Digital Clarity: Why International Law Needs Clearer Application in the Digital Space

[Nieves Molina-Clemente is the Chief Adviser for International Law, Human Rights and Tech at the Danish Institute for Human Rights.

Dr Sarah Zarmsky is a Lecturer (Assistant Professor) at Queen’s University Belfast School of Law]

Disclaimer: The views reflected in this piece are the opinions of the authors writing in their personal capacities and do not necessarily reflect the views of the Danish Institute of Human Rights or the International Commission of Jurists.

Introduction

Advancements in digital technologies have fundamentally transformed
global society, such as through changes in interactions between States, amongst
individuals across borders, and in how corporations operate internationally. To
address the rapid development of technology and in an effort to adapt
international legal rules to suit the digital age, various texts and guidelines
have been developed for different areas of international law, such as in the
context of cyber
warfare, business
and human rights approaches aimed at technology companies, or for how Rome
Statute crimes may be perpetrated through cyber
means. While such tools may be useful, their development
also has the potential to create silos of legal areas, leading to gaps or even
contradictions in protection, accountability, and enforcement, resulting in impunity
and lack of remedy for victims. The development of new instruments to regulate
digital and cyber spaces for only specific subsets of international law may
therefore contribute to further fragmentation of international law, creating
even more ambiguity.

With an aim to bridge
these fragments, through the Digital Democracy
Initiative (DDI), the Danish Institute for Human Rights (DIHR) and
the International Commission of Jurists (ICJ) are in the process of developing
a set of global legal principles and guidelines underlining the international
law and standards applicable to the protection of human rights in the digital space.
This project, titled
‘Advancing International Law and Human Rights in the Digital Space’, formally
launches today (23 June 2025) at the Nobel Peace Centre in Oslo and will
continue over the next two years. The principles developed by a team of 18
leading experts will be holistic in nature, applying to all areas of
international law and addressing their areas of overlap. The principles will
address concerns such as online incitement to violence and other harms, while
ensuring the protection of human rights and fundamental freedoms, such as
freedom of expression and the right to privacy. They will provide much needed guidance
on how international legal standards should be interpreted, construed, and
enforced in the digital sphere.

This blog post
describes the need for this project, highlighting the current challenges
arising from the presently fragmented landscape of international law and human
rights guidance in the digital space. This includes the need for clarity
surrounding terminology (specifically ‘digital’ versus ‘cyber’), the potential
for ‘forum shopping’, and overall uncertainty about the application of the law.
Further, this post will outline three key areas where this new project will
develop principles: (1) State responsibility, (2) corporate governance, and (3)
redress and reparations for victims.

Distinguishing Digital from Cyber: A Critical Legal Distinction

First, it is essential to distinguish between ‘digital’ and ‘cyber’ domains, as this distinction carries significant legal implications. These two terms appear often in different frameworks but could carry different meanings, even though they are sometimes used interchangeably. This distinction matters legally because different international law frameworks may apply with varying degrees of clarity to each domain. While cyber operations, as commonly referred to in texts such as the Tallinn Manual 2.0. or the Oxford Process on International Law Protections in Cyberspace, might trigger traditional security-focused international law (such as jus ad bellum and international humanitarian law), broader digital activities may primarily engage human rights law, trade law, tort law and other regulatory frameworks at regional levels, such as the EU digital regulatory frameworks, or national levels.

The overlap
between these domains—such as when digital platform policies affect
cybersecurity or when cyber operations impact broader digital rights—creates
additional complexity that international law should address systematically to
ensure that human rights are upheld at all times in all circumstances. Yet, at
present, these issues are often not dealt with together and frameworks have
focused on one or the other. Part of the work of this project is to clarify the
meanings of these terms and provide guidance that encompasses where they
overlap.

The
Fragmentation Challenge

The fragmentation mentioned
above, and the discrete attention paid to ‘cyber’ and ‘digital’ domains
depending on the specific area of international law creates several problems.
First, it enables forum shopping, where actors seek the most favorable legal
interpretation for their conduct. Second, it creates uncertainty for both State
and non-State actors about their rights and obligations. Third, it hampers
international cooperation when States operate under fundamentally different
legal assumptions about digital activities. Fourth, it creates avenues of
impunity, where victims may never receive redress or compensation.

Furthermore, ongoing
regulatory efforts to govern digital activities risk exacerbating existing
fragmentation if they persist in treating digital and cyber domains as sui
generis rather than recognizing them as spheres of human activity already
governed by established international legal principles, including fundamental
human rights protections and rule of law safeguards. If technological
advancement is to serve human development, then robust human rights protections
must be embedded within technological progress, not retrofitted as
afterthoughts. The documented adverse
impacts on democratic institutions,
individual autonomy, and community cohesion underscore the urgency of this
imperative.

One of the most
complex challenges in applying international law to the digital space involves
balancing competing legal principles that often conflict in online contexts—for
example, those related to the regulation of freedom
of speech online or the privacy
of individuals and legitimate issues of security. Protecting individuals
from harm illustrates this challenge most clearly, but similar tensions exist
across the spectrum of human rights.

Next Steps

To overcome this legal ambiguity, it is urgent to develop Principles and
Guidelines on international law and human rights applicable to digital
activities. The framework that will be developed in the years to come by this
project will include (but will not be limited to) the following three
categories of issues:  

1. State Responsibility in the Digital Age

The State
responsibility doctrine must adapt to address the unique challenges of
cyberspace while maintaining its core principles. The traditional framework of
internationally wrongful acts applies to State
conduct in digital environments, but application requires careful
consideration of several factors.

Attribution remains
particularly complex for digital and cyber activities. While the general rule
that States are responsible for the conduct of their organs and agents applies
equally online, proving State involvement in cyber operations presents
significant evidentiary challenges. The use
of proxies, sophisticated technical
obfuscation, and the ease of false flag operations complicate traditional
attribution methods.

States also bear
responsibility for failing to prevent and respond to harmful cyber activities
emanating from their territory. This due diligence obligation extends to
ensuring their digital infrastructure is not used to harm other States or their
nationals. However, the technical complexity of modern networks and the speed
of digital attacks challenge traditional concepts of State control over
territory.

Furthermore, States
must ensure their cyber capabilities and operations comply with existing
international obligations, including human rights law, international
humanitarian law, and treaty commitments. The extraterritorial application of
human rights obligations takes on new dimensions when State surveillance
technologies can monitor individuals globally or when State cyber operations
affect critical infrastructure providing essential services. In December 2018,
the UN General Assembly adopted the Eleven Norms of Responsible State behaviour in
cyberspace. Although these norms are voluntary, they are based on international
law obligations. However, it is concerning that States were quick to highlight
the voluntary nature of the norms.  

2. Corporate Responsibility and the Governance Gap

The private sector’s dominant role in digital infrastructure creates
unique challenges for international law application. Major technology companies
effectively govern aspects of online life through their platforms, algorithms,
and content moderation policies, yet they operate largely outside traditional
international legal frameworks designed for States.

The blurred
relationship between these
companies and States
becomes difficult to regulate, creating large spheres of deregulation and legal
deniability for wrongful acts by all parties. For example, companies can provide
services to individuals, civilian aspects of government such as emergency
information in case of natural disasters, while having interdependent
relationships with the military. Amazon serves individuals
and provides cloud services to the U.S military. Companies such as Palantir work with healthcare
systems and providers while providing surveillance services to governments.

Corporations bear responsibility under various international frameworks,
including the UN
Guiding Principles on Business and Human Rights, but enforcement
mechanisms remain weak. When platforms facilitate human rights abuses or when
technology companies provide tools used for international
law violations, questions arise about their
complicity and responsibility under international law.

3. Reparations for Victims: Bridging the Remedial Gap

Victims of
international law violations in digital contexts face particular challenges in
obtaining effective remedies. Traditional reparations frameworks assume clearer
causation chains and more readily identifiable responsible parties than often
exist in cyberspace.

The problem compounds
when considering that victims of digital harms often lack effective access to
remedies. Cross-border cyber crimes may leave victims without recourse in their
home jurisdiction, while diplomatic protection mechanisms were not designed for
the scale and nature of mass digital victimization. Further, while international
courts and tribunals are beginning to address cyber-related disputes, but their
limited jurisdiction and the technical complexity of digital evidence present
ongoing challenges.

Towards Digital Legal Clarity

The international
community must balance carefully between developing new legal frameworks for
applying international law to digital contexts, when there is a legal gap and
when the existing international law should be interpreted to address the
challenges created by new technologies. Law is, by definition, a response to
social life, which includes its evolution and changes. It is concerning that the
development of new instruments, such as the 2024 United Nations Convention
against Cybercrime which has been criticized for ignoring international human rights obligations, could
became a tool of further fragmentation and obscurity. This could result in the
repression of vulnerable groups and dissenting voices.

Developing a
comprehensive set of principles and guidelines that consolidates international
law and human rights standards applicable to the digital sphere is essential
for safeguarding civic space. Such an instrument would provide, first, legal
clarity by bringing together fragmented obligations under a unified framework, and
second, greater accessibility for judges, prosecutors, and human rights
advocates. By establishing clear, authoritative
guidance, these principles would also establish a clear existing baseline of
international obligations over which to establish new legal frameworks if
required. These guidelines, which we hope will ultimately be endorsed by UN
Member States who reaffirm their commitment to international law, will bring
together several legal frameworks into one cohesive and accessible instrument.

Finally, enforcement
mechanisms must evolve to address the unique characteristics of digital harm.
This might include specialized courts with technical expertise, alternative
dispute resolution systems, or new forms of collective enforcement action.

While humanity’s
development has long depended on our shared capacity for imagination and
innovation to create technologies that transform our world, we must ensure that
human dignity remains central to our collective experience. International law,
developed over centuries to enable peaceful coexistence, now requires renewed
commitment. We live in times when reaffirming our most fundamental legal
principles has become critical to our future.