In 2009 the NATO Cooperative Cyber Defence Center of Excellence (NATO CCD COE) asked a panel of international law experts to "apply standards of international law to a virtual battlefield." The panel released this report on March 28, 2013, as "an expression of opinions of a group of independent experts acting solely in their personal capacity."
Key conclusions, presented by the Atlantic Council, where the report was released:
- States may not knowingly allow cyber infrastructure located in their territory to be used for acts that adversely affect other States.
- States may be responsible for cyber operations directed against other States, even though those operations werenot conducted by the security agencies. In particular, the State itself will be responsible under international law for any actions of individuals or groups who act under its direction. For instance, a State that calls on hacktivists to conduct cyber operations against other States will be responsible for those actions as if it had conducted them itself.
- The prohibition on the use of force in international law applies fully to cyber operations. Though international law has no well-defined threshold for determining when a cyber operation is a use of force, the International Group of Experts agreed that, at a minimum, any cyber operation that caused harm to individuals or damage to objects qualified as a use of force.
- The International Group of Experts agreed that cyber operations that merely cause inconvenience or irritation do not qualify as uses of force.