1. Maturing consensus that international
law applies in cyberspace, but
continued debate on how it applies
a. It is now generally held that international law
1
applies to cyberspace: this has been conrmed
inter alia by UN GGE 2013 and 2015 consensus
reports;
2
in statements of regional organisations
(NATO,
3
EU,
4
OAS SCO, etc.); by (joint) statements
of States;
5
and by States in the Tallinn Manual 2.0
(TM 2.0) State consultation process. However, such
a conclusion does not warrant overcondence, as
States like Russia and China have been walking
back their commitment even to the broad notion
of the applicability of existing international law in
cyberspace.
b. The legal debate has shifted to how international
law applies in cyberspace. This process is neither
predetermined nor singular; it evolves through State
practice and political statements (individually and
collectively via international organisations and fora),
and by scholarly legal discussion. Furthermore, it
involves a number of dierent issues of varied
specicity.
c. Acceptance of particular legal rules to cyber-
space varies. Certain rules are generally accepted,
such as prohibition of intervention (Rules 66–67 of
TM 2.0) and the right to self-defence (Rules 71–75
of TM 2.0). Others, in particular the exercise of
(territorial) sovereignty (Rules 1–5 of TM 2.0)
6
and
due diligence (Rules 6–7 of TM 2.0) in cyberspace,
have received mixed reactions on their scope
and content, even from countries which do not
question the rele vance of existing international law to
cyberspace.
7
d. States are likewise divided on whether existing
treaty and customary law is adequate (as main-
tained by the West) or whether new treaty instru-
ments are needed; the SCO
8
States are the most
prominent proponents of the latter.
9
e. The conceptual dierence in approaches ‘cyber-
security vs. information security’ also persists,
as does the practice of applying national sovereignty
over ‘information space’ (China and Russia as prime
examples).
CCDCOE resources
• Michael N. Schmitt (Ed.) Tallinn Manual 2.0 on the
International Law Applicable to Cyber Operations (2017)
• Wol Heintschel von Heinegg, International Law and
International Information Security: A Response to
Krutskikh and Streltsov Tallinn Paper No. 9 (2015)
• Katharina Ziolkowski (Ed.), Peacetime Regime for State
Activities in Cyberspace. International Law, International
Relations and Diplomacy (2013)
May 2019
Trends in international
law for cyberspace
About this paper
This paper is a collaborative view of the NATO CCDCOE Law Branch experts, demarcating the latest trends in inter-
national law and envisioning their evolution over the next few years. It is an independent product of the CCDCOE and
does not represent the oicial policy or position of NATO or any of its Sponsoring Nations.
We do not assert this to be a complete catalogue of trends, neither is the list presented in any particular order. Also,
while we have made every eort to describe globally relevant legal developments, we acknowledge that the list stems
from a Euro-Atlantic geopolitical perspective, and that the division between political developments and trends in law
is not always clear-cut.
