CYIL Vol. 6, 2015

THE KAMPALA AGREEMENT ON CRIME OF AGGRESSION … such a task through a cyber assault of the Syrian Air Defense System, which wrongly informed its users of the absence of any intruder; of course all these allegations were denied by Israel. 22 3. The definition of crime of aggression and the cyber-attacks The definition of the crime of aggression prepared by the Special Working Group on the Crime of Aggression (‘SWGA’) and adopted by the Assembly of State Parties to the Rome Statute in Kampala is addressed by a new Article 8 bis and reads as follows: 23 “For the purpose of this Statute, ‘crime of aggression’ means the planning, preparation, initiation or execution, by a person in a position effectively to exercise control over or to direct the political or military action of a State, of an act of aggression which, by its character, gravity and scale, constitutes a manifest violation of the Charter of the United Nations.” Paragraph 1 of Article 8 bis is composed of the four following components. Firstly, the means of commitment of the crime, which includes also planning and preparation and is not restricted only to execution of the act of aggression. This wording refers to the London Charter of the Nuremberg Tribunal 24 and shall not be further scrutinized in this paper. 3.1 The leadership clause and non-state actors However, the second component of the first paragraph 8 bis , which determines that the crime must be committed by a person in a position effectively to exercise control over or to direct the political or military action of a State, deserves further consideration. Such a so called leadership clause thus requires a state link between the perpetrator of the crime and a state. Because only a person who is in a position to effectively exercise control over or to direct the political or military action of a State can be prosecuted for the crime of aggression under Article 8 bis of the Rome Statute. This leadership clause is seen by some authors as a significant limitation for the prosecution of individuals responsible for cyber-attacks, because the majority of the recorded cyber-attacks were prepared and executed by non-state actors, such as private companies or individual hackers. 25 And those attacks might be therefore out of the scope of the Rome Statute. However, the state link requirement is not a specific problem of cyber-attacks. The growing role of non-state actors in military conflicts has become a reality not only in cyberspace but also in more “conventional” 22 Ibid . 23 Resolution RC/Res.6 of the Review Conference of the Rome Statute., adopted at the 13th plenary meeting, on 11 June 2010. 24 Article 6 (a) of the Statute of the International Military Tribunal (8 August 1945, 82 UNTS (1951), http://avalon.law.yale.edu/imt/imtconst.asp. 25 OPHARDT, J., supra note, p. 46.

107