The Tallinn Manual (Original title: Tallinn Manual on the International Law Applicable to Cyber Warfare) is an academic, non-binding study on how international law, in particular the jus ad bellum and international humanitarian law, apply to cyber conflicts and cyber warfare. The Tallinn Manual was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of approximately twenty experts between 2009 and 2012. The Tallinn Manual was published in April 2013 by Cambridge University Press.
In late 2009, the NATO Cooperative Cyber Defence Centre of Excellence convened an international group of legal scholars and practitioners to draft a manual addressing the issue of how to interpret international law in the context of cyber operations and cyber warfare. As such, it was the first effort to comprehensively and authoritatively analyse this topic and to bring some degree of clarity to the associated complex legal issues.
The authors of the Tallinn Manual, the so-called International Group of Experts, include highly respected legal scholars and legal practitioners with experience in cyber issues, who were throughout the duration of the project consulted by information technology specialists. The International Group of Experts was led by Professor Michael N Schmitt, Chairman of the International Law Department at the United States Naval War College, who also served as the Project Director. Other members of the International Group of Experts included Professor Wolff Heintschel von Heinegg from Viadrina European University, Air Commodore (ret.) William H. Boothby from the United Kingdom Royal Air Force, Professor Thomas C. Wingfield from the George C. Marshall European Center for Security Studies, Bruno Demeyere formerly from the Catholic University of Leuven, Professor Eric Talbot Jensen from Brigham Young University, Professor Sean Watts from Creighton University, Dr Louise Arimatsu from Chatham House, Captain (Navy) Geneviève Bernatchez from the Office of the Judge Advocate General of the Canadian Forces, Colonel Penny Cumming from the Australian Defence Force, Professor Robin Geiss from the University of Potsdam, Professor Terry D. Gill from the University of Amsterdam, Netherlands Defence Academy and Utrecht University, Professor Derek Jinks from the University of Texas, Professor Jann Kleffner from the Swedish National Defence College, Dr Nils Melzer from the Geneva Centre for Security Policy and Brigadier General (ret.) Kenneth Watkin from the Canadian Forces. Professor James Bret Michael from the United States Naval Postgraduate School and Dr Kenneth Geers and Dr Rain Ottis both previously from the NATO Cooperative Cyber Defence Centre of Excellence served as the technical advisors.
Three organisations were represented with observers throughout the drafting process: NATO through its Allied Command Transformation due to the relationship of the NATO Cooperative Cyber Defence Centre of Excellence with NATO, the International Committee of the Red Cross because of its “guardian” role of international humanitarian law, and United States Cyber Command due to its ability to provide the perspective of an operationally mature entity. To add to the Tallinn Manual’s academic credibility, prior to publication it was peer-reviewed by thirteen international legal scholars.
When the pre-publication draft of the Tallinn Manual was posted on the website of the NATO Cooperative Cyber Defence Centre of Excellence, it immediately drew the attention of the legal community as well as online media outlets reporting mainly on technology questions. Furthermore, after its official launch on March 15, 2013 at Chatham House, the issue of international law and how it governs cyber warfare, with references made to the Tallinn Manual, was widely discussed on the international media.
Although frequently referred to as a NATO manual, such claims are incorrect. The Tallinn Manual is an independent academic research representing only the views of its authors in their personal capacity. The manual does not represent the views of NATO or any other organisation or state, including those represented by the observers. However, being the first authoritative restatement of international law’s application and interpretation in the cyber context, it can be anticipated that the Tallinn Manual will have an effect on how states and organisations will formulate their approaches and positions in those matters.
The practice of producing non-binding manuals on the application of international humanitarian law is not new. The Tallinn Manual followed in the footsteps of earlier similar efforts, such as the International Institute of Humanitarian Law’s San Remo Manual on International Law Applicable to Armed Conflicts at Sea and the Harvard Program on Humanitarian Policy and Conflict Research’s Manual on International Law Applicable to Air and Missile Warfare.
The book is divided into so-called “black letter rules” and accompanying commentary. The rules are essentially restatements of international law in the cyber context, as understood and agreed by all the authors. Since the adoption of any rule required consensus among the authors, not including the observers, the commentary attached to each rule serves a critical purpose of outlining differences of opinion as to the precise application of the rules. The commentary also identifies the rules’ legal basis, explains their normative content, and addresses practical implications in the cyber context.
Tallinn 2.0 is the follow-on project to the “Tallinn Manual on the International Law Applicable to Cyber Warfare.” Designed to expand the scope of the original Tallinn Manual, Tallinn 2.0 will result in the second edition of the Tallinn Manual and be published by Cambridge University Press in 2016.
The focus of the original Tallinn Manual is on the most disruptive and destructive cyber operations – those that qualify as ‘armed attacks’ and therefore allow States to respond in self-defence, and those taking place during armed conflict. Since the threat of cyber operations with such consequences is especially alarming to States, most academic research has focused on these issues.
Yet, States are challenged daily by malevolent cyber operations that do not rise to the aforementioned levels. The Tallinn 2.0 project examines the international legal framework that applies to such cyber operations. The relevant legal regimes include the law of State responsibility, the law of the sea, international telecommunications law, space law, diplomatic and consular law, and, with respect to individuals, human rights law. Tallinn 2.0 also explores how the general principles of international law, such as sovereignty, jurisdiction, due diligence and the prohibition of intervention, apply in the cyber context.
Professor Michael Schmitt, a Senior Fellow at the Centre from the United States Naval War College and the University of Exeter, directs the Tallinn 2.0 project. Ms Liis Vihul of the Centre serves as the Project Manager, while a team of legal and IT experts from the Centre supports the effort. The expanded edition of the Tallinn Manual will, like its predecessor, represent only the views of the International Group of Experts, and not of NATO, the NATO CCD COE, its Sponsoring Nations, or any other State or organization.
- Schmitt, Michael N (Gen. ed.) (2013). Tallinn Manual on the International Law Applicable to Cyber Warfare. New York, United States of America: Cambridge University Press.
- "NATO - Topic: Centres of Excellence". Nato.int. 2012-07-30. Retrieved 2013-04-20.
- "News Release: Cyber Command Achieves Full Operational Capability". Defense.gov. Retrieved 2013-04-20.
- "CCD COE - The Tallinn Manual". Ccdcoe.org. Retrieved 2013-04-20.
- Boyle, Ashley (2012-09-24). "International law takes on cyber: significant challenges ahead - The Hill's Congress Blog". Thehill.com. Retrieved 2013-04-20.
- "Security Think Tank Analyzes How International Law Applies to Cyber War". SecurityWeek.Com. 2012-09-04. Retrieved 2013-04-20.
- "Politics". Mother Jones. Retrieved 2013-04-20.
- Nakashima, Ellen (2013-03-10). "In cyberwarfare, rules of engagement still hard to define - Washington Post". Articles.washingtonpost.com. Retrieved 2013-04-20.
- Mar 21, 2013 5:31 AM ET (2013-03-21). "Are there international rules for cyberwarfare? - World - CBC News". Cbc.ca. Retrieved 2013-04-20.
- Owen Bowcott, legal affairs correspondent (2013-03-18). "Rules of cyberwar: don't target nuclear plants or hospitals, says Nato manual | World news". London: The Guardian. Retrieved 2013-04-20.
- Technology (2013-03-19). "Rules of cyberwar set out for first time in Nato manual". London: Telegraph. Retrieved 2013-04-20.
- Koh, Harold Hongju. "International Law in Cyberspace: Remarks of Harold Koh". 54 Harv. Int'l L.J. Online 1 (2012). Retrieved 2013-04-20.
- Schmitt, Michael N. "International Law in Cyberspace: The Koh Speech and Tallinn Manual Juxtaposed". 54 Harv. Int'l L.J. Online 1 (2012). Retrieved 2013-04-20.
- Nato Cooperative Cyber Defence Centre of Excellence. "Tallinn 2.0", Retrieved on 18 June 2015.