The Tallinn Manual (originally entitled, Tallinn Manual on the International Law Applicable to Cyber Warfare) is an academic, non-binding study on how international law (in particular the jus ad bellum and international humanitarian law) applies to cyber conflicts and cyber warfare. Between 2009 and 2012, the Tallinn Manual was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of approximately twenty experts. In April 2013, the manual was published by Cambridge University Press.
In late 2009, the Cooperative Cyber Defence Centre of Excellence convened an international group of legal scholars and practitioners to draft a manual addressing the issue of how to interpret international law in the context of cyber operations and cyber warfare. As such, it was the first effort to analyse this topic comprehensively and authoritatively and to bring some degree of clarity to the associated complex legal issues.
Collectively calling themselves the International Group of Experts, the authors of the Tallinn Manual include highly respected legal scholars and legal practitioners with experience in cyber issues who were consulted throughout the duration of the project by information technology specialists. The group was led by Professor Michael N. Schmitt, chairman of the international law department at the United States Naval War College, who also served as the project director. Other members of the group included Professor Wolff Heintschel von Heinegg from Viadrina European University, Air Commodore (ret.) William H. Boothby from the United Kingdom Royal Air Force, Professor Thomas C. Wingfield from the George C. Marshall European Center for Security Studies, Bruno Demeyere formerly from the Catholic University of Leuven, Professor Eric Talbot Jensen from Brigham Young University, Professor Sean Watts from Creighton University, Dr. Louise Arimatsu from Chatham House, Captain (Navy) Geneviève Bernatchez from the office of the judge advocate general of the Canadian Forces, Colonel Penny Cumming from the Australian Defence Force, Professor Robin Geiss from the University of Potsdam, Professor Terry D. Gill from the University of Amsterdam, Netherlands Defence Academy, and Utrecht University, Professor Derek Jinks from the University of Texas, Professor Jann Kleffner from the Swedish National Defence College, Dr. Nils Melzer from the Geneva Centre for Security Policy, and Brigadier General (ret.) Kenneth Watkin from the Canadian Forces. The technical advisors were Professor James Bret Michael from the United States Naval Postgraduate School as well as Dr. Kenneth Geers and Dr. Rain Ottis, both of whom previously were associated with the NATO Cooperative Cyber Defence Centre of Excellence.
Three organisations were represented by observers throughout the drafting process: NATO through its Allied Command Transformation due to the relationship of the NATO Cooperative Cyber Defence Centre of Excellence with NATO, the International Committee of the Red Cross because of its “guardian” role of international humanitarian law, and United States Cyber Command due to its ability to provide the perspective of an operationally mature entity. To add to the academic credibility of the Tallinn Manual, prior to publication it was peer-reviewed by thirteen international legal scholars.
When a draft of the Tallinn Manual was posted on the web site of the NATO Cooperative Cyber Defence Centre of Excellence, it immediately drew the attention of the legal community as well as online media outlets reporting mainly on technology questions. Furthermore, after its official publication on March 15, 2013 at Chatham House, the issue of international law and how that governs cyber warfare was discussed widely among international media with references to the manual.
Although frequently referred to as a NATO manual, this is incorrect. The Tallinn Manual is an independent academic research product representing only the views of its authors in their personal capacity. The manual does not represent the views of NATO nor any other organisation or state, including those represented by the observers. Being the first authoritative restatement of the application and interpretation of international law in the cyber context, however, it may be anticipated that the manual will have an effect on how states and organisations will formulate their approaches and positions in those matters.
The practice of producing non-binding manuals on the application of international humanitarian law is not new. The Tallinn Manual followed in the footsteps of similar efforts, such as the International Institute of Humanitarian Law’s San Remo Manual on International Law Applicable to Armed Conflicts at Sea and the Harvard Program on Humanitarian Policy and Conflict Research’s Manual on International Law Applicable to Air and Missile Warfare.
The manual is divided into sections referred to as “black letter rules” and their accompanying commentary. Essentially, the rules are restatements of international law in the cyber context, as understood and agreed to, by all of the authors. Since the adoption of any rule required consensus among the authors (not including the observers) the commentary attached to each rule serves a critical purpose of outlining differences of opinion as to the precise application of the rule. The commentary also identifies the legal basis of the rules, explains their normative content, and addresses practical implications in the cyber context.
Tallinn 2.0, which followed the original manual, was designed to expand the scope of the Tallinn Manual. Tallinn 2.0 was released in February 2017 and published by Cambridge University Press in the form of a book.
The focus of the original Tallinn Manual is on the most disruptive and destructive cyber operations—those that qualify as ‘armed attacks’ and therefore allowing states to respond in self-defense—and those taking place during armed conflict. Since the threat of cyber operations with such consequences is especially alarming to states, most academic research has focused on these issues. Tallinn 2.0 refers to cyber "operations" as opposed to cyber "conflict" from the original Tallinn Manual.
States are challenged daily, however, by malevolent cyber operations that do not rise to the aforementioned level. The Tallinn 2.0 project examines the international legal framework that applies to such cyber operations. The relevant legal regimes include the law of state responsibility, the law of the sea, international telecommunications law, space law, diplomatic and consular law, and, with respect to individuals, human rights law. Tallinn 2.0 also explores how the general principles of international law, such as sovereignty, jurisdiction, due diligence, and the prohibition of intervention, apply in the cyber context.
A senior fellow at the centre, Professor Michael Schmitt from the United States Naval War College and the University of Exeter, directs the Tallinn 2.0 project. Ms. Liis Vihul of the centre serves as its project manager. A team of legal and IT experts from the centre supports the effort. Similarly to its predecessor, the expanded edition of the Tallinn Manual will represent only the views of the International Group of Experts, but not of NATO, the NATO CCD COE, its sponsoring nations, nor any other state or organization.
- Schmitt, Michael N (Gen. ed.) (2013). Tallinn Manual on the International Law Applicable to Cyber Warfare. New York, United States of America: Cambridge University Press.
- "NATO – Topic: Centres of Excellence". Nato.int. 2012-07-30. Retrieved 2013-04-20.
- "News Release: Cyber Command Achieves Full Operational Capability". Defense.gov. Retrieved 2013-04-20.
- "The Tallinn Manual". Ccdcoe.org. Archived from the original on 2013-04-24. Retrieved 2013-04-20.
- Boyle, Ashley (2012-09-24). "International law takes on cyber: significant challenges ahead". Thehill.com. Retrieved 2013-04-20.
- "Security Think Tank Analyzes How International Law Applies to Cyber War". SecurityWeek.Com. 2012-09-04. Retrieved 2013-04-20.
- "Politics". Mother Jones. Retrieved 2013-04-20.
- Nakashima, Ellen (2013-03-10). "In cyberwarfare, rules of engagement still hard to define". Articles.washingtonpost.com. Retrieved 2013-04-20.
- Mark Gollom (2013-03-21). "Are there international rules for cyberwarfare?". CBC News. Retrieved 2013-04-20.
- Owen Bowcott, legal affairs correspondent (2013-03-18). "Rules of cyberwar: don't target nuclear plants or hospitals, says Nato manual | World news". London: The Guardian. Retrieved 2013-04-20.
- Technology (2013-03-19). "Rules of cyberwar set out for first time in Nato manual". London: Telegraph. Retrieved 2013-04-20.
- Koh, Harold Hongju (2012). "International Law in Cyberspace: Remarks of Harold Koh". 54 (1). Harv. Int'l L.J. Online. Retrieved 2013-04-20.
- Schmitt, Michael N (2012). "International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed". 54 (1). Harv. Int'l L.J. Online. Retrieved 2013-04-20.
- Cambridge University Press, February 2017
- Leetaru, Kalev. Forbes. "What Tallinn Manual 2.0 teaches us about the new cyber order." Retrieved 15 June, 2017
- Nato Cooperative Cyber Defence Centre of Excellence. "Tallinn 2.0", Retrieved on 18 June 2015.