Research Repository

‘Cyber Due Diligence’: A Patchwork of Protective Obligations in International Law

Coco, Antonio and de Souza Dias, Talita (2021) '‘Cyber Due Diligence’: A Patchwork of Protective Obligations in International Law.' European Journal of International law. ISSN 0938-5428

[img] Text
Coco_DeSouzaDias_Cyber Due Diligence_(EJIL 13.5.21, Essex RIS).pdf - Accepted Version
Restricted to Repository staff only until 24 August 2022.

Download (424kB) | Request a copy


With a long history in international law, the concept of due diligence has recently gained traction in the cyber domain, as a promising avenue to hold States accountable for harmful cyber operations originating from or transiting through their territory, in the absence of attribution. Nonetheless, confusion surrounds its nature, content and scope. It remains unclear whether due diligence is a general principle of international law, a self-standing obligation or a standard of conduct, and whether there is a specific rule requiring diligent behaviour in cyberspace. This has created an ‘all-or-nothing’ perception: either States have agreed to a rule or principle of ‘cyber due diligence’, or no obligation to behave diligently would exist in cyberspace. We propose to shift the debate from label to substance, asking whether States have duties to protect other States and individuals from cyber harms. By revisiting traditional cases, as well as surveying recent State practice, we contend that — whether or not there is consensus on ‘cyber due diligence’ — a patchwork of different protective obligations already applies, by default, in cyberspace. At their core is a flexible standard of diligent behaviour requiring States to take reasonable steps to prevent, halt and/or redress a range of online harms.

Item Type: Article
Divisions: Faculty of Humanities > Law, School of
Depositing User: Elements
Date Deposited: 17 May 2021 14:31
Last Modified: 20 Oct 2021 16:15

Actions (login required)

View Item View Item