International Law and The Regulation of Cross-Border Cyberattacks: Challenges and Solutions

Abstract

In response to the global governance challenges posed by cross-border cyberattacks, this paper discusses the legal liability standards for cross-border cyberattacks, the conditions for the application of a state’s “right to self-defense,” and the pathways for the application of international law. Based on this, the author proposes establishing a “two-tier liability standard” system to address increasingly complex cyberattacks, while introducing the principle of “duty of care for cross-border harm” as a supplementary liability pathway to establish a logically consistent liability mechanism. The author proposes that the “effective control” standard applies to general cyberattacks, the “full control” standard applies to cyberattacks with characteristics of armed conflict, and the “duty of care” principle serves as a fallback mechanism. To address the aforementioned challenges, the author advocates a dual-track system for the application of international law—a complementary and mutually reinforcing model—specifically, the complementary integration of “hard law and soft law, international rules and domestic laws, and multilateral mechanisms and bilateral coordination mechanisms.” Regarding China's role and position in cyberattack governance, the author suggests that China should promote the concept of a “community of shared future in cyberspace” based on the principles of “equality, innovation, openness, and sharing” by actively safeguarding its own cyber interests as a leading factor (positive form). This approach ensures that national sovereignty is upheld while facilitating smooth international cooperation, maintaining a balanced relationship. This study addresses the research gap in the application of international law in cyberspace and provides a research basis and policy recommendations for states conducting cross-border cyberattacks, thereby advancing the establishment of legal norms in cyberspace.