Digital Clarity: Why International Law Needs Clearer Application in the Digital Space

[Nieves Molina-Clemente is the Chief Adviser for International Law, Human Rights and Tech at the Danish Institute for Human Rights.

Dr Sarah Zarmsky is a Lecturer (Assistant Professor) at Queen’s University Belfast School of Law]

Disclaimer: The views reflected in this piece are the opinions of the authors writing in their personal capacities and do not necessarily reflect the views of the Danish Institute of Human Rights or the International Commission of Jurists.

Introduction

Advancements in digital technologies have fundamentally transformed global society, such as through changes in interactions between States, amongst individuals across borders, and in how corporations operate internationally. To address the rapid development of technology and in an effort to adapt international legal rules to suit the digital age, various texts and guidelines have been developed for different areas of international law, such as in the context of cyber warfare, business and human rights approaches aimed at technology companies, or for how Rome Statute crimes may be perpetrated through cyber means. While such tools may be useful, their development also has the potential to create silos of legal areas, leading to gaps or even contradictions in protection, accountability, and enforcement, resulting in impunity and lack of remedy for victims. The development of new instruments to regulate digital and cyber spaces for only specific subsets of international law may therefore contribute to further fragmentation of international law, creating even more ambiguity.

With an aim to bridge these fragments, through the Digital Democracy Initiative (DDI), the Danish Institute for Human Rights (DIHR) and the International Commission of Jurists (ICJ) are in the process of developing a set of global legal principles and guidelines underlining the international law and standards applicable to the protection of human rights in the digital space. This project, titled ‘Advancing International Law and Human Rights in the Digital Space’, formally launches today (23 June 2025) at the Nobel Peace Centre in Oslo and will continue over the next two years. The principles developed by a team of 18 leading experts will be holistic in nature, applying to all areas of international law and addressing their areas of overlap. The principles will address concerns such as online incitement to violence and other harms, while ensuring the protection of human rights and fundamental freedoms, such as freedom of expression and the right to privacy. They will provide much needed guidance on how international legal standards should be interpreted, construed, and enforced in the digital sphere.

This blog post describes the need for this project, highlighting the current challenges arising from the presently fragmented landscape of international law and human rights guidance in the digital space. This includes the need for clarity surrounding terminology (specifically ‘digital’ versus ‘cyber’), the potential for ‘forum shopping’, and overall uncertainty about the application of the law. Further, this post will outline three key areas where this new project will develop principles: (1) State responsibility, (2) corporate governance, and (3) redress and reparations for victims.

Distinguishing Digital from Cyber: A Critical Legal Distinction

First, it is essential to distinguish between ‘digital’ and ‘cyber’ domains, as this distinction carries significant legal implications. These two terms appear often in different frameworks but could carry different meanings, even though they are sometimes used interchangeably. This distinction matters legally because different international law frameworks may apply with varying degrees of clarity to each domain. While cyber operations, as commonly referred to in texts such as the Tallinn Manual 2.0. or the Oxford Process on International Law Protections in Cyberspace, might trigger traditional security-focused international law (such as jus ad bellum and international humanitarian law), broader digital activities may primarily engage human rights law, trade law, tort law and other regulatory frameworks at regional levels, such as the EU digital regulatory frameworks, or national levels.

The overlap between these domains—such as when digital platform policies affect cybersecurity or when cyber operations impact broader digital rights—creates additional complexity that international law should address systematically to ensure that human rights are upheld at all times in all circumstances. Yet, at present, these issues are often not dealt with together and frameworks have focused on one or the other. Part of the work of this project is to clarify the meanings of these terms and provide guidance that encompasses where they overlap.

The Fragmentation Challenge

The fragmentation mentioned above, and the discrete attention paid to ‘cyber’ and ‘digital’ domains depending on the specific area of international law creates several problems. First, it enables forum shopping, where actors seek the most favorable legal interpretation for their conduct. Second, it creates uncertainty for both State and non-State actors about their rights and obligations. Third, it hampers international cooperation when States operate under fundamentally different legal assumptions about digital activities. Fourth, it creates avenues of impunity, where victims may never receive redress or compensation.

Furthermore, ongoing regulatory efforts to govern digital activities risk exacerbating existing fragmentation if they persist in treating digital and cyber domains as sui generis rather than recognizing them as spheres of human activity already governed by established international legal principles, including fundamental human rights protections and rule of law safeguards. If technological advancement is to serve human development, then robust human rights protections must be embedded within technological progress, not retrofitted as afterthoughts. The documented adverse impacts on democratic institutions, individual autonomy, and community cohesion underscore the urgency of this imperative.

One of the most complex challenges in applying international law to the digital space involves balancing competing legal principles that often conflict in online contexts—for example, those related to the regulation of freedom of speech online or the privacy of individuals and legitimate issues of security. Protecting individuals from harm illustrates this challenge most clearly, but similar tensions exist across the spectrum of human rights.

Next Steps

To overcome this legal ambiguity, it is urgent to develop Principles and Guidelines on international law and human rights applicable to digital activities. The framework that will be developed in the years to come by this project will include (but will not be limited to) the following three categories of issues:  

1. State Responsibility in the Digital Age

The State responsibility doctrine must adapt to address the unique challenges of cyberspace while maintaining its core principles. The traditional framework of internationally wrongful acts applies to State conduct in digital environments, but application requires careful consideration of several factors.

Attribution remains particularly complex for digital and cyber activities. While the general rule that States are responsible for the conduct of their organs and agents applies equally online, proving State involvement in cyber operations presents significant evidentiary challenges. The use of proxies, sophisticated technical obfuscation, and the ease of false flag operations complicate traditional attribution methods.

States also bear responsibility for failing to prevent and respond to harmful cyber activities emanating from their territory. This due diligence obligation extends to ensuring their digital infrastructure is not used to harm other States or their nationals. However, the technical complexity of modern networks and the speed of digital attacks challenge traditional concepts of State control over territory.

Furthermore, States must ensure their cyber capabilities and operations comply with existing international obligations, including human rights law, international humanitarian law, and treaty commitments. The extraterritorial application of human rights obligations takes on new dimensions when State surveillance technologies can monitor individuals globally or when State cyber operations affect critical infrastructure providing essential services. In December 2018, the UN General Assembly adopted the Eleven Norms of Responsible State behaviour in cyberspace. Although these norms are voluntary, they are based on international law obligations. However, it is concerning that States were quick to highlight the voluntary nature of the norms.  

2. Corporate Responsibility and the Governance Gap

The private sector’s dominant role in digital infrastructure creates unique challenges for international law application. Major technology companies effectively govern aspects of online life through their platforms, algorithms, and content moderation policies, yet they operate largely outside traditional international legal frameworks designed for States.

The blurred relationship between these companies and States becomes difficult to regulate, creating large spheres of deregulation and legal deniability for wrongful acts by all parties. For example, companies can provide services to individuals, civilian aspects of government such as emergency information in case of natural disasters, while having interdependent relationships with the military. Amazon serves individuals and provides cloud services to the U.S military. Companies such as Palantir work with healthcare systems and providers while providing surveillance services to governments.

Corporations bear responsibility under various international frameworks, including the UN Guiding Principles on Business and Human Rights, but enforcement mechanisms remain weak. When platforms facilitate human rights abuses or when technology companies provide tools used for international law violations, questions arise about their complicity and responsibility under international law.

3. Reparations for Victims: Bridging the Remedial Gap

Victims of international law violations in digital contexts face particular challenges in obtaining effective remedies. Traditional reparations frameworks assume clearer causation chains and more readily identifiable responsible parties than often exist in cyberspace.

The problem compounds when considering that victims of digital harms often lack effective access to remedies. Cross-border cyber crimes may leave victims without recourse in their home jurisdiction, while diplomatic protection mechanisms were not designed for the scale and nature of mass digital victimization. Further, while international courts and tribunals are beginning to address cyber-related disputes, but their limited jurisdiction and the technical complexity of digital evidence present ongoing challenges.

Towards Digital Legal Clarity

The international community must balance carefully between developing new legal frameworks for applying international law to digital contexts, when there is a legal gap and when the existing international law should be interpreted to address the challenges created by new technologies. Law is, by definition, a response to social life, which includes its evolution and changes. It is concerning that the development of new instruments, such as the 2024 United Nations Convention against Cybercrime which has been criticized for ignoring international human rights obligations, could became a tool of further fragmentation and obscurity. This could result in the repression of vulnerable groups and dissenting voices.

Developing a comprehensive set of principles and guidelines that consolidates international law and human rights standards applicable to the digital sphere is essential for safeguarding civic space. Such an instrument would provide, first, legal clarity by bringing together fragmented obligations under a unified framework, and second, greater accessibility for judges, prosecutors, and human rights advocates. By establishing clear, authoritative guidance, these principles would also establish a clear existing baseline of international obligations over which to establish new legal frameworks if required. These guidelines, which we hope will ultimately be endorsed by UN Member States who reaffirm their commitment to international law, will bring together several legal frameworks into one cohesive and accessible instrument.

Finally, enforcement mechanisms must evolve to address the unique characteristics of digital harm. This might include specialized courts with technical expertise, alternative dispute resolution systems, or new forms of collective enforcement action.

While humanity’s development has long depended on our shared capacity for imagination and innovation to create technologies that transform our world, we must ensure that human dignity remains central to our collective experience. International law, developed over centuries to enable peaceful coexistence, now requires renewed commitment. We live in times when reaffirming our most fundamental legal principles has become critical to our future.