Applicability of international law: Difference between revisions

National positions

Australia (2020)

"The United Nations Charter (UN Charter) and associated rules of customary international law apply to activities conducted in cyberspace. Article 2(3) of the UN Charter requires States to seek the peaceful settlement of disputes and Article 2(4) prohibits the threat or use of force by a State against the territorial integrity or political independence of another State, or in any manner inconsistent with the purposes of the UN. These obligations – and the UN Charter in its entirety – apply in cyberspace as they do in the physical realm. They require States to resolve cyber incidents peacefully without escalation or resort to the threat or use of force. The obligation to seek peaceful settlement of disputes does not impinge upon a State's inherent right to act in individual or collective self-defence in response to an armed attack. This right applies equally in the cyber domain as it does in the physical realm."^[1]

Brazil (2021)

"Brazil firmly believes that in their use of information and communications technologies, States must comply with international law, including the United Nations Charter, international human rights law and international humanitarian law. The United Nations and other regional organizations have recognized that international law, and in particular the Charter of the United Nations, is applicable to States’ ICT-related activity in cyberspace and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment. Hence, in current discussions, the question is no longer whether, but how international law applies to the use of ICTs by States."^[2]

China (2021)

Czech Republic (2020)

"[...]as stated by the GGE and many of my colleagues here, existing international law applies to cyberspace in its entirety. Indeed, existing international law provides us with all the necessary tools to prevent actual conflicts in cyber domain. The issue at stake is not a gap in existing law, but compliance with existing law and reaching a common understanding on how to apply the law to today’s environment."^[3]

"[...]the Czech Republic opposes negotiating a new legal instrument, because the developments in ICTs are so rapid and dynamic as to render any potential result of such effort obsolete, perhaps even before we all ratify the outcome. Instead, the Czech Republic prefers achieving a robust consensus on a dynamic application of international law which will be able to adapt to new developments."^[4]

"For obvious historical reasons, none of the existing international law instruments explicitly refer to cyber issues. However, this does not mean these instruments somehow cannot be applied to cyberspace. On the contrary, in its advisory opinion of 1971 the International Court of Justice found that an international instrument has to be interpreted and applied within the framework of the entire legal system prevailing at the time of the interpretation. This concept of dynamic, or evolutionary interpretation is also implied in Article 31(3)b of the Vienna Convention on the Law of Treaties."^[5]

Estonia (2019)

"[...] as also many states and several international organizations have acknowledged – existing international law applies in cyberspace. Among others, the European Union, NATO, OECD and ASEAN have made similar addresses. Estonia has constantly upheld this position. We do believe and state that both the rights and obligations of international law, including those stated in the UN Charter, do apply to states when using IT and communication technologies. And for that we believe that the Tallinn Manuals vastly developed academic understanding of existing international law. I would like to reiterate, when it comes to legal questions of do’s and don’ts surrounding state behaviour in cyberspace, the answer must be sought from existing international law."^[6]

Estonia (2021)

"Estonia reiterates that existing international law applies in cyberspace. The rights and obligations set out in international law, including the UN Charter in its entirety, customary international law, international humanitarian and human rights law, apply to the use of ICTs by states. This means that international law applies to relations between states in cyberspace as it does in conventional domains of state interaction. To promote peace and stability in cyberspace and prevent conflict, it is necessary to have clear rules of responsible state behaviour in place.

Existing international law provides a solid normative framework for state actions, regardless of the means or the environment for these actions. The applicability of international law in cyberspace has been affirmed by the UN General Assembly endorsements of the 2013 and 2015 UN Group of Governmental Experts (GGE) consensus reports and reaffirmed by the OEWG consensus report. The current rules are technologically neutral and underline that state behaviour and the deployment of new transformative technologies do not change the applicability of international law.

States should strive to deepen a common understanding of how international law applies in cyberspace, alongside its possible implications and legal consequences. It is important to analyse how existing rules apply before discussing the need for any new agreement. Estonia sees notions for a new legally binding instrument as premature. From our perspective, current legal measures are sufficient to offer guidance on responsible state behaviour in cyberspace.

The 2013 and 2015 GGEs made substantive progress in terms of discussions on relevant legal rules and principles. In order to maintain peace and stability and promote an open, secure, peaceful and accessible cyberspace, we reiterate the following non-exhaustive elements: international law, including the UN Charter in its entirety, applies to state conduct in cyberspace, noting the principles of humanity, necessity, proportionality and distinction as well as respect for human rights and fundamental freedoms; states must meet their international obligations regarding internationally wrongful acts attributable to them under international law; states must not use proxies to commit internationally wrongful acts using ICTs, and should seek to ensure that their territory is not used by non-state actors to commit such acts; states must observe, among other principles of international law, sovereignty, sovereign equality, the settlement of disputes by peaceful means and non-intervention in the internal affairs of other States; the inherent right of States to take measures consistent with international law and as recognized in the Charter."^[7]

Finland (2020)

"In line with its general support to rules-based international cooperation and respect for international law, Finland sees international law as an essential framework for responsible State behaviour in cyberspace. In the same vein, the UN Group of Governmental Experts (GGE) has reaffirmed that “international law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment”. As this formulation, reflecting the specific mandate of the GGE, focuses on questions of international peace and security, there is reason to underline that the same applies to other rights and obligations of States, whether based on treaty law or customary international law."^[8]

France (2019)

"For France, compliance with international law is a precondition for the emergence of an appropriate regulation of cyberspace. Faced with an increasingly prevalent and abiding cyber threat, and systems made increasingly vulnerable by digitisation and interconnectivity, the regulation of cyberspace between States and private- and public-sector actors must become a priority in order to re-establish a collective and multilateral order capable of preserving international peace and security".^[9]

"France reaffirms the obligation for States to respect international law in cyberspace, including the United Nations Charter, and in particular the principles of the sovereign equality of States, the settlement of international disputes by peaceful means and the requirement for States to refrain in their international relations from the threat or use of force against the integrity or political independence of another State or in any other manner inconsistent with the purposes of the United Nations."^[10]

Germany (2021)

"Germany is firmly convinced that international law is of critical importance when dealing with opportunities and risks related to the use of information and communication technologies in the international context. As a main pillar of a rules-based international order, international law as it stands provides binding guidance on States’ use and regulation of information and communication technologies and their defence against malicious cyber operations. In particular, the UN Charter fulfils a core function with regard to the maintenance of international peace and security – also in relation to cyber activities. In this regard, Germany reemphasizes its conviction that international law, including the UN Charter and international humanitarian law (IHL), applies without reservation in the context of cyberspace."^[11]

Iran (2020)

"Article I: General Points

1. Believing that international law applicable to cyberspace shall be a just distributer of benefits and advantages of peaceful cyberspace and involved “access” and “equitable sovereignty” for all states.

2. Emphasizing that while all states shall act responsibly regarding cyberspace, they have common but different responsibilities because of resources and technologies available for each state.

3. Considering that a wide range of general principles of current international law, including equality of sovereignty of states, the prohibition against the use of force and act of aggression may apply to the use of cyberspace."^[12]

Israel (2020)

"Israel considers that international law is applicable to cyberspace, and this is a view that has become almost axiomatic for a vast majority of States. However, when seeking to apply particular legal rules to this domain, we are mindful of its unique features.

These unique features shape policy and affect the legal framework applicable to the cyber domain. I wish to shortly address some of them. First, cyber operations are conducted through a global network, passing through infrastructure located in multiple jurisdictions, and lack, in and of themselves, any meaningful physical manifestation. Second, much of the cyber infrastructure is held and controlled by the private sector and civilian components are a major part of the picture. Thus, regulation of the cyber domain may have various social and economic implications as well. Third, the cyber domain is highly dynamic, given the fast pace of technological developments and innovation. The development of international legal rules, on the other hand, is a more gradual process. This is understandable since these rules are designed to stand the test of time and are not easily amended.

All these factors taken together suggest that an extra layer of caution must be exercised in determining how exactly international legal rules apply to cyber operations, and in evaluating whether and how additional rules should be developed. We, as government and military legal advisers, are tasked with the role of identifying the relevant rules, including those set by the law of armed conflict, and determining how they apply to a particular set of facts. In some cases, it will be possible to apply a certain rule as it is; while in other cases, the situation may be conceptually different, such that it might not be possible, feasible, or even desirable to draw from existing legal rules. This process obviously has to consider the behavior of States in the cyber domain, as international law is State-made."^[13]

Italy (2021)

"Italy deems that international law is applicable to cyberspace and considers it the existing legal discipline and a fundamental tool for assuring responsible State behaviour in cyberspace. This is in line with Italy’s unyielding support to the rule of law both at the international and domestic levels, to a rules-based international order and cooperation and, more generally, to compliance with international law.

Italy thus concurs with the conclusions reached by the UN Group of Governmental Experts (GGE) and by the Open-ended Working Group (OEWG) that was established in 2019, according to which ‘international law and in particular the Charter of the United Nations in its entirety, is applicable and is essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment’.

While the work of the GGE primarily addressed issues of international peace and security, Italy considers that the concept of international peace and security goes beyond a merely military connotation. Accordingly, Italy finds that the rules and principles of international law – be they customary or treaty-based – applicable to activities in cyberspace are not limited to those pertaining to the prohibition of the use of force in international relations.

While Italy has no doubt as to whether international law applies to the cyberspace, it is aware that how existing rules and principles of international law apply gives rise to significant difficulties inherent in the technical features of cyberspace. Such difficulties require responses that the international community is currently developing. Italy thus welcomes and supports the ongoing process of exchange of views, study and cooperation amongst States to that end."^[14]

Japan (2021)

"Existing international law, including the UN Charter in its entirety, is applicable to cyber operations. The 2015 GGE report mentions 11 voluntary, non-binding norms of responsible State behaviour. These items were agreed by Governmental experts as requiring implementation at least as norms, but they include items which affirm or relate to rights and obligations under international law. The inclusion of such norms among the 11 items does not mean that the rights and obligations under existing international law are extinguished or altered."^[15]

Kenya (2021)

"For more than half a century, information and communication technology (ICT) has been international in its creation, reach, use and misuse. Therefore, States have recognized the need to create effective and sustainable frameworks to guide the use of ICTs in the context of international security.

The applicability of International Law towards this effort was first formally stated in Article 19 of the 2013 of the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE) which states that “International law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment.” The 2015 report of the same group went further in Article 25 and emphasized the role of International law as an essential framework for actions in the use of ICTs. As a member of the UNGGE since 2014, and the United Nations General Assembly (UNGA) that has consistently endorsed the reports presented through the UN Secretary General and recommended that States should implement the recommendations of each report, the Republic of Kenya concurs that international law provides critical guidance for the use of ICTs."^[16]

Netherlands (2019)

"As the government has indicated on multiple occasions and consistently argues, international law is applicable in cyberspace. This is also recognised internationally. Nevertheless, there are still many unanswered questions concerning the precise manner in which international law should be applied in cyberspace. This is due to the unique characteristics of the digital world in comparison with the physical world. Digital data generally moves rapidly and is therefore often difficult to localise. It can be transferred to another country in a matter of seconds, and can be stored across a range of different countries. What is more, undesirable activity in cyberspace does not necessarily always have an immediate physical impact, even though its effects may nonetheless be serious. It is not yet entirely clear how these and other unique characteristics should be dealt with in the application of international law. The government is encouraging international debate on ways to clarify the application of international law in cyberspace. Clarity and consensus on these points are essential to the international legal order.

The formulation of responses to these questions is an ongoing process, in which the government coordinates closely with like minded partners and pursues initiatives aimed at furthering dialogue, such as the international consultations on international law in cyberspace hosted by the Netherlands in The Hague in late May 2019."^[17]

New Zealand (2020)

"New Zealand supports an international rules-based system that promotes an open, secure, stable, accessible and peaceful online environment and encourages responsible state behaviour in cyberspace."^[18]

"[..]International law applies online as it does offline. Applicable international law includes: the United Nations Charter; the law of state responsibility; international humanitarian law; and international human rights law."^[19]

"[..]As international law has evolved primarily with a territorial, physical conception of the world, care is required to apply the established rules and principles of international law appropriately to the multi-layered context of cyberspace. Applied appropriately, existing international law – as part of the framework of responsible state behaviour in cyberspace – provides an effective toolkit to regulate state behaviour online. This includes the ability to identify breaches of international law in cyberspace, attribute state responsibility for those breaches, and guide responses from victim states."^[20]

Norway (2021)

"International law applies in cyberspace. This has been recognised by the international community. The 2012–2013 United Nations Group of Governmental Experts (GGE) concluded as much in its consensus report, and wrote as follows:

‘International law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment.’

This was reconfirmed in the subsequent consensus report by the 2015 GGE, which also underscored that the UN Charter applies in its entirety. The UN General Assembly welcomed the 2015 report of the GGE in its resolution 70/237 and called upon Member States to be ‘guided in their use of information and communications technologies’ by the report.

In the Final Substantive Report of the Open-ended Working Group on developments in the field of information and telecommunications in the context of international security (OEWG), all UN Member States reaffirmed the conclusions of previous GGEs that international law applies in cyberspace. Moreover, the report called upon States ‘to avoid and refrain from taking any measures not in accordance with international law, and in particular the Charter of the United Nations.’ The report also concluded that ‘further common understandings need to be developed on how international law applies to State use of ICTs.’

Compliance with international law is fundamental for preserving international peace and security in cyberspace." ^[21]

"Existing international law, that is customary international law and international treaties, has not been developed with cyberspace in mind. However, the application of the rules of international law to new areas, for example in response to technological developments, is nothing new. If the law in certain areas is perceived as unclear when applied to activities in cyberspace, this must be resolved in the usual way through interpretation. This applies both to general international law, for instance the rules that relate to sovereignty and state responsibility, and to the specialised regimes of international law, such as international human rights law and international humanitarian law.

Norway is of the view that there is no need for specific legal instruments to set out rights and obligations of States in respect of activities in cyberspace."^[22]

Romania (2021)

"An open, secure, stable, accessible and peaceful online environment and a responsible State behaviour in cyberspace cannot be imagined outside an international rules-based system, primarily founded on international law.

Given the specificities of cyberspace and of the incident of various information and communication technologies, the discussion on how international law applies in cyberspace is a complex one.

However, the fact that there is a need to further discuss on how exactly international law applies to cyberspace does not mean that international law does not apply to cyberspace and that we are facing a legal vacuum.

State practice will in time further crystalize the application of international law in cyberspace; as a matter of fact, not all aspects can or even should be clarified in detail in absence of relevant state practice. This is however, without prejudice to the obligation of States to act in a responsible manner including in cyberspace and assume conduct that is in line with general international law.

Romania is of the strong opinion that existing international law equally applies to cyberspace and that there is no need to develop international legal frameworks to address strictly cyberspace."^[23]

Russia (2021)

"Russia assumes that, for the present, the international community has reached consensus on the applicability of the universally accepted principles and norms of international law, which are enshrined, first and foremost, in the Charter of the United Nations and the Declaration on principles of international law, friendly relations and cooperation among States in accordance with the Charter of the United Nations of October 24, 1970, to information space. These include, in particular, the principles of sovereign equality of States, non-use of force and threat of force, settlement of international disputes by peaceful means, non interference into internal affairs of States, obligation of States to cooperate with each other, equal rights and self-determination of peoples, fulfillment of international law obligations in good faith, inviolability of State borders, and territorial integrity of States. This understanding was agreed upon at relevant UN platforms on international information security and set forth, inter alia, in the 2013 and 2015 reports of the UN Group of Governmental Experts (GGE) and in the 2021 report of the UN Open-ended Working Group (OEWG), as well as in the UN General Assembly resolution (A/RES/73/27, para. 17 of the preamble) proposed by Russia and adopted in 2018. It is presumed that international obligations of States, including those stemming from international treaties as the main sources of international law, are applicable in information space.

At the same time, given the specific legal nature of the information environment, notably, the fact that activities therein can be anonymous, the application of international law to the use of information and communications technologies (ICTs) should not be automatic and should not be carried out by simple extrapolation. There is a need to substantively discuss the issue of how specific instruments of the existing international law apply to the ICT-sphere, as well as to elaborate a universal approach to this matter under the UN auspices."^[24]

Singapore (2021)

"[..] we believe it is important to build a rules-based international order in cyberspace, especially given rapid digitalisation. The adherence by States to international law is essential to support and promote an open, secure, stable, accessible, peaceful, and interoperable ICT environment."^[25]

"[..] Singapore affirms the principle that international law, in particular the Charter of the United Nations (the “UN Charter”), applies to cyberspace."^[26]

Switzerland (2021)

"Switzerland is committed to building and maintaining a free, open, secure and peaceful cyberspace, and to advancing the recognition, observance and enforcement of international law in this space. All states have a common interest in ensuring that cyberspace is governed by the rule of law and used for peaceful purposes only. Switzerland considers international law to be applicable to cyberspace. It therefore welcomes the consensus of previous UN GGEs that international law, and in particular the UN Charter in its entirety, are applicable to cyberspace – which was also approved unanimously by the UN General Assembly. It also welcomes the OEWG 2019/2021 report of 18 March 2021, which confirms this consensus."^[27]

United Kingdom (2018)

"Cyber space is not – and must never be – a lawless world. It is the UK’s view that when states and individuals engage in hostile cyber operations, they are governed by law just like activities in any other domain. The UK has always been clear that we consider cyber space to be an integral part of the rules based international order that we are proud to promote. The question is not whether or not international law applies, but rather how it applies and whether our current understanding is sufficient.

What this means is that hostile actors cannot take action by cyber means without consequence, both in peacetime and in times of conflict. States that are targeted by hostile cyber operations have the right to respond to those operations in accordance with the options lawfully available to them and that in this as in all things, all states are equal before the law."^[28]

United Kingdom (2021)

"International law is fundamental to maintaining security and stability in cyberspace and international law applies to States’ conduct in cyberspace on the same basis as it applies to their other conduct. The application of international law to States’ conduct in cyberspace is clearly recognised by the international community. In the recent 2021 OEWG report, States reaffirmed their understanding (as already set out in the 2013 and 2015 GGE reports) that ‘international law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment’."^[29]

United States (2012)

"[...]international law principles do apply in cyberspace. Everyone here knows how cyberspace opens up a host of novel and extremely difficult legal issues. But on this key question, this answer has been apparent, at least as far as the U.S. Government has been concerned. Significantly, this view has not necessarily been universal in the international community. At least one country has questioned whether existing bodies of international law apply to the cutting edge issues presented by the internet. Some have also said that existing international law is not up to the task, and that we need entirely new treaties to impose a unique set of rules on cyberspace. But the United States has made clear our view that established principles of international law do apply in cyberspace."^[30]

United States (2016)

"Existing principles of international law form a cornerstone of the United States’ strategic framework of international cyber stability during peacetime and during armed conflict. The U.S. strategic framework is designed to achieve and maintain a stable cyberspace environment where all States and individuals are able to realize its benefits fully, where there are advantages to cooperating against common threats and avoiding conflict, and where there is little incentive for States to engage in disruptive behavior or to attack one another.

There are three pillars to the U.S. strategic framework, each of which can help to ensure stability in cyberspace by reducing the risks of misperception and escalation. The first is global affirmation of the applicability of existing international law to State activity in cyberspace in both peacetime and during armed conflict. The second is the development of international consensus on certain additional voluntary, non-binding norms of responsible State behavior in cyberspace during peacetime, which is of course the predominant context in which States interact. And the third is the development and implementation of practical confidence-building measures to facilitate inter-State cooperation on cyber-related matters."^[31]

United States (2020)

"We recognize that State practice in cyberspace is evolving. As lawyers operating in this area, we pay close attention to States’ explanations of their own practice, how they are applying treaty rules and customary international law to State activities in cyberspace, and how States address matters where the law is unsettled."^[32]

"It continues to be the view of the United States that existing international law applies to State conduct in cyberspace. Particularly relevant for military operations are the Charter of the United Nations, the law of State responsibility, and the law of war. To determine whether a rule of customary international law has emerged with respect to certain State activities in cyberspace, we look for sufficient State practice over time, coupled with opinio juris—evidence or indications that the practice was undertaken out of a sense that it was legally compelled, not out of a sense of policy prudence or moral obligation."^[33]

Appendixes

See also

Notes and references

Bibliography and further reading