The Council of the European Union has formally approved a declaration to promote a unified understanding of the application of international law in cyberspace. The declaration underscores the EU’s commitment to the rule of law in an increasingly complex and threat-laden digital domain. This initiative builds further upon established principles of sovereignty and state responsibility, asserting that existing international law, including the UN Charter and customary international laws, fully apply to cyberspace.
A core aspect of the new declaration is the prohibition of cyber activities that infringe on another state’s sovereignty or that could be considered use of force, adhering to the guidelines of the Tallinn Manual on Cyber Operations. The EU’s approach seeks to bolster a rules-based international order, distinguishing itself from the more isolated cyber sovereignty models favored by nations such as Russia and China. This highlights a global tension between unilateral state actions and the necessity for collaborative international frameworks.
Significantly, the declaration prioritizes the protection of critical infrastructure, such as healthcare systems and energy networks, urging for enhanced legal safeguards both during times of peace and conflict. This aligns with the United Nations Group of Governmental Experts (GGE), which advocates for responsible state conduct in cyberspace, including the prohibition of targeting vital infrastructure.
The concept of state obligations concerning due diligence in preventing cyber operations emanating from within their borders was also reaffirmed. The declaration points to the critical need for accountability mechanisms able to deter cyber misconduct, highlighting the challenges of attribution as an area necessitating international collaboration.
The declaration’s resonance with human rights in cyberspace is evident; it acknowledges the importance of freedom of expression and right to privacy in line with Articles 19 and 17 of the International Covenant on Civil and Political Rights. Moreover, it emphasizes bridging the digital divide to ensure that cyber norms promote inclusivity and equity.
This advancement follows the adoption of the European Cyber Resilience Act last month, providing a fresh legal framework that clarifies cybersecurity requirements for digital products. Fully effective within 36 months, the act underlines the regulatory shift toward holding both state and private actors accountable to international and domestic cybersecurity standards. Such initiatives set a precedent for confronting cyber threats worldwide, crucially balancing security needs while upholding individual rights and legal principles.