ARTICLE 19 contributed to the policy initiative by the Office of the Prosecutor (OTP or Office) of the International Criminal Court (ICC) to clarify how it will exercise its mandate to investigate and prosecute cyber-enabled crimes within the ICC’s jurisdiction. The initiative responds to an urgent need towards increased accountability for cyber operations and digital rights violations in the commission of war crimes and other crimes under the Rome Statute. At the same time, the OTP’s task is a challenging one: recent responses in the name of combatting cyber threats or cybercrimes have raised serious human rights concerns and threatened freedom of expression.
In our submission, we identify ways the policy can be strengthened to promote accountability for digital rights violations, better reflect the role of corporate actors in the commission and facilitation of these crimes, and more effectively incorporate human rights considerations.
On 7 March 2025, the OTP of the ICC launched a public consultation on its ‘Draft Policy on Cyber-Enabled Crimes under the Rome Statute’, which ‘sets out how the Office will use its mandate and powers to investigate and prosecute cyber-enabled crimes within the Court’s jurisdiction’.
The Draft Policy addresses a number of issues, including the exercise of the ICC’s jurisdiction; how the crimes under the Rome Statute (the core crimes of genocide, crimes against humanity, war crimes and aggression, as well as offences against the administration of justice) may be committed or facilitated by cyber means; and practical considerations, including cooperation with national authorities or the private sector.
The initiative is important and constitutes a step in the right direction. Strengthening international accountability for cyber-enabled international crimes requires clear legal standards, including defining when such crimes could fall within the ICC’s jurisdiction. This policy makes an important contribution in that regard.
At the same time, in our submission, we emphasise that the task before the ICC is a challenging one, not only because cybercrimes are notoriously hard to prosecute but also because of the need to avoid unintended consequences. Measures to combat cybercrimes, such as data collection and evidence-sharing, have, in some cases, breached international human rights standards and targeted journalists and human rights defenders. These complexities require careful navigation.
Against this backdrop, we recommend three ways in which the policy could be strengthened:
- Enhancing the focus on digital rights violations: The ICC is uniquely positioned to influence how international law, including international humanitarian law, is interpreted and applied in cyberspace. While this will primarily depend on case law, the Draft Policy also has significant potential – well before any specific case is brought before the Court – in clarifying how digital rights and freedom of expression violations may amount or contribute to international crimes. We believe the Draft Policy should focus more on this specific aspect. In particular, it would benefit from increased reference to attacks on Information and Communication Technology infrastructure, including those resulting in internet shutdowns, as well as other surveillance and censorship measures, and explain how they could constitute, facilitate or otherwise contribute to crimes under the Rome Statute.
- Embedding human rights-based considerations throughout the Draft Policy: We encourage the OTP to reflect in the context of Article 21(3) of the Rome Statute that international human rights law has been developing at a much faster rate than international criminal law in addressing state and non-state actors’ conduct in cyberspace. This should inform the interpretation of the crimes under the Statute. In addition, human rights considerations should guide the OTP’s relationship with different stakeholders, including their cooperation with state parties or private entities. This is particularly important given the human rights risks associated with domestic and international instruments relevant to cybercrimes. Overall, the OTP should strengthen cooperation with civil society organisations to ensure that human rights considerations are fully integrated into the implementation of the policy and across all investigative and prosecutorial processes.
- Reflecting the increasingly central role of corporate actors: The Draft Policy primarily refers to private entities in the context of potential cooperation with OTP investigations. Yet technology companies often manage and secure the digital infrastructure at the core of the conduct the Draft Policy addresses, whether through providing cloud computing infrastructure, telecommunications equipment enabling mass surveillance, or data analytics and AI capabilities to support military operations. We therefore recommend that the Draft Policy also reflect the increasingly central role of corporate actors in the facilitation and commission of cyber-enabled crimes under the Rome Statute.