New Technologies in International Law / Tymofeyeva, Crhák et al.

and opinio juris , it can be argued that the no-harm principle can encompass cases of non-physical harm and thus apply to cyber operations. The second obstacle that must be surpassed, in order for the no-harm principle to be applied to cyberspace, is connected to the standard of knowledge requirement. Normally, the no-harm principle is triggered by actual or constructive knowledge of even remote risk and excludes unforeseen harms. 88 However, the element of constructive knowledge has not been clarified when applied to cyberspace. Furthermore, this standard presupposes that states should proactively, constantly, and vigilantly monitor their networks in relation to the gravity of the harm. 89 Thus, an application of the no-harm principle to cyberspace would oblige states to monitor continuously and be vigilant in their use of Information and Communication Technologies (ICTs). The claim that such an obligation to monitor networks exists now in international law is tenuous at best, as states’ opinions on the issue, as well as the relevant scholarly discourse are divided. There are scholars who advocate that a duty of state to monitor its networks exist in different degrees. Indicatively, there are opinions that consider such a duty a prerequisite of constructive knowledge, 90 others that also support a duty to react, 91 and even some that call for ‘proactive measures of vigilance and monitoring.’ 92 On the other side of the fence, there are scholars that consider that such a duty to monitor could easily invite human rights violations from oppressive (and not only) regimes 93 while others outright reject the existence of such a duty. 94 In my opinion, a state’s duty to monitor its networks can exist in the contest of applying the no-harm principle to cyberspace. The existence of such a duty would not cancel all the other obligations of the states, especially its human rights obligations which would continue to co-exist with a due diligence duty to monitor. The fear that states will overreach and violate international law, should not be a reason that we refuse to apply an international law rule. I would not go as far as to say that states should also have a duty to react, but international law is not foreign to duties to monitor as many regimes include such duties (e.g. the law of nuclear disarmament). 95 To conclude, I believe that the no-harm principle has the potential to act as a deterrent to major cyber-attacks, especially against critical infrastructures. From an international law standpoint, there is nothing that prevents its application to cyberspace. If states know that they will be responsible for being negligent regarding harmful 88 Couzigou, I, ‘Securing Cyber Space: The Obligation of States to Prevent Harmful International Cyber Operations’ (2018) 32 International Review of Law, Computers & Technology 37. 89 ILC, Draft Articles on Prevention (n 83). 90 Buchan, R, ‘Cyberspace, Non-State Actors and the Obligation to Prevent Transboundary Harm’ (2016) 21(3) Journal of Conflict & Security Law 429. 91 Bannelier-Christakis K, ‘Cyber Diligence: A Low-Intensity Due Diligence Principle for Low-Intensity Cyber Operations?’ (2015) 14(1) Baltic Yearbook of International Law 23. 92 Talita Dias and Antonio Coco (n 81). 93 Talbot (n 79). 94 Delerue F, Cyber Operations and International Law (CUP, 2020), p. 360. 95 Takano A, ‘Due Diligence Obligations and Transboundary Environmental Harm: Cybersecurity Applications’ (2018) 7(4) Laws 36.

29