David Kaye, the U.N. special rapporteur on freedom of speech, submitted his recommendations in a report published on Tuesday to the U.N. Human Rights Council, which will open a three-week session next week.
Kaye said he had received detailed testimony about governments using spyware developed and supported by private companies, but the market was shrouded in secrecy.
"Surveillance of specific individuals – often journalists, activists, opposition figures, critics and others exercising their right to freedom of expression – has been shown to lead to arbitrary detention, sometimes to torture and possibly to extrajudicial killings," he wrote.
"States should impose an immediate moratorium on the export, sale, transfer, use or servicing of privately developed surveillance tools until a human rights-compliant safeguards regime is in place."
Kaye cited the examples of Pegasus spyware, produced by Israel's NSO Group, which he said had been identified as being used to target individuals in 45 countries, and FinSpy, also known as FinFisher, produced by German-British Gamma Group.
Neither company immediately responded to a Reuters request for comment.
Kaye said the system for oversight was "hardly exists," and there was an "extraordinary risk of abuse."
Especially murky was the "vulnerabilities market," where governments could to exploit flaws in commonly available software to access individual communications and devices, without the knowledge of the device or software manufacturer.
Governments were conducting surveillance without fear of any legal consequence, and companies were failing to meet even the most basic principles of protecting the human rights of people affected by their products and services.
"Digital surveillance is no longer the preserve of countries that enjoy the resources to conduct mass and targeted surveillance based on in-house tools. Private industry has stepped in, unsupervised and with something close to impunity."