Applicability of international law

National positions[edit | edit source]

African Union (2024)[edit | edit source]

"4. Reaffirming that international law applies in cyberspace and governs the use of ICTs in cyberspace, and underscoring that States are under an obligation not to engage in internationally wrongful acts such as those outlined in this Common Position and to combat malicious and criminal cyber operations by non-State actors. [...]"^[1]

Australia (2020)[edit | edit source]

"The United Nations Charter (UN Charter) and associated rules of customary international law apply to activities conducted in cyberspace. Article 2(3) of the UN Charter requires States to seek the peaceful settlement of disputes and Article 2(4) prohibits the threat or use of force by a State against the territorial integrity or political independence of another State, or in any manner inconsistent with the purposes of the UN. These obligations – and the UN Charter in its entirety – apply in cyberspace as they do in the physical realm. They require States to resolve cyber incidents peacefully without escalation or resort to the threat or use of force. The obligation to seek peaceful settlement of disputes does not impinge upon a State's inherent right to act in individual or collective self-defence in response to an armed attack. This right applies equally in the cyber domain as it does in the physical realm."^[2]

Brazil (2021)[edit | edit source]

"Brazil firmly believes that in their use of information and communications technologies, States must comply with international law, including the United Nations Charter, international human rights law and international humanitarian law. The United Nations and other regional organizations have recognized that international law, and in particular the Charter of the United Nations, is applicable to States’ ICT-related activity in cyberspace and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment. Hence, in current discussions, the question is no longer whether, but how international law applies to the use of ICTs by States."^[3]

China (2021)[edit | edit source]

Costa Rica (2023)[edit | edit source]

"7. Costa Rica believes that existing international law applies in its entirety to ICTs, just as it does to all other technologies.5 With regard to the prohibition on the use of force and the rules of international humanitarian law, the International Court of Justice (ICJ) has held that these rules apply ‘to all forms of warfare and to all kinds of weapons, those of the past, those of the present and those of the future’. The same logic applies to the entirety of international law: as a matter of principle, it is applicable to all forms of human activity, whether they involve new technologies or not.

8. Existing international law applies to and governs the use of ICTs by State and non-State actors. Cyber-specific State practice and opinio juris can be useful in fleshing out how international law applies to ICTs and may eventually develop the law in this context. In the same vein, the non-binding, voluntary norms of responsible State behavior in cyberspace, articulated by the GGE and OEWG, do not replace, but are complementary to existing international law in the cyber context.

9. Accordingly, it is emphasized the relevance of strengthening and improvement of international cooperation guided by international law in cyberspace, as a global public good".^[4]

Czech Republic (2020)[edit | edit source]

"[...]as stated by the GGE and many of my colleagues here, existing international law applies to cyberspace in its entirety. Indeed, existing international law provides us with all the necessary tools to prevent actual conflicts in cyber domain. The issue at stake is not a gap in existing law, but compliance with existing law and reaching a common understanding on how to apply the law to today’s environment."^[5]

"[...]the Czech Republic opposes negotiating a new legal instrument, because the developments in ICTs are so rapid and dynamic as to render any potential result of such effort obsolete, perhaps even before we all ratify the outcome. Instead, the Czech Republic prefers achieving a robust consensus on a dynamic application of international law which will be able to adapt to new developments."^[6]

"For obvious historical reasons, none of the existing international law instruments explicitly refer to cyber issues. However, this does not mean these instruments somehow cannot be applied to cyberspace. On the contrary, in its advisory opinion of 1971 the International Court of Justice found that an international instrument has to be interpreted and applied within the framework of the entire legal system prevailing at the time of the interpretation. This concept of dynamic, or evolutionary interpretation is also implied in Article 31(3)b of the Vienna Convention on the Law of Treaties."^[7]

Denmark (2023)[edit | edit source]

"The UN General Assembly has endorsed the conclusions set out in the reports from the Group of Governmental Experts (GGE) and the Open-ended Working Group on Information and Communication Technologies (OEWG) affirming that international law, including the UN Charter, applies in cyberspace. Denmark is an unwavering supporter of this view and continues to support efforts to develop the rules, norms and principles of responsible State behaviour in cyberspace. As a strong proponent of the rules based international order Denmark is fully committed to international law as the fundamental framework for responsible state behaviour in cyberspace. [...]

It is the view of Denmark that the application of international law does not depend on the particular technological means employed. Treaty obligations, customary law, and general principles of law apply across domains, which includes operations conducted in cyberspace.

However, unanswered questions remain regarding the precise interpretation of international law with respect to cyberspace operations. This lack of clarity stems from general issues of interpretation of international law, from limited State practice in cyberspace, and from the unique characteristics of cyberspace. Consequently, the understanding of how international law applies to cyberspace is, and will continue to be, a complex and evolving process.

[...] Denmark subscribes to the general view that also human rights obligations apply in cyberspace, but for the sake of brevity this paper does not elaborate further on that topic. [...]

It should also be noted that international law does not regulate all cross border cyber activities undertaken by States. Some cyber acts might be unfriendly, or even hostile, but not as such regulated by international law and will accordingly be subject to policy considerations."^[8]

Estonia (2019)[edit | edit source]

"[...] as also many states and several international organizations have acknowledged – existing international law applies in cyberspace. Among others, the European Union, NATO, OECD and ASEAN have made similar addresses. Estonia has constantly upheld this position. We do believe and state that both the rights and obligations of international law, including those stated in the UN Charter, do apply to states when using IT and communication technologies. And for that we believe that the Tallinn Manuals vastly developed academic understanding of existing international law. I would like to reiterate, when it comes to legal questions of do’s and don’ts surrounding state behaviour in cyberspace, the answer must be sought from existing international law."^[9]

Estonia (2021)[edit | edit source]

"Estonia reiterates that existing international law applies in cyberspace. The rights and obligations set out in international law, including the UN Charter in its entirety, customary international law, international humanitarian and human rights law, apply to the use of ICTs by states. This means that international law applies to relations between states in cyberspace as it does in conventional domains of state interaction. To promote peace and stability in cyberspace and prevent conflict, it is necessary to have clear rules of responsible state behaviour in place.

Existing international law provides a solid normative framework for state actions, regardless of the means or the environment for these actions. The applicability of international law in cyberspace has been affirmed by the UN General Assembly endorsements of the 2013 and 2015 UN Group of Governmental Experts (GGE) consensus reports and reaffirmed by the OEWG consensus report. The current rules are technologically neutral and underline that state behaviour and the deployment of new transformative technologies do not change the applicability of international law.

States should strive to deepen a common understanding of how international law applies in cyberspace, alongside its possible implications and legal consequences. It is important to analyse how existing rules apply before discussing the need for any new agreement. Estonia sees notions for a new legally binding instrument as premature. From our perspective, current legal measures are sufficient to offer guidance on responsible state behaviour in cyberspace.

The 2013 and 2015 GGEs made substantive progress in terms of discussions on relevant legal rules and principles. In order to maintain peace and stability and promote an open, secure, peaceful and accessible cyberspace, we reiterate the following non-exhaustive elements: international law, including the UN Charter in its entirety, applies to state conduct in cyberspace, noting the principles of humanity, necessity, proportionality and distinction as well as respect for human rights and fundamental freedoms; states must meet their international obligations regarding internationally wrongful acts attributable to them under international law; states must not use proxies to commit internationally wrongful acts using ICTs, and should seek to ensure that their territory is not used by non-state actors to commit such acts; states must observe, among other principles of international law, sovereignty, sovereign equality, the settlement of disputes by peaceful means and non-intervention in the internal affairs of other States; the inherent right of States to take measures consistent with international law and as recognized in the Charter."^[10]

Finland (2020)[edit | edit source]

"In line with its general support to rules-based international cooperation and respect for international law, Finland sees international law as an essential framework for responsible State behaviour in cyberspace. In the same vein, the UN Group of Governmental Experts (GGE) has reaffirmed that “international law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment”. As this formulation, reflecting the specific mandate of the GGE, focuses on questions of international peace and security, there is reason to underline that the same applies to other rights and obligations of States, whether based on treaty law or customary international law."^[11]

France (2019)[edit | edit source]

"For France, compliance with international law is a precondition for the emergence of an appropriate regulation of cyberspace. Faced with an increasingly prevalent and abiding cyber threat, and systems made increasingly vulnerable by digitisation and interconnectivity, the regulation of cyberspace between States and private- and public-sector actors must become a priority in order to re-establish a collective and multilateral order capable of preserving international peace and security".^[12]

"France reaffirms the obligation for States to respect international law in cyberspace, including the United Nations Charter, and in particular the principles of the sovereign equality of States, the settlement of international disputes by peaceful means and the requirement for States to refrain in their international relations from the threat or use of force against the integrity or political independence of another State or in any other manner inconsistent with the purposes of the United Nations."^[13]

Germany (2021)[edit | edit source]

"Germany is firmly convinced that international law is of critical importance when dealing with opportunities and risks related to the use of information and communication technologies in the international context. As a main pillar of a rules-based international order, international law as it stands provides binding guidance on States’ use and regulation of information and communication technologies and their defence against malicious cyber operations. In particular, the UN Charter fulfils a core function with regard to the maintenance of international peace and security – also in relation to cyber activities. In this regard, Germany reemphasizes its conviction that international law, including the UN Charter and international humanitarian law (IHL), applies without reservation in the context of cyberspace."^[14]

Iran (2020)[edit | edit source]

"Article I: General Points

1. Believing that international law applicable to cyberspace shall be a just distributer of benefits and advantages of peaceful cyberspace and involved “access” and “equitable sovereignty” for all states.

2. Emphasizing that while all states shall act responsibly regarding cyberspace, they have common but different responsibilities because of resources and technologies available for each state.

3. Considering that a wide range of general principles of current international law, including equality of sovereignty of states, the prohibition against the use of force and act of aggression may apply to the use of cyberspace."^[15]

Ireland (2023)[edit | edit source]

"1. International law, including the Charter of the United Nations, applies in cyberspace. This has been acknowledged in two processes established by the United Nations General Assembly, namely the Group of Governmental Experts on advancing responsible state behaviour in cyberspace in the context of international security (GGE) as well as the Open-ended Working Group on security of and in the use of information and communications technologies (OEWG).

2. Ireland has published the present paper as a contribution to discussions at UN level, particularly in the context of its participation in the OEWG, aimed at developing a better shared understanding of how international law applies in cyberspace. It is hoped that these discussions will contribute to promoting responsible state behaviour in cyberspace and a more stable, secure, open, accessible and peaceful cyber environment with international law and the rules-based international order at its centre.

3. This paper does not by any means purport to offer an exhaustive or comprehensive analysis; rather it is aimed at providing a reasonably concise expression of Ireland’s national position on some of the more relevant issues arising."^[16]

Israel (2020)[edit | edit source]

"Israel considers that international law is applicable to cyberspace, and this is a view that has become almost axiomatic for a vast majority of States. However, when seeking to apply particular legal rules to this domain, we are mindful of its unique features.

These unique features shape policy and affect the legal framework applicable to the cyber domain. I wish to shortly address some of them. First, cyber operations are conducted through a global network, passing through infrastructure located in multiple jurisdictions, and lack, in and of themselves, any meaningful physical manifestation. Second, much of the cyber infrastructure is held and controlled by the private sector and civilian components are a major part of the picture. Thus, regulation of the cyber domain may have various social and economic implications as well. Third, the cyber domain is highly dynamic, given the fast pace of technological developments and innovation. The development of international legal rules, on the other hand, is a more gradual process. This is understandable since these rules are designed to stand the test of time and are not easily amended.

All these factors taken together suggest that an extra layer of caution must be exercised in determining how exactly international legal rules apply to cyber operations, and in evaluating whether and how additional rules should be developed. We, as government and military legal advisers, are tasked with the role of identifying the relevant rules, including those set by the law of armed conflict, and determining how they apply to a particular set of facts. In some cases, it will be possible to apply a certain rule as it is; while in other cases, the situation may be conceptually different, such that it might not be possible, feasible, or even desirable to draw from existing legal rules. This process obviously has to consider the behavior of States in the cyber domain, as international law is State-made."^[17]

Italy (2021)[edit | edit source]

"Italy deems that international law is applicable to cyberspace and considers it the existing legal discipline and a fundamental tool for assuring responsible State behaviour in cyberspace. This is in line with Italy’s unyielding support to the rule of law both at the international and domestic levels, to a rules-based international order and cooperation and, more generally, to compliance with international law.

Italy thus concurs with the conclusions reached by the UN Group of Governmental Experts (GGE) and by the Open-ended Working Group (OEWG) that was established in 2019, according to which ‘international law and in particular the Charter of the United Nations in its entirety, is applicable and is essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment’.

While the work of the GGE primarily addressed issues of international peace and security, Italy considers that the concept of international peace and security goes beyond a merely military connotation. Accordingly, Italy finds that the rules and principles of international law – be they customary or treaty-based – applicable to activities in cyberspace are not limited to those pertaining to the prohibition of the use of force in international relations.

While Italy has no doubt as to whether international law applies to the cyberspace, it is aware that how existing rules and principles of international law apply gives rise to significant difficulties inherent in the technical features of cyberspace. Such difficulties require responses that the international community is currently developing. Italy thus welcomes and supports the ongoing process of exchange of views, study and cooperation amongst States to that end."^[18]

Japan (2021)[edit | edit source]

"Existing international law, including the UN Charter in its entirety, is applicable to cyber operations. The 2015 GGE report mentions 11 voluntary, non-binding norms of responsible State behaviour. These items were agreed by Governmental experts as requiring implementation at least as norms, but they include items which affirm or relate to rights and obligations under international law. The inclusion of such norms among the 11 items does not mean that the rights and obligations under existing international law are extinguished or altered."^[19]

Kenya (2021)[edit | edit source]

"For more than half a century, information and communication technology (ICT) has been international in its creation, reach, use and misuse. Therefore, States have recognized the need to create effective and sustainable frameworks to guide the use of ICTs in the context of international security.

The applicability of International Law towards this effort was first formally stated in Article 19 of the 2013 of the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE) which states that “International law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment.” The 2015 report of the same group went further in Article 25 and emphasized the role of International law as an essential framework for actions in the use of ICTs. As a member of the UNGGE since 2014, and the United Nations General Assembly (UNGA) that has consistently endorsed the reports presented through the UN Secretary General and recommended that States should implement the recommendations of each report, the Republic of Kenya concurs that international law provides critical guidance for the use of ICTs."^[20]

Netherlands (2019)[edit | edit source]

"As the government has indicated on multiple occasions and consistently argues, international law is applicable in cyberspace. This is also recognised internationally. Nevertheless, there are still many unanswered questions concerning the precise manner in which international law should be applied in cyberspace. This is due to the unique characteristics of the digital world in comparison with the physical world. Digital data generally moves rapidly and is therefore often difficult to localise. It can be transferred to another country in a matter of seconds, and can be stored across a range of different countries. What is more, undesirable activity in cyberspace does not necessarily always have an immediate physical impact, even though its effects may nonetheless be serious. It is not yet entirely clear how these and other unique characteristics should be dealt with in the application of international law. The government is encouraging international debate on ways to clarify the application of international law in cyberspace. Clarity and consensus on these points are essential to the international legal order.

The formulation of responses to these questions is an ongoing process, in which the government coordinates closely with like minded partners and pursues initiatives aimed at furthering dialogue, such as the international consultations on international law in cyberspace hosted by the Netherlands in The Hague in late May 2019."^[21]

New Zealand (2020)[edit | edit source]

"New Zealand supports an international rules-based system that promotes an open, secure, stable, accessible and peaceful online environment and encourages responsible state behaviour in cyberspace."^[22]

"[..]International law applies online as it does offline. Applicable international law includes: the United Nations Charter; the law of state responsibility; international humanitarian law; and international human rights law."^[23]

"[..]As international law has evolved primarily with a territorial, physical conception of the world, care is required to apply the established rules and principles of international law appropriately to the multi-layered context of cyberspace. Applied appropriately, existing international law – as part of the framework of responsible state behaviour in cyberspace – provides an effective toolkit to regulate state behaviour online. This includes the ability to identify breaches of international law in cyberspace, attribute state responsibility for those breaches, and guide responses from victim states."^[24]

Norway (2021)[edit | edit source]

"International law applies in cyberspace. This has been recognised by the international community. The 2012–2013 United Nations Group of Governmental Experts (GGE) concluded as much in its consensus report, and wrote as follows:

‘International law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment.’

This was reconfirmed in the subsequent consensus report by the 2015 GGE, which also underscored that the UN Charter applies in its entirety. The UN General Assembly welcomed the 2015 report of the GGE in its resolution 70/237 and called upon Member States to be ‘guided in their use of information and communications technologies’ by the report.

In the Final Substantive Report of the Open-ended Working Group on developments in the field of information and telecommunications in the context of international security (OEWG), all UN Member States reaffirmed the conclusions of previous GGEs that international law applies in cyberspace. Moreover, the report called upon States ‘to avoid and refrain from taking any measures not in accordance with international law, and in particular the Charter of the United Nations.’ The report also concluded that ‘further common understandings need to be developed on how international law applies to State use of ICTs.’

Compliance with international law is fundamental for preserving international peace and security in cyberspace." ^[25]

"Existing international law, that is customary international law and international treaties, has not been developed with cyberspace in mind. However, the application of the rules of international law to new areas, for example in response to technological developments, is nothing new. If the law in certain areas is perceived as unclear when applied to activities in cyberspace, this must be resolved in the usual way through interpretation. This applies both to general international law, for instance the rules that relate to sovereignty and state responsibility, and to the specialised regimes of international law, such as international human rights law and international humanitarian law.

Norway is of the view that there is no need for specific legal instruments to set out rights and obligations of States in respect of activities in cyberspace."^[26]

Pakistan (2023)[edit | edit source]

“6. Pakistan believes that the principles of non-use of force, sovereign equality of all nations, non-interventionism, and peaceful settlement of disputes, as enshrined in the UN Charter, continue to apply in cyberspace as in the physical world.

7. Moreover, there also exists an agreement among the States, as reflected in the reports of GGE^[27] and OEWG^[28], that ‘International law, and in particular the Charter of the United Nations, is applicable and essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment. In this regard, States were called upon to avoid and refrain from taking any measures not in accordance with international law, and in particular the Charter of the United Nations’.

8. However, Pakistan acknowledges the fact that considering the unique attributes of cyberspace and the transnational nature of cyber technologies applicability of international law poses certain challenges which need to be addressed. Therefore, Pakistan supports an objective debate among the Member States to agree on defining the mechanism for the application of the concepts of sovereignty, self-defense, non-use of force, peaceful settlement of disputes, and attribution in cyberspace. The reports of OEWG and GG also concluded that further common understandings need to be developed on how international law applies to State use of ICTs."^[29]

Poland (2022)[edit | edit source]

"By presenting this position, the Republic of Poland wishes to join the states that have already formulated their views in this respect. In Poland’s view, the practice of publicly presenting positions in key matters concerning international law increases the level of legal certainty and transparency, at the same time contributing to strengthening respect for international law commitments, and offers an opportunity to develop customary law.

Poland is also in favour of the discussion on how to apply international law to cyberspace, taking place in the UN in the field of information and telecommunications in the context of international security since 2013 within the Group of Governmental Experts, and also within the Open-Ended Working Group since 2021. As indicated in Poland’s position presented at the UN in 2016, “Respect for international law and norms are a necessary condition for maintaining peace and security between States in cyberspace”.

Respect for the fundamental norms of international law is in turn instrumental in preventing international conflicts and their escalation. The above also applies to activities in cyberspace. This position is thus a natural continuation of Poland’s two years of non permanent membership of the Security Council (2018-2019), where the issue of respect for international law was one of Poland’s priorities."^[30]

"Application of International law to actions in cyberspace

1. The existing international law, including the Charter of the United Nations, applies to cyberspace. Therefore, states are required to adhere to international law in cyberspace.

The lack of universal treaties referring directly to the actions of states and other actors in cyberspace does not mean that this space lies outside the law or is unregulated. The norms of international law derived both from the treaties and from other sources of law, in particular customary international law, apply to it. So far, the stance that the existing norms of international law apply to cyberspace has been taken among others by the European Union, the North Atlantic Treaty Organization, the UN Group of Governmental Experts (UN GGE) and a number of states."^[31]

Romania (2021)[edit | edit source]

"An open, secure, stable, accessible and peaceful online environment and a responsible State behaviour in cyberspace cannot be imagined outside an international rules-based system, primarily founded on international law.

Given the specificities of cyberspace and of the incident of various information and communication technologies, the discussion on how international law applies in cyberspace is a complex one.

However, the fact that there is a need to further discuss on how exactly international law applies to cyberspace does not mean that international law does not apply to cyberspace and that we are facing a legal vacuum.

State practice will in time further crystalize the application of international law in cyberspace; as a matter of fact, not all aspects can or even should be clarified in detail in absence of relevant state practice. This is however, without prejudice to the obligation of States to act in a responsible manner including in cyberspace and assume conduct that is in line with general international law.

Romania is of the strong opinion that existing international law equally applies to cyberspace and that there is no need to develop international legal frameworks to address strictly cyberspace."^[32]

Russia (2021)[edit | edit source]

"Russia assumes that, for the present, the international community has reached consensus on the applicability of the universally accepted principles and norms of international law, which are enshrined, first and foremost, in the Charter of the United Nations and the Declaration on principles of international law, friendly relations and cooperation among States in accordance with the Charter of the United Nations of October 24, 1970, to information space. These include, in particular, the principles of sovereign equality of States, non-use of force and threat of force, settlement of international disputes by peaceful means, non interference into internal affairs of States, obligation of States to cooperate with each other, equal rights and self-determination of peoples, fulfillment of international law obligations in good faith, inviolability of State borders, and territorial integrity of States. This understanding was agreed upon at relevant UN platforms on international information security and set forth, inter alia, in the 2013 and 2015 reports of the UN Group of Governmental Experts (GGE) and in the 2021 report of the UN Open-ended Working Group (OEWG), as well as in the UN General Assembly resolution (A/RES/73/27, para. 17 of the preamble) proposed by Russia and adopted in 2018. It is presumed that international obligations of States, including those stemming from international treaties as the main sources of international law, are applicable in information space.

At the same time, given the specific legal nature of the information environment, notably, the fact that activities therein can be anonymous, the application of international law to the use of information and communications technologies (ICTs) should not be automatic and should not be carried out by simple extrapolation. There is a need to substantively discuss the issue of how specific instruments of the existing international law apply to the ICT-sphere, as well as to elaborate a universal approach to this matter under the UN auspices."^[33]

Singapore (2021)[edit | edit source]

"[..] we believe it is important to build a rules-based international order in cyberspace, especially given rapid digitalisation. The adherence by States to international law is essential to support and promote an open, secure, stable, accessible, peaceful, and interoperable ICT environment."^[34]

"[..] Singapore affirms the principle that international law, in particular the Charter of the United Nations (the “UN Charter”), applies to cyberspace."^[35]

Sweden (2022)[edit | edit source]

"The applicability of existing international law, including the UN Charter, in cyberspace has been confirmed by the United Nations Group of Governmental Experts (UN GGE) and by the United Nations Open-ended Working Group (OEWG). The Reports of both groups have been adopted by the UN General Assembly. UN Members have thus unequivocally reaffirmed the applicability of international law in cyberspace. The current discussion focuses primarily on how international law applies.

State behaviour based on compliance with international law fosters stability in international relations. A better understanding of how international law applies in cyberspace contributes to the strengthening of an open, secure, stable, accessible and peaceful cyber environment. In this respect, and based on its commitment to an international rules-based order, Sweden presents its general position on some of the areas of central importance to a safe and secure cyberspace. Sweden does not see a need for new rules regulating cyber activities. However, cyber technology may give rise to specific questions requiring further clarification."^[36]

Switzerland (2021)[edit | edit source]

"Switzerland is committed to building and maintaining a free, open, secure and peaceful cyberspace, and to advancing the recognition, observance and enforcement of international law in this space. All states have a common interest in ensuring that cyberspace is governed by the rule of law and used for peaceful purposes only. Switzerland considers international law to be applicable to cyberspace. It therefore welcomes the consensus of previous UN GGEs that international law, and in particular the UN Charter in its entirety, are applicable to cyberspace – which was also approved unanimously by the UN General Assembly. It also welcomes the OEWG 2019/2021 report of 18 March 2021, which confirms this consensus."^[37]

United Kingdom (2018)[edit | edit source]

"Cyber space is not – and must never be – a lawless world. It is the UK’s view that when states and individuals engage in hostile cyber operations, they are governed by law just like activities in any other domain. The UK has always been clear that we consider cyber space to be an integral part of the rules based international order that we are proud to promote. The question is not whether or not international law applies, but rather how it applies and whether our current understanding is sufficient.

What this means is that hostile actors cannot take action by cyber means without consequence, both in peacetime and in times of conflict. States that are targeted by hostile cyber operations have the right to respond to those operations in accordance with the options lawfully available to them and that in this as in all things, all states are equal before the law."^[38]

United Kingdom (2021)[edit | edit source]

"International law is fundamental to maintaining security and stability in cyberspace and international law applies to States’ conduct in cyberspace on the same basis as it applies to their other conduct. The application of international law to States’ conduct in cyberspace is clearly recognised by the international community. In the recent 2021 OEWG report, States reaffirmed their understanding (as already set out in the 2013 and 2015 GGE reports) that ‘international law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment’."^[39]

United Kingdom (2022)[edit | edit source]

"Commentators often talk in hushed tones of cyber weapons, with little understanding of what they are, or of the rules which govern how they are used. This misunderstanding means we can see every cyber incident as an act of warfare which threatens to bring down the modern world around us and it’s not uncommon for even seasoned observers to think in this way, as they speak of cyber as a new battlespace where no rules apply. But cyberspace is not a lawless ‘grey zone’. International law governs and plays a fundamental role in regulating cyberspace.

Which is why today I would like to set out how the UK considers international law applies in cyberspace during peacetime, against the backdrop of the Prime Minister’s Integrated Review and the Government’s National Cyber Strategy. With particular focus on the rule on non-intervention, its application to key sectors, and avenues for response.

I’m focusing on the law applicable in peacetime because the UK has already set out that cyber operations are capable of breaching the prohibition on the threat or use of force, and that the law applicable in armed conflict applies just the same to the use of cyber means as other means of waging war. And I want to be clear that in the same way that a country can lawfully respond when attacked militarily, there is also a basis to respond, and options available, in the face of hostile cyber operations in peacetime."^[40]

United States (2012)[edit | edit source]

"[...]international law principles do apply in cyberspace. Everyone here knows how cyberspace opens up a host of novel and extremely difficult legal issues. But on this key question, this answer has been apparent, at least as far as the U.S. Government has been concerned. Significantly, this view has not necessarily been universal in the international community. At least one country has questioned whether existing bodies of international law apply to the cutting edge issues presented by the internet. Some have also said that existing international law is not up to the task, and that we need entirely new treaties to impose a unique set of rules on cyberspace. But the United States has made clear our view that established principles of international law do apply in cyberspace."^[41]

United States (2016)[edit | edit source]

"Existing principles of international law form a cornerstone of the United States’ strategic framework of international cyber stability during peacetime and during armed conflict. The U.S. strategic framework is designed to achieve and maintain a stable cyberspace environment where all States and individuals are able to realize its benefits fully, where there are advantages to cooperating against common threats and avoiding conflict, and where there is little incentive for States to engage in disruptive behavior or to attack one another.

There are three pillars to the U.S. strategic framework, each of which can help to ensure stability in cyberspace by reducing the risks of misperception and escalation. The first is global affirmation of the applicability of existing international law to State activity in cyberspace in both peacetime and during armed conflict. The second is the development of international consensus on certain additional voluntary, non-binding norms of responsible State behavior in cyberspace during peacetime, which is of course the predominant context in which States interact. And the third is the development and implementation of practical confidence-building measures to facilitate inter-State cooperation on cyber-related matters."^[42]

United States (2020)[edit | edit source]

"We recognize that State practice in cyberspace is evolving. As lawyers operating in this area, we pay close attention to States’ explanations of their own practice, how they are applying treaty rules and customary international law to State activities in cyberspace, and how States address matters where the law is unsettled."^[43]

"It continues to be the view of the United States that existing international law applies to State conduct in cyberspace. Particularly relevant for military operations are the Charter of the United Nations, the law of State responsibility, and the law of war. To determine whether a rule of customary international law has emerged with respect to certain State activities in cyberspace, we look for sufficient State practice over time, coupled with opinio juris—evidence or indications that the practice was undertaken out of a sense that it was legally compelled, not out of a sense of policy prudence or moral obligation."^[44]

Appendixes[edit | edit source]

See also[edit | edit source]

Notes and references[edit | edit source]

Bibliography and further reading[edit | edit source]