neutrality
249
the part of neutral States that benefits their enemy. The global distribution of cyber assets and activities, as well as global dependency on cyber infrastructure, means that cyber operations of the parties to a conflict can easily affect private or public neutral cyber infrastructure. Accordingly, neutrality is particularly relevant in modern armed conflict. 4. The International Group of Experts was mindful of the fact that the law of neutrality developed based on situations in which entrance into or exit from a neutral State’s territory is a physical act. The fact that cyberspace involves worldwide connectivity irrespective of geopolitical borders challenges certain assumptions upon which the law of neutrality is based. For instance, a single email message sent from belligerent territory may automatically be routed through neutral cyber infrastructure before reaching its intended destination; the sender or the owner of the neutral cyber infrastructure cannot necessarily control the route it takes. The Rules set forth in this chapter have considered this reality. Given the difficulty of controlling cyber infrastructure and routes, any conclusions about violations of a State’s neutrality or whether a neutral State has violated its obligations under the law of neutrality should only be arrived at after careful consideration. 5. Cyber infrastructure located within the territory of a neutral State is not only subject to that State’s jurisdiction, but also protected by that State’s territorial sovereignty. It is considered neutral in character irrespective of public or private ownership or of the nationality of the owners (provided that it is not used for the exercise of belligerent rights, Rule 94). 6. The term ‘exercise of belligerent rights’ is synonymous with the terms ‘hostile act’ in Hague Convention V and ‘act of hostility’ under Hague Convention XIII.4 The International Group of Experts decided to use ‘belligerent rights’ in this chapter to avoid confusion with the term ‘hostile act’, which is an operational term of art. Exercise of belligerent rights is accordingly to be understood in the broadest sense as actions that a party to the conflict is entitled to take in connection with the conflict, including cyber operations. Belligerent rights are not limited to ‘attacks’ as defined in Rule 30, but it should be noted that the term does not extend to espionage conducted against the neutral State. 4
Hague V, Art. 10; Hague Convention XIII, Art. 2. See also San Remo Manual, paras. 15, 16.