EU Council Approves Declaration on International Law in Cyberspace

The Council of the European Union has approved a declaration to clarify the application of international law in cyberspace.

On Monday, November 18, the Council of the European Union approved a declaration aimed at fostering a unified understanding of how international law applies to cyberspace. This initiative reflects the EU’s commitment to strengthening the rule of law in a domain increasingly fraught with complexity and threats.

The declaration emphasizes that existing international law, including the UN Charter and customary international law, fully applies to cyberspace. It specifically prohibits cyber activities that infringe upon a state’s sovereignty or constitute the use of force, as outlined in the Tallinn Manual on Cyber Operations.

Unlike the stricter cyber sovereignty approach adopted by Russia and China, the EU advocates for a rules-based international order that prioritizes shared norms and collective security. A key focus of the declaration is the protection of critical infrastructure, such as healthcare systems and energy grids, in light of lessons learned from significant cyber incidents.

Additionally, the declaration reinforces state obligations regarding due diligence and the prevention of cyber operations originating from their territory. It acknowledges the challenges of attribution in cyber operations and calls for enhanced international cooperation.

Human rights protections, including freedom of expression and the right to privacy, are also addressed in the declaration. The EU’s recent adoption of the European Cyber Resilience Act further supports these efforts by establishing cybersecurity requirements for digital products.

This declaration aligns with ongoing discussions within the United Nations to develop frameworks for responsible state behavior in cyberspace, emphasizing the need for cooperative mechanisms to address global cyber threats.