Open search
Accessibility

Podcast 🎧 & blog: Where states draw the line in cyber law, feat. Tallinn Cyber Diplomacy Summer School

Podcast

 

By Federico Plantera

In cyberspace, borders are invisible, but the consequences are very real. As states continue integrating digital tools into national defence, diplomacy, and daily governance, the question of how international law applies to this domain has become increasingly urgent.

The Tallinn Cyber Diplomacy Summer School sharpens this conversation with sessions that this year include speakers Liis Vihul, CEO of Cyber Law International, and Agnes Kasper, Head of the Law Branch at the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).

So, we brought them together. In this second instalment of our dedicated podcast mini-series to the Cyber Diplomacy fest taking place in Tallinn, we dug deep into what makes momentum grow among countries to shape and publish national positions on international law in cyberspace, with all the complexity, ambiguity, and realpolitik that surround this effort laid bare too.

Legal Clarity and Strategic Posture Make State Speak Up

Why are states increasingly publishing national positions on the applicability of international law in cyberspace? As Vihul points out, “These statements are not just legal documents, but also political tools. National positions signal how a country interprets key principles like sovereignty, non-intervention, and due diligence in the digital sphere. And for some states, these documents also serve as instruments of deterrence, showing adversaries where the red lines are.”

The growing number of such statements – over 30 as of today – reflects a broadening consensus that legal ambiguity is not a sustainable posture in cyber affairs. “If a state says nothing, it leaves others guessing. That’s not good for security,” Vihul observes.

However, as Kasper outlines, these positions also play a pedagogical role. “They help train national officials internally and offer a benchmark for other states.” Clarifying a country’s stance reinforces its legal narrative internationally, but it also strengthens coherence and capacity at home.

 

Where Consensus Ends, and Complexity Begins

While there is widespread agreement on the relevance of existing international law to cyberspace, agreement tends to wane regarding details. “Most states acknowledge that international law applies,” Vihul says, “but interpretations vary, especially on controversial issues.”

These legal grey areas include, for instance, how severe a cyber operation must be to constitute a use of force and how far states must go in preventing their territory from being used for harmful cyber activities. Questions that might remain unresolved and the divergent interpretations they attract continue to shape state practice in meaningful ways.

Kasper illustrates this with the example of sovereignty: “Some countries treat remote cyber operations that cause significant effects as violations of sovereignty. Others do not.” This divergence matters, particularly as state-sponsored cyber activity becomes more frequent and sophisticated.

Instrumentally, a lack of consensus can be politically useful for some. “Not all states want legal clarity. For some, ambiguity preserves flexibility,” Vihul warns. Still, the overall trend appears to be in favour of clarification. The more frequent the incidents, the stronger the need to know where the boundaries lie.

 

Behind the Scenes: Crafting National Positions

Agnes Kasper offers a detailed view of the mechanics and significance behind drafting national positions on international law in cyberspace. While legal in form, these documents are, in fact, vital diplomatic instruments. A well-crafted statement gives consistency to a country’s cyber diplomacy. It becomes a point of reference across forums while serving internally as a guiding framework, supporting coherence across agencies and ministries.

The process, indeed, is a balancing act that involves extensive internal coordination. Drafting a national position often begins with legal experts mapping out key principles and previous state practices, which are then tested through inter-agency consultations. “You may have to bring together representatives from the Ministry of Defence, Foreign Affairs, Interior, and even technical bodies. They don’t always speak the same language,” she explains. Establishing a shared understanding requires time, trust, and sometimes compromise.

Practical hurdles, such as reconciling divergent priorities between ministries and managing diplomatic sensitivities, are not out of the picture. Still, Kasper sees gradual progress as both realistic and valuable. Rather than aiming for comprehensiveness, she recommends beginning with the most pressing or well-understood issues. That way, countries can publish on time, leaving room for future elaboration. “Start with what’s most relevant to your national context,” she says. “It’s better to say something than to stay silent.”

 

A Future Built on Incremental Agreements

But is global consensus on applying international law in cyberspace achievable or desirable? Both Vihul and Kasper were realistic. “Complete consensus may never come,” Vihul notes, “but that shouldn’t stop us from building practical convergence where we can.”

One promising avenue is the accumulation of state practice. As more countries publish their national positions, a clearer picture emerges. Even partial alignment – on, say, how states view sovereignty or the prohibition of intervention – can help build confidence and stability. “We’re not aiming for a treaty overnight. Rather, we’re building norms step by step.”

The United Nations remains a key forum, but it is not the only one. Regional alliances, bilateral statements, and technical agreements all contribute to this evolving legal ecosystem. The Summer School conversations, too, in a way, are contributing to making clear that states must be proactive if they want their values and interpretations to be part of this normative construction.

Silence is not neutrality. In cyberspace, where actions are fast, signals are subtle, and the stakes are high, having no legal position can be a position in itself – but one that may serve neither national interest nor global stability.

 

The Tallinn Cyber Diplomacy Summer School is part of the EU-funded Tallinn Cyber Diplomacy Programme, which promotes global cyber resilience capacity-building and aligns with the EU’s core values of democracy, human rights, and the rule of law. It supports the EU’s strategic commitment to inclusive multilateralism and a secure, open digital future. 

The Summer School is co-organised by the e-Governance Academy (Estonia), European Commission (DG INTPA), the Ministry of Foreign Affairs of Estonia, and ESTDEV.

 

post

Estonia hosts global Summer School to strengthen cyber diplomacy

If cybercrime were a country, its economy would be the third largest in the world. That comparison, shared by experts during the Tallinn Cyber Diplomacy Summer School, reflects how urgent and complex today’s cyber threats have become. As digital technologies transform societies, the risks and responsibilities are growing just as fast. This is where cyber

e-Governance Academy Foundation

General contact
Client relations & partnerships 
Press inquiries
Address
Rotermanni 8, Tallinn, Estonia
eGA logo
logoegov
NCSI logo

2025 © All rights reserved.