Editor’s Note: As cyberspace becomes an increasingly contested domain for both cooperation and confrontation, the articulation of legal norms governing state behavior has never been more vital. The recently published Handbook on Developing a National Position on International Law and Cyber Activities: A Practical Guide for States—co-authored by Professor Kubo Mačák, Dr. Talita Dias, and Dr. Ágnes Kasper, and jointly published by the University of Exeter and the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)—offers a timely and pragmatic resource for Nation States seeking to clarify their legal stances in a digitally interconnected world.
More than a reference for conflict scenarios, the Handbook addresses the full spectrum of international legal considerations in cyberspace, spanning peacetime operations, emerging technologies, and strategic legal positioning in multilateral forums. Grounded in extensive consultations with 46 countries and informed by real-world policy challenges, it provides actionable guidance for legal advisors, policymakers, and cyber strategists alike.
Content Assessment: University of Exeter and CCDCOE Publish Cyber Law Handbook Guiding Nation States in Peace and Conflict
Information - 92%
Insight - 92%
Relevance - 93%
Objectivity - 93%
Authority - 94%
93%
Excellent
A short percentage-based assessment of the qualitative benefit expressed as a percentage of positive reception of the recent article from ComplexDiscovery OÜ titled, "University of Exeter and CCDCOE Publish Cyber Law Handbook Guiding Nation States in Peace and Conflict."
Industry News – Cybersecurity Beat
University of Exeter and CCDCOE Publish Cyber Law Handbook Guiding Nation States in Peace and Conflict
ComplexDiscovery Staff
At a pivotal moment in the evolution of cyberspace governance, a new initiative led by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and the University of Exeter has produced a timely and practical resource for governments around the world. Launched during the 17th International Conference on Cyber Conflict (CyCon) in Tallinn, Estonia, the Handbook on Developing a National Position on International Law and Cyber Activities: A Practical Guide for States aims to provide structured and actionable guidance for countries navigating the complex intersection of international law and state conduct in the digital domain.
Co-authored by Professor Kubo Mačák of the University of Exeter, Dr. Talita Dias of the Partnership on AI, and Dr. Ágnes Kasper, Head of Law at the CCDCOE, the 176-page publication represents the culmination of an ambitious year-long collaborative project. Supported by a £75,000 grant from the UK’s Economic and Social Research Council’s Impact Accelerator Account, and developed in conjunction with the Ministries of Foreign Affairs of Estonia and Japan, the Handbook is the most comprehensive guide to date on how states can develop and articulate national legal positions in cyberspace.
At its core, the Handbook responds to a pressing question facing government lawyers and policy professionals alike: How does international law apply to cyber operations? The answer is not simple. While there is a consensus that international law governs state behavior in cyberspace, interpretations of how specific rules—such as sovereignty, non-intervention, and due diligence—apply remain contested. The Handbook does not attempt to settle these debates. Instead, it provides a roadmap for states to navigate them in a way that aligns with their national interests and international responsibilities.
In unveiling the Handbook, Professor Mačák emphasized the pragmatic orientation of the text. He explained that the team sought to write a document that not only guides but also inspires government officials as they craft positions on how international law shapes their cyber policies. The Handbook, he said, is designed to help ensure that states’ legal interpretations are not only coherent and consistent, but also grounded in their unique priorities.
In pursuit of inclusivity and diversity of perspective, the project engaged a wide spectrum of voices from around the world. Between September and November 2024, the authors convened three closed-door regional roundtables in Washington D.C., Singapore, and Addis Ababa. These sessions brought together 77 officials from 46 countries, ensuring representation from both developed nations and those in the Global South. As Dr. Dias observed, the majority of published national positions to date have come from the Global North, creating a knowledge gap that the Handbook seeks to address. She stressed that the process of developing a national position itself—whether or not it results in a public statement—can strengthen domestic policy coherence and international engagement, especially for countries not traditionally active in this space.
The Handbook is both analytical and procedural. It begins by examining the motivations for developing a national position, exploring how such documents can function communicatively, transformatively, and preventatively. It then delves into the steps involved in drafting a position, from securing a mandate and assembling a drafting team to conducting legal analysis, consulting stakeholders, and obtaining approval. Dr. Kasper, one of the co-authors and a senior legal expert at CCDCOE, emphasized that national positions are not abstract policy declarations. They are strategic documents with real-world consequences that shape how states respond to cyber threats and articulate their understanding of lawful and unlawful behavior in cyberspace.
Throughout the Handbook, the authors stress that the publication of a national position is not a mere formality. Rather, it is a proactive contribution to the evolving architecture of international law. National positions, they argue, can help clarify legal boundaries, foster accountability, and increase transparency—especially when dealing with ambiguous or rapidly evolving threats. Even if these positions reflect disagreement among states, they still perform a vital role in mapping areas of convergence and divergence, which is essential to the gradual formation of customary international law.
Although only 33 states and two regional organizations—the African Union and the European Union—have issued national positions as of 2025, the authors are optimistic that the Handbook will catalyze broader participation. Mr. Tanel Sepp, Estonia’s Ambassador at Large for Cyber Diplomacy, called the Handbook a valuable tool in an increasingly contested digital environment. He praised the collaboration between academics and practitioners, noting that practical, accessible guidance is essential to responsible state behavior in cyberspace. His counterpart in Japan, Dr. Kazuhiko Nakamura, echoed these sentiments, highlighting Japan’s belief that the articulation of national positions contributes to deepening international understanding and, ultimately, legal stability.
The Handbook is notably comprehensive. It not only analyzes international legal rules—ranging from the UN Charter to international humanitarian law—but also examines how states can craft these positions in ways that resonate with domestic audiences and international peers. While some positions take a deductive approach, starting with established legal principles and applying them to cyberspace, others adopt an inductive method, beginning with real-world scenarios and then assessing how the law responds. The authors suggest that states may benefit from using both approaches to clarify their legal thinking and promote internal consistency.
The document also considers how the format and dissemination of national positions can affect their impact. While some governments publish standalone papers, others embed their legal views in multilateral statements or official speeches. The Handbook encourages clarity and transparency in whichever format a state chooses and offers advice on how to navigate institutional and political challenges during the drafting process.
Perhaps one of the most valuable elements of the Handbook is its annexed checklist—a two-page distillation of the key steps and best practices for developing a national position. Designed for overburdened officials, this checklist serves as a quick reference for planning and execution, emphasizing the importance of internal coordination, capacity-building, legal accuracy, and strategic communication.
While the Handbook stops short of prescribing specific legal positions, it does illuminate the legal significance of national statements. The authors observe that while most national positions do not claim to create new legal obligations, they can contribute to treaty interpretation and the development of customary international law. At the same time, the Handbook warns against complacency. In international law, silence can sometimes be construed as acquiescence. States that fail to articulate their positions may find themselves bound by emerging interpretations that do not reflect their interests.
This is particularly salient in the context of controversial issues such as sovereignty in cyberspace, due diligence obligations, and the legality of cyber countermeasures. The Handbook notes that disagreements persist among states on whether sovereignty is a standalone rule or simply a principle, and whether due diligence constitutes a binding obligation. Nevertheless, by setting out their views, states help shape the legal terrain and set expectations for behavior.
In closing, the Handbook reflects a growing recognition that the application of international law to cyberspace is not merely a theoretical exercise. It is a practical imperative for governments seeking to assert their rights, defend their infrastructure, and contribute to the rule of law in the digital age. For cybersecurity, information governance, and eDiscovery professionals, the implications are profound. As more states articulate legal red lines and thresholds for cyber operations, these positions will increasingly influence norms around state responsibility, attribution, and digital evidence. Legal practitioners, forensic analysts, and compliance officers alike will need to understand not only the technical contours of cyber incidents but also the emerging legal frameworks that govern them.
As cyberspace continues to expand and the stakes grow higher, the Handbook on Developing a National Position on International Law and Cyber Activities stands as a landmark contribution to global cyber diplomacy. It is a call for clarity, a tool for strategy, and a catalyst for legal development in one of the most dynamic domains of international affairs.
News Sources
- Kubo Mačák, Talita Dias and Ágnes Kasper, Handbook on Developing a National Position on International Law and Cyber Activities: A Practical Guide for States (2025) | Print: ISBN 978-9916-9227-0-5 | PDF: ISBN 978-9916-9227-1-2
- Handbook on Developing a National Position on International Law and Cyber Activities: A Practical Guide for States
(CCDCOE) - The Handbook on Developing a National Position on International Law and Cyber Activities: A Practical Guide for States – EJIL: Talk!
Assisted by GAI and LLM Technologies
Additional Reading
- The LockBit Breach: Unmasking the Underworld of Ransomware Operations
- The TeleMessage Breach: A Cautionary Tale of Compliance Versus Security
- Inside CyberCX’s 2025 DFIR Report: MFA Failures and Espionage Risks Revealed
Source: ComplexDiscovery OÜ