Fact-checked by Grok 2 weeks ago

Tallinn Manual

The Tallinn Manual is a series of non-binding scholarly manuals articulating the application of existing to operations, from peacetime incidents to those occurring during armed conflict. Developed at the invitation of the NATO Cooperative Defence Centre of Excellence (CCDCOE) in , , but independent of doctrine or any state's position, the project reflects the consensus views of an international group of legal experts comprising scholars and practitioners. The initial edition, published in 2013 as the Tallinn Manual on the International Law Applicable to Cyber Warfare, focused primarily on severe cyber operations akin to armed attacks, addressing key principles such as , , and the thresholds for and jus in bello in the cyber domain. Edited by Michael N. Schmitt of the United States Naval War College, it was prepared through closed-door workshops emphasizing as it stood at the time, without proposing new rules or treaties. The expanded Tallinn Manual 2.0, released in 2017 and also edited by Schmitt, broadened the scope to encompass routine activities below threshold, including issues like countermeasures, in , and or air applied to cyber means. This edition incorporated a more diverse expert panel to mitigate earlier critiques of Western or NATO-centric perspectives in the original, though it maintains a policy-neutral stance and disclaims representation of any organization's views. A third iteration, Tallinn Manual 3.0, launched in 2021 as a multi-year project, aims to update rules amid evolving threats and incorporate broader stakeholder input. Though not legally authoritative, the manuals have exerted significant influence on policymakers, legal advisors, and discourse, serving as a reference for interpreting ambiguous areas like attribution and without altering treaty obligations. Critics, however, have noted that some rules assert interpretations of unsettled —such as the precise threshold for operations qualifying as ""—potentially overreaching consensus, particularly given the expert group's composition and the absence of state .

Origins and Development

Inception of the Project

The Cooperative Cyber Defence Centre of Excellence (CCDCOE), established in , , in 2008 following the widespread distributed denial-of-service (DDoS) cyberattacks against and private sector targets in April–May 2007—widely attributed to Russian actors—sought to address escalating uncertainties in applying to state-sponsored cyber operations. These incidents highlighted the vulnerability of to non-kinetic attacks and the absence of tailored legal frameworks, prompting member states to accredit the CCDCOE as an international military organization focused on cyber defense research and training. By late 2009, amid growing recognition of cyber domains as arenas for potential armed , the CCDCOE initiated a project to clarify the applicability of existing , particularly the of armed (jus in bello), to cyber warfare scenarios. The project convened an informal international group of legal experts under the leadership of Michael N. Schmitt, a of public at the and director of the Tallinn Manual effort, to produce a restatement of pertinent rules rather than propose new treaty-based norms. Schmitt's team emphasized that the manual would not bind states but serve as an academic and advisory tool to interpret established principles—such as those in the and customary —for cyber contexts where physical effects mimic kinetic operations. This approach aimed to bridge interpretive gaps without overstepping into codification, reflecting the CCDCOE's role as a NATO-affiliated yet academically independent entity funded through voluntary contributions from sponsoring nations including , the , and . Hosted in to leverage the CCDCOE's expertise post-Estonian attacks, the initiative responded to broader early 21st-century trends in threats, including and operations that blurred lines between peacetime activities and acts of force, without creating bespoke cyber-specific law. The project's non-governmental character ensured diverse expert input while maintaining fidelity to state practice and opinio juris, prioritizing empirical application over normative innovation.

Publication of Tallinn Manual 1.0

The Tallinn Manual 1.0 emerged from a drafting process initiated in late 2009 by the Cooperative Cyber Defence Centre of Excellence (CCDCOE) in , , where an international group of legal experts convened to identify norms governing cyber operations in armed conflict. Over the subsequent four years, through iterative workshops and deliberations, the experts built consensus on applying existing to cyber warfare, focusing exclusively on (law on the resort to force) and jus in bello ( during conflict). The process emphasized restatement of established rules rather than innovation, culminating in the manual's finalization and in 2013 by . The publication features 95 black-letter rules, presented in bold text, that extend principles like distinction between and civilian objects, in attacks, and to operations. attacks are treated analogously to kinetic strikes when they produce physical damage or effects equivalent to an armed attack under Article 51 of the UN Charter, triggering and potential responses. Initial dissemination occurred via the CCDCOE, positioning the manual as an advisory tool for and legal practitioners rather than a binding instrument. As a scholarly restatement, the Tallinn Manual 1.0 explicitly disclaims legal force, serving non-binding guidance derived from consensus among participants while clarifying it does not reflect doctrine or state positions.

Expansion to Tallinn Manual 2.0

Following the publication of Tallinn Manual 1.0, which confined its analysis to applicable during armed conflict, the project initiators recognized limitations in addressing the preponderance of state-sponsored cyber incidents occurring outside wartime contexts. Critics noted that 1.0's narrow scope overlooked peacetime cyber operations, such as or below the use-of-force threshold, thereby failing to provide guidance for routine state interactions in . In response, development of an expanded edition commenced in under the auspices of the Cooperative Cyber Defence Centre of Excellence, aiming to encompass the entirety of relevant to cyber operations, including , non-intervention, and obligations during peacetime. To bolster the manual's perceived authority and mitigate accusations of Western dominance in its composition—evident in 1.0's predominantly NATO-aligned experts—the 2.0 process incorporated broader international input. The core International Group of Experts, numbering around 20 specialists in international law, was supplemented by over 50 peer reviewers drawn from every continent, including representatives from Asian nations previously underrepresented. This diversification sought to enhance legitimacy amid geopolitical sensitivities, though the group retained a focus on established legal scholarship rather than consensus-building with non-participating states. Sections of draft rules were shared with states for feedback, further distinguishing 2.0's methodology from its predecessor's more insular approach. The resulting Tallinn Manual 2.0 was released in February 2017 by , featuring 154 black-letter rules that extended coverage to cyber activities in both and , with commentaries elucidating applications to concepts like cyber-induced violations. This expansion addressed prior gaps by integrating and general principles, though it maintained the non-binding restatement format without formal state endorsement.

Expert Group and Methodology

Composition and Selection of Experts

The Tallinn Manual 1.0 was drafted by an International Group of Experts comprising approximately 20 independent legal academics and practitioners specializing in , , and related disciplines. These experts were selected by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) based on their demonstrated expertise, with participants acting solely in personal capacities to preserve the project's non-governmental and apolitical character; no official state representatives were included. The group was predominantly drawn from and states, such as the , , and various European nations, which some observers have noted as contributing to a Western-centric perspective in the initial edition. Michael N. Schmitt, a at the Naval War College, served as general editor, coordinating the effort while emphasizing anonymous contributions during drafting sessions to minimize influences from national affiliations or institutional pressures. This approach aimed to prioritize scholarly consensus over geopolitical alignments, though the composition's alignment with NATO-hosting institutions raised questions about inherent viewpoint homogeneity among contributors. For Tallinn Manual 2.0, published in 2017, the core International Group of Experts expanded to 19 members to address prior criticisms of limited diversity, incorporating scholars and practitioners from over 40 countries, including non-Western participants from nations such as , , and . Selection continued under CCDCOE auspices through targeted invitations, drawing on nominations from international legal networks and prioritizing expertise in broader domains beyond armed conflict; the process maintained the exclusion of state officials to uphold independence. Schmitt retained his role as general editor, with drafting anonymity preserved to foster unbiased deliberation, while supplementary from over 50 additional global experts further diversified inputs without altering the non-binding, expert-driven nature.

Restatement Approach and Non-Binding Nature

The Tallinn Manual adopts a restatement approach, articulating black-letter rules that represent an objective synthesis of the lex lata—the as it exists—applicable to operations, without proposing novel norms or lex ferenda. This methodology involves rigorous analysis of primary sources, including treaty law such as the UN Charter and the 1949 , alongside evidenced by state practice, opinio juris, military manuals from states like the and , and interpretive aids like the International Committee of the Red Cross's Customary International Humanitarian Law Study. The experts deliberately avoided creating new law, focusing instead on clarifying how established rules extend to through first-principles application to verifiable facts of cyber conduct, ensuring fidelity to sources rather than policy-driven innovation. Rule formulation proceeds through a consensus-driven process among an comprising independent scholars and practitioners, convened in multiple plenary sessions to debate and approve formulations reflecting majority agreement on the of the . Where full consensus is absent, the commentaries incorporate dissenting or minority views via footnotes or dedicated sections, presenting all reasonable interpretations without implying endorsement by individual experts or the group as a whole. This approach maintains transparency and scholarly integrity, distinguishing the Manual from advocacy-oriented efforts by privileging empirical alignment with and positions over speculative extensions. As a non-binding scholarly instrument, the Tallinn Manual eschews any pretense of legal authority or treaty-like status, explicitly designed to provide operational guidance for military and policy advisors without imposing obligations on states or organizations. Its expert-driven character—free from governmental direction—sets it apart from state-led initiatives like the Group of Governmental Experts (UN GGE), which involve official representatives and may influence normative development through inter-state consensus but lack the Manual's independence from political agendas. This positioning enhances its utility as a neutral reference for national doctrines, fostering clarity in cyber operations while sidestepping the binding implications that could arise from multilateral negotiations.

Structure and Format

Black-Letter Rules and Commentary

The Manuals adopt a consistent format featuring concise black-letter rules—normative statements of adapted to cyber operations—presented in bold for clarity, followed by detailed commentary. This structure facilitates precise restatement of legal principles while providing interpretive depth. Commentaries substantiate each rule through first-principles analysis of existing law, frequently employing analogies between cyber effects and those of conventional physical operations to bridge novel digital contexts with established precedents. They incorporate hypothetical scenarios depicting potential cyber incidents to illustrate rule application, alongside cross-references to foundational instruments such as the UN Charter and , ensuring traceability to verifiable sources. Tallinn Manual 1.0 contains 95 black-letter rules organized across thematic chapters, a count expanded to 154 in while preserving the unaltered rule-commentary paradigm. Intended for legal practitioners and policymakers, the manuals enhance accessibility via print editions from and digital resources hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE).

Evolution Across Versions

The Tallinn Manual 1.0, published in 2013, employed a structured format of 95 black-letter rules, each paired with detailed commentaries, primarily addressing the application of and to cyber operations qualifying as warfare or armed conflict. This rule-commentary approach aimed to restate existing without proposing new norms, focusing on doctrinal thresholds like the and self-defense in response to severe cyber incidents. In response to doctrinal shifts recognizing the prevalence of lower-intensity cyber operations short of armed conflict, Tallinn Manual 2.0, released in 2017, retained the core rule-commentary format but expanded to 154 black-letter rules, introducing a dedicated peacetime section with more granular sub-rules to accommodate challenges such as attribution in or state-proximal cyber activities. These adaptations reflected technological advancements enabling persistent, below-threshold intrusions, while commentaries incorporated broader references to state practice and public positions to enhance perceived legitimacy amid critiques of the first edition's perceived Western bias and limited sourcing. The ongoing Tallinn Manual 3.0 project, initiated in as a five-year effort, preserves the established black-letter rule and commentary structure to ensure continuity, while revising chapters and integrating updated examples drawn from evolving cyber threats, including potential AI-enabled operations, to align with post-2017 technological and doctrinal developments like tactics. This format evolution prioritizes adaptability without altering the non-binding restatement methodology, addressing prior legitimacy concerns through increased multi-stakeholder input and state perspectives in commentaries.

Legal Scope and Key Provisions

Application to Cyber Warfare in 1.0

The Tallinn Manual 1.0 applies the law of armed conflict, as codified in instruments such as the Geneva Conventions and Additional Protocol I (AP I), to cyber operations conducted during international armed conflicts, treating them analogously to kinetic operations when they produce comparable physical effects. It posits that cyber operations qualify for regulation under these rules only if an armed conflict exists, excluding peacetime activities, and emphasizes empirical assessment of effects rather than the medium of delivery. The manual's experts, drawing on customary international law, argue that the threshold for applicability mirrors traditional warfare thresholds, such as those under Article 2 common to the Geneva Conventions, requiring organized armed forces and protracted hostilities involving cyber means. Central to this framework is , which defines a cyber "attack" by reference to Article 49(1) of AP I as acts intended to cause violence against the adversary, specifically cyber operations reasonably expected to result in physical injury or death to persons, or damage or destruction to objects. Mere disruption, such as data deletion without physical consequences, does not qualify, privileging verifiable causal links to harm over abstract threats. The worm, deployed around 2009–2010 to sabotage Iranian nuclear centrifuges by inducing mechanical failure, serves as a in the manual's commentary: its physical destruction of approximately 1,000 centrifuges met the injury/damage criterion, potentially constituting an attack if attributable to a state during conflict. Subsequent rules adapt targeting principles to cyber contexts, mandating distinction between military objectives and civilians (Rule 38, per AP I Article 48), proportionality assessments weighing anticipated military advantage against incidental civilian harm (Rule 39, per AP I Article 51(5)(b)), and precautions such as target verification and means selection to minimize collateral effects (Rules 53–56). State responsibility for such operations follows the International Law Commission's Articles on State Responsibility (2001), requiring attribution through effective control or direction over non-state actors conducting cyber acts (Rules 6–11). The manual addresses causality in complex cyber chains, such as self-propagating , by attributing to the initiator for foreseeable during transit or propagation, akin to errant munitions in (Rule 40). For instance, unintended infections via worm-like spread must factor into calculations, but only physical effects trigger full LOAC obligations, underscoring the manual's reliance on observable outcomes over intent alone. This approach excludes economic or informational disruptions absent physical harm, maintaining a grounded in AP I's violence-based definition.

Peacetime Operations and Broader Scope in 2.0

The Tallinn Manual , published in 2017, broadens the scope of its 154 black-letter rules to encompass cyber operations in peacetime, including those below the threshold of armed conflict or , thereby addressing gaps in the first edition's focus on cyber warfare during hostilities. This expansion applies core principles of , such as and non-intervention, to scenarios like unauthorized network intrusions or influence operations, while clarifying that mere —without in sovereign functions—does not inherently violate if conducted remotely without physical effects or loss of functionality. Rule 4 explicitly prohibits States from conducting cyber operations that breach another State's , exemplified by actions causing physical damage to , substantial loss of functionality in critical systems, or with a target State's authority over its territory, such as unconsented server intrusions into government networks that disrupt sovereign prerogatives. The principle of non-intervention receives detailed treatment under Rule 66, which bars States from coercing or compelling another State's internal or external affairs through means, including operations that undermine political , such as election-related involving or campaigns aimed at influencing electoral outcomes. Unlike sovereignty violations, which emphasize , non-intervention focuses on the coercive element of the operation; for instance, cyber activities that dictate or substantially impair a target State's domain over matters like democratic processes—without necessarily causing physical harm—may cross this threshold if they effectively compel policy changes. The Manual distinguishes these from permissible activities, like passive gathering, but notes that the line blurs when operations escalate to affect decision-making. Regarding the prohibition on the in Article 2(4) of the UN Charter, the experts determine that operations qualify only if their scale and effects approximate traditional kinetic uses of , such as widespread disruption equivalent to a or bombardment; mere economic harm or data alteration, absent severe physical consequences, falls short. An "armed attack"—triggering the right to under Article 51—demands even higher severity, like causing death, injury, or extensive destruction comparable to non- attacks. In peacetime contexts, responses to unlawful operations below this threshold may include lawful countermeasures, such as reciprocal actions or diplomatic reprisals, provided they are proportionate, temporary, and aimed at inducing compliance rather than punishment. Attribution poses persistent challenges in peacetime scenarios, as cyber operations often leverage anonymity tools, but the Manual requires States to rely on a confluence of technical forensic (e.g., malware signatures or IP tracing) and legal indicators (e.g., patterns of state-like sophistication) without presuming for s absent direction, control, or acknowledgment. Rule 17 specifies that conduct is attributable to a only if the actors operate under the State's instructions or effective control, rejecting broader theories like mere support or acquiescence as sufficient for ; this approach aligns with International Law Commission Articles on but underscores evidentiary hurdles in distinguishing proxies from independent hackers.

Emerging Topics for 3.0

In 2021, the Cooperative Cyber Defence Centre of Excellence (CCDCOE) launched the Tallinn Manual 3.0 project as a five-year initiative to revise all chapters of the 2017 Tallinn Manual and integrate new sections addressing operations post-2017. The effort, directed by an international group of experts led by Michael Schmitt, focuses on updating black-letter rules to reflect state practice, official positions from international organizations, and lessons from incidents like state-sponsored compromises. Key revisions target , evaluating whether it constitutes a standalone prohibiting non-consensual intrusions into foreign systems or merely a , based on divergent state views such as the United Kingdom's rejection of a strict sovereignty norm. will incorporate challenges from proxy operations and advanced persistence threats, emphasizing evidentiary standards derived from real-world forensic analyses. Emerging domains include AI-driven operations, where autonomous agents complicate , and hybrid threats blending effects with or kinetic actions, as observed in conflicts like those between and . The project extends coverage to non-state actors' peacetime activities below the use-of-force threshold and cyber operations' indirect consequences, such as from or economic via . Unlike prior editions, it prioritizes state input through dedicated consultations and workshops hosted by governments, aiming to align interpretations with causal chains in incidents rather than abstract theory, thereby increasing practical applicability. As of October 2025, no final text has been released, with drafts under refinement via expert and state feedback mechanisms; publication is anticipated in early 2026 by .

Reception and Influence

Impact on State Policies and Military Doctrine

The Tallinn Manual has shaped U.S. Department of Defense approaches to cyber operations by serving as a referenced resource in official guidance for legal advising and standards applicable to cyber activities, including partnerships with foreign entities. Within , the manual informs training programs and exercises at the Cooperative Cyber Defence Centre of Excellence (CCDCOE), such as the annual Cyber Coalition exercise, where it provides frameworks for applying to cyber defense scenarios. Allied military doctrines have explicitly incorporated its provisions; for example, France's Manual on the Law of Military Operations and Denmark's military manual cite Tallinn Manual 2.0 for rules on cyber and thresholds. Similarly, Germany's and New Zealand's official manuals on the law of armed conflict reference as a source for cyber-specific interpretations. In the , discussions surrounding the 2021 cyber power vision and strategy have drawn on the manual's guidance for aligning responses to cyber incidents with , including thresholds for attribution and countermeasures. Adoption in non-Western militaries shows limited direct integration into state policies or doctrines, occurring mainly through scholarly analysis rather than official endorsement, as perspectives from states like and highlight concerns over the manual's alignment with their views on cyber sovereignty.

Use in International Forums and Scholarship

The Tallinn Manual has informed discussions within international forums, notably through alignments with United Nations Group of Governmental Experts (GGE) reports on cyberspace. The 2015 GGE report, for example, echoes principles from the Manual's rules on state sovereignty and due diligence, such as the consensus on applying international law to cyber operations affecting critical infrastructure. Similarly, subsequent GGE outputs, including those from 2013 and 2021, reference established legal principles that parallel the Manual's black-letter rules on jurisdiction and targeting, facilitating state deliberations on cyber norms without establishing binding precedents. In scholarship and publications, the Manual provides analytical frameworks for evaluating operations under existing , aiding explorations of voluntary restraints like . Works from institutions such as the Cooperative Cyber Defence Centre of Excellence highlight its role in clarifying norms amid sparse treaty law, emphasizing causal assessments of effects from intrusions. articles and policy papers frequently cite it to dissect peacetime activities, distinguishing attributable state actions from mere technical exploits. Analyses of specific incidents, such as the 2020 supply chain compromise attributed to Russian actors, have applied the Manual's criteria for breaches—requiring physical damage or functional loss—to argue thresholds for illegality, informing scholarly debates on attribution and countermeasures. As a restatement of , it benchmarks potential customary by synthesizing expert consensus on rules like non-intervention, yet relies on empirical state practice for validation rather than supplanting it.

Criticisms and Controversies

Legitimacy Challenges and State Reservations

The Tallinn Manual's status as a non-binding scholarly compilation, produced by an international group of experts under the auspices of the Cooperative Cyber Defence Centre of Excellence, has engendered skepticism regarding its legitimacy as a authoritative interpretation of applicable to cyber operations. Unlike treaties or state-endorsed declarations, it lacks formal or endorsement by governments, positioning it instead as a restatement of lex lata derived from expert consensus rather than sovereign consent. This expert-driven origin underscores a tension with principles of state sovereignty in formation, where binding norms typically emerge from diplomatic agreements or consistent state practice, not academic panels. Certain states, including Russia, have dismissed the manual as a NATO-aligned initiative masquerading as neutral scholarship, despite the inclusion of non-NATO experts in subsequent editions. Russian critiques portray it as advocacy for Western interests in cyber governance, reflecting broader geopolitical distrust of NATO-sponsored outputs. Similarly, China has participated in expanded expert groups for Tallinn Manual 2.0 but maintains reservations about its perceived bias toward NATO perspectives on sovereignty and cyber operations. These views highlight how the manual's institutional ties undermine claims of universality, with non-Western states prioritizing sovereign control over cyberspace norms. Empirical assessments of state behavior reveal limited alignment with the manual's rules, as evidenced by analyses of operations. For instance, an examination of eleven prominent incidents demonstrates that states selectively invoke or deviate from the manual's interpretations, indicating low formal endorsement and reliance on interests over guidance. This pattern aligns with Article 38(1)(d) of the Statute of the , which deems teachings of publicists—such as those in the Tallinn Manual—a means for ascertaining rules of , secondary to treaties and customary practices rooted in widespread state conduct and opinio juris. Absent robust state practice, the manual's remains aspirational rather than prescriptive, reinforcing calls for multilateral state-led processes to validate norms.

Disputes Over Specific Interpretations

One key dispute concerns the criteria for qualifying operations as an "armed attack" under Article 51 of the UN Charter, with the Tallinn Manual 2.0 adopting an effects-based approach focused on scale and effects akin to the ICJ's judgment, rather than the nature of the instrument employed. Critics contend this undervalues non-physical , such as destruction without kinetic equivalence, rendering it descriptive of but not prescriptive for contexts, and potentially unworkable given the difficulty in assessing equivalent effects. Some argue it lowers escalation barriers by permitting aggressors to conduct cumulative "pin-prick" operations below the —inflicting ongoing without triggering lawful —contrary to the Charter's intent to restrain force while preserving inherent rights. A related contention involves the Manual's application of sovereignty rules to cyber intrusions, particularly whether mere constitutes a violation of . The majority expert view in Tallinn Manual 2.0 holds that remote of , absent physical damage, loss of functionality, or significant interference with control, does not breach , reflecting customary acceptance of absent coercive effects. A minority of experts dissented, positing that sufficiently severe —such as prolonged extraction of secrets undermining —might cross into violation regardless of physical impact, drawing on broader notions of as exclusive functional control. Challenges to this framework highlight its potential overbreadth if extended to low-intensity operations like scanning or copying, which some states and analysts reject as establishing an independent rule unsupported by uniform or opinio juris. Commentaries accompanying the Manual's rules reveal further tensions, with dissenting notes emphasizing deterrence imperatives over strictly restrictive readings; for instance, unconsented operations by foreign military assets in may warrant in combined scenarios, prioritizing operational realities against formalistic non-effects thresholds to avoid incentivizing undetected escalation. These realist-leaning critiques argue that overly cautious interpretations, by constraining proportionate responses to sub-threshold threats, erode incentives for restraint and risk normalizing persistent low-level , as evidenced in state responses to undeclared campaigns.

Concerns Regarding Western-Centric Perspectives

The Tallinn Manual 1.0 was drafted by an international group of 19 experts, the majority of whom hailed from Western nations including the , , and NATO allies such as the and , resulting in a framework heavily oriented toward law of armed conflict (LOAC) principles rooted in Western legal traditions like the . This composition has been faulted for sidelining non-interventionist doctrines prevalent in authoritarian states, where is construed in absolutist terms—encompassing strict against any foreign cyber intrusion, irrespective of kinetic effects or intent—as articulated in positions advanced by and favoring comprehensive cyber controls. Such perspectives, which prioritize state control over domestic digital infrastructure to preclude external interference, contrast sharply with the Manual's qualified approach to violations, often requiring demonstrable harm akin to physical breaches, thereby potentially accommodating or disruptive operations below traditional use-of-force thresholds. Critics argue that the Manual's analogies to exacerbate this imbalance by analogizing cyber effects to physical violence for concepts like "" under LOAC, yet underemphasizing 's inherent features of deniability and attribution difficulty, which enable persistent, asymmetric operations without clear escalation to armed conflict. These attributes, rooted in the non-physical, reversible nature of many cyber intrusions, allow technologically advanced actors—disproportionately —to pursue offensive strategies with reduced risk of retaliation, while states advocating absolutism view such analogies as ill-suited to cyberspace's causal dynamics, where low-visibility intrusions erode territorial control without mirroring kinetics. Subsequent editions attempted broader input, with Tallinn Manual 2.0 incorporating a secondary to address prior critiques of Western dominance, yet the project's origination under the NATO Cooperative Cyber Defence Centre of Excellence—a -accredited entity in —has sustained perceptions of partiality among non-aligned states, undermining claims to global applicability despite expanded expert diversity. This hosting arrangement reinforces skepticism from sovereignty-focused regimes, which interpret the Manual's LOAC-centric lens as predisposed to permissive norms benefiting alliance-based offensive postures over stringent non-intervention barriers.

References

  1. [1]
    The Tallinn Manual - CCDCOE
    The Tallinn Manual has become an influential resource for legal advisers and policy experts dealing with cyber issues.
  2. [2]
    Tallinn Manual 2.0 on the International Law Applicable to Cyber ...
    General editor Michael N. Schmitt, United States Naval War College, Newport, Rhode Island. Publisher: Cambridge University Press.
  3. [3]
    A Warning About Tallinn 2.0 … Whatever It Says - Lawfare
    Jan 4, 2017 · By its terms, the Manual draws some very firm legal conclusions that simply are not settled under international law. On a macro level, the ...
  4. [4]
    Introduction - Tallinn Manual on the International Law Applicable to ...
    Introduction. Published online by Cambridge University Press: 05 March 2013. By. Michael N. Schmitt.
  5. [5]
    The Tallinn Manual as an international event
    Aug 8, 2013 · This was a result of the collective work of a group of experts led by professor Michael Schmitt from the United States Naval War College.Missing: inception | Show results with:inception
  6. [6]
    Tallinn Manual & Primary Law Applicable to Cyber Conflicts
    Jul 9, 2025 · This guide covers resources on various aspects of cyberspace law, including Internet governance, electronic commerce, privacy, cyber crime, cyber warfare, and ...
  7. [7]
    Tallinn Manual on the International Law Applicable to Cyber Warfare
    ... Tallinn Manual identifies the international law applicable to cyber warfare and sets out ninety-five 'black-letter rules' governing such conflicts. It ...
  8. [8]
    Tallinn 2.0 and a Chinese View on the Tallinn Process - Lawfare
    May 31, 2015 · Version 2.0 picks up where Version 1.0 left off, and will set forth the experts' views on what international law applies to cyber activity that falls below the ...
  9. [9]
    [PDF] The Tallinn Manual 2.0: Highlights and Insights - Georgetown Law
    This Article will briefly summarize the key points in the Tallinn. Manual 2.0 (the Manual), including identifying some of the most important areas of non ...
  10. [10]
    Tallinn Manual 2.0 on the International Law of Cyber Operations
    Feb 9, 2017 · In addition to State engagement, sections of the manual were sent out to over 50 expert peer reviewers from every continent for comment. Further ...Missing: diversity | Show results with:diversity
  11. [11]
    Tallinn Manual 2.0 clarifies cyber rules in peace, conflict short of war
    Feb 3, 2017 · Authored by 19 international law experts, the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations was published ...Missing: diversity | Show results with:diversity<|separator|>
  12. [12]
    [PDF] Tallinn Manual on the International Law Applicable to Cyber Warfare ...
    scholars and practitioners, the Tallinn Manual identifies the international law applicable to cyber warfare and sets out ninety-five 'black-letter rules'.Missing: process | Show results with:process
  13. [13]
    [PDF] Tallinn Manual on the International Law Applicable to Cyber Warfare
    Terminology posed a particular obstacle to the drafting of the Tallinn. Manual. Many words and phrases have common usage, but also have specific military or ...<|separator|>
  14. [14]
    Q & A with Mike Schmitt about the status of Tallinn 3.0 – Lawfire
    Oct 3, 2021 · ... 2025? The NATO CCD COE launched the Tallinn Manual 3.0 project early this year, with a goal of completion in not more than five years.Missing: inception | Show results with:inception
  15. [15]
    [PDF] Debugging the Tallinn Manual 2.0's Application of the Due Diligence ...
    Apr 1, 2019 · In addition to the analogy to composite armed attacks, adopting aggregation is justified by the uncertainty of the harm created by Botnets. As.
  16. [16]
    [PDF] Autonomous Cyber Capabilities under International Law - CCDCOE
    The CCDCOE is home to the Tallinn Manual 2.0, the most comprehensive guide on how In- ternational Law applies to cyber operations. The Centre organises the ...
  17. [17]
    [PDF] TALLINN MANUAL 2.0 - International Law Moot Court
    Tallinn Manual 2.0 expands on the highly influential first edition by extending its coverage of the international law governing cyber warfare.
  18. [18]
    [PDF] Tallinn Manual
    In 2009, the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD. COE), an international military organisation based in Tallinn, Estonia, and ...
  19. [19]
    [PDF] The International Framework for Cyber-Attacks Under the Rules of ...
    Jul 2, 2025 · Law Application to Cyber Attack: The Status Of Rule 30 Tallinn Manual 1.0. ... Notion of Cyber Attack under Article 49 of Additional Protocol I.
  20. [20]
    [PDF] Stuxnet - CCDCOE
    The earliest samples dated back to June 2009. The first wave of Stuxnet attacks probably started at this time (consisting of 10 initial infections targeting ...
  21. [21]
    Sovereignty (Chapter 1) - Tallinn Manual 2.0 on the International ...
    Cyber operations that prevent or disregard another State's exercise of its sovereign prerogatives constitute a violation of such sovereignty and are prohibited ...
  22. [22]
    Prohibition of intervention (Chapter 13) - Tallinn Manual 2.0 on the ...
    Rule 66 – Intervention by States. A State may not intervene, including by cyber means, in the internal or external affairs of another State.
  23. [23]
    Scenario 01: Election interference - Cyber Law Toolkit - CCDCOE
    Apr 30, 2025 · To a varying degree, these actions impact on the electoral campaign, the administration of the elections, as well as (eventually) the election ...
  24. [24]
    The use of force (Chapter 14) - Tallinn Manual 2.0 on the ...
    A cyber operation constitutes a use of force when its scale and effects are comparable to non-cyber operations rising to the level of a use of force.
  25. [25]
    Use of force - International cyber law: interactive toolkit
    Sep 5, 2025 · Cyber activities may in certain circumstances constitute uses of force within the meaning of Article 2(4) of the UN Charter and customary international law.Definition · Common positions · National positions · Netherlands (2019)
  26. [26]
    Attribution - International cyber law: interactive toolkit
    Sep 5, 2025 · Non-State actors. Activities of non-State actors (groups and individuals) are generally not attributable to States.
  27. [27]
    The CCDCOE Invites Experts to Contribute to the Tallinn Manual 3.0
    In 2021, the CCDCOE launched the Tallinn Manual 3.0 project, a five-year venture that will involve the revision of existing editions of Tallinn Manuals on the ...Missing: inception | Show results with:inception
  28. [28]
    Tallinn Manual 3.0: Sovereignty and Attribution in 2025 Cyber Warfare
    Jul 22, 2025 · Cyber warfare in 2025 highlights the need for a new Tallinn Manual to address AI, sovereignty, and hybrid conflict.Missing: preparation format changes
  29. [29]
    [PDF] Standards Guide for Foreign Partners 2023 - DoD CIO
    Feb 7, 2024 · The FBI's cyber strategy is to impose risk and consequences on cyber adversaries. ... The CCDCOE also offers resources such as the Tallinn Manual ...<|separator|>
  30. [30]
    Cyber defence - NATO
    Jul 30, 2024 · NATO conducts regular exercises, such as the annual Cyber Coalition Exercise, and aims to integrate cyber defence elements and considerations ...Cyberdéfense · Ukrainian · Russian
  31. [31]
    The Status and Influence of Expert Manuals - Lieber Institute
    Jun 21, 2024 · For example, the Tallinn Manual 1.0 experts were the first to draw significant attention to the questions of how the law of armed conflict ...Missing: workshops | Show results with:workshops
  32. [32]
    role of expert groups in shaping international cyberlaw: a case study ...
    Sep 26, 2025 · Since the Tallinn Manual 1.0 addressed only cyber operations involving the use of force and those occurring in armed conflict, the CCD COE ...
  33. [33]
    The United Kingdom's New Vision of Cyber Power - War on the Rocks
    May 3, 2021 · The Tallinn Manual process has provided strong guidance on how to begin such alignment, but a clear example would be ensuring that any critical ...
  34. [34]
    Review of "Tallinn Manual on the International Law Applicable...
    Tallinn Manual on the International Law Applicable to Cyber Warfare. Edited by Michael N. Schmitt. Cambridge, New York: Cambridge University Press, 2013.<|separator|>
  35. [35]
    2015 UN GGE Report: Major Players Recommending Norms of ...
    ' This corresponds to the Tallinn Manual (compare Rule 7, page 34) and may be seen as one of the few non-contentious rules in the 2015 report that were not ...
  36. [36]
    Jurisdiction (Chapter 3) - Tallinn Manual 2.0 on the International ...
    The Handbook of the Law of Visiting Forces 110 (Dieter Fleck, ed. 2001). 67 UN GGE 2013 Report, para. 20; UN GGE 2015 Report, paras. 27, 28(a). 68 Lotus ...
  37. [37]
    The Sixth United Nations GGE and International Law in Cyberspace
    Jun 10, 2021 · Due diligence, at least as articulated by the Tallinn Manual 2.0 International Group of Experts (Rules 6 & 7), is only required when hostile ...Missing: driven | Show results with:driven
  38. [38]
    [PDF] THE NATURE OF INTERNATIONAL LAW CYBER NORMS - CCDCOE
    As became clear during the Tallinn Manual drafting process, the object and purpose of treaties enjoys particular significance when interpreting existing.Missing: anonymity | Show results with:anonymity
  39. [39]
    Illegal: The SolarWinds Hack under International Law
    The experts involved in the Tallinn Manual 2.0 agreed that a violation of sovereignty would ensue if the loss of functionality entailed the need to repair or ...
  40. [40]
    Russia's SolarWinds Operation and International Law - Just Security
    Dec 21, 2020 · A legal analysis of whether the SolarWinds cyber hack violated international law, and the U.S. government's options for responding.
  41. [41]
    Tracking the Evolution of International Law Rules for Cyberspace
    Jul 15, 2020 · As cyberspace norms evolve, states will advocate interpretations of existing international law rules that advance their national interests.Missing: adaptations | Show results with:adaptations
  42. [42]
    ESIL Reflection – Custom as Rewritten Law – The Text and Paratext ...
    Sep 28, 2022 · Restatement reports bring about a fundamental transformation in the way customary law appears to states, academics, or judicial bodies.
  43. [43]
    [PDF] Are “Rules of the Road” Necessary or Possible? - Russia Matters
    1. The Tallinn Manual was developed by a group of experts convened by NATO and seeks to apply the Law of. Armed Conflict (LOAC) to cyber warfare. LOAC refers to ...
  44. [44]
    This article evaluates acceptance of the Tallinn Rules by states on ...
    Jan 6, 2017 · ABSTRACT. This article evaluates acceptance of the Tallinn Rules by states on the basis of eleven case studies involving cyberoperations ...Missing: reservations | Show results with:reservations
  45. [45]
    [PDF] On the Application of International Law in Cyberspace
    also Tallinn Manual 2.0 (note 4), chapter 4, section 1, para. 13, citing the UN Group of Governmental Experts, report of 2015 (note 1). Page 13. 13 law and ...
  46. [46]
    [PDF] Self-Defense to Cyber Force: Combatting the Notion of 'Scale And ...
    Even accepting the test as enumerated, the Tallinn Manual's analysis is flawed. 124. Stronger answers can be found by comparing cyber-attacks to conventional ...
  47. [47]
    [PDF] Peeling Back the Onion of Cyber Espionage after Tallinn 2.0
    On this point, a minority of the Experts did posit that cyber espionage that seriously under- mined the security of a state, such as exfiltration of nuclear ...
  48. [48]
    [PDF] Territorial Sovereignty in Cyberspace after Tallinn Manual 2.0
    The Tallinn. Manual 2.0 sought to provide some needed clarity to this important legal doctrine. The manual's. International Group of Experts unanimously agreed ...Missing: motivations | Show results with:motivations<|control11|><|separator|>
  49. [49]
    (PDF) The Tallinn Manuals and the Making of the International Law ...
    The Tallinn Manuals merely describe the composition with reference to the various personal backgrounds: international law academics, practitioners, serving or ...
  50. [50]
    Establishing Cyber Sovereignty – Russia Follows China's Example
    Mar 20, 2019 · Their Tallinn Manual 2.0 dedicates its first chapter to addressing sovereignty in cyberspace, which aligns with how it is defined in the other ...Missing: non- | Show results with:non-
  51. [51]
    Secrecy and Norm Emergence in Cyber-Space. The US, China and ...
    Jul 11, 2022 · The US seeks cyber-security, while China and Russia aim for cyber-sovereignty. Their interactions, using secrecy, facilitate illiberal cyber- ...Missing: criticism | Show results with:criticism
  52. [52]
    Cyber Espionage and Public International Law: The African Union ...
    May 4, 2024 · Most experts who compiled the highly influential Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations disagree with this ...
  53. [53]
    The Law of Attack in Cyberspace: Considering the Tallinn Manual's ...
    Means and methods of warfare that did not result in the release of violent kinetic forces were beyond contemplation when the Additional Protocols were drafted.Missing: analogies critiques
  54. [54]
    [PDF] Analyzing the Effectiveness of the Tallinn Manual's Jus Ad Bellum ...
    While the doctrinal rules of the Manual are a solid first step towards articulating new rules for an age of cyber warfare, there are some fundamental problems.
  55. [55]
    "Cyberwar: A Critical Analysis of Schmitt and the Tallinn Manual ...
    The article reviews the major milestones in the application of international law to cyber attacks, such as, the Schmitt Analysis, Tallinn Manual 2013 etc.Missing: controversies | Show results with:controversies
  56. [56]
    The Cybersecurity Canon: Tallinn Manual on the International Law ...
    Jul 9, 2015 · The Manual consists of 95 rules and accompanying commentary. The rules set forth the International Group of Experts' conclusions (black-letter ...Missing: 1.0 | Show results with:1.0