Paper by Zine Homburger in EU Cyber Direct’s Research Focus series.
The paper showcases this conceptual ambiguity in the international debate and in literature as they pertain to international norms for state behaviour in cyberspace. The entire paper is freely available on EU Cyber Direct’s website here.
ABSTRACT: The discussion about international norms for state behaviour in cyberspace gained prominence at an international level through the 2015 report of the United Nations Group of Governmental Experts (UNGGE). The motivation to adopt a concept of norms was rather pragmatic as it had proven difficult to engage in discussions on the applicability of international law within the UNGGE. It was considered easier to find consensus on voluntary and non-binding norms, yet neither the UNGGE nor the academic literature clarify what the concept of norms – especially as opposed to law – means. This conceptual ambiguity between law and norms leads to difficulties regarding legal predictability as well as the establishment of responsibility and possible responses to breaches of norms. This paper briefly showcases this ambiguity in the international debate and in literature as they pertain to international norms for state behaviour in cyberspace. Multilateral negotiations and other initiatives can present ways to clarify these two concepts. However, venue choice and the form of cooperation can also influence the legal relevance of negotiation outcomes. Finally, complementary action can help clarify what states consider obligations in cyberspace as well as violations. But what action a state can take in response to a malicious cyber activity depends on the act being categorised as a violation of law or merely a violation of voluntary non-binding norms.