Principle of precautions

From International cyber law: interactive toolkit
Jump to navigation Jump to search

Principle of precautions is one of the core principles of international humanitarian law (IHL). It requires all parties to armed conflicts to take specific precautions such as, when conducting an attack, to verify that targets are military objectives or to give the civilian population an effective warning before the attack.

Precautionary obligations under international humanitarian law[edit | edit source]

Precautionary obligations under international humanitarian law
In addition to prohibitive rules, the conduct of hostilities regime under IHL contains a host of positive obligations that require parties to conflict to take certain protective steps. These positive obligations to take precautions supplement the basic rule of distinction. They are binding on parties to conflict under both treaty and customary IHL, in both international and non-international armed conflict, and they are applicable to all weapons, means, and methods of warfare, including cyber operations during armed conflict.[1]

In particular, “in the conduct of military operations, constant care must be taken to spare the civilian population, civilians and civilian objects”.[2] The term ‘military operations’ encompasses “any movements, manoeuvres and other activities whatsoever carried out by the armed forces with a view to combat” or “related to hostilities”.[3] The obligation of constant care is an obligation of conduct, to mitigate risk and prevent harm. It applies constantly in the planning or execution of any military operation.[4] As a general rule, the higher the risk for the civilian population in any given military operation, the more will be required in terms of care.[5]

Given that there is significant risk of harm to civilians whenever a military is executing an attack, IHL imposes additional obligations specific to those planning or deciding on or carrying out attacks (“active precautions”);[6] it also requires parties to protect civilians and civilian objects under their control against the effects of attacks (“passive precautions”).[7]

Obligations to take precautions in attack[edit | edit source]

Obligations to take precautions in attack
The obligations to take precautions in attack (also referred to as “active precautions”) are most fully codified in Article 57 of Additional Protocol I. This article mandates the taking of a wide variety of measures from target verification and the giving of effective advance warnings through the choice of means and methods of warfare and choice of military objectives to cancellation or suspension of attacks where it becomes apparent that the attack’s target is not a military one or is subject to special protection, or that the attack may be disproportionate. In the interpretation of these precautionary measures, care must be taken to determine what exactly is required of those involved in planning, deciding upon, and executing attacks. The standards vary. For instance, some precautionary measures operate within a ‘feasibility’ standard, while others, such as effective advance warnings, must be taken ‘unless circumstances do not permit’.[8]

There is no specifically prescribed method through which these obligations ought to be discharged.[9] Feasibility, a standard that appears frequently in Article 57, is a contextual standard, and it depends on the presence of a range of factors in the circumstances prevailing at the time.[10] In this regard, ‘feasible’ is understood as ‘that which is practicable or practically possible, taking into account all circumstances prevailing at the time, including humanitarian and military considerations’.[11] Importantly, the standard of feasibility is capable of accommodating a range of considerations, and it evolves through time and with the acquisition of experience.[12]

While the protection of the civilian population and civilian objects in times of conflict is a challenging task in any domain, cyberspace adds its own layer of complexity. A primary reason for this is the interconnectivity of networks and the risks of escalation and unintended consequences. Thus, in conducting attacks in cyberspace, parties to conflict should consider suitable and feasible cyber-specific precautions such as impact assessments on the connectivity of military and civilian networks and on secondary effects of attacks or the identification of cyber networks and infrastructure that are serving specially protected objects.[13]

Obligations to take precautions against the effects of attacks[edit | edit source]

Obligations to take precautions against the effects of attacks
In addition to obligations to take precautions in attack, IHL requires parties to take precautions against the effects of attacks (also referred to as “passive precautions”).[14] According to Article 58 of Additional Protocol I, ‘The Parties to the conflict shall, to the maximum extent feasible: a) [...] endeavour to remove the civilian population, individual civilians and civilian objects under their control from the vicinity of military objectives; b) avoid locating military objectives within or near densely populated areas; c) take the other necessary precautions to protect the civilian population, individual civilians and civilian objects under their control against the dangers resulting from military operations.’[15]

These specific measures require defending forces to protect the civilian population and civilian objects under their control.[16] They are cast in relative terms,[17] as they incorporate a standard of feasibility.[18] A type of conduct, rather than a result, is what lies at the heart of these precautionary obligations. In cyberspace, these precautionary measures can take the form of, for example, building strong cyber resilience cultures at a societal level, segregating civilian and military cyber networks and infrastructure, using antivirus software, or setting up systems for the detection of cyber vulnerabilities.[19]

  1. ICRC, International Humanitarian Law and Cyber Operations during Armed Conflicts: ICRC position paper (November 2019) 5.
  2. ICRC Customary IHL Study, Rule 15; AP 1, Article 57(1).
  3. ICRC Commentary on the Additional Protocols, cited in footnote 249 above, p. 680, para. 2191, p. 617, para. 1936, and p. 600, para. 1875.
  4. Tallinn Manual 2.0, cited in footnote 263 above, p. 477, para. 5.
  5. International Law Association Study Group on the Conduct of Hostilities in the 21st Century, “The conduct of hostilities and international humanitarian law: Challenges of 21st century warfare”, International Law Studies, U.S. Naval War College, Vol. 93, No. 322, 2017, (ILA Study Group Report), 381.
  6. Additional Protocol I, Article 57 and 58; See also ICRC Customary IHL Study, Rules 15, 16, 17, 18, 19 and 20, 22, 23, 24 and 97.
  7. ICRC EWIPA Report, p 103.
  8. Compare Article 57(2)(a)(i)–(ii) with Article 57(2)(c) Additional Protocol I.
  9. Théo Boutruche, “Expert Opinion on the Meaning and Scope of Feasible Precautions under International Humanitarian Law and Related Assessment of the Conduct of the Parties to the Gaza Conflict in the Context of the Operation ‘Protective Edge’”, Expert Opinion commissioned by Diakonia, 2015, p 17.
  10. id, pp 15 – 16.
  11. See Protocol II to the CCW (1980), Article 3(4); Protocol III to the CCW (1980), Article. 1(5); Amended Protocol II to the CCW (1996), Article 3(10); J-M. Henckaerts and L. Doswald-Beck (eds), Customary International Humanitarian Law, Volume I: Rules (2005), Rule 15; ICRC, Explosive Weapons with Wide Area Effects: A Deadly Choice in Populated Areas (2022), p 104.
  12. Marco Sassòli and Anne Quintin, “Active and Passive Precautions in Air and Missile Warfare”, Israel Yearbook on Human Rights, Vol. 44, 2014, p 87.
  13. ICRC, International humanitarian law and the challenges of contemporary armed conflicts (2015), p 43; see also ICRC, Avoiding Civilian Harm from Military Cyber Operations during Armed Conflicts (2021).
  14. Additional Protocol I, art. 58; see also ICRC Customary IHL Study, Rules 22, 23-24.
  15. Under customary IHL, the second and third rules are “arguably” applicable in non-international armed conflicts. See Henckaerts/Doswald-Beck, commentary on Rules 23 and 24, pp 71 and 74.
  16. Commentary of Additional Protocol I, para. 2239.
  17. Dieter Fleck (ed.), The Handbook of International Humanitarian Law, OUP 2021, s 8.08.
  18. Eric Jensen, “Precautions against the effects of attacks in urban areas”, International Review of the Red Cross, Vol. 98 (1), 2016, pp 164 – 165.
  19. ICRC, Avoiding Civilian Harm from Military Cyber Operations during Armed Conflicts, 2021; Jonathan Horowitz, “Cyber Operations under International Humanitarian Law: Perspectives from the ICRC”, American Society of International Law Insights, Vol. 24:11, 2020.