International Courts and Tribunals under Cyber-Threat

In June 2025, the International Criminal Court (ICC) was targeted by a cyber-attack. This incident occurred some two years after an ‘unprecedented’ cyber-attack shook the ICC in September 2023. Earlier, in December 2020, the European Court of Human Rights (ECtHR) had to deal with a cyber-attack following the delivery of the Selahattin Demirtas v. Turkey (No. 2) judgment. Similarly, a cyber-attack hit the Permanent Court of Arbitration (PCA) during the hearings held in the South China Sea Arbitration case in July 2015. International courts and tribunals are thus not spared from cyber-attacks.

But then, what are, or should be, the responses to cyber-attacks on international courts and tribunals? Do the existing rules and practices governing international courts and tribunals provide adequate means of addressing cyber-attacks? Or does the emerging threat of cyber-attacks on international courts and tribunals require the development of new tools?

A Novel Challenge Facing International Courts and Tribunals

In a world that embraces a technological turn, international courts and tribunals are increasingly using digital tools, whether for case management or communication with parties. This development goes hand in hand with a growing awareness of the importance of cybersecurity and the need to ensure the reliability of digital systems. For example, in an Annual Report for 2019-2020, the WTO Appellate Body emphasised that the new Disputes Online Registry Application (DORA), which allows for e-filings of submissions, has ‘sturdy security features […] with access controls and two-factor authentication’ and uses ‘updated encryption’. While some scholarly attention has been devoted to the cybersecurity of international courts and tribunals, very little has been said about what happens if, despite the court’s or tribunal’s best efforts, the cybersecurity mechanisms put into place fail and the court or tribunal comes under a cyber-attack.

Orchestrated by private or state actors, cyber-attacks aim at ‘compromising the integrity, confidentiality or availability of digital systems, networks or data’. These attacks can take various forms, such as the interception of communications or the disruption of the digital system, which is known as ‘distributed denial of service’ (DDoS).

Cyber-attacks may affect international courts in various specific ways. In fact, these new attacks on international courts are, to some extent, a modern manifestation of certain old issues that haunt international adjudication, such as the contestation of judicial authority or the proper administration of justice. Thus, a cyber-attack can disrupt proceedings and consequently put at disadvantage one of the parties and hamper the capacity of the court or tribunal to administer justice properly. For example, by paralysing the digital system of a court, a cyber-attack may prevent a party from submitting a document or taking any other procedural action within the imposed time limit. Moreover, cyber-attacks can be used to obtain sensitive and confidential information that parties provide to the court or tribunal, such as national security information. Finally, cyber-attacks reveal weaknesses of international courts and can thus undermine their authority and credibility. At a time of growing backlash against international courts and contestation of international law, cyber-attacks emerge as a new way of expressing disagreement with international judicial bodies. Thus, in a statement about the 2020 cyber-attack on the ECtHR website, the European Union declared that ‘the cyberattack was a deplorable act against the Court which demonstrated disregard for human rights […]’. Similarly, the ICC interpreted the 2023 cyber-attack as ‘a serious attempt to undermine the Court’s mandate’. These are all factors that need to be considered when evaluating the appropriate responses to cyber-attacks on international courts.

Safeguarding the Proper Functioning of International Courts and Tribunals

International courts and tribunals generally lack specific instruments dealing with cyber-attacks and their effects, but existing general provisions and mechanisms allow for envisaging responses to these incidents. Two types of responses can be distinguished: those that aim to safeguard the functioning of the court or tribunal, and those that aim to address and sanction the cyber-attack itself. Although providing an adequate response to each cyber-attack on international courts appears like the desirable situation, this objective must be put into perspective. Indeed, many cyber-attacks generally go unanswered: only 16.17% of the cyber incidents coded by the European Repository of Cyber Incidents (EuRepoC) since September 2022 were met with a political response, and only 20.11% were met with a legal response.

The disruption of proceedings due to a cyber-attack may necessitate the introduction of procedural adjustments and alternative mechanisms enabling the court or tribunal to administer justice effectively. In that regard, the ECtHR Practice Direction on Secured electronic filing by Governments appears to anticipate potential cyber-attacks on the ECtHR’s digital system, outlining certain procedural steps that should be taken to allow the Court to function despite the disruption of the Court’s secured site. It provides that ‘in the event of a dysfunction on the secure site, it is mandatory that the documents concerning a request for the indication of an interim measure under Rule 39 of the Rules of Court be sent by fax or email’. This directive protects the mechanism of interim measures, for which delays are fatal. Despite the paralysis of the secured site, the Court is guaranteed to receive documents relating to interim measures. Moreover, this Practice Direction thwarts the plans of potential bad faith actors who seek to use cyber-attacks maliciously as a tool to impede the submission of documents concerning interim measures.

Alongside the preservation of the court’s or tribunal’s capacity to administer justice, another important element is the information of the parties or other stakeholders concerned by a breach of confidentiality caused by the cyber-attack. This allows for the maintenance of the trust of (potential) parties and safeguards the image of the court or tribunal as a reliable institution. In that regard, the press release of the ICC after the 2023 cyber-attack is again enlightening in that it indicates that ‘should evidence be found that specific data entrusted to the court has been compromised, those affected would be contacted immediately and directly by the Court. For the Court, the safety of its data and maintaining trust with all of its stakeholders are paramount’.

Sanctioning Cyber-Attacks on International Courts and Tribunals

Responding to cyber-attacks entails not only safeguarding the court’s or tribunal’s functioning, but also sanctioning the cyber-attack itself. In that regard, the ICC indicated in the press release issued after the 2023 attack that the ‘Dutch law enforcement authorities are currently conducting a criminal investigation’. However, further information on this matter is not available, and many questions, particularly regarding the legal basis and the scope of this national intervention, remain unanswered. One way to move forward with this would be to consider that the prosecution of the authors of a cyber-attack on an international court falls under the duty of the host state to protect the premises of the institution. Such a duty is provided in various headquarters agreements, for example, in Article 6(4) of the Headquarters Agreement between the ICC and the Netherlands, as well as in Article 1(2) of the Headquarters Agreement between the Iran-United States Claims Tribunal and the Netherlands. The premises of an international institution are defined in a functional manner, presumably encompassing thus the digital infrastructures used by the court or tribunal. Furthermore, in the absence of an express provision on the duty of the host state to protect the premises, the latter can presumably be inferred from ‘mutual obligations of co-operation and good faith’, which, according to the International Court of Justice, constitute ‘the very essence’ of the relationship between a host state and an international organisation’ (Advisory Opinion on the Interpretation of the Agreement of 25 March 1951 between the WHO and Egypt, 20 December 1980, para. 43).

The involvement of national authorities in the sanctioning of cyber-attacks on international courts is certainly appealing. First, at least for the time being, national authorities are likely to have a better expertise in cybersecurity and cyber-attacks than international courts and tribunals, which are created to perform a specific, circumscribed function. Second, international courts are often overburdened and under-resourced and may therefore be reluctant to inherit an additional chore. Having said that, appealing as it may be, the involvement of national authorities in sanctioning cyber-attacks risks fragilising the independence of international courts and tribunals, or at least the perception thereof. More generally, national authorities may not be best placed to deal with cyber incidents, which often transcend national boundaries. In that regard, the need to move beyond the national level and to set up a coordinated action at the European level seems precisely to be the rationale behind the EU Cyber Diplomacy Toolbox, which lays the foundations for a joint EU diplomatic response to malicious cyber behaviour.

Thus, another route worth exploring is the potential role of international courts in sanctioning cyber-attacks. In that regard, the newly established Special Tribunal for the Crime of Aggression against Ukraine seems to provide a noteworthy development in the handling of cyber-attacks on international courts. Indeed, as highlighted in this report, Article 32 of the Statute of the Special Tribunal stipulates that ‘seriously obstructing the proceedings of the Special Tribunal’, by ‘whatever means, including electronic means’ (emphasis added), constitutes an offence against the administration of justice. This provision empowers the Special Tribunal to sanction and defend itself against malicious cyber-attacks. However, questions remain on how this mechanism will work concretely. While Article 70 of the ICC Statute also criminalises offences against the administration of justice, it is unclear whether this provision could enable the ICC to sanction cyber-attacks. Indeed, Article 70 of the ICC Statute does not specify that offences against the administration of justice can occur through electronic means, and the list of enumerated offences is narrower than that figuring in the Statute of the Special Tribunal. Notably, it does not mention the act of ‘seriously obstructing the proceedings’. In international judicial settings where there is no rule that allows for the sanctioning of offences against the administration of justice, other possibilities for international courts to sanction cyber-attacks could include having recourse to the abuse of process doctrine or to the duty to cooperate during proceedings. The latter exists, for example, in the European human rights system under Article 38 of the European Convention on Human Rights and Rule 44A of the Rules of Court. However, the use of these instruments would presumably allow to address only certain types of cyber-attacks on international courts, particularly those committed by parties to a dispute within the framework of judicial proceedings. Moreover, the involvement of the court in the sanctioning of cyber-attacks must not result in the proceedings being excessively prolonged. Indeed, cyber incidents raise difficult, time-consuming questions, particularly with regard to attribution. That said, on this latter matter, there has been, in recent years, a significant decrease in the time needed to attribute a cyber-attack.

Conclusion

An emerging threat to international courts and tribunals, cyber-attacks undermine the authority of international judicial bodies and hinder their capacity to administer justice effectively. Although cyber-attacks on international courts are becoming more frequent, responses given to these incidents are unclear. However, at a time when international adjudication is increasingly contested, it is crucial to find ways to respond effectively to malicious behaviours towards international courts and tribunals, including malicious cyber behaviours.

In this context, this blog post has identified and explored two types of responses to cyber-attacks on international courts: those that aim to safeguard the court’s or tribunal’s functioning and those that aim to sanction the cyber-attack itself. This post has shown that existing instruments could possibly be used to envisage responses to these new forms of attack on international courts. Notably, a national intervention to sanction a cyber-attack could be based on the duty of the host state to protect the premises of an international court or tribunal. Similarly, international courts and tribunals have at their disposal tools such as offences against the administration of justice and the duty to cooperate with the court or tribunal. However, in some instances, the existing instruments may appear insufficient to deal with cyber-attacks, requiring the development of new tools and the adjustment of procedural rules. Thus, cyber-attacks prompt us to assess the effectiveness of existing frameworks governing international courts in addressing new challenges, and to reflect on whether international courts and tribunals are adequately equipped to deal with new forms of malicious conduct.