Skip to main content

The project was directed by Professor Michael Schmitt.

First comprehensive legal guide for cyber behaviour published by University of Exeter expert

The first comprehensive guide covering the legal rules of behaviour in cyberspace, which will be used by governments around the world, has been published by a University of Exeter academic.

Tallinn Manual 2.0 is the most thorough analysis of how existing international law applies to cyberspace available to nations. The project leading to its publication, which brought together world-class international law experts, was directed by Professor Michael Schmitt of Exeter Law School.

In 2013, the first phase of the project, Tallinn Manual 1.0, was released. It dealt with how laws govern online warfare between nations. It has already influenced policymakers, lawyers and politicians in many nations. Now it has been updated to include guidance on how countries must operate in cyberspace during peace time.

The book, published by Cambridge University Press, is considered the most authoritative work on cyber behaviour. The project was informed by meetings Professor Schmitt his team had with officials from over 50 nations and international organizations, including China and Russia. This process was sponsored by the NATO Cooperative Cyber Defence Centre of Excellence and the Dutch Ministry of Foreign Affairs.

The book is being launched at events in Texas, Washington DC, the Hague, Tallinn and Canberra this month.

Professor Schmitt said: “We had verbal and written feedback from many government lawyers, which shows how important this work is to them. Among the key issues we addressed were sovereignty, human rights, and the legal responsibility of States for the actions of non-State actors, such as terrorists and hacker groups. Tallinn Manual 2.0 serves as a legal road map for assessing the cyber operations of other States under international law and crafting a legal response to them.”

“Of course different governments will have different views on how they should tackle these incidents, but they are obliged to respect law when they engage in cyber operations, whether offensive or defensive in nature.”


Date: 15 February 2017

Read more University News