The Digital Geneva Convention is a proposal advanced by Microsoft President Brad Smith in February 2017, calling on governments to adopt binding international rules protecting civilians from state-sponsored cyberattacks during peacetime. Smith unveiled the idea in a keynote at the RSA Conference in San Francisco, arguing that the tech sector should act as a neutral "digital Switzerland" while states negotiated norms analogous to the 1949 Geneva Conventions on the protection of war victims.
The proposal contained several core commitments Microsoft urged governments to make:
- No targeting of civilians or civilian infrastructure (hospitals, electrical grids, financial systems) in cyberspace.
- No theft of intellectual property via cyber means for commercial advantage.
- Restraint in stockpiling vulnerabilities and an obligation to report flaws to vendors rather than hoard them.
- Assistance to private-sector responders when attacks occur, rather than interference.
- An independent attribution organization, modeled loosely on the IAEA, to publicly identify perpetrators of major attacks.
Smith framed the initiative as a response to incidents such as the 2014 Sony Pictures hack, the 2015–16 attacks on Ukraine's power grid, and interference in the 2016 U.S. election. The 2017 WannaCry and NotPetya outbreaks, which used leaked NSA exploits, reinforced his argument that state-developed cyber tools were causing indiscriminate civilian harm.
The proposal has not been adopted as a treaty. However, it helped catalyze related multistakeholder efforts: the Cybersecurity Tech Accord (April 2018), signed initially by Microsoft, Facebook and roughly 30 other firms; the Paris Call for Trust and Security in Cyberspace launched by President Emmanuel Macron in November 2018; and ongoing discussions at the UN Group of Governmental Experts (GGE) and Open-Ended Working Group (OEWG) on responsible state behavior in cyberspace.
Critics note that major cyber powers — including the United States, Russia, and China — have shown little appetite for binding restrictions, and that verification and attribution remain technically and politically difficult. Supporters argue the proposal nonetheless shifted norms discourse and elevated private-sector voices in cyber diplomacy.
Example
In his February 2017 RSA Conference keynote, Brad Smith urged governments to negotiate a Digital Geneva Convention after attacks like the 2014 Sony Pictures hack and intrusions into Ukraine's power grid.