ARTICLE 19 welcomes the Policy on Cyber-Enabled Crimes under the Rome Statute, launched last week by the International Criminal Court’s Office of the Prosecutor (OTP). The Policy is a strong and nuanced document that makes clear that conduct in cyberspace will not escape accountability, while also recognising the essential role of international human rights law in addressing cyber-enabled international crimes. As the OTP moves towards implementing the Policy, we encourage it to continue its engagement with human rights organisations working on freedom of expression and other digital rights.
The Policy explains how the OTP will use its mandate to investigate and prosecute crimes under the Rome Statute (the core crimes of genocide, crimes against humanity, war crimes and aggression, as well as offences against the administration of justice) when they are committed or facilitated through cyber means. It also covers cyber conduct that may serve as relevant contextual evidence or otherwise be linked to the commission of a crime under the Rome Statute. The Policy addresses, among other matters, the exercise of the International Criminal Court’s (ICC’s) jurisdiction; how the crimes under the Rome Statute may be committed or facilitated by cyber means; and practical considerations, including cooperation with national authorities or the private sector.
A draft of the document was opened for consultation in March 2025. In our response to the consultation, ARTICLE 19 recognised that the initiative responded to an urgent need to increase accountability for cyber operations and digital rights violations in the commission of war crimes and other crimes under the Rome Statute. In the context of freedom of expression violations in armed conflict and other situations where international crimes may be committed, ARTICLE 19 has repeatedly raised concerns about how human rights abuses, including violations of the right to freedom of expression, intersect with, and in some cases contribute to, the commission of potential crimes under the Rome Statute.
At the same time, our response cautioned that recent responses in the name of combatting cyber threats or cybercrimes have raised serious human rights concerns and threatened freedom of expression.
Against this backdrop, we recommended that the Policy strengthen its focus on digital rights violations and attacks against communication infrastructure; embed human rights–based considerations throughout the document; and reflect the increasingly central role of corporate actors in potential cyber-enabled crimes committed during armed conflict or other situations of violence.
The final document represents a clear improvement on the initial draft and incorporates our recommendations across all three areas. It also captures effectively the ways in which violations of the right to freedom of expression and other digital rights may intersect with crimes under the Rome Statute.
ARTICLE 19 was invited by the OTP to offer a human rights perspective on the Policy at its launch on the margins of the ICC’s Assembly of States Parties. We highlighted three main points:
First, the Policy directly names some of the most persistent human rights violations in cyberspace that we have documented in contexts of armed conflicts or other situations of violence where potential crimes under the Rome Statue have been committed. These include, among others, intrusive surveillance, including biometric and AI-powered surveillance; information operations intended to cause mental harm; and internet shutdowns. The Policy recognises that these acts could potentially themselves amount to crimes – for example the crime against humanity of persecution – but also serve as facilitators or precursors to such crimes. We particularly welcome the Policy’s acknowledgement that conduct in cyberspace is often used to target and harass those who work to expose wrongdoing and violence. This includes human rights defenders and journalists who are essential in documenting and raising awareness of potential crimes under the Rome Statute.
Second, international human rights law is now embedded throughout the policy. For example, it highlights the need for the Office to consider international human rights standards when assessing potential speech offences, including incitement to genocide. The Policy also demonstrates how certain crimes under the Rome Statute, particularly those that may amount to crimes against humanity, can be informed by corresponding human rights.
Perhaps most importantly, it makes clear that any collaboration with States to address cyber-enabled crimes within the Court’s jurisdiction must be conducted in full accordance with international human rights law. This is particularly significant given the potential overlap between investigations of cyber-enabled crimes under the ICC’s jurisdiction and certain domestic cybercrimes. Domestic responses and legal frameworks dealing with cybercrimes have often contravened international human rights standards, often criminalising online expression that should be protected under international freedom of expression standards and authorising the use of intrusive tools to investigate crimes without proper safeguards. ARTICLE 19 and Human Rights Watch also warned during the negotiations of the UN Cybercrime Convention that it could create a new global framework for international cooperation that could result in a race to the bottom in cross-border policing.
Third, whereas the initial draft mentioned private entities mainly in the context of potential cooperation with OTP investigations, the final version explicitly addresses the possibility that commercial activities could fall within the ICC’s jurisdiction. This is particularly important given the central role of corporate actors in facilitating or contributing to cyber-enabled crimes under the Rome Statute. As we highlighted in our consultation response, technology companies often manage the digital infrastructure at the core of the conduct covered by the Policy or provide the very services necessary to enable it. While the Policy reiterates that the Court may only exercise jurisdiction under the Rome Statute over ‘natural persons’, the OTP makes it clear that the fact that crimes might be committed within the context of commercial activity will not deter potential investigation.
ARTICLE 19 commends the OTP’s commitment to engage directly with companies notwithstanding any investigative steps. The Policy states that the OTP might engage directly with companies – for example, to encourage them to cease and desist certain activities or terminate their cooperation with others allegedly engaging in activities that could amount to the commission or facilitation of cyber-enabled crimes within the jurisdiction of the Court. The Policy also highlights companies’ human rights responsibilities under the UN Guiding Principles on Business and Human Rights.
Prioritising human rights in the Policy’s implementation
The OTP now has a very strong foundation to address cyber-enabled crimes under the Rome Statute. It will be essential to commit sufficient resources to turn the Policy, including its human rights commitments, into a practical reality.
We believe some key priorities should include establishing a robust human rights due diligence process when cooperating with States or the private sector in the context of cyber-enabled crimes, to prevent any unintended consequences for human rights.
Furthermore, the Policy recognises that nearly every situation relevant to the ICC now involves a cyber component. Many, if not all, situations under investigation will entail human rights violations in the digital space. We recommend that the OTP systematically assess, for each situation under investigation, whether such human rights violations exist and how they may have contributed to or constituted crimes within the Court’s jurisdiction.
Closely linked to this, we welcome the Policy’s affirmation that, in the development of the Policy, the OTP has ‘benefited from and appreciated new opportunities to work with civil society organisations playing a critical role in the protection of digital rights, privacy, and freedom of expression, and helping work towards accountability for violations’. The Policy also commits to continuing and extending the consultative approach that characterised the drafting process.
Sustaining this dialogue will be essential to fully meet the complex challenges posed by cyber-enabled international crimes. Meaningful engagement between civil society and the OTP will not only strengthen the integrity and effectiveness of the Court’s work but also ensure that human rights considerations and the protection of affected communities remain central to accountability efforts. ARTICLE 19 looks forward to continuing to contribute to these efforts.