Plea of necessity

From International cyber law: interactive toolkit
Jump to navigation Jump to search

Definition[edit | edit source]

Plea of necessity
The plea of necessity allows a State to act in exceptional cases when there is grave and imminent peril to an essential interest of the State and the action in question is the sole means of safeguarding that interest.[1] Even then, the plea of necessity requires that the injured State’s action be balanced with the interests of any States that would be affected and with those of the international community.[2] The injured State’s action must not seriously impair the essential interests of any other State.[3] The plea of necessity is not available to injured States that have substantially contributed to the situation in which they find themselves.[4] However, the plea of necessity can be asserted to take action against non-State actors and can justify actions that violate the rights of non-responsible States, if these conditions are met. In case the situation of necessity is caused by the conduct of non-State actors, attribution of this conduct to a State is not a precondition for acting based on the plea of necessity.

Publicly available national positions that address this issue include: National position of the Czech Republic (2024) (2024), National position of France (2019) (2019), National position of Germany (2021) (2021), National position of Japan (2021) (2021), National position of the Netherlands (2019) (2019), National position of Norway (2021) (2021), National position of the Kingdom of Sweden (2022) (2022), National position of Switzerland (2021) (2021).

National positions[edit | edit source]

Czech Republic (2024)[edit | edit source]

"68. The Czech Republic endorses that the State acts in conformity with international law under the principle of necessity when its action not in conformity with an international obligation is the only way for the State to safeguard an essential interest against a grave and imminent peril. This rule may be invoked only in exceptional cases, namely if there is no other real possibility of addressing the grave and imminent peril, such peril is clearly established on the basis of the evidence reasonably available at the time and provided the act would not result in serious impairment of an essential interests of another State or of the international community as a whole. The State may invoke necessity even if the total amount of potential damage has not yet been assessed, such damage also does not necessarily have to be physical."[5]

France (2019)[edit | edit source]

"France also does not rule out the option of invoking a state of distress or necessity in order to protect a vital interest against a cyberattack which is below the threshold of armed attack but constitutes a serious and imminent danger. In such cases, the measures taken remain peaceful and do not seriously harm a vital interest of the State concerned. Such measures in response to a cyberattack against France in breach of international law are not taken systematically, but according to a discretionary political decision."[6]

Germany (2021)[edit | edit source]

"The wrongfulness of a State’s cyber operation that contravenes its international obligations may be precluded by exception if that State acted out of necessity. This entails that a State may – under certain narrow circumstances – act against malicious cyber operations by resorting, for its part, to active counter-operations even in certain situations in which the prerequisites for countermeasures or self-defence are not met.

The draft articles on State responsibility, which reflect customary law in this regard, inter alia require that the act must be ‘the only way for the State to safeguard an essential interest against a grave and imminent peril’. Whether an ‘interest’ is ‘essential’ depends on the circumstances. Germany holds the view that, in the cyber context, the affectedness of an ‘essential interest’ may inter alia be explained by reference to the type of infrastructure actually or potentially targeted by a malicious cyber operation and an analysis of that infrastructure’s relevance for the State as a whole. For example, the protection of certain critical infrastructures may constitute an ‘essential interest’. It might likewise be determined by reference to the type of harm actually or potentially caused as a consequence of a foreign State’s cyber operation. For example, the protection of its citizens against serious physical harm will be an ‘essential interest’ of each State – regardless of whether a critical infrastructure is targeted or not. Nevertheless, given the exceptional character of the necessity argument, an ‘essential interest’ must not be assumed prematurely.

A case-by-case assessment is necessary to determine whether a peril is ‘grave’. The more important an ‘essential interest’ is for the basic functioning of a State, the lower the threshold of the ‘gravity’ criterion should be. Germany agrees that a ‘grave peril’ does not presuppose the occurrence of physical injury but may also be caused by large-scale functional impairments.

A State, when confronted with a cyber threat, does not yet need to have assessed the total and final damage potential in order to invoke necessity. Necessity may be invoked when the origin of a cyber measure has not (yet) been clearly established; however, States should always make efforts to clarify attribution and (State) responsibility in order to be able to substantiate their grounds for action."[7]

Japan (2021)[edit | edit source]

"The Government of Japan is of the view that a State may invoke necessity under international law when the requirements shown in Article 25 of the ILC’s Articles on State Responsibility are satisfied." [8]

Netherlands (2019)[edit | edit source]

"Necessity is a ground justifying an act which, under certain strict conditions, offers justification for an act that would otherwise be deemed internationally wrongful, such as deploying offensive cyber capabilities against another state. A state may invoke necessity if the following conditions are met:

  • there is an immediate and serious threat to an essential interest of the state concerned;
  • there is no other way to respond to this threat other than to temporarily suspend compliance with one or more of the state’s obligations under international law;
  • the temporary non-compliance does not constitute a serious interference with the essential interests of another state towards which the obligation under international law exists or of the international community, and invocation of necessity in regard to this specific obligation is permitted under international law;
  • the state itself has not contributed to the situation of necessity.

Thus, the ground of necessity may be invoked only in exceptional cases where not only are there potentially very serious consequences, but there is also an essential interest at stake for the state under threat. What constitutes an ‘essential interest’ is open to interpretation in practice, but in the government’s view services such as the electricity grid, water supply and the banking system certainly fall into this category.

As regards the ‘very serious consequences’ required for establishing the existence of a situation of necessity, it should be noted that the damage does not already have to have taken place, but it must be imminent and objectively verifiable. There is no established standard on the degree to which the damage in question can be deemed sufficiently serious to justify invoking the ground of necessity. This must be determined on a case-by-case basis. Damage that merely amounts to an impediment or inconvenience is not sufficient. The damage caused or threatened does not necessarily have to be physical: situations in which virtually the entire internet is rendered inaccessible or where there are severe shocks to the financial markets could be classified as circumstances in which invoking necessity may be justified. Equally, establishing the existence of a situation of necessity does not require a state to determine the precise origin of the damage or whether another state can be held responsible for it. This ground for justification is primarily aimed at giving a state the opportunity to protect its own interests and minimise the damage it suffers.

A state that invokes a situation of necessity has limited options for taking action. This ground may be invoked in respect of violations of obligations under international law only provided there is no other real possibility of taking action to address the damage caused or threatened, and provided there is no interference with the essential interests of another state or of the international community as a whole."[9]

Norway (2021)[edit | edit source]

"In a situation of necessity, a State may be able to respond to a cyber operation in a way that is in principle in breach of an international obligation and nevertheless not incur responsibility for its actions under international law.

Necessity refers to those exceptional situations where the only way a State can safeguard an essential interest threatened by a grave and imminent peril, whether cyber in nature or not, is by temporary non-compliance with international obligations of lesser weight or urgency. For instance, if infrastructure in a third country is used in an internationally wrongful cyber operation, the injured State may under certain conditions launch a cyber operation to destroy or disrupt the internationally wrongful cyber operation, even if this violates the territorial sovereignty of the third State."[10]

Sweden (2022)[edit | edit source]

"Under certain strict conditions, a State is allowed to employ measures that would otherwise be in breach of an international obligation in order to safeguard an essential interest against a grave and imminent peril. This would also apply in a cyber context. Necessity will, however, only rarely be available to excuse non-performance of an obligation."[11]

Switzerland (2021)[edit | edit source]

"In addition to countermeasures, the rules governing state responsibility also provide for special circumstances precluding the wrongfulness of conduct that would otherwise not be in conformity with the international obligations of the state concerned. For example, a state may be exempted from complying with such an obligation if it is the only way for it to safeguard its essential interests from grave and imminent peril. Therefore the narrowly defined exceptions provided for by the rules governing state responsibility may also apply in the context of cyber operations."[12]


Appendixes[edit | edit source]

See also[edit | edit source]

Notes and references[edit | edit source]

Bibliography and further reading[edit | edit source]