Protection of medical units during armed conflict

From International cyber law: interactive toolkit
Jump to navigation Jump to search

Definition[edit | edit source]

Protection of medical units during armed conflict
Under treaty and customary IHL, “medical units” – a term that includes military and civilian hospitals (the latter if belonging to a party to the conflict and recognized and authorized by the competent authority of one of the Parties to the conflict) – must be “respected and protected” by the parties to the conflict at all times and “shall not be the object of attack”.[1] Intentionally directing attacks against medical units and facilities may constitute a war crime.[2]

The obligation to “respect” medical facilities is broader than just protecting them against operations that amount to attacks as defined in IHL, meaning it is also prohibited to interfere with the functioning of medical services in ways that do not necessarily result in death, injury, or damage.[3] As the ICRC Commentary explains, under the relevant IHL provisions it is prohibited to “harm [medical facilities] in any way. This also means that there should be no interference with their work (for example, by preventing supplies from getting through) or preventing the possibility of continuing to give treatment to the wounded and sick who are in their care”.[4]

In light of the comprehensive protection for medical facilities under IHL, the obligation to respect medical facilities encompasses a prohibition against deleting, altering or otherwise negatively affecting medical data.[5] Relevant data in the medical context include “data necessary for the proper use of medical equipment and for tracking the inventory of medical supplies” as well as “personal medical data required for the treatment of patients”.[6]

Publicly available national positions that address this issue include: National position of Costa Rica (2023) (2023), National position of Switzerland (2021) (2021).

National positions[edit | edit source]

Costa Rica (2023)[edit | edit source]

"59. Under IHL, medical facilities must be respected and protected by the parties to the conflict at all times. The obligation to respect and protect such facilities entails that it is also prohibited to interfere with their functioning using cyber means, irrespective of whether doing so would amount to an attack as understood under IHL. In Costa Rica’s view, this obligation also encompasses a prohibition against deleting or tampering with medical data (a category that includes data necessary for the proper use of medical equipment, tracking medical supplies, and personal medical data required for patient treatment)."[7]

Switzerland (2021)[edit | edit source]

"Full compliance with IHL is not limited to the rules and principles governing the conduct of hostilities. There are other specific rules of IHL that must be respected, including when conducting military operations that do not qualify as an 'attack'. For example, certain categories of persons and objects are subject to special protection, such as medical, religious or humanitarian personnel and objects, which must be respected and protected in all circumstances.

This is also applicable to cyberspace. For cyber operations that are linked to any of these specially protected persons or objects, or to other activities governed by IHL, all of the relevant, specific rules must be observed."[8]

Appendixes[edit | edit source]

See also[edit | edit source]

Notes and references[edit | edit source]

  1. See, in particular, Article 19 First Geneva Convention, Article 18 Fourth Geneva Convention, Article 12 Additional Protocol I, Article 11(1) Additional Protocol I. See also Rule 28 ICRC CIHL Study. On the requirement of recognition and authorization, see Article 12(2) Additional Protocol I. Unauthorized civilian medical units are protected according to the rules on the protection of civilian objects. See ICRC CIHL Study, commentary on rule 28, at 95.
  2. See Articles 8(2)(b)(xxiv) and 8(2)(e)(ii) Rome Statute of the International Criminal Court. See also Article 85(2) Additional Protocol I.
  3. See Article 49 AP I, which defines attacks as “acts of violence against the adversary, whether in offence or in defence”. The Tallinn Manual 2.0 defines a cyber attack for the purposes of IHL as a cyber operation, “that is reasonably expected to cause injury or death to persons or damage or destruction to objects”. (Rule 92)
  4. ICRC Commentary on the APs, para 517. See also ICRC Commentary on GC I, para 1799; Oxford Statement on the International Law Protections Against Cyber Operations Targeting the Health Care Sector (21 May 2020), point 5 (“During armed conflict, international humanitarian law requires that medical units, transport and personnel must be respected and protected at all times. Accordingly, parties to armed conflicts: must not disrupt the functioning of health-care facilities through cyber operations; must take all feasible precautions to avoid incidental harm caused by cyber operations, and; must take all feasible measures to facilitate the functioning of health-care facilities and to prevent their being harmed, including by cyber operations”); Tallinn Manual 2.0, para 5 of the commentary on Rule 131.
  5. See ICRC, “International humanitarian law and the challenges of contemporary armed conflicts” (2015) 43; Tallinn Manual 2.0, commentary to rule 132, para 3; French Ministry of the Armies, “International Law Applied to Operations in Cyberspace” (9 September 2019) 14–15.
  6. Tallinn Manual 2.0, commentary to rule 132, para 3.
  7. Ministry of Foreign Affairs of Costa Rica, "Costa Rica's Position on the Application of International Law in Cyberspace" (21 July 2023) 16-17 (footnotes omitted).
  8. Federal Department of Foreign Affairs, ‘Switzerland's position paper on the application of international law in cyberspace’ (May 2021) 10-11.

Bibliography and further reading[edit | edit source]