Tallinn Manual 2.0: Cyber Espionage Generally Not Unlawful

Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations outlines rules for state behaviour in the cyber domain. The handbook, launched in Estonia today, outlines situations that violate international law and highlights grey areas. For example, the authors conclude that while espionage as such is not unlawful, the way it is carried out might not be permissible.

“This is a practical handbook for state legal advisers. The Tallinn Manual 2.0 examines what the rules for state behavior in the new domain of cyber space are.  The analysis includes both the perspective of a state that wishes to engage in cyber operations as well as that of a state that has become the victim of hostile cyber operations,” says Tallinn Manual 2.0 director professor Michael Schmitt of the US Naval War College.

“The 19 expert authors of the Manual identified a number of situations in which states’ cyber operations might violate international law. It is not legal, for instance, for a state to hack into cyber infrastructure in another state and cause it to permanently seize operating,” explains Tallinn Manual 2.0 managing editor Liis Vihul from the NATO Cooperative Cyber Defence Centre of Excellence, a knowledge hub, research centre and training facility in Tallinn.

“By contrast, because international law is silent on the issue of espionage, we concluded that cyber espionage, as a general matter, does not violate international law. However, how espionage is carried out might be unlawful,” Vihul elaborates.

“Fundamentally, the Tallinn Manual 2.0 analysis looks into the future. So long as there is no codified international law for cyber space, the Manual helps to clarify the application of existing law to events in the digital arena as outlines some grey areas,” emphasizes Lauri Mälksoo, international law professor from the University of Tartu and member of the Estonian Academy of Sciences.

“The Tallinn Manual, the most important international law initiative from 21st century Estonia, is well-known in the international legal community. I would not underestimate the importance of the handbook having been developed in and named after the capital of Estonia,” Professor Mälksoo adds.

Authored by nineteen international law experts, the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations is an influential resource for legal advisers dealing with cyber issues. It rests on the understanding that the pre-cyber era international law applies to cyber operations. The drafting of the Tallinn Manual 2.0 was facilitated and led by the NATO Cooperative Cyber Defence Centre of Excellence. The updated and considerably expanded second edition is published by Cambridge University Press. The new expanded edition, like its predecessor, represents the views of its authors, and not of NATO, the NATO CCD COE, its Sponsoring Nations, or any other entity.

The Tallinn Manual 2.0 Estonian launch today was organised by the NATO Cooperative Cyber Defence Centre of Excellence and the Embassy of the Kingdom of the Netherlands. More information on the Tallinn Manual 2.0 and launch events can be found at https://ccdcoe.org/news.html and https://ccdcoe.org/research.html and by following @ccdcoe and #TallinnManual on Twitter.

View album