Cyber Law Toolkit Tests Surveillance and Data Collection Under Occupation

The Cyber Law Toolkit has become a cornerstone for practitioners navigating the murky intersection of cyber operations and international law. Backed by NATO’s Cooperative Cyber Defence Centre of Excellence, the University of Exeter, the International Committee of the Red Cross and other leading institutions, the resource earned the American Society of International Law’s 2025 Jus Gentium Research Award. Its latest Scenario 35 dissects three concrete actions—traffic rerouting, mass surveillance and population‑data harvesting—in occupied territories, testing each against the obligations of occupying powers under IHL and IHRL. By translating abstract treaty language into actionable guidance, the Toolkit fills a gap that traditional academic treatises, such as the Tallinn Manual, leave open.

For cybersecurity officers, information‑governance leads and eDiscovery counsel, the scenario offers a ready‑made risk‑assessment matrix. It clarifies which authority requests can be lawfully complied with, which must be escalated, and where the line between temporary emergency measures and unlawful permanent control lies. Multinational telecoms, cloud providers and data‑hosting firms can embed these criteria into tabletop exercises, vendor‑due‑diligence checks, and cross‑border data‑preservation policies, thereby mitigating legal exposure and aligning internal controls with evolving state practice. The Toolkit’s citation by several national positions and its inclusion in UN debates underscore its influence on policy formation and regulatory expectations.

Looking ahead, the upcoming 2026 update promises to address AI‑driven cyber operations, reflecting the rapid rise of machine‑learning tools in both offensive and defensive cyber activities. Coupled with the ongoing evolution of the Tallinn Manual, the Toolkit will continue to serve as the practitioner‑focused complement to scholarly codifications, offering real‑time, scenario‑based guidance. As more states reference the Toolkit in their legal filings, its analytical framework is likely to shape the development of customary international law on digital occupation, making it an essential reference for any organization operating in contested or high‑risk jurisdictions.