecurity team hosted at the Commission — and in the Directorate-General for Human Resources and Security use, amongst numerous other anti-virus products, a Kaspersky anti-virus engine to analyse malware samples in a controlled off-line environment separated from the Commission networks and without any direct Internet connection. The risk of data exfiltration therefore would be minimal even if the software was in fact malicious. However, the Commission has no indication for any danger associated with this anti-virus engine.
As regards other EU institutions and agencies, choices of anti-malware and anti-spam tools are at the discretion of each organisation.