In the cyber context, international law is one element in the ‘framework for responsible State behaviour in
cyberspace’. The other elements are: voluntary, non-binding norms (‘norms’); confidence building measures;
and capacity building. The 2015 GGE elaborated 11 norms, which were endorsed by consensus in UN General
Assembly Resolution 70/237 (2015), as well as in the report of the 2021 OEWG which was itself endorsed by
consensus in UN General Assembly Decision 75/816. The norms reflect the expectations and standards of the
international community regarding responsible State behaviour in cyberspace, but they do not replace or
alter States’ binding obligations or rights under international law. Accordingly, the norms provide specific
guidance, additional to international law, on what constitutes responsible State behaviour in the use of ICTs.
This understanding of the relationship between international law and norms was affirmed by the OEWG in
its 2021 report.
1. The United Nations Charter, the law on the use of force ( jus ad bellum) and the principle of
non-intervention
The United Nations Charter (UN Charter) and associated rules of customary international law apply to
activities conducted in cyberspace. Article 2(3) of the UN Charter requires States to seek the peaceful
settlement of disputes and Article 2(4) prohibits the threat or use of force by a State against the territorial
integrity or political independence of another State, or in any manner inconsistent with the purposes of the
UN. These obligations—and the UN Charter in its entirety—apply in cyberspace as they do in the physical
realm.
The obligation to seek peaceful settlement of disputes does not impinge upon a State's inherent right to act
in individual or collective self-defence in response to an armed attack. This right applies equally in the cyber
domain as it does in the physical realm.
The UN Charter (Article 33) applies to international disputes involving cyber activities, the continuance of
which are likely to endanger the maintenance of international peace and security. States are required to
seek the settlement of such disputes by peaceful means such as negotiation, enquiry, mediation,
conciliation, arbitration, judicial settlement, and resort to regional agencies or arrangements, or other
peaceful means of their own choice.
Resolution of a cyber dispute consistent with Chapter VI of the UN Charter (Pacific Settlement of Disputes)
could include the parties referring the matter to the International Court of Justice. This would require that
the necessary preconditions be met, including that the matter is admissible and that the Court has jurisdiction
to hear it.
The UN Security Council may exercise its powers and responsibilities under Chapter VI and Chapter VII
(Action with Respect to Threats to the Peace, Breaches of the Peace, and Acts of Aggression) of the UN
Charter with respect to cyber activities endangering international peace and security.
In determining whether a cyber activity constitutes a use of force, States should consider whether the
activity's scale and effects are comparable to traditional kinetic operations that rise to the level of use of
force under international law. This involves a consideration of the intended or reasonably expected direct
and indirect consequences of the cyber activity, including for example whether the activity could
reasonably be expected to cause serious or extensive ('scale') damage or destruction ('effects') in the form
of injury or death to persons, or damage or destruction (including to their functioning) to objects or critical
infrastructure.
2
www.internationalcybertech.gov.au