The IT Law Wiki



The Tallinn Manual is a nonbinding yet authoritative restatement of the law of armed conflict as it relates to cyberwar. It offers attackers, defenders, and legal experts guidance on how cyberattacks can be classified as actions covered under the law, such as armed attacks. The Manual's emphasis is on cyber-to-cyber operations.

The Tallinn Manual 2.0 is the updated and considerably expanded second edition of the 2013 Tallinn Manual. The Tallinn Manual 2.0 analysis rests on the understanding that the pre-cyber era international law applies to cyber operations, both conducted by and directed against states. This means that cyber events do not occur in a legal vacuum and thus states have both rights and bear obligations under international law.

The focus of the original Tallinn Manual was on the most severe cyber operations, those that violate the prohibition of the use of force in international relations, entitle states to exercise the right of self-defence, and/or occur during armed conflict. Tallinn Manual 2.0 adds a legal analysis of the more common cyber incidents that states encounter on a day-to-day basis, and that fall below the thresholds of the use of force or armed conflict.

As such, the 2017 edition covers a full spectrum of international law as applicable to cyber operations, ranging from peacetime legal regimes to the law of armed conflict. The analysis of a wide array of international law principles and regimes that regulate events in cyberspace includes principles of general international law, such as the sovereignty and the various bases for the exercise of jurisdiction. The law of state responsibility, which includes the legal standards for attribution, is examined at length. Additionally, numerous specialised regimes of international law, including human rights law, air and space law, the law of the sea, and diplomatic and consular law are examined within the context of cyber operations.