Australia
believes that “the foundation for responsible state behaviour in cyberspace is our mutual commitment to existing international law” and
that, as per the 2021 report of the Open-Ended Working Group (OEWG), international law is “essential to maintaining peace and stability and promoting an open, secure, […] stable, accessible and peaceful ICT environment.” In particular, Australia has
affirmed that the UN Charter applies in its entirety to state actions in cyberspace, including the prohibition on the use of force, the peaceful settlement of disputes, the right to self-defence in response to an armed attack, the law of state responsibility during peacetime, and the doctrine of countermeasures in response to internationally wrongful acts. International legal obligations also
include the respect for human rights and fundamental freedoms (especially the right to privacy and freedom of expression), as well as the application of international humanitarian law (IHL) to cyber operations in armed conflict. On the application of IHL, Australia
echoes the position taken by the ICRC that “recognition of the application of IHL neither encourages militarisation, nor legitimises resort to conflict in any domain”.
Under the auspices of the UN, the EU and its Member States have
consistently reaffirmed that a universal cyber security framework can only be grounded in existing international law, including the Charter of the United Nations in its entirety, international humanitarian law, and international human rights law.
Addressing issues as to how existing international law and international humanitarian law, including the principles of humanity, necessity, proportionality and distinction, apply to the use ICTs by States is necessary to increase accountability and transparency. International humanitarian law is fully applicable in cyberspace and this should not be misunderstood as legitimising the use of force between states in the cyber domain. The EU has typically opposed calls for the need to adapt existing international law as a means to develop a new legal instrument for cyber issues.
The UK
views international law as “a critical tool for ensuring stability and security in cyberspace”. In accordance with the 2013, 2015 and 2021 UNGGE reports as well the 2021 OEWG report, the UK
has affirmed that international law, including the UN Charter in its entirety, applies in cyberspace; a position paper notably
states that “we do not consider it is for States to pick and choose which international law instruments are applicable”. This includes the prohibition of the use of force (Article 2(4)), the peaceful settlement of disputes (Article 33) and the inherent right of states to act in self-defence in response to an armed attack (Article 51). The law of state responsibility applies to cyber operations in peacetime, including the doctrine of countermeasures in response to internationally wrongful acts. Meanwhile, the country has
professed a strong commitment to the respect of human rights law in cyberspace, co-sponsoring the
2012,
2014,
2016,
2018 and
2021 UN Human Rights Council resolutions on the protection, promotion and enjoyment of human rights on the Internet. Likewise, the UK
believes in the application of international humanitarian law (IHL) to cyber operations in armed conflict. In response to concerns expressed by other states that this might lead to an undue ‘militarisation’ of cyberspace, the UK has
responded that the application of IHL does not encourage armed conflict but only serves to limit humanitarian consequences in the event of such conflict. In addition, the country has
stated and that there are ways for cyber capabilities to be developed in a manner “consistent with international law” and called on states to be transparent about the existence of their own capabilities. Those statements do not entirely dismiss the idea of cyberspace as a new military domain, with the British position at the OEWG
being that “the use of ICTs in military contexts may be preferable to use of kinetic weapons and can be de-escalatory”. The UK is against the establishment of new, binding international instruments to regulate state behaviour in cyberspace,
arguing that “pursuing […] the development of new treaties is only likely to entrench existing divides in this area and will progress us no further on the question of how International Law applies”.