The application of international humanitarian law (IHL) to cyber operations during armed conflict is complex. Even after more than a decade of multilateral discussions in such forums as the United Nations Groups of Governmental Experts and Open-Ended Working Groups, a common understanding of how IHL applies in cyberspace – the information and communications technology (ICT) domain – remains elusive.
Notably, there are divergent interpretations of “attack” and of whether “digital data” is an object under IHL. This deficiency of clarity, particularly concerning what constitutes permissible or impermissible cyber behaviour in armed conflict, could inhibit legal protections of civilians and civilian objects.
In an effort to facilitate future multilateral discussions on how international law, and in particular IHL, applies to cyber operations, this report highlights two main interpretive approaches found in scholarship and, most importantly, national positions on international law in cyberspace:
- A restrictive interpretation, which limits the notion of “attack” under IHL to cyber operations that cause physical harm and generally excludes digital data as an object.
- An expansive interpretation, which includes operations that result in a “loss of functionality” within the notion of attack and considers essential civilian data as a legally protected object.
Ultimately, the report argues that the incremental convergence of common understanding, while unlikely to ever achieve absolute uniformity, is crucial for establishing clearer international limits on the use of ICTs in armed conflict.
Citation: Biggio, Giacomo and Kastelic, Andraz. International Humanitarian Law and Cyber Operations: (Consequences of) Divergent National Interpretations of “Attack” and “Data”. Geneva, Switzerland: UNIDIR, 2026.
