Abstract:

The growing prevalence of cross-border cyberattacks poses significant challenges to the application of international law, particularly in defining state responsibility. This article examines the extent to which existing legal doctrines—principally the UN Charter, the International Law Commission’s Articles on State Responsibility, customary principles of sovereignty, non-intervention, and due diligence, as well as international humanitarian and human rights law—govern cyber operations. It highlights attribution as the central obstacle: the standards of effective control and overall control developed in traditional contexts prove ill-suited to operations characterised by proxies, anonymisation, and plausible deniability. The article further interrogates thresholds for unlawful intervention, prohibited use of force, and armed attack, noting persistent ambiguity where cyber operations cause severe disruption without physical destruction. Enforcement mechanisms under ARSIWA, including cessation, reparation, and guarantees of non-repetition, remain largely theoretical in the cyber context, as countermeasures risk escalation and collective responses are constrained by political divisions. By applying a doctrinal, theory-driven analysis, the study identifies a critical gap between existing international law and the realities of cyberspace. It argues that accountability requires either the refinement of attribution standards and due diligence obligations or the development of a lex specialis for cyberspace, to ensure international law remains fit for purpose in the digital age.