Prohibition of intervention

From International cyber law: interactive toolkit
Jump to navigation Jump to search

Definition[edit | edit source]

Prohibition of intervention
The obligation of non-intervention, a norm of customary international law,[1] prohibits States from intervening coercively in the internal or external affairs of other States. Prohibited intervention was authoritatively defined by the International Court of Justice in the judgment on the merits in the 1986 Nicaragua v United States case:

A prohibited intervention must […] be one bearing on matters in which each State is permitted, by the principle of State sovereignty, to decide freely. One of these is the choice of a political, economic, social and cultural system, and the formulation of foreign policy. Intervention is wrongful when it uses methods of coercion in regard to such choices, which must remain free ones.[2]

In order for an act, including a cyber operation,[3] to qualify as a prohibited intervention, it must fulfil the following conditions:[4]
  1. The act must bear on those matters in which States may decide freely.[5] The spectrum of such issues is particularly broad and it includes both internal affairs (such as the “choice of a political, economic, social, and cultural system”[2] or the conduct of national elections[6]), and external affairs (“formulation of foreign policy”;[2] or “recognition of states and membership of international organisations”[7])—the so-called domaine réservé of States.[8] The content of the domaine réservé is determined by the scope and nature of the State's international legal obligations.
  2. The act must be coercive in nature. There is no generally accepted definition of “coercion” in international law. In this respect, two main approaches have emerged in the cyber context:[9]
    1. Under the first approach, an act is coercive if it is specifically designed to compel the victim State to change its behaviour with respect to a matter within its domaine reservé.[10] Under this approach, the “key is that the coercive act must have the potential for compelling the target State to engage in an action that it would otherwise not take (or refrain from taking an action it would otherwise take)”.[11]
    2. Under the second approach giving meaning to “coercion”, it is sufficient for an act to effectively deprive the target State of its ability to control or govern matters within its domaine reservé.[12] This latter approach distinguishes itself from the former by accepting that mere deprivation of the target State’s control over a protected matter, without actually or potentially compelling that State to change its behaviour, may constitute intervention.[13]
    Under both approaches, however, merely influencing the target State by persuasion or propaganda or causing a nuisance without any particular goal is insufficient to qualify as coercion.[14] The element of coercion also entails the requirement of intent.[15]

    While coercion is evident in the case of an intervention involving the use of force, ‘either in the direct form of military action, or in the indirect form of support for subversive or terrorist armed activities within another State’, as affirmed by the ICJ,[16] it is less clear with respect to non-forcible forms of interference.[17] Some States support the approach that intervention may take various forms, such as economic and political coercion.[18] One example that has been reiterated in several States’ positions, including Australia,[19] Brazil,[20] Canada,[21] Germany,[22] Israel,[23] New Zealand,[24] Norway,[25] Singapore,[26] the United Kingdom[27] and the United States,[28] is the case of cyber operations by a State interfering with another state’s ability to hold an election or manipulating the election results. Many States have affirmed that the assessment has to be done on a case-by-case basis.[29]

    Both potential and actual effects are considered to be relevant when assessing the coercion element.[30]

  3. Finally, there has to be a causal nexus between the coercive act and the effect on the internal or external affairs of the target State.[31]
    4. The prohibition of intervention applies between States, and thus it is not applicable to the activities of non-State groups, unless their conduct can be attributed to a State under the rules on attribution under international law.[32]

Publicly available national positions that address this issue include: Common position of the African Union (2024) (2024), National position of Australia (2020) (2020), National position of Brazil (2021) (2021), National position of Canada (2022) (2022), National position of Costa Rica (2023) (2023), National position of the People's Republic of China (2021) (2021), National position of Denmark (2023) (2023), National position of Estonia (2021) (2021), National position of France (2019) (2019), National position of Germany (2021) (2021), National position of Iran (2020) (2020), National position of Ireland (2023) (2023), National position of Israel (2020) (2020), National position of the Italian Republic (2021) (2021), National position of Japan (2021) (2021), National position of the Netherlands (2019) (2019), National position of New Zealand (2020) (2020), National position of Norway (2021) (2021), National position of Pakistan (2023) (2023), National position of the Republic of Poland (2022) (2022), National position of Romania (2021) (2021), National position of Singapore (2021) (2021), National position of the Kingdom of Sweden (2022) (2022), National position of Switzerland (2021) (2021), National position of the United Kingdom (2018) (2018), National position of the United Kingdom (2021) (2021), National position of the United Kingdom (2022) (2022), National position of the United States of America (2016) (2016), National position of the United States of America (2020) (2020), National position of the United States of America (2021) (2021).

National positions[edit | edit source]

African Union (2024)[edit | edit source]

"26. The prohibition on intervention in the internal and external affairs of States is a principle of general international law that is also reflected in several multilateral treaties, including the founding instruments of regional organizations, such as the Constitutive Act of the African Union, the Charter of the Organization of American States, the Charter of the Organization of Islamic Cooperation, and the Charter of the Association of Southeast Asian Nations, in addition to other instruments, such as the 1975 Helsinki Final Act, and UN General Assembly resolutions, such as the 1970 Declaration on Principles of International Law concerning Friendly Relations and Cooperation among States.

27. The prohibition on intervention is a rule that applies to inter-State relations. Accordingly, only acts that are attributable to a State in accordance with the applicable secondary rules of international law could constitute a violation of the prohibition on intervention.

28. The prohibition on intervention protects against acts that impinge on matters within the domestic jurisdiction of States in relation to which each State is permitted, by the principle of State sovereignty, to decide freely. It is also established that, by virtue of their sovereignty, States have an inalienable right to choose their political, economic, social, and cultural systems, without intervention from any other States.

29. The prohibition on intervention applies to the use of any instrument, including armed, political, economic, or any other means, and instruments of information, that may be used by a State for the purposes of intervening in the internal or external affairs of a foreign State. The prohibition on intervention is especially pertinent in the context of cyberspace given the increasing connectivity between States and societies which provides greater opportunities for malicious actors, including States and non-State actors the acts of which are attributable to States, to misuse ICTs for the purpose of intervening in the internal and external affairs of States. Various codifications of the prohibition on intervention have also affirmed that this rule proscribes both direct intervention by de jure and de facto organs of a State and indirect intervention by persons or groups acting under the direction, instruction, or control of a State. This rule also proscribes the organizing, funding, or the provision of any form assistance to non-State actors engaged in acts of intervention against another State.

30. To constitute a violation of the prohibition on intervention, ICTs in cyberspace must be employed in a manner that amounts to coercion, which the International Court of Justice described, in the Case Concerning Military and Paramilitary Activities in and against Nicaragua, as the element that “defines, and indeed forms the very essence of prohibited intervention.”

31. The African Union is of the view that coercion, in the context of the prohibition on intervention, should be defined as a policy that is designed to impose restraints on the will of a foreign State. Assessing whether the use by one or more States of ICTs in cyberspace to influence the conduct of a foreign State amounts to coercion is a determination that should be undertaken on a case-by-case basis.

32. While the definition of coercion in this context requires further study and deliberation between States, the African Union is of the view that it is not necessary, in order to constitute coercion, that the conduct of a State must rise to the level of completely depriving a foreign State of its freedom of choice or to compel that State to either act or refrain from acting involuntarily. Coercion may also occur through threats of intervention. Furthermore, there is no requirement that, in order to constitute a violation of the prohibition on intervention, an act of coercion must actually succeed in compelling the State subjected to such acts to change its conduct. An unsuccessful attempt of intervention is unlawful under international law. The African Union stresses that offers or calls to peacefully settle disputes through negotiation, enquiry, mediation, conciliation, good offices, arbitration, and judicial settlement, and diplomatic discussions and communications are presumed not to constitute acts of coercion.

33. The African Union recalls that, by virtue of their territorial sovereignty, all States are under an obligation to exercise due diligence to prevent the use of their territory by other States or by non- State actors to engage in acts that constitute a violation of the prohibition on intervention in the internal or external affairs of States."[33]

Australia (2020)[edit | edit source]

"Harmful conduct in cyberspace that does not constitute a use of force may still constitute a breach of the duty not to intervene in the internal or external affairs of another State. This obligation is encapsulated in Article 2(7) of the Charter and in customary international law.

A prohibited intervention is one that interferes by coercive means, either directly or indirectly, in matters that a State is permitted by the principle of State sovereignty to decide freely. Such matters include a State's economic, political, social systems and foreign policy. Coercive means are those that effectively deprive the State of the ability to control, decide upon or govern matters of an inherently sovereign nature. Accordingly, the use by a hostile State of cyber activities to manipulate the electoral system to alter the results of an election in another State, intervention in the fundamental operation of Parliament, or in the stability of States' financial systems would constitute a violation of the principle of non-intervention."[34]

Brazil (2021)[edit | edit source]

The principle of non-intervention, which is considered customary international law, refers to “the right of every sovereign State to conduct its affairs without outside interference”. In the Declaration on the Principles of International Law concerning Friendly Relations and Co-operation among States, the General Assembly affirmed that “the strict observance by States of the obligation not to intervene in the affairs of any other State is an essential condition to ensure that nations live together in peace with one another”. Even though Resolution 2625 (XXV) preceded the widespread use of ICTs, the customary norm prohibiting intervention in the internal affairs of another State applies irrespective of the means or medium used and extends to the use of ICTs by States.

To violate the principle of non-intervention, the malicious use of ICTs against another State must involve an element of coercion affecting the right of the victim State to freely choose its political, economic, social and cultural system, and to formulate its foreign policy. If attributable to a State, this breach entails this State’s international responsibility.

There has been a growing discussion on whether cyberoperations aimed at interfering in the electoral processes of another State could amount to violations of the principle of non-intervention. Considering that elections are at the core of a State’s internal affairs, should the malicious use of ICTs against a State involve some level of coercion, then it must be prohibited by the principle of non-intervention."[35]

Canada (2022)[edit | edit source]

"22. State cyber activities may breach the foundational international law prohibition of intervention in the internal or external affairs of another State. This would be the case where both of the following conditions are met: the activities aim to interfere with the internal or external affairs of the affected State involving its inherently sovereign functions, known as domaine réservé[36]; and the activities would cause coercive effects that deprive, compel, or impose an outcome on the affected State on matters in which it has free choice.[37]

23. In its most serious form, coercion may arise through the threat or use of force but could also arise where a cyber activity is designed to deprive the affected State of its freedom of choice. Coercion must be distinguished from other conduct such as public diplomacy, criticism, persuasion, and propaganda.

24. An example of a prohibited intervention would be a malicious cyber activity that hacks and disables a State’s election commission days before an election, preventing a significant number of citizens from voting, and ultimately influencing the election outcome. Another example would be a malicious cyber activity that disrupts the functioning of a major gas pipeline, compelling the affected State to change its position in bilateral negotiations surrounding an international energy accord.

25. Whether or not a cyber activity meets the threshold for a violation of the rule on territorial sovereignty or rises to the level of a violation of the rule against intervention will be determined on a case-by-case basis. As with the thresholds for violations of territorial sovereignty, Canada believes that further State practice and opinio juris will help clarify the thresholds for the rule of non-intervention, and the scope of customary law in this area over time."[38]

Costa Rica (2023)[edit | edit source]

"23. The principle of non-intervention is grounded in customary international law and prohibits States from interfering directly or indirectly with matters within the domestic jurisdiction of other States, i.e., their internal or external affairs. According to the ICJ, a prohibited intervention is one bearing ‘on matters in which each State is permitted, by the principle of State sovereignty, to decide freely’. Examples include ‘the choice of a political, economic, social and cultural system, and the formulation of foreign policy’, whether these are carried out by private or public entities, and irrespective of a State’s new undertakings under international law. Moreover, according to the ICJ, a wrongful intervention is one which ‘uses methods of coercion in regard to such choices, which must remain free ones’.

24. Coercion is clear-cut when a State uses or threatens to use force against another one. Nonetheless, it can also occur in a multitude of ways where one State, directly or indirectly through support for non-State actors, deprives another State of the capacity to make free and informed choices pertaining to its internal or external affairs. Coercion may occur when a State provides financial or other forms of support to secessionist, subversive or violent groups in the territory of another State, when it exercises significant political or economic pressure on another State, or when it engages in or supports subversive or hostile propaganda or the dissemination of false news that interfere in the internal or external affairs of another State. Moreover, coercion needs not be successful in intervening within a State’s internal or external affairs. Mere threats of intervention or acts seeking to interfere within another State’s domaine reservé may also breach the principle. For such breaches to occur, it suffices that a State intends to coerce another State, employs coercive methods, or eventually causes coercive effects in another State.

25. In Costa Rica’s view, these various forms of coercion may well be carried out in or through ICTs and amount to violations of the principle of non-intervention insofar as they interfere with a State’s internal or external affairs. A prominent example of a breach of non-intervention are ransomware attacks crippling or simply interfering with a State’s ability to run public services, such as finance, education, and social security. Moreover, foreign election interference may also infringe the principle of non-intervention. This may take the form of cyber operations directly interfering with mail ballots or voter databases, or electoral disinformation campaigns seeking to mislead the electorate about the vote itself, candidates, electoral polls or results. Other types of disinformation, such as those affecting a State’s health policies, may also amount to a prohibited intervention. Posts inciting individuals or other States to wage wars of aggression or to disrupt or subvert the internal order of another State may likewise breach the principle of non-intervention".[39]

China (2021)[edit | edit source]

"No State shall intervene in other States’ rights to survival, security and development in cyberspace. No State shall support or allow separatist forces to undermine other States' territorial integrity, national security and social stability through use of ICTs."[40]

Czech Republic (2024)[edit | edit source]

"7. The obligation of non-intervention is a well-established customary rule of international law stemming from the principle of State sovereignty, which is also applicable to cyberspace. A definition of prohibited intervention was provided by the International Court of Justice in the 1986 Nicaragua v United States case: “A prohibited intervention must […] be one bearing on matters in which each State is permitted, by the principle of State sovereignty, to decide freely. One of these is the choice of a political, economic, social, and cultural system, and the formulation of foreign policy. Intervention is wrongful when it uses methods of coercion in regard to such choices, which must remain free ones.”

8. The prohibition of intervention applies between States, and thus it is not applicable to the activities of individuals and non-State groups, unless their conduct can be attributed to a State under the rules of attribution under international law. Cyber activities may constitute a prohibited intervention under international law if they are comparable in scale and effect to intervention in non-cyber contexts.

9. There are two conditions for a cyber activity to be considered as an intervention prohibited under international law:

a) The activity has to tamper with the internal or external affairs of the State, also known as domaine réservé. Internal affairs include, for instance, the conduct of elections; court proceedings; or the drafting and enactment of laws. External affairs include, for instance, the ratification and denunciation of treaties; consenting to official activities of other State’s organs in its territory; or opening or closing down an embassy.

b) The activity must be coercive in nature. Coercion is an activity intended to deprive, either directly or indirectly, the State of its ability to exercise control or govern matters within its internal and external affairs. The precise definition of coercion, and thus of unauthorised intervention, has not yet fully crystallised in customary international law, further State practice and opinio juris are therefore needed.

10. Furthermore, a causal nexus between the activity and the effect on the target State to change its behaviour has to be considered. The assessment whether a particular cyber activity has reached the threshold of prohibited intervention has to be done on a case-by-case basis.

11. There is a certain similarity between the terms “internal and external affairs” and “inherently governmental affairs”, which is one of the defining elements of violation of sovereignty. The difference between actions that violate sovereignty and actions that violate the prohibition of intervention is that the latter is coercive, i.e., intentionally aims to influence the State’s free will and choice.

12. The use of cyber means to target election systems to manipulate election results would, for example, constitute a violation of the obligation of non-intervention.

13. Prohibition of intervention does not cover cyber activities broadly described as “propaganda”, provided that they do not violate another specific rule of international law, such as direct and public incitement to commit genocide. Mere influencing, criticism or persuasion do not meet the requirements to be qualified as prohibited intervention either.

14. Therefore, assessed on a case-by-case approach and taking into account specific circumstances of the case, intervention in the internal or external affairs of the Czech Republic by cyber means may constitute a violation of the prohibition of intervention."[41]

Denmark (2023)[edit | edit source]

"The principle of non-intervention is a fundamental principle of international law. It is a corollary of the principle of sovereignty, and more specifically the aspect that provides for the sovereign equality of States as set forth in article 2(1) of the UN Charter.

Denmark is of the view that the prohibition of intervention is a rule of international law forming part of customary international law. This was established by the ICJ in the Nicaragua v. United States of America case where the Court held that States are prohibited from intervening directly or indirectly in internal or external affairs of other States.[1]

In order for an action to qualify as an unlawful intervention it must qualify as an intervention in matters that are the sovereign prerogative of a State, the so-called domaine réservé, and it must involve an element of coercion.[2]

The scope of activities falling within the domaine réservé include but are not limited to “ (…) the choice of a political, economic, social, and cultural system, and the formulation of foreign policy.”[3] The range of activities covered by the non-intervention rule largely overlap with the activities reserved to States under the rule of sovereignty.

The term coercion is not defined in either treaty law or customary international law. Denmark takes the view that an act may be considered of a coercive nature when the act of interference has a potential for compelling the target State to engage in an action that it would otherwise not take. However, a distinction must be drawn between activities that merely involve influencing, as opposed to compelling, the voluntary actions of a target State. Acts of influence, such as persuasion, criticism, and public diplomacy are insufficient to qualify as an intervention. To be coercive the effort to intervene must be designed to have a decisive impact on outcomes or conduct with respect to a matter reserved to the target State. As emphasized by the Court in the Nicaragua judgment coercive acts involving the use of force are particularly obvious examples of unlawful interventions.[4] Denmark considers that coercion is not limited to means of direct or indirect use of force and that also measures below this threshold may constitute coercion. Cyber activities that do not amount to use of force can therefore also be coercive.

An example of unlawful intervention in the cyber domain could be where a State coercively interferes in the internal political process of another. In the cyber context this could potentially occur by using cyber technology to alter electronic ballots and thereby affecting the results of a political election."[42]

Estonia (2021)[edit | edit source]

The principle of non-intervention is a well-established rule of international law, which flows from the principle of sovereignty, and applies to state conduct in cyberspace.

"If an operation attributable to another state affects a state’s internal or external affairs in such a manner that it coerces a state to take a course of action it would not voluntarily seek, it would constitute a prohibited intervention."

When discussing if a cyber operation constitutes an unlawful intervention into the external or internal affairs of another state, the element of coercion is a key factor. The possibility for a cyber operation to constitute an unlawful intervention in the functions that form a part of a state’s domaine réservé has found acceptance among states, including Estonia, especially regarding the rights and obligations deriving from the principle of state sovereignty. States’ domaine réservé according to the ICJ includes the “choice of a political, economic, social, and cultural system, and the formulation of foreign policy.” Stemming from that, cyber operations that aim to force another nation to act in an involuntary manner or to refrain from acting in a certain manner, and target the other nation’s domaine réservé (e.g. national democratic processes such as elections, or military, security or critical infrastructure systems) could constitute such an intervention."[43]

France (2019)[edit | edit source]

"Many States are acquiring the capacity to prepare and conduct operations in cyberspace. When carried out to the detriment of the rights of other States, such operations may breach international law. Depending on the extent of their intrusion or their effects, they may violate the principles of sovereignty, non-intervention or even the prohibition of the threat or use of force. States targeted by such cyberattacks are entitled to respond to them within the framework of the options offered by international law. In response to a cyberattack, France may consider diplomatic responses to certain incidents, counter-measures, or even coercive action by the armed forces if an attack constitutes armed aggression."[44]

Interference by digital means in the internal or external affairs of France, i.e. interference which causes or may cause harm to France’s political, economic, social and cultural system, may constitute a violation of the principle of non-intervention.[45]

Germany (2021)[edit | edit source]

"The prohibition of a wrongful intervention between States is not explicitly mentioned in the UN Charter. However, it is a corollary of the sovereignty principle, can be derived from art. 2 para. 1 UN Charter and is grounded in customary international law. Generally, for State-attributable conduct to qualify as a wrongful intervention, the conduct must (1) interfere with the domaine réservé of a foreign State and (2) involve coercion. Especially the definition of the latter element requires further clarification in the cyber context.

In its Nicaragua judgement, the International Court of Justice (ICJ) held that ‘[t]he element of coercion, which defines, and indeed forms the very essence of, prohibited intervention, is particularly obvious in the case of an intervention which uses force, either in the direct form of military action, or in the indirect form of support for subversive or terrorist armed activities within another State.’ Malicious cyber activities will only in some cases amount to direct or indirect use of force. However, measures below this threshold may also qualify as coercive. Generally, Germany is of the opinion that cyber measures may constitute a prohibited intervention under international law if they are comparable in scale and effect to coercion in non-cyber contexts.

Coercion implies that a State’s internal processes regarding aspects pertaining to its domaine réservé are significantly influenced or thwarted and that its will is manifestly bent by the foreign State’s conduct. However, as is widely accepted, the element of coercion must not be assumed prematurely. Even harsher forms of communication such as pointed commentary and sharp criticism as well as (persistent) attempts to obtain, through discussion, a certain reaction or the performance of a certain measure from another State do not as such qualify as coercion. Moreover, the acting State must intend to intervene in the internal affairs of the target State – otherwise the scope of the non-intervention principle would be unduly broad.

In the context of wrongful intervention, the problem of foreign electoral interference by means of malicious cyber activities has become particularly virulent. Germany generally agrees with the opinion that malicious cyber activities targeting foreign elections may – either individually or as part of a wider campaign involving cyber and non-cyber-related tactics – constitute a wrongful intervention. For example, it is conceivable that a State, by spreading disinformation via the internet, may deliberately incite violent political upheaval, riots and/or civil strife in a foreign country, thereby significantly impeding the orderly conduct of an election and the casting of ballots. Such activities may be comparable in scale and effect to the support of insurgents and may hence be akin to coercion in the above-mentioned sense. A detailed assessment of the individual case would be necessary.

Also, the disabling of election infrastructure and technology such as electronic ballots, etc. by malicious cyber activities may constitute a prohibited intervention, in particular if this compromises or even prevents the holding of an election, or if the results of an election are thereby substantially modified.

Furthermore, beyond the mentioned examples, cyber activities targeting elections may be comparable in scale and effect to coercion if they aim at and result in a substantive disturbance or even permanent change of the political system of the targeted State, i.e. by significantly eroding public trust in a State’s political organs and processes, by seriously impeding important State organs in the fulfilment of their functions or by dissuading significant groups of citizens from voting, thereby undermining the meaningfulness of an election. Due to the complexity and singularity of such scenarios, it is difficult to formulate abstract criteria. Discussions in this context are still ongoing."[46]

Iran (2020)[edit | edit source]

"Article III: Intervention in Internal [and external] Affairs of other States from the View-Point of the Armed Forces of the Islamic Republic of Iran

1. The principle of non-intervention, without any doubt, is an independent principle of customary international law and any measure to change the political regime such as political forceful intervention is a gross violation of this principle. Measures like cyber manipulation of elections or engineering the public opinions on the eve of the elections may be constituted of the examples of gross intervention. The intervention, also, covers situations in which the non-cyber measures may occur in the cyber activities relating to the internal and external affairs of the other state. Cyber activities paralyzing websites in a state to provoke internal tensions and conflicts or sending mass messages in a widespread manner to the voters to affect the result of the elections in other states is also considered as the forbidden intervention.

2. Armed intervention and all other forms of intervention or attempt to threaten against the personality of state or political, economic, social, and cultural organs of it through cyber and any other tools are regarded as unlawful. No state may compel the other state, by resorting to cyber and other means, to use or encourage to use of political, economic, or any other measures to subject that state in exercising its sovereign rights or guaranteeing concessions from that state.

3. All explicit and dainty forms and complicated techniques of duress, overthrow, and outrage (whether Cyber or non-cyber) to intrigue in the political, social, or economic order of other states or destabilizing governments seeking liberalization of their own economic, political and cultural system form control or intervention of foreigners, is unlawful.

4. Every state enjoys the inherent right to the full development of information system and mass media and their employment, without intervention, to advance their own political, social, economic, and cultural interests and aspirations. Any measure resulting in impediment, denying, and or restricting operation of signals and means of information transfer and providing control systems and exercising the sovereignty of the state is regarded as unlawful.

5. Any capacity-building program in the field of cyber shall be designed and applied under the national plans and needs of states and in consistence with their economic, social, and cultural situations. These programs shall not become a means for intervention in the internal affairs of states."[47]

Ireland (2023)[edit | edit source]

"8. The principle of non-intervention in the internal affairs of states, a corollary of the principle of sovereignty, involves the right of every sovereign state to conduct its affairs without interference.[3] The principle of non-intervention, outside the context of use of force, applies to one state’s actions in relation to another state where two elements are present: (i) coercion by one state of another state; and (ii) in relation to “matters in which each state is permitted, by the principle of state sovereignty, to decide freely.”[4] As regards what is encompassed by the latter element, the ICJ in the Nicaragua case provided specific examples such as the “choice of a political, economic, social and cultural system, and the formulation of foreign policy.”[5] This is often referred to as the domaine réservé of a state.

9. In order for the principle to be engaged, an intervention in the cyber context must be of sufficient seriousness, comparable in scale and effects to coercive action in a non-cyber context. For instance, malicious cyber-operations seriously compromising healthcare systems or national elections are capable of amounting to unlawful interventions.

10. Unlawful interventions should be distinguished from lawful forms of influence and pressure on states, such as lobbying governments or unfriendly acts. Likewise, they do not include countermeasures permitted under international law to induce a state to comply with its obligations on foot of an internationally wrongful act."[48]

Israel (2020)[edit | edit source]

"Another matter closely related to the issue of sovereignty is that of non-intervention. Traditionally, this concept has been understood as having a high threshold. It has been taken to mean that State A cannot take actions to “coerce” State B in pursuing a course of action, or refraining from a course of action, in matters pertaining to State B’s core internal affairs, such as its economic or foreign policy choices. Its traditional application has focused on military intervention and support to armed groups seeking the overthrow of the regime in another State. This could presumably also relate to support given to armed groups in the cyber domain, such as providing information regarding cyber vulnerabilities of the State.

A more recent issue that has come to the fore relates to interference in national elections. We concur with the various positions expressed in this regard, such as that which was presented by former U.S. State Department Legal Adviser Brian J. Egan, and more recently reiterated by U.S. Department of Defense General Counsel Paul C. Ney Jr., that a “cyber operation by a State that interferes with another country’s ability to hold an election or that manipulates another country’s election results would be a clear violation of the rule of non-intervention.”[49]

Italy (2021)[edit | edit source]

"Italy believes that cyber operations constitutes a violation of the customary principle of nonintervention in the internal affairs of other States when a State employs coercive means to compel another State to undertake or desist from a specific action, in matters falling under its domain réservé.

The accelerating pace of technological change, the unpredictable effects of its applications, as well as the difficulty to measure the coercive impact of influence activities, which are on the rise, cannot be overlooked. Therefore, Italy sees merit in continuing to deepen the study of possible violations of the principle of non-intervention in cyberspace. That is particularly the case with regard to influence activities aimed, for instance, at undermining a State’s ability to safeguard public health during a pandemic, or at manipulating voting behaviour."[50]

Japan (2021)[edit | edit source]

"With respect to the principle of non-intervention, cyber operations may constitute unlawful intervention when requirements including the element of coercion, which are clarified in the Nicaragua judgement (1986), are met."[51]

"An act of causing physical damage or loss of functionality by means of cyber operations against critical infrastructure, including medical institutions, may constitute an unlawful intervention, depending on the circumstances, and at any rate, it may constitute a violation of sovereignty. As various opinions were expressed on the relationship between violation of sovereignty and unlawful intervention at the sixth GGE and the OEWG, it is desirable that a common understanding be forged through State practices and future discussions." [52]

Netherlands (2019)[edit | edit source]

"The development of advanced digital technologies has given states more opportunities to exert influence outside their own borders and to interfere in the affairs of other states. Attempts to influence election outcomes via social media are an example of this phenomenon. International law sets boundaries on this kind of activity by means of the non-intervention principle, which is derived from the principle of sovereignty. The non-intervention principle, like the sovereignty principle from which it stems, applies only between states.

Intervention is defined as interference in the internal or external affairs of another state with a view to employing coercion against that state. Such affairs concern matters over which, in accordance with the principle of sovereignty, states themselves have exclusive authority. National elections are an example of internal affairs. The recognition of states and membership of international organisations are examples of external affairs.

The precise definition of coercion, and thus of unauthorised intervention, has not yet fully crystallised in international law. In essence it means compelling a state to take a course of action (whether an act or an omission) that it would not otherwise voluntarily pursue. The goal of the intervention must be to effect change in the behaviour of the target state. Although there is no clear definition of the element of coercion, it should be noted that the use of force will always meet the definition of coercion. Use of force against another state is always a form of intervention."[53]

New Zealand (2020)[edit | edit source]

"Malicious state cyber activity may be inconsistent with the rule of non-intervention. Such activity will violate the rule of non-intervention if it:

a. has significant effects on a matter which falls within the target state’s inherently sovereign functions / domaine réservé (e.g. the right freely to choose its political, economic, social and cultural system, or matters such as taxation, national security, policing, border control, and the formulation of foreign policy); and

b. is coercive (i.e. there is an intention to deprive the target state of control over matters falling within the scope of its inherently sovereign functions). Coercion can be direct or indirect and may range from dictatorial threats to more subtle means of control. While the coercive intention of the state actor is a critical element of the rule, intention may in some circumstances be inferred from the effects of cyber activity.

Examples of malicious cyber activity that might violate the non-intervention rule include: a cyber operation that deliberately manipulates the vote tally in an election or deprives a significant part of the electorate of the ability to vote; a prolonged and coordinated cyber disinformation operation that significantly undermines a state’s public health efforts during a pandemic; and cyber activity deliberately causing significant damage to, or loss of functionality in, a state’s critical infrastructure, including – for example – its healthcare system, financial system, or its electricity or telecommunications network."[54]

Norway (2021)[edit | edit source]

Key message
Cyber operations that compel the target State to take a course of action, whether by act or omission, in a way that it would not otherwise voluntarily have pursued (coercion) in matters relating to its internal or external affairs (domaine réservé), will constitute an intervention in violation of international law.

"The prohibition of intervention applies to a State’s cyber operations as it does to other State activities. Accordingly, a State must not carry out cyber operations in breach of the prohibition of intervention, according to customary international law.

A cyber operation must therefore not be carried out to compel the target State to take a course of action, whether by act or omission, in a way that it would not otherwise voluntarily have pursued (coercion) in matters relating to its internal or external affairs (domaine réservé) – such as a State’s political, economic, social or cultural system or the formulation of its foreign policy. The constituent element of coercion means that cyber activities that are merely influential or persuasive will not qualify as illegal intervention.

Holding elections is an example of a matter within a State’s domaine réservé. Thus, carrying out cyber operations with the intent of altering election results in another State, for example by manipulating election systems or unduly influencing public opinion through the dissemination of confidential information obtained through cyber operations (‘hack and leak’), would be in violation of the prohibition of intervention. Another example is a cyber operation deliberately causing a temporary shutdown of the target State’s critical infrastructure, such as the power supply or TV, radio, Internet or other telecommunications infrastructure in order to compel that State to take a course of action."[55]

Pakistan (2023)[edit | edit source]

"6. Pakistan believes that the principles of non-use of force, sovereign equality of all nations, non-interventionism, and peaceful settlement of disputes, as enshrined in the UN Charter, continue to apply in cyberspace as in the physical world."[56]

Poland (2022)[edit | edit source]

3. Actions in cyberspace may constitute unlawful intervention in affairs falling under the domestic jurisdiction of a state.

"Intervention in internal or external affairs of another state that fall under its domestic jurisdiction is an action that contravenes international law. The principle of non-intervention is a natural consequence of the principle of sovereignty – to the extent to which the state exercises its exclusive sovereign rights, the other states have an obligation to respect them. The threshold for considering a specific operation in cyberspace to be in breach of the principle of non-intervention is higher than in the case of deeming it solely a violation of the principle of sovereignty. To be in breach of international law, an intervention must include the element of coercion that aims at influencing the state’s decisions belonging to its domaine réservé, i.e. the area of state activity that remains its exclusive competence under the principle of sovereignty. Therefore, it is possible to refer to a violation of the non-intervention principle if a state interferes with internal or external affairs falling under the exclusive competence of another state by using an element of coercion.

There is no universally acceptable definition of “coercion”, but an unambiguous example of a prohibited intervention is the use of force.

A cyber operation that adversely affects the functioning and security of the political, economic, military or social system of a state, potentially leading to the state‘s conduct that would not occur otherwise, may be considered a prohibited intervention. In particular, any action in cyberspace that would prevent the filing of tax returns online or any interference with ICT systems that would prevent a reliable and timely conduct of democratic elections would be a violation of international law. Similarly, depriving the parliament working remotely of the possibility of voting online to adopt a law or modifying the outcome of such voting would also be such a violation. It should also be noted that a wide-scale and targeted disinformation campaign may also contravene the principle of non-intervention, in particular when it results in civil unrest that requires specific responses on the part of the state."[57]

Romania (2021)[edit | edit source]

"[..]the principle of prohibition of the intervention in the internal affairs of another State should be addressed (situations of tampering with the electoral processes in other States are relevant as a discussion under this principle).

According to international law, States are under the duty not to intervene in matters within the domestic jurisdiction of any State, in accordance with the Charter; this means that no State has the right to intervene, directly or indirectly, for any reason whatever, in the internal or external affairs of any other State.

In order for such intervention to be illegal under international law, it must be coerced, meaning that the goal of the intervention must be to effectively change the behavior of the target State; the incidence of coercion must be assessed on a case-bycase basis, in order to determine the violation of the principle of non-intervention.

In other words, the following criteria must be met in order for an act to qualify as prohibited intervention under international law:

  • the act must bear on those matters in which States may decide freely (internal and external affairs – the domain reservé of States);
  • the act must be coercive in nature;
  • there has to be a causal nexus between the coercive act and the effect on the internal or external affairs of the target State.

Therefore, depending on the situation, interference in the internal or external affairs of Romania (that is interference which causes or may cause harm to Romania’s economic, political, social and/ or cultural system) may constitute a violation of the principle of non-intervention."[58]

Singapore (2021)[edit | edit source]

"[..] Singapore affirms that the principle of non-intervention in the internal affairs of other States applies to cyberspace. A prohibited intervention by one State against another must have a bearing on matters in which the victim State is permitted, by the principle of State sovereignty, to decide freely, including its choice of a political, economic, social and cultural system, and the formulation of foreign policy. In Singapore’s view, intervention necessarily involves an element of coercion. As non exhaustive examples, where there is interference in Singapore’s electoral processes through cyber means, or cyber-attacks against our infrastructure in an attempt to coerce our government to take or forbear a certain course of action on a matter ordinarily within its sovereign prerogative, these instances will constitute a violation of the principle of non-intervention."[59]

Sweden (2022)[edit | edit source]

"The principle of non-intervention is a fundamental principle of international law also applicable in cyberspace. It is not expressly mentioned in the UN Charter but is a corollary of the sovereign equality of all States. In the Friendly Relations Declaration, the principle of non-intervention is explained as “No State or group of States has the right to intervene, directly or indirectly, for any reason whatever, in the internal or external affairs of any other State.”

The prohibition of intervention is generally understood to include two elements: intervening in matters in which each State is permitted to decide freely, and the involvement of coercion. These elements were confirmed by the International Court of Justice (ICJ) in the Nicaragua case. With regard to the latter, the Court held that the “element of coercion, which defines, and indeed forms the very essence of, prohibited intervention, is particularly obvious in the case of an intervention which uses force, either in the direct form of military action, or in the indirect form of support for subversive or terrorist armed activities within another State.” The prohibition of intervention is applicable between States and does not apply directly to non-state actors.

While coercion is not defined in international law, it must be distinguished from other acts that would not qualify as coercion, such as criticism or other ways of influencing through diplomatic means. What constitutes coercion in the cyber context may not be easy to determine, requiring a case-by-case assessment that takes the specific circumstances into account."[60]

Switzerland (2021)[edit | edit source]

"The principle of non-intervention is the corollary of the sovereign equality of all states (Art. 2 para. 1 UN Charter) and is considered customary international law. In this context, intervention is understood to be the direct or indirect interference by one sovereign state in the internal or external affairs of another using coercive measures. It covers those areas where the state has exclusive jurisdiction (known as domaine réservé). The non-intervention principle protects a state's ability to shape its own internal affairs (political, economic, social and cultural systems) as well as its foreign policy. An infringement of sovereignty and a prohibited intervention are not the same. The latter must be coercive in nature, i.e. through its intervention a state seeks to cause another to act (or refrain from acting) in a way it would not otherwise. This means that the threshold for a breach of the non-intervention principle is significantly higher than that for a violation of state sovereignty.

The prohibition of intervention is also applicable to cyberspace. This means that in cyberspace, an unlawful act of interference by one state in the political or economic affairs of another may, in addition to constituting a violation of sovereignty, also breach the non-intervention principle under international law if the respective requirements are fulfilled. The distinction between exerting influence, which is permissible, and coercion, which is not, must be determined on a case-by-case basis. This is particularly true of economic coercion, which could be the case if a company that is systemically relevant was paralysed through a cyber operation. An assessment of whether the operation can be deemed coercive in nature, and thereby be in breach of the non-intervention principle, can only be made on a case-by-case basis."[61]

United Kingdom (2018)[edit | edit source]

"In certain circumstances, cyber operations which do not meet the threshold of the use of force but are undertaken by one state against the territory of another state without that state’s consent will be considered a breach of international law.

The international law prohibition on intervention in the internal affairs of other states is of particular importance in modern times when technology has an increasing role to play in every facet of our lives, including political campaigns and the conduct of elections. As set out by the International Court of Justice in its judgment in the Nicaragua case, the purpose of this principle is to ensure that all states remain free from external, coercive intervention in the matters of government which are at the heart of a state’s sovereignty, such as the freedom to choose its own political, social, economic and cultural system.

The precise boundaries of this principle are the subject of ongoing debate between states, and not just in the context of cyber space. But the practical application of the principle in this context would be the use by a hostile state of cyber operations to manipulate the electoral system to alter the results of an election in another state, intervention in the fundamental operation of Parliament, or in the stability of our financial system. Such acts must surely be a breach of the prohibition on intervention in the domestic affairs of states."[62]

United Kingdom (2021)[edit | edit source]

"Below the threshold of the threat or use of force, the customary international law rule prohibiting interventions in the domestic affairs of States applies to States’ operations in cyberspace as it does to their other activities. As set out by the International Court of Justice in its judgment in the Nicaragua case, the purpose of the rule on non-intervention is to ensure that all States remain free from external coercive intervention in matters affecting a State’s powers, which are at the heart of a State’s sovereignty such as the freedom to choose its own political, social, economic and cultural system.

As the UK has noted previously, while the precise boundaries of this rule continue to be the subject of on-going debate, it provides a clearly established basis in international law for assessing the legality of State conduct. Thus the use of hostile cyber operations to manipulate the electoral system in another State to alter the results of an election, to undermine the stability of another State’s financial system or to target the essential medical services of another State could all, depending on the circumstances, be in violation of the international law prohibition on intervention.

The International Court of Justice has established that a prohibited intervention is one bearing on matters which each State is permitted, by the principle of State sovereignty, to decide freely."[63]

United Kingdom (2022)[edit | edit source]

"Turning to the law - one of the rules of customary international law which is of particular importance in this area is the rule on non-intervention.

Customary international law is the general practice of States accepted as law. As such, it is not static. It develops over time according to what States do and what they say. It can adapt to accommodate change in the world, including technological advances. Customary international law is a framework that can adapt to new frontiers and which governs States’ behaviour.

A well-known formulation of the rule on non-intervention comes from the International Court of Justice in its Military and Paramilitary Activities judgment. According to the Court in that case, all States or groups of States are forbidden from intervening -

…directly or indirectly in internal or external affairs of other States. A prohibited intervention must accordingly be one bearing on matters in which each State is permitted, by the principle of State sovereignty, to decide freely. One of these is the choice of a political, economic, social, and cultural system, and the formulation of foreign policy. Intervention is wrongful when it uses methods of coercion in regard to such choices, which must remain free ones.

The UK’s position is that the rule on non-intervention provides a clearly established basis in international law for assessing the legality of State conduct in cyberspace during peacetime.

It serves as a benchmark by which to assess lawfulness, to hold those responsible to account, and to calibrate responses.

This rule is particularly important in cyberspace for two main reasons.

First, the rule on non-intervention lies at the heart of international law, serving to protect matters that are core to State sovereignty. As long ago as 1966, the UK made clear its position that:

…the principle of non-intervention, as it applied in relations between States, [is] not explicitly set forth in the United Nations Charter but flow[s] directly and by necessary implication from the prohibition of the threat or use of force and from the principle of the sovereign equality of States…

Four years later, in 1970, the UK set out its view that “non-intervention reflected the principle of the sovereign equality of states.” And that these principles were equally valid and interrelated. More colloquially, we might say that sovereignty and non-intervention are two sides of the same coin.

States have expressed different views on the precise significance of sovereignty in cyberspace. The UK reiterated its own position on this point as recently as June 2021. Namely, that any prohibition on the activities of States, whether in relation to cyberspace or other matters, must be clearly established in international law. The general concept of sovereignty by itself does not provide a sufficient or clear basis for extrapolating a specific rule of sovereignty or additional prohibition for cyber conduct going beyond that of non-intervention.

What matters in practice is whether there has been a violation of international law. Differences in legal reasoning must not obscure the common ground which I believe exists when it comes to certain types of unacceptable and unlawful cyber behaviours. I think that common ground also extends to an appreciation that we must carefully preserve the space for perfectly legitimate everyday cyber activity which traverses multiple international boundaries millions of times a second.

Second, the rule on non-intervention is also of increasing relevance due to the prevalence of hostile activity by States that falls below the threshold of the use of force or is on the margins of it. In such circumstances, the rule on non-intervention becomes particularly significant as another benchmark by which States can define behaviour as unlawful.

Having identified the importance of the rule on non-intervention, I will now turn to the threshold for its application. The fact that behaviour attributed to another State is unwelcome, irresponsible, or indeed hostile, does not mean that it is also unlawful. A core element of the non-intervention rule is that the offending behaviour must be coercive.

Coercion was rightly described in the Military and Paramilitary Activities case as “the very essence” of a prohibited intervention. It is this coercive element that most obviously distinguishes an intervention prohibited under international law from, for example, more routine and legitimate information-gathering and influencing activities that States carry out as part of international relations.

But what exactly is coercion?

Some have characterised coercion as forcing a State to act differently from how it otherwise would – that is, compelling it into a specific act or omission. Imagine, for example, a cyber operation to delay another State’s election, or to prevent it from distributing tax revenues to fund essential services. To my mind, these are certainly forms of coercion.

But I want to be clear today that coercion can be broader than this. In essence, an intervention in the affairs of another State will be unlawful if it is forcible, dictatorial, or otherwise coercive, depriving a State of its freedom of control over matters which it is permitted to decide freely by the principle of State sovereignty. While the precise boundaries of coercion are yet to crystallise in international law, we should be ready to consider whether disruptive cyber behaviours are coercive even where it might not be possible to point to a specific course of conduct which a State has been forced into or prevented from taking.

Of course, in considering whether the threshold for a prohibited intervention is met, all relevant circumstances, including the overall scale and effect of a cyber operation, need to be considered. But I believe that we can and should be clearer about the types of disruptive State activity which are likely to be unlawful in cyberspace.

It is therefore important to bring the non-intervention rule to life in the cyber context, through examples of what kinds of cyber behaviours could be unlawful in peacetime. To move the focus to the types of coercive and disruptive behaviours that responsible States should be clear are unlawful when it comes to the conduct of international affairs in peacetime.

And being clear on what is unlawful means we can then be clearer on the range of potential options that can lawfully be taken in response. That is, the kinds of activities which would require legal justification, for example, as a proportionate response to prior illegality by another State. This is crucial in enabling States to act within the law whilst taking robust and decisive action.

With that in mind, today I will set out new detail to illustrate how this rule applies. A non-exhaustive list, to move this discussion forward. I will cover four of the most significant sectors that are vulnerable to disruptive cyber conduct: energy security; essential medical care; economic stability; and democratic processes.

Ensuring the provision of essential medical services and secure and reliable energy supply to a population are sovereign functions of a State. They are matters in respect of which international law affords free choice to States. The Integrated Review highlights the interconnected nature of the global health system, and the importance of building resilience to address global health risks. Covid is a clear example. Likewise, energy security is recognised as including protection of critical national infrastructure from cyber security risks.

Covert cyber operations by a foreign State which coercively restrict or prevent the provision of essential medical services or essential energy supplies would breach the rule on non-intervention.

Of course, every case needs to be assessed on its facts, but prohibited cyber activity in the energy and medical sectors could include:

disruption of systems controlling emergency medical transport (e.g., telephone dispatchers); causing hospital computer systems to cease functioning; disruption of supply chains for essential medicines and vaccines; preventing the supply of power to housing, healthcare, education, civil administration and banking facilities and infrastructure; causing the energy supply chain to stop functioning at national level through damage or prevention of access to pipelines, interchanges, and depots; or *preventing the operation of power generation infrastructure. Turning to economic stability, covert cyber operations by a foreign State that coercively interfere with a State’s freedom to manage its domestic economy, or to ensure provision of domestic financial services crucial to the State’s financial system, would breach the rule on non-intervention.

Such cyber operations could include disruption to the networks controlling a State’s fundamental ability to conduct monetary policy or to raise and distribute revenue, for instance through taxation. Or disruption to systems which support lending, saving and insurance across the economy.

Lastly, democratic processes. Free and open elections, using processes in which a population has confidence, are an essential part of the political system in democratic States. All States have the freedom to make their views known about processes in other countries – delivering hard, sometimes unwelcome messages, and drawing attention to concerns. This is part and parcel of international relations. However, covert cyber operations by a foreign State which coercively interfere with free and fair electoral processes would constitute a prohibited intervention.

Again, every activity needs to be assessed on its facts, but such activities could include:

operations that disrupt the systems which control electoral counts to change the outcome of an election; or operations to disrupt another State’s ability to hold an election at all, for example by causing systems to malfunction with the effect of preventing voter registration. I hope that these illustrative examples will assist in the future when considering what is unlawful in cyberspace.

I should also add that the nature of cyberspace means that it may not be evident, at least at first, whether a State is responsible for a particular action. This is also a space in which criminal gangs operate for financial profit. To be clear, State direction or control of non-State actors who undertake cyber operations of the kind I have described today would also represent unlawful conduct by that State, in line with international law on State responsibility. Cyber is no different from other spheres of activity in this sense. Provided that it is exercising the requisite degree of direction or control, a State is no less responsible for internationally unlawful cyber operations conducted by a ransomware gang than it would be for the unlawful actions of an armed group, or a corporation."[64]

United States (2016)[edit | edit source]

In certain circumstances, one State’s non-consensual cyber operation in another State’s territory could violate international law, even if it falls below the threshold of a use of force. This is a challenging area of the law that raises difficult questions. The very design of the Internet may lead to some encroachment on other sovereign jurisdictions. Precisely when a non-consensual cyber operation violates the sovereignty of another State is a question lawyers within the U.S. government continue to study carefully, and it is one that ultimately will be resolved through the practice and opinio juris of States.

Relatedly, consider the challenges we face in clarifying the international law prohibition on unlawful intervention. As articulated by the International Court of Justice (ICJ) in its judgment on the merits in the Nicaragua Case, this rule of customary international law forbids States from engaging in coercive action that bears on a matter that each State is entitled, by the principle of State sovereignty, to decide freely, such as the choice of a political, economic, social, and cultural system. This is generally viewed as a relatively narrow rule of customary international law, but States’ cyber activities could run afoul of this prohibition. For example, a cyber operation by a State that interferes with another country’s ability to hold an election or that manipulates another country’s election results would be a clear violation of the rule of non-intervention. For increased transparency, States need to do more work to clarify how the international law on non-intervention applies to States’ activities in cyberspace."[65]

United States (2020)[edit | edit source]

"[...] the international law prohibition on coercively intervening in the core functions of another State (such as the choice of political, economic, or cultural system) applies to State conduct in cyberspace. For example, “a cyber operation by a State that interferes with another country’s ability to hold an election” or that tampers with “another country’s election results would be a clear violation of the rule of non-intervention.” Other States have indicated that they would view operations that disrupt the fundamental operation of a legislative body or that would destabilize their financial system as prohibited interventions.

There is no international consensus among States on the precise scope or reach of the non-intervention principle, even outside the context of cyber operations. Because States take different views on this question, DoD lawyers examining any proposed cyber operations must tread carefully, even if only a few States have taken the position publicly that the proposed activities would amount to a prohibited intervention.

Some situations compel us to take into consideration whether the States involved have consented to the proposed operation. Because the principle of non-intervention prohibits “actions designed to coerce a State … in contravention of its rights,” it does not prohibit actions to which a State voluntarily consents, provided the conduct remains within the limits of the consent given."[66]

United States (2021)[edit | edit source]

"Among other international legal principles, the 2015 GGE report acknowledges the principle of non-intervention in the internal affairs of other States. As articulated by the International Court of Justice (ICJ) in its judgment on the merits in the Nicaragua Case, this rule of customary international law forbids States from engaging in coercive action that bears on a matter that each State is entitled, by the principle of State sovereignty, to decide freely, such as the choice of a political, economic, social, and cultural system. This is generally viewed as a relatively narrow rule of customary international law, but States’ cyber activities could run afoul of this prohibition. For example, a cyber operation by a State that interferes with another country’s ability to hold an election or that manipulates another country’s election results would be a clear violation of the rule of non-intervention. Other States have made similar observations.290 Further, a cyber operation that attempts to interfere coercively with a State’s ability to protect the health of its population--for example, through vaccine research or running cyber-controlled ventilators within its territories during a pandemic--could be considered a violation of the rule of non-intervention."[67]


Appendixes[edit | edit source]

See also[edit | edit source]

Notes and references[edit | edit source]

  1. The customary nature has been highlighted by several States, including Australia, Brazil, Germany, Iran, Norway, Sweden, the United Kingdom and the United States.
  2. 2.0 2.1 2.2 Military and Paramilitary Activities in and against Nicaragua (Nicaragua v US) (Merits) [1986] ICJ Rep 14 [205].
  3. Many States, including Australia, Brazil, Canada, Estonia, Israel, Italy, Japan, New Zealand, Norway, Singapore, Sweden, Switzerland, the United Kingdom and the United States, have acknowledged that the prohibition of intervention applies to cyber operations. This has been also highlighted by the UN Group of Governmental Experts. See UNGA, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (22 July 2015) A/70/174, para 28(b); UNGA, Report of the Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security (14 July 2021) A/76/135, para 71(c).
  4. Many States agree that intervention ‘involves “coercion” in relation to a State’s domaine réservé’. See Ori Pomson, 'The Prohibition on Intervention Under International Law and Cyber Operations' (2022) 99 International Law Studies 180, 217. In this regard, see the national positions of Australia, Brazil, Canada, Estonia, Germany, Israel, Italy, The Netherlands, New Zealand, Norway, Romania, Singapore, Sweden, Switzerland, the United Kingdom and the United States.
  5. Militarv and Paramilitary Activities in and against Nicaragua (Nicaragua v. United States of America) Merits, Judgment. I.C.J. Reports 1986, 14 [241].
  6. Dutch Minister of Foreign Affairs, ‘Letter to the President of the House of Representatives on the International Legal Order in Cyberspace – Appendix: International Law in Cyberspace’ (5 July 2019), 3; Finland, ‘International law and cyberspace: Finland’s national positions’ (15 October 2020), 3; Germany, ‘On the Application of International Law in Cyberspace: Position Paper’ (March 2021), 5.
  7. Dutch Minister of Foreign Affairs, ‘Letter to the President of the House of Representatives on the International Legal Order in Cyberspace – Appendix: International Law in Cyberspace’ (5 July 2019), 3.
  8. See, for example, Katja Ziegler, “Domaine Réservé”, in Rudiger Wolfrum (ed), Max Planck Encyclopedia of Public International Law (OUP 2008) (updated April 2013) (defining the domaine réservé as those “areas where States are free from international obligations and regulation”); Nationality Decrees Issued in Tunis and Morocco (French Zone) on November 8th, 1921 (Great Britain v France) Advisory Opinion, (1923) PCIJ Series B no 4, 7th February 1923 [24].
  9. See also Harriet Moynihan, ‘The Vital Role of International Law in the Framework for Responsible State Behaviour in Cyberspace’ (2020) 6(3) Journal of Cyber Policy 394, 400-1.
  10. See, e.g., Dutch Minister of Foreign Affairs, ‘Letter to the President of the House of Representatives on the International Legal Order in Cyberspace – Appendix: International Law in Cyberspace’ (5 July 2019) 3, defining coercion as ‘compelling a state to take a course of action (whether an act or an omission) that it would not otherwise voluntarily pursue’ and noting that ‘[t]he goal of the intervention must be to effect change in the behaviour of the target state’; Germany, ‘On the Application of International Law in Cyberspace: Position Paper’ (March 2021), 5, defining coercion as a situation in which a State’s ‘will is manifestly bent by the foreign State’s conduct’ and noting that ‘the acting State must intend to intervene in the internal affairs of the target State’; see further, the national positions of Italy, Switzerland, Estonia, Norway and Romania; see also Tallinn Manual 2.0, commentary to rule 66, para 19 (‘The majority of Experts was of the view that the coercive effort must be designed to influence outcomes in, or conduct with respect to, a matter reserved to a target State.’).
  11. Tallinn Manual 2.0, commentary to rule 66, para 21. See also Dutch Minister of Foreign Affairs, ‘Letter to the President of the House of Representatives on the International Legal Order in Cyberspace – Appendix: International Law in Cyberspace’ (5 July 2019) 3.
  12. See, e.g., Australia, ‘Supplement to Australia’s Position on the Application of International Law to State Conduct in Cyberspace’ (2019) 4 (‘A prohibited intervention is one that interferes by coercive means (in the sense that they effectively deprive another state of the ability to control, decide upon or govern matters of an inherently sovereign nature), either directly or indirectly, in matters that a state is permitted by the principle of state sovereignty to decide freely.’); New Zealand, ‘The Application of International Law to State Activity in Cyberspace’ (1 December 2020), para 9(b) (stating that a State cyber activity is coercive if ‘there is an intention to deprive the target state of control over matters falling within the scope of its inherently sovereign functions’); United Kingdom Attorney General’s Office Suella Braverman: ‘International Law in Future Frontiers’ (19 May 2022). See also Tallinn Manual 2.0, commentary to rule 66, para 19 (‘A few Experts took the position that to be coercive it is enough that an act has the effect of depriving the State of control over the matter in question.’).
  13. Harriet Moynihan, ‘The Vital Role of International Law in the Framework for Responsible State Behaviour in Cyberspace’ (2020) 6(3) Journal of Cyber Policy 394, 403; see also Sean Watts, ‘Low-Intensity Cyber Operations and the Principle of Non-Intervention’ in Jens D Ohlin, Kevin Govern and Claire Finkelstein, Cyber War: Law and Ethics for Virtual Conflicts (Oxford University Press 2015) 256 and ff.
  14. Tallinn Manual 2.0, commentary to rule 66, para 21. See also the national positions of Canada, Germany and Norway.
  15. Tallinn Manual 2.0, commentary to rule 66, paras 19 and 27. See also the national positions of Germany, New Zealand and Sweden.
  16. Military and Paramilitary Activities in and against Nicaragua (Nicaragua v. United States of America) Merits, Judgment. I.C.J. Reports 1986, 14 [205]. See also national position of Canada, Germany and The Netherlands.
  17. See Harriet Moynihan, The Application of International Law to State Cyberattacks Sovereignty and Non-Intervention (Chatham House, 2 December 2019) para 82.
  18. See Ori Pomson, 'The Prohibition on Intervention Under International Law and Cyber Operations' (2022) 99 International Law Studies 180, 212. While some States have stressed that economic coercion can still be sufficient for a breach of the rule of non-intervention, others remained ambiguous in their positions. States have referred to different examples that could be classified, depending on the circumstances of the case, under the prohibition of intervention. See the national positions of Australia (‘intervention in the fundamental operation of Parliament, or in the stability of States’ financial systems’), Canada (‘a malicious cyber activity that disrupts the functioning of a major gas pipeline, compelling the affected State to change its position in bilateral negotiations surrounding an international energy accord’), Italy (‘influence activities aimed, for instance, at undermining a State’s ability to safeguard public health during a pandemic’), New Zealand (‘a prolonged and coordinated cyber disinformation operation that significantly undermines a state’s public health efforts during a pandemic; and cyber activity deliberately causing significant damage to, or loss of functionality in, a state’s critical infrastructure, including – for example – its healthcare system, financial system, or its electricity or telecommunications network’), Norway (‘a cyber operation deliberately causing a temporary shutdown of the target State’s critical infrastructure, such as the power supply or TV, radio, Internet or other telecommunications infrastructure in order to compel that State to take a course of action’), Singapore (‘cyber-attacks against our infrastructure in an attempt to coerce our government to take or forbear a certain course of action on a matter ordinarily within its sovereign prerogative’), Switzerland (‘This is particularly true of economic coercion, which could be the case if a company that is systemically relevant was paralysed through a cyber operation’), the United Kingdom (‘intervention in the fundamental operation of Parliament, or in the stability of our financial system’; ‘to undermine the stability of another State’s financial system or to target the essential medical services of another State’; ‘Covert cyber operations by a foreign State which coercively restrict or prevent the provision of essential medical services or essential energy supplies […]disruption of systems controlling emergency medical transport (e.g., telephone dispatchers); causing hospital computer systems to cease functioning; disruption of supply chains for essential medicines and vaccines; preventing the supply of power to housing, healthcare, education, civil administration and banking facilities and infrastructure; causing the energy supply chain to stop functioning at national level through damage or prevention of access to pipelines, interchanges, and depots; or *preventing the operation of power generation infrastructure. Turning to economic stability, covert cyber operations by a foreign State that coercively interfere with a State’s freedom to manage its domestic economy, or to ensure provision of domestic financial services crucial to the State’s financial system, would breach the rule on non-intervention […] disruption to the networks controlling a State’s fundamental ability to conduct monetary policy or to raise and distribute revenue, for instance through taxation. Or disruption to systems which support lending, saving and insurance across the economy’), and the United States (‘a cyber operation that attempts to interfere coercively with a State’s ability to protect the health of its population –for example, through vaccine research or running cyber-controlled ventilators within its territories during a pandemic’).
  19. Australian Government, Australia's position on how international law applies to State conduct in cyberspace (2020).
  20. Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136, (August 2021) 19.
  21. Government of Canada, International Law applicable in cyberspace (April 2022)
  22. Federal Government of Germany, ‘On the Application of International Law in Cyberspace’, Position Paper (March 2021) 5-6.
  23. Roy Schöndorf, Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations (8 December 2020).
  24. New Zealand Foreign Affairs and Trade, The Application of International Law to State Activity in Cyberspace (1 December 2020) 2.
  25. Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136 (August 2021) 68-69.
  26. Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136 (August 2021) 83.
  27. Attorney General Jeremy Wright:Cyber and International Law in the 21st Century (23 May 2018); United Kingdom Foreign, Commonwealth & Development Office, Application of international law to states’ conduct in cyberspace: UK statement (3 June 2021); Attorney General Suella Braverman: International Law in Future Frontiers, 19 May 2022.
  28. Brian J Egan, International Law and Stability in Cyberspace (10 November 2016) 13-14; Hon Paul C Ney, Jr., DOD General Counsel Remarks at U.S. Cyber Command Legal Conference (2 March, 2020); Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136 (August 2021) 140.
  29. See the national positions of Canada, Romania, Sweden and Switzerland.
  30. Harriet Moynihan, The Application of International Law to State Cyberattacks Sovereignty and Non-Intervention (Chatham House, 2 December 2019) para 101. Further, the international group of experts involved in the Tallinn Manual 2.0. considered that ‘the fact that a coercive cyber operation fails to produce the desired outcome has no bearing on whether [the prohibition of intervention] has been breached’. Tallinn Manual 2.0., commentary to rule 66, para 29.
  31. Tallinn Manual 2.0, commentary to rule 66, para 24 (the exact nature of the causal nexus was not agreed on).
  32. Harriet Moynihan, The Application of International Law to State Cyberattacks Sovereignty and Non-Intervention (Chatham House, 2 December 2019) para 79. See also the national positions of The Netherlands (‘The non-intervention principle, like the sovereignty principle from which it stems, applies only between states’), Sweden (‘The prohibition of intervention is applicable between States and does not apply directly to non-state actors’), and the 2022 position of the United Kingdom (‘To be clear, State direction or control of non-State actors who undertake cyber operations of the kind I have described today would also represent unlawful conduct by that State, in line with international law on State responsibility’).
  33. African Union Peace and Security Council, "Common African Position on the Application of International Law to the Use of Information and Communication Technologies in Cyberspace" (29 January 2024) 4-5.
  34. Australian Government, Australia's position on how international law applies to State conduct in cyberspace
  35. Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136, August 2021, 18-19.
  36. Government of Canada, International Law applicable in cyberspace, April 2022, See Footnote [18], Inherently sovereign functions (also known as domaine réservé) include those matters in which a State may decide freely, such as political, economic, social, and cultural systems, as well as the formation of foreign policy.
  37. Government of Canada, International Law applicable in cyberspace, April 2022, See Footnote [19], Tallinn Manual 2.0 supra note 15, Rule 66 and accompanying commentary at 318 para 19, provides that “mere coercion does not suffice to establish a breach of the prohibition of intervention…[it] must be designed to influence outcomes in, or conduct with respect to, a matter reserved to a target State.”
  38. Government of Canada, International Law applicable in cyberspace, April 2022
  39. Ministry of Foreign Affairs of Costa Rica, "Costa Rica's Position on the Application of International Law in Cyberspace" (21 July 2023) 7-8 (footnotes omitted).
  40. China’s Views on the Application of the Principle of Sovereignty in Cyberspace, Ministry of Foreign Affairs of the People's Republic of China, p. 2.
  41. Ministry of Foreign Affairs of the Czech Republic, "Czech Republic - Position paper on the application of international law in cyberspace" (27 February 2024) 4-6 (footnotes omitted).
  42. Government of Denmark, "Denmark’s Position Paper on the Application of International Law in Cyberspace"(4 July 2023) 4-5. See footnote [1]: Military and Paramilitary Activities in and against Nicaragua (Nicaragua v. United States of America case). Merits, Judgment. ICJ Reports 1986, p. 14, para. 205; See footnote [2]: Ibid.; See footnote [3]: Ibid.; See footnote [4] Ibid.
  43. Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136, August 2021, 25.
  44. Ministry of Defense of France, International Law Applied to Operations in Cyberspace, 9 September 2019, 6.
  45. Ministry of Defense of France, International Law Applied to Operations in Cyberspace, 9 September 2019, 7.
  46. Federal Government of Germany, ‘On the Application of International Law in Cyberspace’, Position Paper (March 2021) 4-6.
  47. Declaration of General Staff of the Armed Forces of the Islamic Republic of Iran Regarding International Law Applicable to the Cyberspace, August 2020
  48. Irish Department of Foreign Affairs, Position Paper on the Application of International Law in Cyberspace (6 July 2023) 2-3. See Footnote [3]: Military and Paramilitary Activities in and against Nicaragua (Nicaragua v United States of America) Merits Judgment, ICJ Reports 1986, p. 14, [202]. The principle is also reflected in Article 2(7) of the UN Charter, which provides: “Nothing contained in the present Charter shall authorize the United Nations to intervene in matters which are essentially within the domestic jurisdiction of any state or shall require the Members to submit such matters to settlement under the present Charter; but this principle shall not prejudice the application of enforcement measures under Chapter VII.”; See Footnote [4]: Military and Paramilitary Activities in and against Nicaragua (Nicaragua v United States of America) Merits Judgment, ICJ Reports 1986, p. 14, [202]. The principle is also reflected in Article 2(7) of the UN Charter, which provides: “Nothing contained in the present Charter shall authorize the United Nations to intervene in matters which are essentially within the domestic jurisdiction of any state or shall require the Members to submit such matters to settlement under the present Charter; but this principle shall not prejudice the application of enforcement measures under Chapter VII.”; See Footnote [5]: Military and Paramilitary Activities in and against Nicaragua (Nicaragua v United States of America) Merits Judgment, ICJ Reports 1986, p. 14, [177].
  49. Roy Schöndorf, Israel’s Perspective on Key Legal and Practical Issues Concerning the Application of International Law to Cyber Operations, 8 December 2020.
  50. Italian position paper on "International law and cyberspace", Italian Ministry for Foreign Affairs and International Cooperation.,4-5.
  51. Ministry of Foreign Affairs of Japan, Basic Position of the Government of Japan on International Law Applicable to Cyber Operations, 16 June 2021, 2
  52. Ministry of Foreign Affairs of Japan, Basic Position of the Government of Japan on International Law Applicable to Cyber Operations, 16 June 2021, 3
  53. Government of the Kingdom of the Netherlands, Appendix: International law in cyberspace, 26 September 2019 , 3.
  54. The Application of International Law to State Activity in Cyberspace, 1 December 2020, 2.
  55. Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136, August 2021, 68-69.
  56. UNODA, ‘Pakistan’s Position on the Application of International Law in Cyberspace’ (3 March 2023), para. 6.
  57. The Republic of Poland’s position on the application of international law in cyberspace, Ministry of Foreign Affairs of Poland, 29 December 2022, 4.
  58. Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136, August 2021, 77.
  59. Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136, August 2021, 83.
  60. Government Offices of Sweden, Position Paper on the Application of International Law in Cyberspace, July 2022,3
  61. Federal Department of Foreign Affairs, ‘Switzerland's position paper on the application of international law in cyberspace’ (May 2021) 3.
  62. Attorney General Jeremy Wright:Cyber and International Law in the 21st Century, 23 May 2018
  63. United Kingdom Foreign, Commonwealth & Development Office, Application of international law to states’ conduct in cyberspace: UK statement, 3 June 2021
  64. Attorney General Suella Braverman: International Law in Future Frontiers, 19 May 2022
  65. Brian J. Egan, International Law and Stability in Cyberspace, 10 November 2016 13-14.
  66. Hon. Paul C. Ney, Jr., DOD General Counsel Remarks at U.S. Cyber Command Legal Conference, 2 March, 2020
  67. Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and communications technologies by States, UNODA, A/76/136, August 2021, 139-140.

Bibliography and further reading[edit | edit source]

Retrieved from "https://cyberlaw.ccdcoe.org/wiki/Prohibition_of_intervention?oldid=4052"