For the complete documentation index, see llms.txt.
Skip to main content
New

Tallinn Manual 2.0

Updated May 21, 2026

The 2017 expert restatement of how international law applies to peacetime cyber operations, expanding the original 2013 Tallinn Manual focused on conflict.

Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations was published in 2017, expanding the original 2013 Manual (which focused on and ).

What It Covers

Tallinn 2.0 covers cyber operations in peacetime, addressing:

  • for cyber operations: the legal for attributing wrongful cyber conduct to states.
  • in cyberspace: whether and how cyber operations can violate .
  • Due diligence obligations to prevent harmful cyber activity from one's territory: the principle that states must take reasonable steps to prevent their territory being used for cyber attacks against other states.
  • The : whether cyber operations targeting another state's political system, economy, or society constitute prohibited .
  • International human rights law in cyberspace: how human-rights obligations apply to cyber operations.
  • Diplomatic and consular law in cyberspace: how cyber operations interact with diplomatic immunities and consular relations.
  • The law of the sea and air law: how maritime and aviation law apply to cyber operations.

How the Manual Was Developed

The Manual restates as applied to cyber by an International Group of Experts under Michael Schmitt's leadership. The drafting process:

  • Three-year drafting period (2014-2017).
  • Multiple drafting sessions with the International Group of Experts.
  • Consultation with state representatives and observers.
  • Final review and -building.
  • Publication with extensive commentary explaining the analysis and noting areas of expert disagreement.

Status and Influence

Like the original, Tallinn 2.0 is non-binding but widely cited by governments and legal scholars. Its influence operates through several channels:

  • State legal positions: many state cyber legal positions reference and engage with Tallinn 2.0 analysis.
  • UN processes: the GGE and OEWG have drawn on Tallinn analysis even where official state positions diverge.
  • Academic scholarship: legal scholarship on cyber operations routinely references Tallinn 2.0.
  • Operational law: military and intelligence operational lawyers reference Tallinn analysis in advising on cyber operations.
  • Litigation: cyber-attribution cases sometimes reference Tallinn analysis.

Areas of Contested Analysis

Tallinn 2.0 acknowledges several areas where the International Group of Experts disagreed or where international law remains contested:

  • Sovereignty as a rule vs principle: whether sovereignty is a freestanding rule that cyber operations can violate, or a principle that informs other rules.
  • Threshold of intervention: what level of cyber-enabled interference constitutes prohibited intervention.
  • Attribution standards: how confident attribution must be to justify response.
  • Countermeasures: when and how states can take responsive cyber action.

These disagreements reflect underlying state disagreements; the Manual maps the contested terrain rather than resolving it.

Tallinn Manual 3.0

3.0 is in development at 's CCDCOE, expected to address recent developments including:

  • Disinformation and influence operations.
  • Ransomware and other commercial cyber threats.
  • AI-enabled cyber operations.
  • Supply-chain cyber attacks.
  • State-sponsored hacktivism.
  • Lessons from the Ukraine war's cyber dimensions.

The 3.0 development process has been informed by the substantial cyber operations of the 2017-2026 period, including major incidents that occurred after Tallinn 2.0 was published.

Why It Matters

Tallinn 2.0 matters because it remains the most comprehensive systematic analysis of how existing international law applies to cyber operations. Without Tallinn 2.0, the international community would lack the analytical framework for discussing cyber-norms questions in a structured way.

The Manual also matters as a method: the expert-group restating-customary-law approach has been replicated in other domains (the Oslo Manual on space law, for instance) and has become a model for navigating contested international-law areas.

Common Misconceptions

Tallinn 2.0 is sometimes treated as binding international law. It is not — it is expert analysis of how existing law applies, with the Manual itself explicitly noting that it does not create new law.

Another misconception is that Tallinn 2.0 represents NATO doctrine. It is hosted at NATO's CCDCOE but is not official NATO doctrine; the International Group of Experts includes scholars from many nations.

Real-World Examples

The 2017 publication was the founding moment for the expanded peacetime cyber legal framework. National legal positions published by the UK (2018), Australia (2017), and France (2019) explicitly engaged with Tallinn 2.0 analysis. The 2025-26 Tallinn Manual 3.0 development is updating the framework for contemporary cyber realities.

Example

Tallinn 2.0 Rule 4 (sovereignty) — that cyber operations can violate the sovereignty of another state — provided the conceptual foundation for the UK Attorney General's 2018 'sovereignty as a rule' speech.

Frequently asked questions

No — it is a non-binding expert restatement of how existing international law applies to cyber. But it is the most authoritative such statement and widely cited.
Talk to founder