New Technologies in International Law / Tymofeyeva, Crhák et al.

create obligations for states to take measures to prevent that their computer systems are not used to conduct a malicious cyber operation to another state. If a state would neglect taking such measures, this would incur its international responsibility. Accordingly, a portion of the cyber harm created by malicious cyber operations, could be redressed. Nevertheless, applying these rules to cyberspace is a challenging endeavor. Firstly, it must be examined whether the no-harm principle can be applied beyond the regime of international environmental law. The principle may have started in such a transboundary environmental context, 75 nevertheless it has already been used in other contexts. Relevant discourse has argued that the no-harm principle can be the basis for effective climate change litigation and for enforcing obligations pertaining to climate change. 76 Furthermore, the European Union has developed its own iteration of the principle, the ‘do no significant harm’ principle, which is used again in relation to harm to the environment but within the context of European investment law. 77 Both of these uses indicate the malleability of the no-harm principle and how it easily interacts with different international (and not only) law regimes. Therefore, it can be considered that the no-harm principle is flexible enough as a principle in order to also apply to the cyber domain. Regarding due diligence, the 2014 and 2016 Reports of the International Law Association (ILA) Study Group on Due Diligence in International Law mention that due diligence obligations are understood and applied differently, depending on the sector involved. 78 Nevertheless, several academics have argued that due diligence can be applied to cyberspace albeit proposing different avenues, 79 and states have expressed different opinions for applying the due diligence principle to cyberspace. 80 Until now there is no uniform opinion about the way that due diligence may apply to cyberspace. However, for the purposes of this paper, and since the no-harm rule is the main focus of this paper, it is submitted that obligations of a due diligence nature can be applied and function in cyberspace in the same way that they apply to the non-cyber domain. 75 Trail Smelter (n 66); Corfu Channel Case (n 67). 76 Nedeski N, Sparks T, and Hernandez GI, ‘The World Is Burning, Urgently And Irreparably: A Plea for Interim Protection against Climatic Change at the ICJ’ (2023) 22(2) The Law & Practice of International Courts and Tribunals 301; Maljean-Dubois S, ‘The No-Harm Principle and the Foundation of International Climate Change Law’ in Benoit Mayer and Alexander Zahar (eds) Debating Climate Law (CUP, 2021), pp. 15–20. 77 Karageorgou V, ‘The Environmental Integration Principle in EU Law: Normative Content and Function also in Light of New Developments, such as the European Green Deal’ (2023) 8(1) European Papers 159. 78 ILA, ‘Study Group on Due Diligence in International Law’, First Report, (2014); ILA, ‘Study Group on Due Diligence in International Law’, Second Report (2016). 79 Schmitt M, ‘In Defense of Due Diligence in Cyberspace’ (2015-2016) 125 The Yale Law Journal Forum 68; Efrony D, Shany Y, ‘A Rule Book on the Shelf? Tallinn Manual 2.0 on Cyberoperations and Subsequent State Practice’ (2018) 112 American Journal of International Law 583; Talbot, E, ‘Due Diligence in Cyber Activities’ in Peters, A, Krieger, H, Kreuzer, L (eds), Due Diligence in the International Legal Order (OUP, 2020). 80 See, for example ‘UNODA, ‘Costa Rica’s Position On The Application Of International Law In Cyberspace’ (2023) accessed 31 October 2023.

27