Cyber, space & emerging domains of international law

The cyber domain and the problem of application

International law was not drafted for cyberspace, yet states agree it applies. The 2013 and 2015 reports of the UN Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications, endorsed by the General Assembly, affirmed that the UN Charter applies in its entirety to cyber operations, including Article 2(4) (prohibition on the use of force) and Article 51 (self-defence). The 2021 GGE report and the parallel Open-Ended Working Group (OEWG, established by Resolution 73/27 in 2018) reaffirmed this and elaborated eleven voluntary norms of responsible state behaviour.

Sovereignty, due diligence and attribution

The principal scholarly synthesis is the Tallinn Manual 2.0 (2017), produced by experts convened by NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE). It is not binding law but distils existing rules. Rule 4 holds that a state must not conduct cyber operations that violate the sovereignty of another state; whether sovereignty is itself a primary rule or merely a principle remains contested (the United Kingdom argued in 2018, via Attorney-General Jeremy Wright, that there is no standalone rule of sovereignty in cyberspace, while France in 2019 took the opposite view).

The due diligence principle, rooted in the Corfu Channel case (ICJ, 1949), requires a state not to knowingly allow its territory to be used for acts contrary to the rights of other states. Attribution is governed by the Articles on State Responsibility (ILC, 2001): conduct of non-state hackers is attributable only where the state exercises 'effective control' (Nicaragua, 1986; Bosnian Genocide, 2007). Cyber attribution is therefore both a technical and a legal problem.

When does a cyber operation cross thresholds?

A cyber operation amounts to a use of force when its scale and effects are comparable to a kinetic attack (the Nicaragua 'scale and effects' test). The 2010 Stuxnet operation against Iranian centrifuges at Natanz is the textbook candidate for a cyber operation producing physical damage. An armed attack triggering Article 51 self-defence requires a higher threshold still. Below the use-of-force line, hostile cyber operations may breach the non-intervention principle (Nicaragua, 1986) where they coerce a state in matters within its domaine réservé — election interference being the paradigm. During an armed conflict, international humanitarian law applies: the principles of distinction, proportionality and precautions bind cyber operations (Tallinn Manual 2.0, Rules 92–134), as the ICRC has affirmed.

The outer space legal order

Outer space is governed by a corpus of five UN treaties negotiated through the Committee on the Peaceful Uses of Outer Space (COPUOS). The foundational instrument is the Outer Space Treaty (OST) of 1967. Article I declares the exploration and use of outer space the 'province of all mankind' and guarantees free access. Article II prohibits national appropriation 'by claim of sovereignty, by means of use or occupation, or by any other means' — no state may annex the Moon or a planet. Article IV bans placing nuclear weapons or weapons of mass destruction in orbit and reserves the Moon and celestial bodies for peaceful purposes. Article VI makes states internationally responsible for national activities, including those of non-governmental entities, which they must authorise and continuously supervise — a critical rule as SpaceX, Blue Origin and others operate commercially.

Liability, registration and rescue

The Rescue Agreement (1968) obliges states to return astronauts and recovered space objects. The Liability Convention (1972) imposes absolute liability on a launching state for damage caused on the Earth's surface or to aircraft in flight (Article II) and fault-based liability for damage in space (Article III); it was invoked after the 1978 crash of the Soviet nuclear-powered satellite Cosmos 954 over Canada, settled in 1981 for C$3 million. The Registration Convention (1975) requires launching states to register objects with the UN Secretary-General. The Moon Agreement (1979) declared the Moon's resources the 'common heritage of mankind' but attracted few ratifications and no major spacefaring power.

Emerging contests: resources, debris and weaponisation

The US Commercial Space Launch Competitiveness Act (2015) and the Artemis Accords (2020) assert that commercial recovery of space resources is lawful and not 'national appropriation' under OST Article II — a reading Russia and China reject. Orbital debris, anti-satellite (ASAT) tests (notably Russia's destructive 2021 test creating debris threatening the ISS) and the militarisation of space (the US Space Force, established 2019) press the limits of the 1967 framework. The long-stalled draft Treaty on the Prevention of the Placement of Weapons in Outer Space (PPWT), proposed by Russia and China in 2008, illustrates the deadlock over binding arms control.