2023 Conference on International Cyber Security | 7-8 November 2023
Register now

< Return to program overview

Panel 3


Cyber Conflict and International Law

Kun Hui

Kun Hui is an international lawyer with a PhD in Law from the University of Ottawa. He has over four years of combined experience in advising and representing governments and corporations on complex matters involving investment treaty arbitration, sovereign immunity, and cross-border trade and investment.

His doctoral thesis critically examined immunity claims of Chinese state-owned enterprises in different jurisdictions and assessed China’s evolving position on sovereign immunity. His research interests include the scope of state agents’ sovereign immunity, China’s state capitalism, substantive issues in investment treaty arbitration, and cyber security and governance. He has published on topics of investment treaty arbitration in peer-reviewed journal and edited book and has spoken on various topics of international law in international conferences.





Sovereign Immunity in Cyberspace: An Assessment of the Sovereign Immunity Rules of the Tallinn Manual 2.0 in Peace Time

This article examines the scope of sovereign immunity enjoyed by states in cyberspace in peace time as provided in Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Tallinn Manual 2.0) since cyber operations often fall under the threshold of war. In comparison to established rules of customary international law on sovereign immunity, this article finds that the scope of states’ sovereign immunity under Rule 12 of Tallinn Manual 2.0 is broad in peace time. Rule 12 provides that “[a] [s]tate may not exercise enforcement or judicial jurisdiction in relation to persons engaged in cyber activities or cyber infrastructure that enjoy immunity under international law.” In essence, Rule 12 provides states—and their agents and property—with broad immunity from both enforcement and judicial jurisdictions of other states for their cyber operations (with limited exceptions as noted by the International Group of Experts in comments to Rule 12). One consequence of Rule 12’s prescription is that victims (individuals and corporations) of cyberattacks cannot sue the hostile state or its agents and execute against their assets in the victim state’s or other states’ courts in the event that cyber operations are considered acts jure imperii, which are immune under customary international law. To address this issue, this article argues rules on exceptions to sovereign immunity that apply in cyberspace in peace time must be carefully articulated in the ongoing Tallinn Manual 3.0 work to tailor to the peculiar nature of cyber operations.