CCDCOE to Host the Tallinn Manual 3.0 Process

The CCDCOE has committed to host a project to revise and expand the influential Tallinn Manual 2.0 on International Law Applicable to Cyber Operations. The comprehensive 2017 edition will be updated in the light of emerging State practice.

The envisioned five-year project will involve updating all chapters of the Tallinn Manual 2.0 to address the evolving nature of cyber operations and State responses, as well as adding new topics of importance to States. The revised Manual will reflect current State practice regarding cyber operations, including States’ official statements on international law. Activities and statements of international fora, such as the UN-level discussions on responsible State behaviour in cyberspace, will also be considered, as will academic publications and multistakeholder initiatives involving governments, industry, and civil society players.

Along with the CCDCOE, which will facilitate the project and provide research support, the process will engage a broad community of international law specialists as researchers and peer reviewers. As with Tallinn Manual 2.0, an International Group of Experts consisting of renowned international law scholars will be invited to develop and approve the Manual. An essential facet of the project is engagement with States, which will be afforded the opportunity to provide input and communicate their national viewpoints for consideration in the development of the Manual.

Professor Michael Schmitt (University of Reading, CCDCOE Senior Fellow), who directed the Tallinn Manual 2.0 effort and was its General Editor, will serve as the Director of the Tallinn Manual 3.0 project. He will be joined as Co-General Editor by Ms Liis Vihul (Managing Editor of Tallinn Manual 2.0, CEO of Cyber Law International, and an alumnus of the CCDCOE) and Professor Marko Milanović (Professor of Public International Law at the University of Nottingham and co-editor of the EJIL:Talk! blog of the European Journal of International Law).

In reaction to being invited to serve again as Project Director, Professor Schmitt noted, “The Tallinn Manual 2.0 International Group of Experts is proud of the extent to which its work has proven useful to States and the broader international community. But as the technology advances and the reliance of societies on cyberspace grows, States are taking stands through their pronouncements and practice on how international law governs cyber activities. If the Tallinn Manual process is to remain valuable to those who shoulder cyber responsibilities on behalf of their nations, we must act now to ensure it remains an accurate reflection of the current state of the law.”

Tallinn Manual 3.0 will maintain the approach of its predecessors. It is a scholarly work by distinguished international law academics and practitioners that is meant to provide an objective restatement of international law as applied in the cyber context. The Manual is policy and politics-neutral; it will not represent the legal position or doctrine of any State or international organisation, including the CCDCOE. In that regard, and as with Tallinn Manual 2.0, the project’s leadership is committed to objectively including in the Manual all reasonable views regarding the interpretation and application of international law in the cyber context.


The CCDCOE is a NATO-accredited cyber defence hub focusing on research, training and exercises. It represents a community of 29 nations providing a 360-degree look at cyber defence, with expertise in the areas of technology, strategy, operations and law. The NATO-accredited centres of excellence are not part of the NATO Command Structure. The Centre is staffed and financed by its member nations, currently Austria, Belgium, Bulgaria, Croatia, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Italy, Latvia, Lithuania, Montenegro, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States.