New challenges for international criminal law: how to incorporate cybercrimes committed during armed conflicts into the existing legal framework

Автор(и)

  • Daryna Zhabchyk Master of Public Policy and Governance, Kyiv School of Economics, Україна
  • Vladyslava Hedz Master of Law, Kyiv National Economic University named after Vadym Hetman, Master of Public Policy and Governance, Kyiv School of Economics, Україна
  • Yevheniia Bondarenko PhD, associate professor of the Department of Public and International Law Kyiv National Economic University named after Vadym Hetman, Ukraine, Україна https://orcid.org/0000-0003-0468-7949

DOI:

https://doi.org/10.61345/1339-7915.2025.3.3

Ключові слова:

cybercrime, cyberattacks, international humanitarian law, international criminal law, Rome Statute, war crimes, Ukraine

Анотація

The article examines the legal characterization of cybercrimes in the international context, with particular attention to cyber operations committed during armed conflicts. The study explores the distinction between ordinary cybercrimes, typically prosecuted under domestic criminal law and international cooperation frameworks such as the Budapest Convention (2001), and cyberattacks carried out in wartime, which fall under the scope of international humanitarian law and international criminal law. Special focus is placed on the challenges of attributing responsibility, defining cyber operations in the context of warfare, and incorporating such acts into the jurisdiction of international courts.

The urgency of this article is underscored by the ongoing war in Ukraine, which has demonstrated the devastating humanitarian impact of large-scale cyberattacks on civilian infrastructure, such as the Kyivstar incident currently under investigation by the International Criminal Court. This highlights the pressing need to adapt existing international legal frameworks to ensure accountability for cyber-enabled violations of IHL.

The article analyzes how cyber operations can amount to war crimes, crimes against humanity, or even acts of aggression if their effects meet the thresholds established under Rome Statute of the International Criminal Court. It argues that, although the Rome Statute does not explicitly mention cybercrimes, its provisions are sufficiently technology-neutral to encompass cyber conduct when interpreted in light of humanitarian consequences. Reference is made to the Tallinn Manual 2.0, International Committee of the Red Cross positions, and scholarly contributions that emphasize the adaptability of current law to emerging digital threats.

Furthermore, the study highlights ongoing debates among scholars and policymakers regarding whether explicit amendments to the Rome Statute are necessary, or whether consistent interpretation of existing provisions is sufficient. It stresses that while treaty reform may be politically difficult, judicial practice, state cooperation, and interpretive clarification by bodies such as the Council of Advisers on the Application of the Rome Statute to Cyberwarfare can effectively integrate cyber operations into the framework of international criminal accountability.

The study concludes that incorporating cyber operations into international criminal law does not necessarily require new treaties but rather a consistent interpretation and application of existing norms. Ensuring accountability for cyberattacks in armed conflict will depend on judicial practice, state cooperation, and clarification by international institutions. In this way, the article contributes to the broader debate on strengthening the international legal order in response to the realities of modern warfare.

Посилання

Council of Advisers. Report on the Application of the Rome Statute of the International Criminal Court to Cyberwarfare. Permanent Mission of Liechtenstein to the United Nations, 2021. URL: https://crimeofaggression.info/wp-content/uploads/GIPA_The-Council-of-Advisers-Report-on-the-Application-of-the-Rome-Statute-of-the-International-Criminal-Court-to-Cyberwarfare.pdf.

Council of Europe. Convention on Cybercrime (Budapest Convention). European Treaty Series No. 185, 2001. URL: https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185.

Human Rights Center, UC Berkeley School of Law. Accountability for Cyber-Enabled International Crimes [Electronic resource]: Article 15 communications submitted to the International Criminal Court (2022–2023) regarding Sandworm cyber operations. Berkeley, 2024. URL: https://humanrights.berkeley.edu/projects/accountability-for-cyber-enabled-international-crimes.

IBANet. Ukraine Investigates Wartime Cyberattacks as Part of War Crimes Cases. 2024. URL: https://www.ibanet.org/article/cyberattacks-ukraine-investigation.

International Committee of the Red Cross. International Humanitarian Law and Cyber Operations During Armed Conflicts: ICRC Statement to the UN Open-Ended Working Group. 2022. URL: https://www.icrc.org/en/document/icrc-statement-cyber-operations-during-armed-conflicts.

Khan K. ICC Prosecutor’s Statement on Emerging Cyber Threats. Office of the Prosecutor, International Criminal Court, 2023. URL: https://www.icc-cpi.int/news/statement-icc-prosecutor-karim-aa-khan-kc-conference-addressing-cyber-enabled-crimes-through.

Lieber Institute. The Legal Challenges of Prosecuting Cyber Aggression. 2024. URL: https://lieber.westpoint.edu/legal-prosecution-cyber-aggression.

Reuters. ICC Examines Russian Cyberattacks in Ukraine as Possible War Crimes. 2024. URL: https://www.reuters.com/world/europe/icc-probes-cyberattacks-ukraine-possible-war-crimes-sources-2024-06-14.

Rome Statute of the International Criminal Court. United Nations Treaty Series, Vol. 2187, p. 90, 1998. URL: https://www.icc-cpi.int/sites/default/files/RS-Eng.pdf.

Schmitt M.N. (Ed.). Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge: Cambridge University Press, 2017. URL: https://www.onlinelibrary.iihl.org/wp-content/uploads/2021/05/2017-Tallinn-Manual-2.0.pdf.

State Service of Special Communications and Information Protection of Ukraine. CERT-UA Processed 4,315 Cyber Incidents Last Year. 2025. URL: https://cip.gov.ua/en/news/cert-ua-minulogo-roku-opracyuvala-4315-kiberincidentiv.

State Service of Special Communications and Information Protection of Ukraine. Intensity Does Not Decrease: State Service of Special Communications and Information Protection Records an Increase in Cyber Incidents Almost Twice Since the Beginning of 2022. Forbes Ukraine, 31 January 2024. URL: https://forbes.ua/news/intensivnist-ne-zmenshuetsya-derzhspetszvyazku-fiksue-zbilshennya-kiberintsidentiv-mayzhe-vdvichi-z-pochatku-2022-go-31012024-18892.

Trahan J. Cyber Operations and the Crime of Aggression. Case Western Reserve Journal of International Law, 2025, Vol. 57, No. 1, pp. 77–108. URL: https://scholarlycommons.law.case.edu/jil/vol57/iss1/6.

United Nations General Assembly. Definition of Aggression: Resolution 3314 (XXIX), 1974. URL: https://www.un.org/ruleoflaw/files/GARes3314.pdf.

Vasilkyvska I., Bondarenko Y. Information and Cyber Security in the Light of Hybrid Threats. Visegrad Journal on Human Rights, 2022, № 3, pp. 38–43. URL: https://journal-vjhr.sk/wp-content/uploads/2023/01/Visegrad_3_2022.pdf.

##submission.downloads##

Опубліковано

2025-10-21

Номер

№ 3 (2025): Visegrad Journal on Human Rights

Розділ

Статті

Ліцензія

Авторське право (c) 2025 Daryna Zhabchyk, Vladyslava Hedz, Yevheniia Bondarenko

Creative Commons License

Ця робота ліцензується відповідно до Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.