Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations

NATO’s CCDCOE site describes the Tallinn Manual 2.0 as follows:

Authored by nineteen international law experts, the “Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations”, the updated and considerably expanded second edition of the 2013 “Tallinn Manual on the International Law Applicable to Cyber Warfare”, is an influential resource for legal advisers dealing with cyber issues. The Tallinn Manual 2.0 is the most comprehensive analysis of how existing international law applies to cyberspace. The Tallinn Manual is available in both paper and electronic copies from Cambridge University Press (© Cambridge University Press 2017).  The drafting of the Tallinn Manual 2.0 was facilitated and led by the NATO Cooperative Cyber Defence Centre of Excellence.

The Tallinn Manual 2.0 analysis rests on the understanding that the pre-cyber era international law applies to cyber operations, both conducted by and directed against states. This means that that cyber events do not occur in a legal vacuum and states both have rights and bear obligations under international law.

The focus of the original Tallinn Manual was on the most severe cyber operations, those that violate the prohibition of the use of force in international relations, entitle states to exercise the right of self-defence, and/or occur during armed conflict. Tallinn Manual 2.0 adds a legal analysis of the more common cyber incidents that states encounter on a day-to-day basis and that fall below the thresholds of the use of force or armed conflict.

As such, the 2017 edition covers a full spectrum of international law applicable to cyber operations ranging from peacetime legal regimes to the law of armed conflict, covering a wide array of international law principles and regimes that regulate events in cyberspace. Some pertain to general international law, such as the principle of sovereignty and the various bases for the exercise of jurisdiction. The law of state responsibility, which includes the legal standards for attribution, is examined at length. Additionally, numerous specialised regimes of international law, including human rights law, air and space law, the law of the sea, and diplomatic and consular law, are examined in the context of cyber operations.

Professor Michael Schmitt, a Senior Fellow at the Centre from the United States Naval War College and the University of Exeter, directed the Tallinn 2.0 initiative. Liis Vihul of the NATO CCD COE served as Managing Editor. Additionally, a team of legal and IT experts from the Centre supported the effort. The expanded edition of the Tallinn Manual, like its predecessor, represents only the views of its authors, and not of NATO, the NATO CCD COE, its Sponsoring Nations, or any other State or organisation.

Data protection as an emerging norm for cyberspace activities: two national approaches to balancing national security considerations with data privacy
March 14, 2019

Information Sharing for the Mitigation of Hostile Activity in Cyberspace
March 14, 2019

A Look at Israel’s New Draft Cybersecurity Law
July 21, 2018

International Perspectives on Cybersecurity: Thresholds of Engagement, Harvard Kennedy School Executive Education, January 2018
May 3, 2018

Technology Upends Existing Regulatory Frameworks
March 26, 2018

An Analytical Review and Comparison of Operative Measures Included in Cyber Diplomatic Initiatives
March 10, 2018