At the United Nations and elsewhere, States have been discussing how international law applies in cyberspace for over twenty years. But these discussions have largely overlooked the applicability of international criminal law to cyber operations. In December 2025, the International Criminal Court (ICC) helped to plug that gap by publishing a policy on Cyber Enabled Crimes under the Rome Statute. At a time when cyberattacks are intensifying in scale, effects, and gravity worldwide, the policy demonstrates that the Rome Statute is technology-neutral and capable of applying to cyber activity as to any other activity. A new Chatham House research paper on Securing Justice for Cyber-Enabled International Crimes builds upon the policy in considering its broader relevance to national courts as well as the ICC, and suggests recommendations for strengthening accountability in this area.
All Actors Should be on Notice
Individual criminal responsibility for cyber-enabled international crimes is relevant to a broad range of actors, since it can arise not only when individuals press computer keys themselves, but also when their conduct constitutes other forms of participation in the crime—including ordering, inducing, attempting or facilitating the crime. In the context of armed conflicts, for example, citizen hackers are a growing phenomenon. Russia has been making use of cyber proxies to support its attacks on Ukraine—such as hacking groups that disable Ukraine’s critical infrastructure or provide intelligence relevant to military operations.
Irrespective of whether their activities can be attributed to the State (which is often challenging in practice), proxy actors can be individually responsible under international criminal law. For instance, actors assisting States in armed conflict—whether individual hackers, members of a criminal gang or employees in a private company—should be on notice that where they purposefully facilitate or further the commission of the crime, they may be held responsible under international criminal law. With armed forces increasingly dependent on private providers for cyber infrastructure (for example, for cyber security, cloud storage or AI tools), IT service providers also should be aware of the risks of complicity in international crimes and factor these risks into their due diligence processes.
Prosecution at the National Level or as Joint Investigations
The ICC’s policy, and its approach to prosecution in this area, will also likely serve as a useful guide to all countries in their own investigations and prosecutions of cyber-enabled international crimes. There is some precedent for States to prosecute such crimes; for example, Finland, Sweden, the Netherlands, and Germany have all prosecuted fighters who operated in Iraq or Syria for the war crime of outrages on personal dignity—for example, for posing in photos or videos with mutilated bodies. In each case, the prosecution relied on electronically recorded footage of the events, which was stored on smartphones or disseminated through social media.
Going forward, there is scope for investigations of cyber-enabled international crimes to be conducted jointly by States and the ICC. Various new treaties provide procedures to facilitate joint investigations or other law enforcement cooperation between States, including the Ljubljana-Hague Convention on International Cooperation in the Investigation and Prosecution of International Crimes, the Second Additional Protocol to the Budapest Convention, and the U.N. Cybercrime Convention (all of which have been signed but are not yet in force). States could usefully choose to extend similar international cooperation mechanisms to the ICC via voluntary, bilateral agreements with the ICC for the purpose of investigating and prosecuting cyber-enabled crimes under the Statute. The ICC’s participation in the Ukraine Joint Investigation Team, alongside the national prosecution authorities of seven countries, has already enhanced the ICC Office of the Prosecutor’s ability to collect information related to the Situation in Ukraine (which reportedly includes investigation of cyber attacks on critical infrastructure), as well as to conduct rapid coordination with partner countries.
Governments should also take note of the ICC’s new policy while developing or revising national positions on how international law applies in the cyber context, as they have been encouraged to do as part of the U.N. discussions. To date, while over 100 States have published national positions (factoring in regional statements), so far, only Austria has included reference to international criminal law.
Practical Challenges
Prosecution of any international crime is resource-intensive and slow. Certain features of cyberspace make prosecution even harder: cyber operations are undertaken covertly; evidence may be spread across multiple jurisdictions; and technical attribution of the crime to an individual is challenging, as perpetrators often try to hide or erase their tracks. However, some offences may be more easily prosecuted than others. For example, prosecution of Offences against the Administration of Justice (under Article 70 of the Rome Statute) that are perpetrated or facilitated by cyber means—such as tampering with evidence through the use of deepfakes—may be more straightforward than cases involving sophisticated cyber operations against critical infrastructure.
The complexity of these kinds of cyber cases can be tackled by a “multi-agency approach,” in which States, IT companies, international organizations such as Eurojust, Europol and Interpol, and the ICC, cooperate closely. A collaborative approach is proving increasingly effective in operational and legal measures employed in response to major cybercrime operations (as in Operation Endgame and Operation Cronos).
Indeed, there are several ways in which efforts to combat cybercrime may also be useful in the investigation and prosecution of cyber-enabled international crimes. For example, illegally accessing certain computer systems may be the first step in facilitating or even committing an international crime. In practice, many of the same investigative techniques may apply to both categories of crime. Pathways for cooperation on evidence in relation to cybercrime could also be helpful for the investigation and prosecution of cyber-enabled international crimes. The Budapest Convention on Cybercrime has 81 States parties, including the United States, and covers any offence involving electronic evidence, including (but not limited to) cybercrime offences. The newly-signed U.N. Convention against Cybercrime’s provisions cover international cooperation in relation to “any serious crime.”’ And the Second Additional Protocol to the Budapest Convention on enhanced cooperation and disclosure of electronic evidence provides procedures, like the European Union’s new E-Evidence Framework (coming into effect this year), that will enable States to make direct requests to service providers for subscriber data.
Currently, there is a siloed approach to cybercrime and cyber-enabled international crimes in national prosecution authorities and inter-governmental agencies. Where national authorities have both cybercrime units and war crime units, they tend to be separate. There are lessons that prosecutors of international crimes can learn from their cybercrime team counterparts—for example, on techniques for gathering and managing technical evidence. As all criminal cases involve a digital element today—whether in terms of the substance of the case, the evidence, or both—States should move towards a more cross-cutting, thematic approach to how prosecution authorities generally approach digital or cyber-related crimes, to encourage sharing of knowledge and strategies across prosecution teams.
Going Forward
Investigation of cyber-enabled international crimes is already taking place, particularly in situations where cyber and kinetic activities are part of the same campaign. The ICC’s policy provides a valuable framework for its approach in this area. National courts should also prosecute cyber-enabled international crimes where they are able to do so. Despite the challenges involved, there are positive trends for future action in this area, including increasing cooperation between networks of different actors, synergies between different legal regimes, and new treaties that facilitate the sharing of electronic evidence across borders.
To strengthen the prospects of prosecution of cyber-enabled international crimes further, the ICC and States should invest in, or where appropriate reinforce, cyber expertise across prosecution teams. States should ensure their domestic law enables them to participate fully in the joint investigation of international crimes, and strengthen informal networks with the cyberthreat intelligence community to increase access to cyber intelligence and evidence. States and the ICC should ensure adequate training is available to investigators, prosecutors and judges in digital forensics, attribution, encryption, blockchain-tracing and deepfake detection, as well as expertise in cross-border frameworks on gathering electronic data (indeed, such training would benefit the prosecution of all crimes with a digital element). While these measures will entail capacity development, efficiencies can be gained by adapting existing training on the investigation and prosecution of cybercrime (for example, by the EU or the Council of Europe’s Cybercrime Programme Office) to include cyber-enabled international crimes, and by inviting the ICC to take part. The mounting severity of cyber operations should spur all actors to adopt a global and proactive approach to bringing perpetrators to justice.
