Remote-access cyber espionage operations against activists, dissidents or human rights defenders abroad are increasingly a feature of digital transnational repression. This arises when State or State-related actors use digital technologies to silence or stifle dissent from human rights defenders, activists and dissidents abroad through the collection of confidential information that is then weaponized against the target or their networks. Examples include the targeting of Ghanem Al-Masarir (a Saudi dissident living in the United Kingdom), Carine Kanimba (a United States–Belgian dual citizen and daughter of Rwandan activist Paul Rusesabagina living in the United States) and Omar Abdulaziz (another Saudi dissident living in Canada) with NSO Group's mercenary spyware. This practice erodes human rights, democracy and the rule of law and has a negative impact on targeted communities, including social isolation, self-censorship, the fragmentation and impairment of transnational political and social advocacy networks, and psychological and social harm. Despite this, international law does little to restrain this practice. Building on momentum around the regulation of mercenary spyware and transnational repression, this article elaborates on how States could consider regulating dissident cyber espionage and streamlines a unified approach among ratifying States addressing issues such as State immunity, burden of proof, export control and international and public–private sector collaboration.