Behind the scenes

The Oxford Process on International Law Protections in Cyberspace is an initiative of the Oxford Institute for Ethics, Law and Armed Conflict (ELAC) at the Blavatnik School of Government that was set in motion in May 2020 in partnership with Microsoft. At the core of this initiative lies a collaborative effort between international legal experts from across the Globe aimed at the identification and clarification of rules of international law applicable to cyber operations across a variety of contexts.


About the process

The Oxford Statements on International Law Protections, which have been a major input of the Process in 2020, articulate short lists of consensus protections that apply under existing international law to cyber operations targeting a range of protected objects. Going beyond the generally accepted view that international law applies in cyberspace, the Process analyses how it applies to specific sectors and objects. The Statements articulate both prohibited and prescribed state behaviour in cyberspace, without necessarily spelling out their specific legal basis under international law. To date, the Process has yielded five different Statements.

Aims & Methodology

Unlike previous initiatives that have sought to identify the rules of international law applicable to cyber operations, the Oxford Process takes a contextual approach. Instead of elaborating on the applicable international legal rules in abstracto, it examines the law as it applies to specific objects of protection, such as the healthcare sector and electoral processes. In choosing these specific objects of protection, the team behind the Oxford Process is driven by some of the most pressing needs facing the international community. In 2020, these needs were multifaceted, and they continue to evolve. The healthcare sector, which largely shouldered the burden of the covid-19 pandemic, was under attack in 2020 with a steady stream of cyber operations against hospitals, pharmaceutical companies, as well as the World Health Organisation. As soon as covid-19 vaccine development initiatives began, vaccine research, manufacture and distribution facilities became a new target of cyber operations. Cyberattacks have ranged from attempts to steal vaccine and clinical trial data to supply chain disruptions, seriously endangering the worldwide immunisation efforts. Beyond the healthcare context, the Oxford Process focused on the protection of electoral processes. Election insecurity strikes at the core of democracy, and reports of election interference through digital means have now become a pervasive feature of political discourse across jurisdictions.

In May, a two-day virtual workshop at the University of Oxford, co-sponsored by ELAC, Microsoft and the Government of Japan, examined the intersection between cyber operations and covid-19. During that workshop, it became clear that, while differences may exist regarding how the participants reach certain conclusions on the scope of international law protection, there is widespread agreement on the coverage of that protection. This realisation is what led to the first Oxford Statement, which elaborated these points of consensus on the protection of the healthcare sector. The Oxford Statement on safeguarding vaccine research and the Oxford Statement on foreign electoral interference followed the same process and were published in the aftermath of workshops organised by ELAC.