Switzerland's position paper on the application of international law in cyberspace
exchange at multilateral level remains key in order to continue to clarify how international law
is applicable to cyberspace in concrete terms. A definitive assessment of a cyber incident in
terms of international law is only possible when the concrete circumstances are known. This
means interpreting and applying the rules set out below in each individual case.
Of particular importance to the context of cybersecurity are namely the rules of international
law described below.
I. General international law
1.
Peaceful settlement of disputes
In accordance with Art. 2 para. 3 and Art. 33 of the UN Charter, disputes which may endanger
the maintenance of international peace and security should be settled by peaceful means.
This includes diplomatic proceedings, arbitration or recourse to the International Court of
Justice (ICJ). As a neutral country with long-standing experience and engagement in the
provision of good offices, Switzerland is committed to upholding this principle in cyberspace,
emphasising the overriding aim of ensuring that cyberspace is used for peaceful purposes
only. Switzerland therefore welcomes the UN GGE's 2015 report and the OEWG 2019/2021
report confirming the peaceful settlement of disputes as one of the UN Charter's central
principles, which is also applicable to cyberspace. Consequently, disputes in cyberspace
should also be settled by peaceful means, not with unilateral measures.
2.
Sovereignty
Sovereignty is a foundational principle of international law. It refers to a state's jurisdiction to
define, apply and enforce its own legal order, which in principle is limited to its territory. At
interstate level however, sovereignty implies an independent and equal co -existence among
states. Respect for and protection from interference with territorial integrity is a product of state
sovereignty.6 Accordingly, each state is obliged to respect the sovereignty of other states. 7
Sovereignty is a binding primary rule of international law. Violations of sovereignty are
therefore considered internationally wrongful acts which, if attributable to the state itself, give
rise to state responsibility.
State sovereignty is also applicable to cyberspace. 8 Owing to the special characteristics of
cyberspace, which has no clear territorial boundaries, putting the principle of sovereignty into
practice is a particular challenge. One major issue is who has jurisdiction over or access to
digital data. In the cyber context, the key question is which states have legitimate control over
digital data and are authorised to access that data – which may, depending on the
circumstances, be stored on a different territory or may not be localised geographically.
Conversely, in terms of interstate relations at cybersecurity level, the principle of sovereignty
provides wide scope for protection against cyber operations. For example, state sovereignty
protects information and communication technologies (ICT) infrastructure on a state's territory
against unauthorised intrusion or material damage. This includes the computer networks,
6
7
8
Arbitration aw ard in the Island of Palmas case, 1928, p. 838; the Sw iss Federal Constitution recognises
state sovereignty under international law on the basis of independence, granting the state exclusive
jurisdiction to make and enforce law w ithin its territory (Art. 2 para. 1).
Military and Paramilitary Activities in and against Nicaragua, ICJ Reports 1986, para. 292.
UN GGE 2013 Report, para. 20; UN GGE 2015 Report, paras. 27 and 28 b).
2/11