The emergence of information and communications technologies has reignited debates about how and when countermeasures can be used in cyberspace. Countermeasures are a well-established response mechanism available to states against violations of international law. They involve measures that would otherwise be unlawful, such as breaches of treaty obligations, but are allowed under certain strict conditions. However, considerations unique to cyberspace – such as the speed, scale and covert nature of cyber operations – have prompted calls for international law on countermeasures to be interpreted more flexibly in the cyber context.
This paper explores the conditions under which countermeasures may be taken in cyberspace and other contexts, in line with customary international law. The paper also looks at the extent to which states other than the injured state are entitled to take so-called ‘collective’ or ‘third-party’ countermeasures. There still seems to be insufficient evidence that states indirectly injured by a serious breach of obligations protecting community or collective interests (erga omnes or erga omnes partes obligations) may take ‘general interest countermeasures’ in support of the injured state or affected individuals. But the law is in flux, and support for general interest countermeasures is growing in light of serious violations of international law, such as Russia’s full-scale invasion of Ukraine. Beyond situations involving community or collective obligations, international law does not allow third states to take countermeasures in support or on behalf of the injured state. Nonetheless, third states may still aid or assist the injured state in taking its own countermeasures.