Experts: Multiple International Law Regimes Apply to Cyber Operations

Legal expert assure that existing international law norms, both treaty-based and customary, apply to cyberspace. The Tallinn Manual consultations brought legal advisers from over 50 states to The Hague last week.

“The meetings demonstrated that the pressing question for States is no longer whether international law applies in cyberspace, but how it does so,” said Professor Michael Schmitt, director of the Tallinn 2.0 project, emphasizing that discussions were held on a non-attribution basis and the positions of states varied in numerous respects. “For instance, it appears clear that individuals enjoy international human rights in their online activities. That said, there was much discussion on the extraterritorial reach of this body of law and its precise application to such matters as monitoring communications or collecting metadata,” Schmitt explained.

“States accept the general premise of the Tallinn Manual that international law places certain restrictions on state cyber operations during peacetime,” said Liis Vihul, legal expert at the NATO Cooperative Cyber Defence Centre of Excellence in charge of the Tallinn Manual process.  “At the same time, law provides a number of options to defend against hostile cyber operations directed at them,” Vihul emphasized.

“The comments of states help ensure that the Tallinn Manual will prove a key resource for state legal advisers around the world as they confront the difficult challenges presented by malicious cyber operations,” said Professor Michael Schmitt. “The depth, frankness and practicality of the comments demonstrated that states are anxious to make their views heard by the international experts as they finalize the manual,” added Vihul.

Consultations with states form a central component of The Hague Process, which is a collaborative effort of the Dutch Ministry of Foreign Affairs and NATO Cooperative Cyber Defence Centre of Excellence. Designed to increase the transparency of the Tallinn 2.0 process, the consultations clarify the application of international law that governs their activities in cyberspace.

The Tallinn Manual is an influential handbook for legal advisers dealing with cyber issues. The second considerably expanded and updated edition of the Manual will deal with the most common and frequent cyber incidents that states encounter taking place beyond the battlefield. The Tallinn Manual process is facilitated by the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence and the Manual is authored by 20 leading international law experts. Tallinn Manual 2.0 will be published by Cambridge University Press in late 2016.