Session
Theater
Duration (minutes): 90
Format description: While questions and contributions from the floor are warmly encouraged, we anticipate that theater style layout is likely to allow the greatest number of interested participants to attend. Similarly, in order to allow sufficient space for interventions from the floor, as well as appropriate introductory comments from the six nominated panellists (representing the ICC, academia, State prosecution services, civil society, and the private sector), we anticipate that 90 minutes will be more suitable than 60 minutes. We are, however, happy to engage with the organisers to adjust these specifications if necessary.
The growing use of cyber operations as tools of conflict and coercion has created urgent challenges for global security, human rights, and international justice. As cyber-enabled crimes become more prevalent, international legal institutions must adapt to ensure accountability and strengthen global cybersecurity. Under the IGF 2025 subtheme of [Building] Digital Trust and Resilience, this session will explore how international criminal law – within both national and international judicial systems – can strengthen global cybersecurity by addressing core international crimes (genocide, crimes against humanity, war crimes, and aggression) enabled by conduct in cyberspace. It will spotlight the forthcoming policy on cyber-enabled crimes by the International Criminal Court’s (ICC) Office of the Prosecutor (OTP), which marks a significant milestone in investigating and prosecuting such crimes at the international level. This session will provide an opportunity for ICC OTP representatives, alongside experts from academia, civil society, the private sector, and government, to discuss the legal, technical, and operational challenges in holding perpetrators accountable. The session will also showcase key findings from Chatham House’s upcoming research paper on the prosecution of cyber-enabled international crimes before both international and national courts, complementing the ICC OTP’s work by examining broader legal and policy considerations. Panellists will explore the evolving threat landscape, challenges in evidence collection and attribution, and the need for stronger multistakeholder cooperation to uphold accountability in cyberspace. By fostering a multistakeholder dialogue on international criminal law, cybersecurity, and human rights, this session will provide IGF participants with unique and actionable insights on strengthening accountability for cyber-enabled crimes within global legal frameworks, and the additional measures needed to strengthen accountability for digital threats that undermine human security and stability.
The session will ensure a fully hybrid experience with active engagement from both in-person and online participants: 1. Facilitating interaction between onsite and online speakers and attendees: The session will have a dedicated online moderator to ensure online participants can ask questions and engage in the discussion in real time. Online attendees will be able to submit questions via the IGF platform, with priority given to diverse voices across different regions. 2. Designing an inclusive hybrid session: The session will be structured as a moderated panel discussion, followed by an interactive Q&A. The panel will feature a mix of legal, policy, and technical experts representing the ICC OTP, academia, civil society, and the private sector, ensuring diverse perspectives. 3. Complementary online tools to increase participation: The session will leverage online polling tools to gauge audience perspectives on key questions related to cyber-enabled crimes and accountability. Social media engagement will be encouraged before and after the session to sustain the conversation and extend its reach.
Office of the Prosecutor, International Criminal Court
- Professor Marko Milanović, Special Adviser, Office of the Prosecutor, International Criminal Court, treaty-based international organization, Europe. - Matthew Cross, Office of the Prosecutor, International Criminal Court, treaty-based international organization, Europe. - Michael Karimian, Microsoft, private sector, Asia.
- Professor Marko Milanović, Special Adviser, Office of the Prosecutor, International Criminal Court, treaty-based international organization, Europe. - Harriet Moynihan, Chatham House, academia, Europe. - Kati Reitsak, State Prosecutor, Estonia, government, Europe. - Chantal Joris, Article 19, civil society, Europe. - Katitza Rodriguez, Electronic Frontier Foundation, civil society, Americas. - Michael Karimian, Microsoft, private sector, Asia. - Michael Karimian, Microsoft
9.1
16.1
16.10
16.3
16.4
16.5
16.6
17.16
17.6
Targets: By means of effective investigations and prosecutions, and fostering international cooperation, international criminal law aims to significantly reduce all forms of violence and related deaths around the world (SDG 16.1), through the rule of law (SDG 16.3). International criminal law remedies for victims potentially include reparations for the harm done to them (SDG 16.4). This panel examines how organisations like the ICC, States, civil society and the private sector can work together to promote the fair and effective application of international criminal law to relevant conduct carried out in cyberspace, including in the context of a draft policy presently under consideration by the ICC Office of the Prosecutor as part of its preparation to meet these new challenges (SDG 16.6). It will also consider the significant role of States in exercising their own jurisdiction, and the vital contribution of civil society and the private sector in this space. Amongst other critical issues, the panel will emphasise the importance of effective cooperation between all relevant actors (SDG 17.6), including as necessary the pooling of knowledge, expertise, technology, and other resources (SDG 17.16). It will also consider the infrastructure and other mechanisms necessary to address the challenges which may arise (SDG 9.1). While institutions such as the ICC only have jurisdiction with respect to core international crimes (genocide, crimes against humanity, war crimes, and aggression), in practice such conduct often intersects with illicit financial and arms flows, organised crime, and corruption (SDG 16.4, 16.5), and this may equally be the case with regard to relevant cyber operations.
Report
Report - Addressing International Crimes Enabled by Cyber Operations
1. Introduction
This session, co-hosted by the Office of the Prosecutor of the International Criminal Court (ICC-OTP) and Microsoft, discussed accountability for core international crimes (i.e., genocide, crimes against humanity, war crimes, and aggression) enabled by conduct in cyberspace. It was noted that international law, including international criminal law, is technology neutral, and that the Rome Statute is capable of applying to cyber-enabled international crimes just as to crimes carried out by kinetic means. Panellists opined on the forthcoming policy of the ICC-OTP, and the ways in which the policy can strengthen the investigation and prosecution of cyber-enabled international crimes. The following themes emerged during the discussion.
2. The draft policy of the ICC-OTP
Given the ICC’s limited resources, the panel discussed which cases the ICC might sensibly prioritise under the policy. It was suggested that the Court may be advised to start small. Attribution is hard, especially in the case of cyber-attacks involving sophisticated State actors that are capable of hiding their tracks. By contrast, a case about offences against the administration of justice under Article 70 of the Rome Statute might be a good place to start, for example a case involving the hacking of the ICC’s systems (as happened in 2022); falsifying evidence before the court; or intimidating witnesses. This kind of case would be easier than, for example, a major malware attack involving cross border and covert elements.
It was suggested that another priority area for the ICC could be cyber operations that cause widespread harm to critical infrastructure, such as hospitals. In these cases, there is a substantial risk to human life and wellbeing. Disruption to online services can cause major humanitarian consequences. Prosecuting this kind of case would send a signal to the international community that there can be accountability for highly egregious cyber operations.
The ICC-OTP’s proposed policy highlights that cyber-enabled crimes under the Statute may be highly varied, ranging from sophisticated malware attacks to incitement to genocide. As one example, the Human Rights Center at UC Berkeley have recently submitted to the ICC-OTP information alleging the commission in West Africa of the war crime of outrages on personal dignity, through members of the Wagner group filming atrocities on their phone and disseminating them widely. It was observed that some States (for example, France, the Netherlands and Germany) have successfully prosecuted similar cases in relation to fighters in Syria filming dead or maimed bodies.
3. The ability and appetite of States to prosecute
States are the first port of call under principle of complementarity; if they are not able or willing to act, then the ICC may act. Nevertheless, some States are not yet set up to bring these kinds of prosecutions - for example, they may not have jurisdiction under their domestic law. Some States, such as Estonia, have universal jurisdiction over international crimes under their domestic law, and the panel discussed the benefits of more States providing for universal jurisdiction in their laws. It was noted that prosecution by States also requires strong partnerships with other States, and that trust is important when requesting evidence from other States. Organisations like the Genocide Network can help to promote cooperation between States.
It was observed that in the prosecuting authorities of at least some States, cybercrime units are housed separately from international crimes units. It was agreed that there is a need for a more joined up approach, both within and between States, as these units can each learn from each other in relation to the prosecution of cyber-enabled international crimes. States are likely to find the ICC’s leadership in this area useful, and the ICC’s paper will offer valuable guidance on these emerging approaches. The importance of making training available to investigators, prosecutors and judges in relation to these kinds of cases, particularly in relation to the handling and analysing of digital evidence, was also noted.
4. The role of private sector actors
The session discussed the various roles that the private sector can play in supporting the investigation and prosecution of cyber-enabled international crimes. Technology companies can help with detection of digital traces of malicious cyber activity. For example, Microsoft has a Digital Crimes Unit that carries out Advanced Threat Intelligence, machine learning and analytics, which are invaluable at the early stages of an investigation. Technology companies’ unique technical abilities, including tracking and correlating malicious cyber activity and global telemetry, can be crucial for the technical part of attributing a malicious cyber operation to perpetrator. Public-private partnerships can help, and are growing in this area - for example, Europol and Microsoft recently formed a partnership, which embeds technical expertise into Europol and streamlines the processes for evidence sharing.
It was noted that while private companies can be valuable as partners to investigators and prosecutors, these companies may also provide services (such as cloud or AI services) that contribute to the commission of international crimes. The example was given of the growing use of IT services used by militaries in conflict. The importance of human rights due diligence on the part of technology companies was underlined, as was the role that the ICC’s policy can play in putting the private sector on notice of the risk of complicity in international crimes.
It was observed that not all companies are well set up to share evidence with prosecutors, and that sometimes social media platforms delete valuable evidence of potential international crimes because the content violates their community standards. More needs to be done to encourage all actors to work together on the preservation and sharing of digital evidence of atrocities. It was also argued that strengthening cooperation on cyber-enabled international crimes must incorporate human rights protections, and that the ICC should take care not to over-extend cooperation with States on issues beyond the Rome Statute. Civil society organizations have long raised concerns about the adoption by some States of an overly broad approach to what constitutes a ‘cybercrime’, including in negotiations on the UN’s Cybercrime Convention. It was also recommended that the ICC should avoid fragmentation, for example by keeping in touch with, and learning from, relevant discussions in other fora, such as conversations about ‘cyber torture’ under international human rights law.
5. Wider benefits of the ICC-OTP's draft policy
It was agreed that the scale, seriousness and sophistication of malicious cyber activity is increasing, and that these threats affect everyone. The ICC-OTP’s proposed policy will have wider benefits beyond the ICC – in enhancing the legitimacy of international efforts to tackle malicious cyber activity; in encouraging States to think about how they can prosecute cyber-enabled international crimes themselves; in promoting partnerships between public and private actors in this context; and in providing civil society organizations with a policy that they can use in their advocacy for greater accountability for international crimes.