Hostname: page-component-77f85d65b8-8v9h9 Total loading time: 0 Render date: 2026-03-27T11:38:58.178Z Has data issue: false hasContentIssue false
  • English
  • Français

The use of autonomous cyber capabilities in armed conflict and States’ due diligence obligations to avoid unintended violations of international humanitarian law

Published online by Cambridge University Press:  05 March 2026

Marta Stroppa Open the ORCID record for Marta Stroppa [Opens in a new window]
Marta Stroppa*
Affiliation:
Post-Doctoral Researcher in International Law, DIRPOLIS Institute (Institute of Law, Politics and Development), Sant’Anna School of Advanced Studies, Pisa, Italy
*
Email: marta.stroppa@santannapisa.it
Rights & Permissions [Opens in a new window]

Abstract

With the increasing application of artificial intelligence and autonomy in cyberspace, there is little doubt that “autonomous cyber capabilities” (ACC) – software agents that are programmed to carry out specific tasks through cyberspace without real-time human control or oversight – will be deployed in future armed conflicts. Yet, ACC’s lack of real-time human control and the risk of unpredictable, unreliable and unexplainable behaviour raise important concerns as to their use in compliance with international humanitarian law (IHL). This article explores whether due diligence may be a valuable framework to mitigate the risks associated with ACC and avoid unintended violations of IHL. Notably, it contends that due diligence is a chapeau obligation for several IHL norms that require States to undertake all appropriate measures to ensure the development and use of ACC in compliance with IHL, and it provides examples of diligent measures that States shall adopt.

Keywords

autonomous cyber capabilitiesinternational humanitarian lawunintended violations of IHLdue diligencehuman control

Information

Type
Research Article
Information
International Review of the Red Cross , First View , pp. 1 - 28
Creative Commons
Creative Common License - CCCreative Common License - BY
This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/4.0), which permits unrestricted re-use, distribution and reproduction, provided the original article is properly cited.
Copyright
© The Author(s), 2026. Published by Cambridge University Press on behalf of International Committee of the Red Cross.

Introduction

Artificial intelligence (AI) and autonomous systems are increasingly playing a crucial role in warfare.Footnote 1 This is evident in two ongoing armed conflicts. The international armed conflict between Russia and Ukraine has arguably been the first armed conflict in which both sides have actively relied on AI to gather information and enable weapons systems with different degrees of autonomy.Footnote 2 In Gaza, Israel has reportedly been relying on AI and autonomy to produce target recommendations, as in the case of systems such as the Gospel or Lavender.Footnote 3 AI and autonomy, however, do not only find application in the traditional military operational domains, but also in cyberspace.Footnote 4 As observed by the United Nations (UN) Secretary-General, António Guterres, in 2023, “AI-enabled cyberattacks are already targeting critical infrastructure and our own peacekeeping and humanitarian operations, causing great human suffering”.Footnote 5

This article focuses on the use of “autonomous cyber capabilities” (ACC) – defined for the present purposes as software agents that are programmed to carry out specific tasks through cyberspace without real-time human control or oversight – in armed conflicts. It will rely solely on publicly available and unclassified information, and therefore, certain assumptions are made. Although to date there is no public report of ACC being used in an armed conflict, States are increasingly researching and developing ACC to carry out both offensive and defensive cyber operations,Footnote 6 and it is therefore expected that ACC will eventually be deployed in such contexts. The prospect of employing such technologies in warfare would indeed be particularly appealing for States: not only might ACC contribute to further strengthening networks’ robustness, resilience and response against malicious cyber operations, but they would also provide strong tactical and strategic advantages in the conduct of hostilities.Footnote 7 At the same time, however, the employment of ACC in armed conflict raises important concerns, especially in relation to the absence of real-time human control and to ACC’s potential over-reliance on AI.Footnote 8 The lack of real-time human control undermines the exercise of context-specific judgements, which are at the core of several international humanitarian law (IHL) provisions,Footnote 9 and AI often brings with it a certain degree of unpredictability, unreliability and unexplainability.Footnote 10 While AI is not a prerequisite for the functioning of ACC per se, it may further enable such systems’ adaptability and learning capacity;Footnote 11 thus, States will likely rely on AI to increase ACC’s flexibility. Where AI-enabled ACC exhibit similar characteristics of unpredictability, unreliability and unexplainability, this would raise significant risk of unintended violations of IHL.Footnote 12

On the basis of these assumptions, this article explores whether due diligence offers a valuable framework to mitigate the risk of unintended violations of IHL resulting from the potential use of ACC in armed conflict. Originally emerging in nineteenth- and twentieth-century State practice and arbitral and judicial decisions in relation to the law of neutrality and the protection of aliens and their property, due diligence has often been invoked to establish the legal responsibility of a State in connection with the behaviour of private individuals that cannot be directly attributed to the State.Footnote 13 Nowadays, due diligence is best understood as “a duty or standard of care”Footnote 14 that should be applied to a State’s actions (or activities subject to its jurisdiction or control) which harm other actors or the public interest. In other words, it is an obligation of conduct, which requires States to make every effort to obtain a specific result and manage a certain risk.Footnote 15 It finds application in several regimes of international law, including IHL,Footnote 16 and has proved to be particularly relevant also with respect to new technologies, including cyber operationsFootnote 17 and AI.Footnote 18

This article will rely on due diligence to explore whether and to what extent States have the obligation under IHL to take all appropriate measures to mitigate the risks associated with the use of ACC in armed conflict, and which diligent measures States shall undertake in this regard. It will first provide a working definition of ACC and discuss their potential use in armed conflict, together with the main risks they entail. Although these aspects alone would merit an in-depth analysis, this article addresses them only briefly, in order to focus on the relevant States’ due diligence obligations under IHL. Notably, it will consider the obligations of conduct that emerge from the duties to respect and ensure respect for IHL, to conduct legal review of new weapons, means and methods of warfare, and to undertake all feasible precautions both in attack and against the effects of attack, and will discuss their applicability to ACC. In the absence of relevant publicly reported State practice on the matter, examples of diligent measures that States shall adopt when researching, developing, programming and deploying ACC will be provided.

The use of ACC in armed conflict and the associated risk of unintended violations of IHL

Defining ACC and their emerging role in armed conflict

Notwithstanding the increasing interest in using AI applications in the cyber domain to render cyber operations autonomous and adaptable, there is still no shared definition of “autonomous cyber capabilities”. For the purpose of this article, the term “ACC” refers to software agents that are programmed to carry out specific tasks through cyberspace without real-time human control or oversight.Footnote 19 In other words, ACC can be used to conduct cyber operations that are designed to operate through cyberspace in pursuit of a predetermined goal without requiring real-time human intervention by a human operator.Footnote 20 They may follow a set of pre-written instructions (in the form of “if <x happens> then <do A> else <do B>”),Footnote 21 or may rely on sophisticated AI techniques such as machine learning.Footnote 22 While the former are programmed to operate in a predictable and fully observable environment where all possible events are known in advance,Footnote 23 the latter are able to adapt to unexpected changes in the operating environment – which is particularly relevant in the context of armed conflict and cyberspace.Footnote 24

To date there have been no public reports of ACC being used in armed conflict, yet, as underlined by the International Committee of the Red Cross (ICRC), “these technologies are expected to change the nature of both capabilities to defend against cyber attacks and capabilities to attack”.Footnote 25 The prospect of using them in the conduct of hostilities to carry out both defensive and offensive autonomous cyber attacks is indeed particularly appealing for States.Footnote 26 On the one hand, ACC may be used to passively and/or actively defend a network or a computer system from malicious cyber operations without real-time human control, strengthening the network’s robustness, resilience and response;Footnote 27 for example, an ACC may be programmed to detect malicious cyber threats and autonomously execute active defensive countermeasures against the adversary’s system.Footnote 28 Such systems are already being researched and developed: Mayhem, the Cyber Reasoning System that won the 2016 US Defense Advanced Research Projects Agency Cyber Grand Challenge, was able to autonomously identify and patch vulnerabilities in flawed code, as well as to detect and exploit adversary vulnerabilities.Footnote 29 These defensive systems could be designed to hack back and incapacitate (or even destroy) the adversary’s system from which the malicious cyber operation originates.Footnote 30

On the other hand, ACC may also be designed to launch particularly sophisticated cyber attacks without human intervention.Footnote 31 One of the first known offensive ACC used was reportedly Stuxnet, the malware that targeted Iran’s Natanz nuclear enrichment facility in 2009.Footnote 32 It was programmed to autonomously spread throughout Natanz’s network, identify the software controlling the facility’s centrifuges and manipulate their operation by altering their settings.Footnote 33 While Stuxnet did not occur during an armed conflict and experts are divided on whether it would have triggered the applicability of IHL,Footnote 34 it provides a good example of ACC causing physical damage.Footnote 35 Another recent example of offensive ACC is DeepLocker, a malware developed by IBM Research that relies on AI techniques to identify pre-selected targets on the basis of specific trigger conditions (e.g., facial and voice recognition, geolocation) and autonomously launch a cyber operation without real-time human control.Footnote 36 Similar systems could be used in the conduct of hostilities to execute cyber attacks against military objectives, such as command and control facilities or air defence systems, or against individuals who qualify as lawful targets at the time of the attack, such as military commanders.

In light of the tactical and strategic advantages connected to ACC, therefore, there is little doubt that these technologies will be used in future armed conflicts.Footnote 37 Consequently, it is of crucial importance to verify whether and to what extent ACC can be developed and used, in all or some circumstances, in compliance with IHL provisions.Footnote 38 Not only must they be programmed in such a way that they are not indiscriminateFootnote 39 and do not cause superfluous injuries and unnecessary suffering,Footnote 40 but they must also be used in compliance with the principles of distinction,Footnote 41 proportionalityFootnote 42 and precaution.Footnote 43

ACC’s technical features undermining IHL compliance

ACC present some technical features that raise important concerns vis-à-vis IHL and that warrant brief consideration.Footnote 44 Firstly, as noted above, ACC’s lack of real-time human control or oversight might undermine their use in compliance with several IHL provisions. Indeed, as pointed out by Capone,

many key IHL rules require the application of evaluative decisions and value judgements, taken on the basis of the “reasonable commander standard”, such as the presumption of civilian status in case of “doubt”, the selection of the precautionary measures to implement during an attack, or the assessment of proportionality, which requires the attacker to determine what constitutes “excessive” collateral damage in relation to anticipated concrete and direct military advantage.Footnote 45

At the current state of technological development, ACC seem unable to perform similar subjective evaluations without human intervention.Footnote 46 One way around this problem might be to carry out these assessments ex ante, programming ACC accordingly to carry out specific attacks.Footnote 47 ACC may, for instance, be instructed to target a military objective (or a list of military objectives) that has already been validated by the military commander before engagement. Likewise, the proportionality assessment could be carried out by the military commander immediately before the attack on the basis of the information available at the time and programmed into the ACC.Footnote 48 Stuxnet, for example, was programmed to target a specific piece of software (Siemens Step 7) and would not activate unless such software was found on the infected computer. In addition, it had in place several safety measures aimed at reducing any collateral damage, including a self-destruct mechanism.Footnote 49 Had the attack occurred in the context of an armed conflict, at least based on the information currently available in the public domain, Stuxnet would probably have adhered to the principles of distinction and proportionality.Footnote 50 Yet, as will be discussed further below, even in pre-planned attacks, real-time human control may still be necessary to ensure compliance with IHL, especially when ACC are used in complex and dynamic environments where ex ante evaluations may no longer be valid.Footnote 51

Secondly, again as noted above, ACC that rely on AI techniques to adapt to changes in the operating environment risk being highly unpredictable, unreliable and unexplainable.Footnote 52 As mentioned, although AI is not necessarily a prerequisite for the functioning of ACC, it may further enable their adaptability and their ability to learn.Footnote 53 AI-enabled ACC may indeed be programmed to learn from the environment in which they are operating and to make independent decisions or adjust their performance to the circumstances of the case, to the extent that they have been described as “independent in their functioning”.Footnote 54 This characteristic confers on them high flexibility, allowing them to operate even in hostile and dynamic environments.Footnote 55 At the same time, however, AI-enabled systems have often been described as unpredictable and unreliable, especially if they rely on machine learning,Footnote 56 and it is indeed difficult to predict what these systems will learn from the operating environment and therefore how they will respond to a given input.Footnote 57 Complicating matters further, AI-enabled systems often produce outputs that are not explainable (the “black box” phenomenon), making it difficult (if not impossible) for their users to understand how and why the system reaches that specific output from a given input.Footnote 58 Where AI-enabled ACC exhibit similar behaviour, this would raise important concerns as to their use in compliance with IHL. In addition, the fact that ACC operate through the cyber domain, where most infrastructures are interconnected and dual-use,Footnote 59 may further exacerbate such risks. Were ACC to be programmed to self-replicate and self-propagate in order to reach their target more effectively, they could spread uncontrollably, potentially disrupting, disabling or physically damaging essential civilian services and infrastructures. This could increase the risk of indiscriminate attacks and could even lead to an escalation of the conflict.Footnote 60

From this brief overview, it is clear that the use of ACC may result in unintended violations of IHL, posing significant risks of civilian harm. The next section will therefore explore whether and to what extent States have due diligence obligations under IHL to address and mitigate such risks.

Due diligence as a possible framework to mitigate ACC’s associated risks

The notion of due diligence first developed in the nineteenth century through State practice and arbitral decisions in relation to States’ neutralityFootnote 61 and the protection of aliens and their property.Footnote 62 In the twentieth century, international judicial decisions further extended the concept of due diligence, grounding it in the obligation of States not to allow their territory to be used for acts contrary to the rights of other States.Footnote 63 Nowadays, due diligence is best understood as a duty or standard of care that should be applied to assess States’ compliance with obligations of conduct.Footnote 64 It finds application in several regimes of international law, including IHL, and is generally invoked to manage risks so as to prevent violations of other obligations (often referred to as obligations of result)Footnote 65 that might harm or damage other actors or the public interest.Footnote 66 Due diligence requires States to “deploy adequate means, to exercise best possible efforts, to do the utmost, to obtain [a certain] result”Footnote 67 – yet, it does not prescribe how this result must be obtained, leaving it up to States to decide which diligent measures shall be adopted, on the basis of their available means. This flexibility allows States to adjust their diligent measures based on an assessment of the risk they need to address.Footnote 68

In situations of armed conflict, where the risks inherent to the conduct of hostilities are high, due diligence has proved to be particularly useful. Due diligence is indeed a chapeau obligation for several IHL norms of both a treaty and customary nature.Footnote 69 For example, the overarching duty to ensure the respect of IHL in all circumstances,Footnote 70 along with other related norms (such as disseminating IHL,Footnote 71 repressing and suppressing breaches of IHLFootnote 72 and conducting legal review of all new weapons, means and methods of warfareFootnote 73), entails the exercise of due diligence in times of peace and war. Due diligence is also reflected in numerous norms pertaining to the conduct of hostilities, such as the duty to take all feasible precautions in attackFootnote 74 and against the effects of attack.Footnote 75

The following analysis will focus, in particular, on those IHL obligations that envisage due diligence and are expected to be most relevant for mitigating the risks associated with ACC: the duties to respect and ensure respect for IHL, to conduct legal review of new weapons, means and methods of warfare, and to undertake all feasible precautions both in attack and against the effects of attack. After providing a brief overview of such provisions and discussing their application to ACC, the article will offer examples of diligent measures that States shall undertake to manage the risks associated with ACC.

The duty to respect and ensure the respect for IHL

The first provision that warrants close examination is the duty “to respect and to ensure respect for” IHL both in times of peace and in times of war, enshrined in Article 1 common to the four Geneva Conventions (common Article 1) and Article 1(2) of Additional Protocol I (AP I). This is one of the broadest and most important positive IHL obligations of conductFootnote 76 and is widely considered as reflective of customary international law.Footnote 77

Significantly, the first prong of the obligation (the obligation “to respect”) is a reaffirmation of the pacta sunt servanda formula.Footnote 78 It requires States to refrain from committing or encouraging IHL violations,Footnote 79 and to take positive steps to ensure that armed forces, as well as organs and individuals whose acts are attributable to the State, act in compliance with IHL in all circumstances.Footnote 80 It envisages obligations of result rather than of conduct.Footnote 81 That said, the duty to respect IHL is closely related to other autonomous IHL obligations of conduct, such as the duty to disseminate IHL and train armed forces.Footnote 82

The second prong of the obligation (the duty “to ensure respect”) covers conducts that are not attributable to the State under international law – namely, those of the whole population over which a State exercises authority (internal application),Footnote 83 and those of third States (external application).Footnote 84 This is where due diligence comes into play under common Article 1, as States are required to take all feasible measures necessary to prevent and repress IHL breaches from actors whose conduct is not attributable to the State. The nature of such measures depends on the specific circumstances of the case, including the gravity of the breach, the imminence of further violations and the available means.Footnote 85 With respect to private persons, such measures include, for example, the dissemination of IHL among the civilian population and the repression and suppression of IHL breaches at the domestic level.Footnote 86 With respect to third States, such measures may entail, inter alia, addressing questions of compliance within the context of diplomatic dialogue (including exerting diplomatic pressure to bring violations to an end); intervening (also directly) to prevent or bring to an end an IHL violation by a coalition partner; offering legal assistance to the parties to a conflict (such as instructions or training); conditioning, limiting or refusing direct or indirect arms transfers and other forms of support; or referring a situation to the International Humanitarian Fact-Finding Commission.Footnote 87

The duty to respect and ensure respect for IHL is relevant to new technologies, including cyber operationsFootnote 88 and AI-enabled technologiesFootnote 89 – and the same applies to ACC. Accordingly, States must refrain from committing violations of IHL or encouraging others to breach IHL by means of ACC, and must also take all feasible measures to ensure that ACC are developed and used in compliance with IHL by their armed forces, as well as by private persons (including private technology companies and civilian hackers within their jurisdiction)Footnote 90 and third States.Footnote 91 These measures must be adopted both in times of peace and in times of war, and shall concern the entire life cycle of ACC, from their development or procurement to their deployment. It follows that States shall ensure that ACC are developed in a way that ensures their use in compliance with IHL and must also refrain from developing, procuring or adopting technologies that cannot comply with IHL.Footnote 92 In addition, States shall also educate and train military commanders and human operators who programme and deploy ACC in armed conflict,Footnote 93 and must make specialized legal and technical advisers available to their armed forces when developing, programming or deploying ACC.Footnote 94

With respect to private individuals, States have at their disposal various diligent measures to ensure that the civilian population over which they exercise authority – including both private technology companies developing ACC and civilian hackers deploying ACC – respects IHL. Firstly, in line with the obligation to disseminate IHL, States should, as necessary and feasible, ensure that employees of private technology companies, as well as civilian hackers, are made aware of the relevant IHL rules and require them to comply with the applicable legal obligations.Footnote 95 Depending on the degree of their influence over private technology companies, States may also implement ad hoc regulations to prevent the development or transfer of ACC that cannot be used in compliance with IHL.Footnote 96 Secondly, States must take all necessary measures to repress and suppress any breaches of IHL committed by individuals through ACC, including the establishment of effective penal sanctions at the domestic level and the obligation to search for alleged perpetrators and to prosecute them before national courts or extradite them to another State.Footnote 97

Finally, with respect to third States to which a State has supplied ACC, the latter State shall monitor how these systems are used by the third StateFootnote 98 and, where they are used in violation of IHL, shall condition, limit or cease any direct or indirect transfer of ACC, as well as any other form of support (including financing, training, sharing of information and embedding of military advisers), and adopt risk mitigation measures.Footnote 99 States should also condemn breaches of IHL by other States deploying ACC in armed conflict – for instance, by taking public positions or through diplomatic or adjudicative means – and demand for their cessation.Footnote 100

The duty to conduct legal review of new weapons, means and methods of warfare

A second important due diligence obligation under IHL concerns determining whether the employment of a new weapon, means or method of warfare would be prohibited by IHL in some or all circumstances.Footnote 101 For States Parties to AP I, this obligation is clearly established: in accordance with Article 36, when studying, developing, acquiring or adopting new weapons, means or methods of warfare, States Parties must determine whether their employment would, in some or all circumstances, be prohibited by international law.Footnote 102 The purpose of this duty is to prevent the use of new weapons that would violate IHL in all circumstances and to impose restrictions on the use of new weapons that would violate IHL in some circumstances, by determining their lawfulness before they are developed, acquired or included in a State’s arsenal.Footnote 103 It also functions as an important “safety net” vis-à-vis the rapid developments that take place in military technologies,Footnote 104 applying to all new weapons, means and methods of warfare as well as to existing weapons that a State intends to use for the first time and to modifications that alter the function of a weapon that has already been reviewed.Footnote 105

For States that have not ratified AP I, however, the scope of this obligation is less clear. Although it remains debated whether Article 36 is reflective of customary international law, it has been suggested that States are still obliged to determine whether their weapons, means and methods of warfare can be employed in compliance with IHL.Footnote 106 According to the ICRC in particular, the fact that all States are under an obligation to ensure respect for IHL (as mentioned above) also includes an obligation to take all feasible measures to prevent the use of weapons, means and methods that would violate IHL under all circumstances, and to restrict the use of those that would do so under certain circumstances.Footnote 107

ACC fall within the material scope of Article 36 when they qualify as new weapons. While there is no agreed definition of “cyber weapons”, this article considers those ACC that are designed, used or intended to be used to conduct an attack within the meaning of Article 49 of AP I as falling within this category. Thus, any ACC that cause, or are reasonably expected to cause, a certain degree of violence against the adversary, whether in offence or defence, qualify as weapons for the purpose of Article 36.Footnote 108 Although only a few States have publicly undertaken legal reviews of cyber capabilities so far, the fulfilment of this due diligence obligation is crucial to determining whether ACC can be lawfully used in the conduct of hostilities.Footnote 109 ACC may take different forms depending on the way they are programmed, the tasks they need to perform and the environment in which they operate, so conducting a legal review on each individual ACC would allow States to determine whether they are unlawful per se – i.e., whether they cause unnecessary suffering and superfluous injury or are indiscriminate in nature – or whether they can be deployed in compliance with IHL under certain circumstances. Significantly, while States are not expected to foresee all possible (mis)uses of ACC in the conduct of hostilities, they are required by Article 36 to assess their legality in normal and expected uses.

The legal review of ACC is nevertheless likely to be particularly challenging in light of the autonomous nature and cyber dimension of these technologies.Footnote 110 Where AI-enabled ACC exhibit levels of unpredictability, unreliability and unexplainability, the legal assessment is necessarily more demanding;Footnote 111 as stressed by the ICRC with specific regard to autonomous weapons systems (AWS), the legal review requires that the weapon system be sufficiently understandable, predictable and explainable, so as to allow reviewers to anticipate its operation in its normal or expected circumstances and manner of use.Footnote 112 This complexity is further compounded by the dynamic character of the software, which may be subject to continuous updates, especially in the case of self-learning or self-adaptive systems.Footnote 113 To address these challenges, States will need to adopt a more tailored approach to legal reviews – one that takes into account the specific characteristics of ACC, as well as its training, testing and performance in normal and expected uses.Footnote 114 In this respect, while States are free to decide how to fulfil their weapon review obligation, Tattersall and Copeland have developed an approach that provides useful guidance on the matter. By building upon the ICRC’s Guide to the Legal Review of New Weapons, Means and Methods of Warfare, their approach comprises nine steps.Footnote 115 First, it is necessary to assess the design, technical and performance characteristics of the ACC, including the code or algorithm specification (predictability, reliability, explainability etc.), the adaptability of the software agent, the existence of digital and procedural safeguards, the modes and levels of autonomy, and the interactions with the environment and with human operators. It is indeed necessary to understand how a specific ACC works from a technical standpoint in order to assess its legal implications. Then, the reviewers must determine the “normal or expected use” of the examined ACC, as well as if it amounts to a “new weapon, means or method” that requires review under Article 36 of AP I. Once it has been confirmed that the specific ACC is indeed a new weapon of warfare that needs to be legally reviewed, it is imperative to assess whether its use can be in compliance with both specific and general prohibitions or restrictions on weapons, means and methods of warfare (under both treaty and customary law). In the unlikely case that the ACC’s normal or expected use is not covered by existing rules of IHL, it must be assessed vis-à-vis the principles of humanity and the dictates of the public conscience (the Martens Clause). Interestingly, Tattersall and Copeland also consider in their analysis other relevant international law provisions (such as the law of neutrality and international human rights law), as well as domestic law. The last step of the review consists in the adoption of the review’s conclusion and of the associated legal advice decision.

Scholars have suggested other considerations with respect to AI-enabled technologies that are relevant for ACC which rely on AI. Lewis, for instance, has elaborated a list of sixteen elements or properties of interest or concern that should be considered in the legal review of weapons, means and methods of warfare involving AI-related techniques or tools: these are (i) legal agency, (ii) attributability, (iii) explainability, (iv) reconstructability, (v) proxies, (vi) human intent and human knowledge, (vii) normative inversion, (viii) value decisions and normative judgements, (ix) ongoing monitoring, (x) deactivation and/or additional review, (xi) critical safety features, (xii) improvisation, (xiii) representation, (xiv) biases, (xv) dependencies, and (xvi) predictive maintenance.Footnote 116 Other scholars, like Coco and Dias, have stressed the importance of involving in the legal review impartial experts in international law, technology and other relevant areas.Footnote 117 Taken together, all of these elements can support States in adopting a tailored approach to the legal review of ACC, suited to the ACC’s specific technical and operational characteristics.

The duty to take all feasible precautions in attack

A third relevant IHL due diligence obligation pertains to the conduct of hostilities. Due diligence plays a central role in all the principles regulating the conduct of hostilities, and this is particularly evident in the rules on precautions in attack under Article 57 of AP I.Footnote 118 According to Article 57(1) of AP I, “[i]n the conduct of military operations, constant care shall be taken to spare the population, civilians and civilian objects”.Footnote 119 In other words, this provision recognizes that there is a general and flexible duty of care that must be exercised during military operations – i.e., during “any movements, manoeuvres or other activities whatsoever carried out by the armed forces with a view to combat”Footnote 120 – to protect the civilian population, civilians and civilian objects. This is, as suggested by Lubin, “an expansive definition that captures all military activities with a general nexus to combat”.Footnote 121 While it is the military commander who decides which measures fall within this obligation, it has been pointed out that “the higher the risk for the civilian population in any given military operation, the more will be required in terms of care”.Footnote 122

Article 57(2) complements this first “umbrella obligation” of care with additional specific duties aimed at limiting the negative effects of an attack upon civilians and civilian objects.Footnote 123 Notably, those who plan or decide upon an attack must (i) do everything feasible to verify ex ante that the objectives to be attacked are legitimate; (ii) take all feasible precautions in the choice of means and methods of attack in order to avoid, or at least minimize, incidental loss of civilian life, injury to civilians or damage to civilian objects; and (iii) refrain from launching an attack that is expected to be disproportionate.Footnote 124 If it becomes evident that the attack is in violation of the principles of distinction or proportionality, then the attack shall be cancelled or suspended.Footnote 125 The key aspect of these specific obligations of conduct is that they must be feasible – i.e., they must be “practicable or practically possible taking into account all circumstances ruling at the time, including humanitarian and military considerations”.Footnote 126

The principle of precautions in attack plays a pivotal role in ensuring that ACC are used in compliance with IHL during military operations in general, and during an attack in particular. Firstly, it requires States to exercise constant care to spare the civilian population and civilian objects in the conduct of military operations. It implies a legal obligation for military commanders to consider any adverse impacts that autonomous cyber operations (including, but not limited to, attacks) may have on the civilian population and to take measures to avoid them. Harrison Dinnis, for example, considers the case of an ACC programmed to poison the dataset on which an adversary’s own AI system is trained. Where this operation results in that system becoming indiscriminate or disproportionate, or otherwise violating any other rules of IHL, it would be impermissible.Footnote 127 While the exact application of this principle in a specific military operation must be left to the military commander, the International Group of Experts working on the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Tallinn Manual 2.0) considered that this obligation requires situational awareness at all times throughout all phases of military operations.Footnote 128

It follows that military commanders need to collect all reasonably available intelligence in order to fully understand the impact of military operations.Footnote 129 When preparing an attack, accurate intelligence-gathering is indeed necessary to give ACC precise instructions and to feed the algorithm with more reliable data.Footnote 130 In this sense, it may be necessary to map “the enemy’s network with sufficient accuracy through network mapping, footprinting, and other cyber exploitation operations”.Footnote 131 Likewise, it may also be necessary to map civilian networks and infrastructures, thereby gathering information about the civilian environment so that the full impact of military operations can be anticipated and mitigated as much as possible.Footnote 132 Although it may in principle be possible to partially conduct intelligence-gathering by means of ACC (e.g., by instructing ACC to detect vulnerabilities in the target’s network),Footnote 133 human operators must, where possible, complement technical information with additional intelligence acquired outside cyberspace;Footnote 134 they must take informed decisions on the basis of their expertise, without falling into the trap of “automation bias”Footnote 135 or “overload of information”, which “may trigger a problem of ‘seeing too much’, which is as grave as ‘seeing to little’”.Footnote 136 To this end, military commanders shall have the necessary technical expertise – or at least have technical experts available – to understand the acquired intelligenceFootnote 137 and determine whether appropriate precautionary measures have been taken.Footnote 138 Finally, the duty of care also appears to require that military commanders maintain oversight of ACC, as well as exercising human control over them during deployment when there is a risk of unintended harmful consequences for the civilian population, as will be discussed further below.Footnote 139

Secondly, this obligation of conduct requires those who plan or decide upon an autonomous cyber attack to adopt all feasible measures to ensure that the deployed ACC (i) correctly identify the target and (ii) direct the attack against the selected target while avoiding or in any event minimizing incidental collateral damage. The key issue is to determine what constitutes “feasible precautions” in the context of autonomous cyber attacks, a determination that depends on several factors, including the circumstances of the attack and of the operating environment. For example, embedding operational constraints in the software agent may contribute to mitigating its potential harm and to avoiding, to the maximum extent possible, unintended violations of IHL.Footnote 140 For the purpose of this analysis, “operational constraints” refer to technical or functional limitations embedded ex ante in the system’s design or parameters of use so as to restrict the scope, duration or effect of an ACC’s behaviour, thereby ensuring greater predictability and control over the attack.Footnote 141 Such constraints can take various forms and must be adopted on an ad hoc basis according to the specific operational needs of the mission and the technical characteristics of the ACC. In this regard, Perez contends that some of the operational constraints suggested in the debate on AWS may be easily extended to ACC. These measures relate inter alia to the tasks assigned to the system, controls on the environment (e.g., target profiles), parameters of use (e.g., deactivation, fail-safe mechanisms) and means of interaction (e.g., abortion of the task, limits on self-learning capacities).Footnote 142

Further operational constraints may be embedded in ACC that rely on AI. For instance, Coco and Dias suggest incorporating the following constraints into AI-enabled systems:

[D]evise a deactivation threshold triggered by the lapse of a certain amount of time or by the degradation of a critical safety feature; build in ‘fail-safe’ mechanisms to allow human operators to safely take over or override the system; train the machine to prioritize specific data that is deemed to be particularly reliable; set minimum levels of accuracy before any decision is made and acted upon.Footnote 143

Similar constraints were embedded in Stuxnet – not only was it programmed to target the specific software used at the Natanz uranium enrichment facility, but it also activated only in the presence of that software (without compromising other computers) and deactivated once the expiration date (24 June 2012) was reached.Footnote 144 Although Stuxnet did not occur in the context of an armed conflict and therefore IHL did not apply, based on publicly available information, these technical constraints would probably have been consistent with what would have been required by the principle of precautions in attack.

Operational constraints alone, however, might not be sufficient to mitigate ACC’s risks and ensure compliance with IHL. While this article does not categorically exclude the possibility that ACC could be used in compliance with IHL even in the absence of real-time human control, relying solely on stringent operational constraints, it recognizes that this would be confined to a very narrow set of circumstances. Consider, for example, an autonomous cyber attack against a predetermined military target that is easily identifiable through technical data and completely disconnected from civilian infrastructure, carried out in a static and predictable environment in which the presence of civilians or civilian objects, as well as of any adverse effects on them, can be excluded with certainty in advance. Such an autonomous cyber attack could, in principle, comply with IHL without real-time human control, provided that the ACC is not unpredictable, unreliable or unexplainable; that the military target has been validated prior to engagement; that any expected collateral damage does not exceed the anticipated military advantage; and that the ACC is programmed to suspend or abort the attack in case of doubt. According to some authors, Stuxnet would have fallen within this category had it occurred in the context of an armed conflict.Footnote 145 In most cases, however, such scenarios are unlikely to materialize, given that most current cyber infrastructures can serve both civilian and military purposes. In addition, the increasing reliance on AI might negatively affect the predictability, reliability and explainability of ACC. As a general rule, therefore, a certain degree of human control shall be retained over ACC during engagement.Footnote 146

While it is acknowledged that the intrinsic characteristics of cyberspace may pose several challenges to the exercise of real-time human control over ACC during an attack due to the very high speed at which cyber operations occur and the significant volume of data involved,Footnote 147 it is nonetheless contended that human control remains essential. Indeed, under most circumstances, such control may still constitute the only available precautionary measure that a State must undertake to ensure the use of ACC in compliance with IHL provisions. Starting from this assumption, the crucial point is to determine when real-time human control qualifies as an effective measure for reducing the risk of harm; only under these circumstances can it be considered a measure of due diligence.Footnote 148 In this respect, it may be useful to briefly examine the notion of human control elaborated within the framework of the UN Convention on Certain Conventional Weapons (CCW) Group of Governmental Experts on Lethal Autonomous Weapons Systems (GGE LAWS).Footnote 149

The notion of human control has played a pivotal role in the debate over AWS. In an effort to articulate the degree of human involvement that should be preserved, a range of formulations have been proposed, including “sufficient”, “appropriate” and “meaningful” human control. Among these, the notion of “meaningful human control” (MHC) has gained significant traction. Introduced by the non-governmental organization Article 36 in the first CCW Expert Meeting on LAWS, MHC was initially conceived as a “one-size-fits-all” model of human control that must be exercised at all times over any individual attack carried out by means of AWS.Footnote 150 This interpretation of MHC, however, soon proved to be conceptually contested and difficult to operationalize, as it failed to adequately account for the diversity of technological capabilities, operational environments and levels of autonomy involved.Footnote 151 As the debate developed, the focus gradually shifted toward the notion of “context-appropriate human judgement and control”, which has since become an established concept within the GGE LAWS discussions.Footnote 152 This shift in terminology reflects a growing recognition that the form and degree of human involvement may and should vary depending on operational context, system design and level of risk involved.

This article takes the same approach, arguing that different degrees of real-time human control may be exercised over ACC, to be determined on an ad hoc basis, by taking into consideration the characteristics and design of ACC, the circumstances of their deployment and the operational environment in which they function. With respect to the characteristics and design of these systems, AI-enabled ACC are likely to require a higher degree of human control than ACC operating on the basis of pre-imparted instructions. While ACC that follow a set of instructions in the form of “if <x happens> then <do A> else <do B>” are particularly predictable, AI-enabled ACC can adapt their behaviour by learning from experience. As a result, their conduct may become less predictable, thereby increasing the risk of unintended violations of IHL. For this reason, AI-enabled ACC require continuous human oversight, both to monitor their behaviour and to ensure timely intervention – including, where necessary, the suspension or cancellation of an attack – whenever their functioning gives rise to legal concerns. The human operator would thus serve as a “fail-safe mechanism”, ensuring that the ACC operates as intended and preventing any unintended breaches of IHL.Footnote 153 Similarly, different circumstances of deployment require different degrees of human control. In pre-planned autonomous cyber attacks against validated targets that are not expected to cause excessive collateral damage, real-time human control must be retained to verify the lawfulness of the target in case of doubt, to update the proportionality assessment as necessary and to suspend or cancel the attack if circumstances require. In autonomous cyber attacks that are not planned in advance, as in the case of defensive ACC that autonomously react to an incoming attack, real-time human control must be retained at all times to make context-specific judgements in compliance with the IHL principles of distinction and proportionality, to implement any other feasible precautions deemed necessary and to suspend or cancel any attacks that could result in a breach of IHL. Finally, with respect to the environment, ACC operating in complex and dynamic scenarios will require a higher degree of real-time human control than those operating in static and predictable environments in which human operators already have adequate situational awareness. The legal assessments must in fact be continuously adjusted to reflect the changes in the operating environment.Footnote 154

The duty to take all feasible precautions against the effects of attacks

Under IHL, States must take all feasible precautions against the effects of attacks (also known as “passive precautions”Footnote 155). According to Article 58 of AP I, notably, parties to an armed conflict are obliged to take all feasible precautions to protect the civilian population and civilian objects under their control against the effects of attacks.Footnote 156 This due diligence obligation requires parties to a conflict to take, to the maximum extent feasible, endeavours to remove civilians and civilian objects under their control from the vicinity of military objectives,Footnote 157 to avoid locating military objectives within or near densely populated areasFootnote 158 and to protect civilians and civilian objects from dangers resulting from military operations.Footnote 159

Passive precautions are particularly important in the cyber domain – where, as noted above, most of the current infrastructures can serve both civilian and military purposes – and will play an even more crucial role in the event of an autonomous cyber attack. The segregation of military from civilian cyber infrastructure, networks and data may indeed contribute to limiting an uncontrolled spread of ACC. While complete segregation might not be currently feasible, given the interconnectedness of military and civilian infrastructures, States shall still pursue this endeavour to the maximum extent possible.Footnote 160 For example, States should disconnect their military networks from the internet, not only for their own defence but also to protect civilian networks and infrastructures.Footnote 161 If an ACC is programmed to attack an air-gapped military network – that is, a network that is physically separated and isolated from other networks and systems that are not secure, such as the internetFootnote 162 – the chances that it will proliferate outside the intended network and target civilian infrastructures will be reduced.

Beside segregation, States must also adopt, to the maximum extent feasible, any other necessary precautions to protect civilians and civilian objects under their control from any dangers resulting from military cyber operations, including autonomous cyber operations.Footnote 163 Such “other necessary precautions” include precautions taken in advance of a cyber attack, such as building strong cyber resilience cultures across society by increasing public awareness of the risks associated with autonomous cyber operations;Footnote 164 engaging with the private sector, which owns most cyber infrastructures;Footnote 165 adopting cyber hygiene measures, as well as passive defensive measures (e.g., antivirus software), to enhance the protection of civilian infrastructures from intrusive autonomous cyber operations;Footnote 166 executing regular back-ups to facilitate data recovery;Footnote 167 warning about impending or ongoing autonomous cyber operations; and providing technical assistance to those targeted by means of ACC.Footnote 168

Finally, while protective emblems are not per se a form of passive precaution, actions related to their adoption might be. In light of the discussions on the possible creation of a digital marker for protected objects,Footnote 169 it is suggested that the parties to an armed conflict could, in the future, use digital emblems to signal specific categories of persons and objects that enjoy special protection under IHL.Footnote 170 Such digital emblems could be used to identify digital components (such as assets, services and data) of protected entities, signalling that under IHL, they cannot be targeted. While no digital emblem has been created so far, the ICRC is currently leading the development of technical standards on which a digital emblem could rely. They are working, together with other partners, on a prototype design known as Authentic Digital Emblem (ADEM).Footnote 171 Through ADEM, “digital emblems are machine-readable and cryptographically secured claims of protection”.Footnote 172 Thus, they could conceivably be recognizable by ACC, which could be programmed accordingly, for the purpose of sparing certain protected persons and objects.

Conclusion

Although to this date no ACC has been reported to have been used in an armed conflict, there is little doubt that ACC will play a central role in future wars. The strong tactical and strategic advantages they offer both in defence and offence will be particularly appealing for States. Yet, ACC’s lack of real-time human control and the risk of unpredictable, unreliable and unexplainable behaviours, combined with the fact that ACC operate through cyberspace, where most infrastructures are interconnected, raise important concerns of unintended violations of IHL.

This article contributes to further strengthening the protection that IHL already affords against the danger arising from the use of information and communications technologies during armed conflicts, by providing some guidance on how to prevent and avoid ACC resulting in unintended violations of IHL. In the absence of an ad hoc treaty regulating the use of ACC in armed conflict, this article contends that due diligence, being a chapeau obligation for several norms of IHL, already offers a valuable framework for mitigating the risks posed by these technologies. In particular, it analyses four IHL obligations of conduct that are relevant when it comes to ACC: the duty to respect and ensure respect for IHL, the duty to conduct legal review of new weapons, means and methods of warfare, the duty to take all feasible precautions in attacks, and the duty to take all feasible precautions against the effects of attacks. Based on these provisions, States have the positive obligation to take all appropriate means to develop and use ACC in compliance with IHL.

In the absence of publicly reported State practice on the matter, this article puts forth some possible diligent measures that States shall adopt both in times of peace and in times of war. States shall ensure that ACC are developed in compliance with IHL standards, involving both legal and technical experts in the process. Legal reviews need to include new standards that take into account the predictability, reliability and transparency of the software agent, as well as its training and performance in normal and expected uses. Individuals involved in the development, review and deployment of ACC must receive specific training in light of ACC’s technical features and legal implications. Before and during deployment, States must exercise particular care in the use of ACC. Military commanders shall have the legal and technical expertise to determine whether all feasible precautions have been taken, in order to avoid that ACC results in any excessive detrimental impact on the civilian population, civilians and civilian objects. Military commanders must perform careful intelligence-gathering, ensure that the software agents are programmed according to precise instructions, embed appropriate operational constraints and retain a certain degree of real-time human control over ACC to prevent unintended violations of IHL. States must also take all feasible precautions against the effects of autonomous cyber attacks by segregating their military networks to the maximum extent possible and adopting measures to protect the civilian population and minimize civilian harm. While additional diligent measures may emerge over time, also in light of States’ growing capabilities,Footnote 173 failure to comply with obligations of conduct triggers the international responsibility of the State.Footnote 174

In conclusion, due diligence proves to be particularly valuable in ensuring that international law keeps pace with rapid technological development.Footnote 175 This is even more evident in cyberspace, where States are more inclined to discuss non-binding norms than legally binding instruments.Footnote 176 At the same time, however, a clear and common understanding of what due diligence obligations require of States that develop and deploy ACC in armed conflicts is essential. To this end, States should include in their discussions on the military uses of AI considerations regarding which concrete diligent measures should be adopted to mitigate the human cost of ACC, and should share best practices and expertise.

Footnotes

*

The author wishes to sincerely thank the external reviewers and the editorial team of the Review for their support and constructive feedback throughout the editorial process. Any remaining errors are solely the author’s responsibility.

The advice, opinions and statements contained in this article are those of the author/s and do not necessarily reflect the views of the ICRC. The ICRC does not necessarily represent or endorse the accuracy or reliability of any advice, opinion, statement or other information provided in this article.

References

1 See UNGA Res. 79/239, 24 December 2024, Preamble, where it is acknowledged that “States have started to increasingly integrate artificial intelligence into a broad array of applications in the military domain, including into weapons, weapon systems, and other means and methods of warfare, as well as systems that support military operations”.

2 Sebastian Clapp, Defence and Artificial Intelligence, Briefing to the European Parliament, Brussels, April 2025, p. 2, available at: www.europarl.europa.eu/RegData/etudes/BRIE/2025/769580/EPRS_BRI(2025)769580_EN.pdf (all internet references were accessed in February 2026).

3 The use of AI decision support systems (AI-DSS) in Gaza was first reported by +972 Magazine and Local Call in a joint report on the Israel Defense Forces’ targeting operations. Yuval Abraham, “‘A Mass Assassination Factory’: Inside Israel’s Calculated Bombing of Gaza”, +972 Magazine, 30 November 2023, available at: www.972mag.com/mass-assassination-factory-israel-calculated-bombing-gaza/. Experts and scholars have further discussed the legal implications of AI-DSS: see e.g. Michael N. Schmitt, “Israel–Hamas 2024 Symposium – The Gospel, Lavender, and the Law of Armed Conflict”, Articles of War, 28 June 2024, available at: https://lieber.westpoint.edu/gospel-lavender-law-armed-conflict/; Emelie Andersin, “The Use of the ‘Lavender’ in Gaza and the Law of Targeting: AI-Decision Support Systems and Facial Recognition Technology”, Journal of International Humanitarian Legal Studies, Vol. 16, 2025; Jessica Dorsey and Marta Bo, “AI-Enabled Decision-Support Systems in the Joint Targeting Cycle: Legal Challenges, Risks, and the Human(e) Dimension”, International Law Studies, Vol. 106, 2025. The Israel Defense Forces have replied to these allegations in an official statement; see, in this respect, “Israel Defence Forces’ Response to Claims about Use of ‘Lavender’ AI Database in Gaza”, The Guardian, 3 April 2024, available at: www.theguardian.com/world/2024/apr/03/israel-defence-forces-response-to-claims-about-use-of-lavender-ai-database-in-gaza.

4 United Nations Institute for Disarmament Research (UNIDIR), The Weaponization of Increasingly Autonomous Technologies: Autonomous Weapon Systems and Cyber Operations, UNIDIR Resources No. 7, Geneva, 2017, p. 1; Joe Burton and Simona R. Soare, “Understanding the Strategic Implications of the Weaponization of Artificial Intelligence”, in Tomáš Minárik et al. (eds), 2019 11th International Conference on Cyber Conflict: Silent Battle, North Atlantic Treaty Organization Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE) Publications, Tallinn, 2019, p. 7; Jacopo Bellasio and Erik Silfversten, “The Impact of New and Emerging Technologies on the Cyber Threat Landscape and Their Implications for NATO”, in Amy Ertan, Kathryn H. Floyd, Piret Pernik and Tim Stevens (eds), Cyber Threats and NATO 2030: Horizon Scanning and Analysis, NATO CCDCOE Publications, Tallinn, 2020, pp. 90–91.

5 UN, “Secretary-General Urges Security Council to Ensure Transparency, Accountability, Oversight, in First Debate on Artificial Intelligence”, Press Release SG/SM/21880, 18 July 2023, available at: https://press.un.org/en/2023/sgsm21880.doc.htm.

6 Marta Stroppa, Autonomous Cyber Capabilities and Unilateral Measures of Self-Help against Malicious Cyber Operations, NATO CCDCOE Publications, Tallinn, 2023.

7 Mariarosaria Taddeo, “On the Risks of Trusting Artificial Intelligence: The Case of Cybersecurity”, in Josh Cowls and Jessica Morley (eds), The 2020 Yearbook of the Digital Ethics Lab, Springer Nature, Cham, 2020; Andrew Lohn, Anna Knack, Ant Burke and Krystal Jackson, Autonomous Cyber Defense: A Roadmap from Lab to Ops, Policy Brief, Center for Security and Emerging Technology (CSET), 2023.

8 On the technical limitations of AI and machine learning, and their applications in armed conflict, see International Committee of the Red Cross (ICRC), “Artificial Intelligence and Machine Learning in Armed Conflict: A Human-Centred Approach”, International Review of the Red Cross, Vol. 120, No. 913, 2020, pp. 475–477.

9 ICRC, Avoiding Civilian Harm from Military Cyber Operations during Armed Conflicts: ICRC Expert Meeting, 21–22 January 2020, Geneva, 2021, p. 33.

10 ICRC, above note 8, pp. 475–477.

11 Rain Liivoja, Maarja Naagel and Ann Väljataga, Autonomous Cyber Capabilities under International Law, NATO CCDCOE Publications, Tallinn, 2019, p. 10; Tim McFarland, “The Concept of Autonomy”, in Rain Liivoja and Ann Väljataga (eds), Autonomous Cyber Capabilities under International Law, NATO CCDCOE Publications, Tallinn, 2021, pp. 23–26.

12 ICRC, Submission to the United Nations Secretary-General on Artificial Intelligence in the Military Domain, Re: ODA/2025-00029/AIMD, 2025, p. 7.

13 For an examination of the history of due diligence, see Giulio Bartolini, “The Historical Roots of the Due Diligence Standard”, in Heike Krieger, Anne Peters and Leonhard Kreuzer (eds), Due Diligence in the International Legal Order, Oxford University Press, Oxford, 2020; Alice Ollino, Due Diligence Obligations in International Law, Cambridge University Press, Cambridge, 2022.

14 Report of the International Law Commission, UN Doc. A/79/10, 8 August 2024, Annex II, para. 2.

15 Pasquale De Sena, “La ‘due diligence’ et le lien entre le sujet et le risque qu’il faut prévenir: Quelques observations”, in Société Française pour le Droit International (ed.), Le standard de due diligence et la responsabilité internationale, Pedone, Paris, 2018; Heike Krieger, Anne Peters and Leonhard Kreuzer, “Due Diligence in the International Legal Order: Dissecting the Leitmotif of Current Accountability Debates”, in H. Krieger, A. Peters and L. Kreuzer (eds), above note 13; Anne Peters, Heike Krieger and Leonard Kreuzer, “Due Diligence: The Risky Risk Management Tool in International Law”, Cambridge International Law Journal, Vol. 9, No. 2, 2020.

16 See, e.g., Gabriella Venturini, “Les obligations de due diligence dans le droit international humanitaire”, in Société Française pour le Droit International (ed.), Le standard de due diligence et la responsabilité internationale (Journée d’études franco-italienne du Mans), Pedone, Paris, 2018; Antal Berkes, “The Standard of ‘Due Diligence’ as a Result of Interchange between the Law of Armed Conflict and General International Law”, Journal of Conflict and Security Law, Vol. 23, 2018; Marco Longobardo, “The Relevance of the Concept of Due Diligence for International Humanitarian Law”, Wisconsin International Law Journal, Vol. 37, No. 1, 2019; Marco Longobardo, “Due Diligence in International Humanitarian Law”, in H. Krieger, A. Peters and L. Kreuzer (eds), above note 13.

17 See e.g. Michael N. Schmitt, “In Defense of Due Diligence in Cyberspace”, Yale Law Journal Forum, 22 June 2015; Russell Buchan, “Cyberspace, Non-State Actors and the Obligation to Prevent Transboundary Harm”, Journal of Conflict and Security Law, Vol. 21, No. 3, 2016; Michael N. Schmitt (ed.), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, 2nd ed., Cambridge University Press, Cambridge, 2017 (Tallinn Manual 2.0), Rules 6–7; Eric Talbot Jensen, “Due Diligence in Cyber Activities”, in H. Krieger, A. Peters and L. Kreuzer (eds), above note 13; François Delerue, Cyber Operations and International Law, Cambridge University Press, Cambridge, 2020, pp. 353–376; Talita Dias and Antonio Coco, Cyber Due Diligence in International Law, Oxford Institute for Ethics, Law and Armed Conflict, Oxford, 2021; Andraz Kastelic, Due Diligence in Cyberspace: Normative Expectations of Reciprocal Protection of International Legal Rights, UNIDIR, Geneva, 2021.

18 Antonio Coco and Talita Dias, “‘Handle with Care’: Due Diligence Obligations in the Employment of AI Technologies”, in Robin Geiß and Henning Lahmann (eds), Research Handbook on Warfare and Artificial Intelligence, Edward Elgar, Cheltenham and Northampton, 2024.

19 A similar definition of ACC was originally elaborated by Liivoja, Naagel and Väljataga in a working paper published by NATO CCDCOE: “[W]e consider autonomous operation in its simplest sense to refer to the ability of a system to perform some task without requiring real-time interaction with a human operator.” R. Liivoja, M. Naagel and A. Väljataga, above note 11, p. 10.

20 M. Stroppa, above note 6.

21 T. McFarland, above note 11, p. 20.

22 Ibid., pp. 23–26.

23 Stuart Russell and Peter Norvig, Artificial Intelligence: A Modern Approach, 4th ed. (Global Edition), Pearson Education, Hoboken, NJ, 2022, pp. 67–69.

24 Vincent Boulanin and Maaike Verbruggen, Mapping the Development of Autonomy in Weapons Systems, Stockholm International Peace Research Institute (SIPRI), Solna, November 2017, p. 16.

25 ICRC, above note 8, p. 467.

26 Use of an ACC amounts to a “cyber attack” in the meaning of Article 49 of Additional Protocol I to the Geneva Conventions (AP I) when it causes – or is reasonably expected to cause – a certain degree of violence against the adversary, whether in offence or defence. While to this day there is still no consensus on the level of harm that cyber operations should reach in order to qualify as attacks under IHL, this article takes the view that uses of ACC which cause, or are reasonably expected to cause, injury or death to persons or damage or destructions to objects clearly qualify. This article also espouses the view, shared by several States and by the ICRC, that a loss of functionality reaches the necessary threshold of harm. By contrast, uses of ACC that merely cause inconvenience or irritation to the civilian population do not qualify. It further acknowledges that it remains unclear whether cyber operations causing large-scale adverse consequences, but not physical damage or loss of functionality, would qualify as attacks in the meaning of IHL. On “autonomous cyber attacks”, see Marta Stroppa, “The Use of Autonomous Cyber Capabilities in Armed Conflict: Legal Appraisal from a Targeting Law Perspective”, in Bérénice Boutin, Taylor Kate Woodcock and Sadjad Soltanzadeh (eds), Legal, Ethical, and Technical Dilemmas in Military Artificial Intelligence, T. M. C. Asser Press, The Hague, 2026. On the position of the ICRC, see ICRC, International Humanitarian Law and Cyber Operations during Armed Conflicts, Position Paper, Geneva, November 2019, pp. 7–8. On the definition of “attack” under IHL, see Protocol Additional (I) to the Geneva Conventions of 12 August 1949, and relating to the Protection of Victims of International Armed Conflicts, 1125 UNTS 3, 8 June 1997 (entered into force 7 December 1978) (AP I), Art. 49(1). It is important to note that the notion of attack under IHL is different from (and should not be confused with) the notion of “armed attack” under Article 51 of the UN Charter, which belongs to the realm of the law on the use of force and is outside the scope of this article.

27 M. Taddeo, above note 7.

28 M. Stroppa, above note 6.

29 R. Liivoja, M. Naagel and A. Väljataga, above note 11, p. 12.

30 Autonomous “hack-backs” raise important challenges vis-à-vis a wide range of international law provisions, including those regulating pleas of necessity and self-defence. See e.g. Nicholas Tsagourias and Russell Buchan, “Automatic Cyber Defence and the Laws of War”, German Yearbook of International Law, Vol. 60, 2017; M. Stroppa, above note 6; Samuli Haataja, “Cyber Operations and Automatic Hack Backs under International Law on Necessity”, Computer Law and Security Review, Vol. 53, 2024.

31 Dakota Cary and Daniel Cebul, Destructive Cyber Operations and Machine Learning, Issue Brief, CSET, Washington, DC, November 2020; Ben Buchanan, John Bansemer, Dakota Cary, Jack Lucas and Micah Musser, Automating Cyber Attacks: Hype and Reality, CSET, Washington, DC, November 2020; Eric Pouw and Peter Pijpers, “CyCon 2025 Series – AI-Enabled Offensive Cyber Operations: Legal Challenges in the Shadows of Automation”, Articles of War, 22 August 2025, available at: https://lieber.westpoint.edu/ai-enabled-offensive-cyber-operations-legal-challenges-shadows-automation/.

32 Paul Scharre, Army of None: Autonomous Weapons and the Future of War, W. W. Norton, New York, 2018, pp. 213–215; Caitríona Heinl, “Maturing Autonomous Cyber Weapons Systems: Implications for International Security and Autonomous Weapons Systems Regimes”, in Paul Cornish (ed.), Oxford Handbook of Cyber Security, Oxford University Press, Oxford, 2018.

33 Enn Tyugu, “Command and Control of Cyber Weapons”, in Christian Czosseck, Rain Ottis and Katharina Ziolkowski (eds), 2012 4th International Conference on Cyber Conflict: Proceedings, NATO CCDCOE Publications, Tallinn, 2012, p. 337; P. Scharre, above note 32, pp. 213–215. Some authors have classified Stuxnet as highly automated rather than autonomous: see e.g. Alessandro Guarino, “Autonomous Intelligent Agents in Cyber Offence”, in Karlis Podins, Jan Stinissen and Markus Maybaum (eds), 5th International Conference in Cyber Conflict: Proceedings, NATO CCDCOE Publications, Tallinn, 2013, p. 381; F. Delerue, above note 17, p. 161; Tanel Tammet, “Autonomous Cyber Defence Capabilities”, in R. Liivoja and A. Väljataga (eds), above note 11, p. 36.

34 Tallinn Manual 2.0, above note 17, Rule 82, para. 15.

35 Stamatis Karnouskos, “Stuxnet Worm Impact on Industrial Cyber-Physical System Security”, in IECON 2011 – 37th Annual Conference of the IEEE Industrial Electronics Society: Proceedings, 2011, p. 4492; R. Liivoja, M. Naagel and A. Väljataga, above note 11, p. 27.

36 Dhilung Kirat, Jiyong Jang and Marc Stoecklin, “DeepLocker – Concealing Targeted Attacks with AI Locksmithing”, IBM Research, 4 August 2018, available at: https://research.ibm.com/publications/deeplocker-concealing-targeted-attacks-with-ai-locksmithing.

37 Louis Perez, “Is Stuxnet the Next Skynet? Autonomous Cyber Capabilities as Lethal Autonomous Weapons Systems”, in Fabio Cristiano, Dennis Broeders, François Delerue, Frédérick Douzet and Aude Géry (eds), Artificial Intelligence and International Conflict in Cyberspace, Routledge, London, 2023, p. 206.

38 AP I, Art. 36.

39 Ibid., Art. 51; Jean-Marie Henckaerts and Louise Doswald-Beck, Customary International Humanitarian Law, Vol. 1: Rules, Cambridge University Press, Cambridge, 2005 (ICRC Customary Law Study), Rule 71, available at: https://ihl-databases.icrc.org/en/customary-ihl/rules.

40 AP I, Art. 35(2); ICRC Customary Law Study, above note 39, Rule 70.

41 AP I, Arts 48, 52; ICRC Customary Law Study, above note 39, Rules 1, 7.

42 AP I, Art. 51(5)(b); ICRC Customary Law Study, above note 39, Rule 14.

43 AP I, Art. 57; ICRC Customary Law Study, above note 39, Rules 15–21.

44 For a more in-depth analysis of the challenges that arise from the use of ACC in the conduct of hostilities, see M. Stroppa, above note 26.

45 Francesca Capone, Dual-Use Objects under International Humanitarian Law: Towards a Paradigm Shift, Springer, The Hague, 2025, p. 203.

46 N. Tsagourias and R. Buchan, above note 30, pp. 229–237. On the relationship between the notion of reasonableness under IHL and new technologies, see Laurie Blank, “New Technologies and the Interplay between Certainty and Reasonableness”, in Winston S. Williams and Christopher M. Ford (eds), Complex Battlespaces: The Law of Armed Conflict and the Dynamics of Modern Warfare, Lieber Institute for Law Series, Oxford University Press, New York, 2019. On the erosion of human judgement in targeting and its implications for the proportionality assessment, see also Jessica Dorsey, “The Erosion of Human(e) Judgement in Targeting? Quantification Logics, AI-Enabled Decision Support Systems and Proportionality Assessments in IHL”, International Review of the Red Cross, Vol. 107, No. 930, 2025.

47 R. Liivoja, M. Naagel and A. Väljataga, above note 11, pp. 28–29.

48 Ibid.; N. Tsagourias and R. Buchan, above note 30, pp. 231, 235.

49 Marco Roscini, Cyber Operations and the Use of Force in International Law, Oxford University Press, Oxford, 2014, p. 229; P. Scharre, above note 32, pp. 213–215.

50 N. Tsagourias and R. Buchan, above note 30, pp. 231, 235–236.

51 See the below section on “The Duty to Take All Feasible Precautions in Attack”.

52 Marta Stroppa, “Legal and Ethical Implications of Autonomous Cyber Capabilities: A Call for Retaining Human Control in Cyberspace”, Ethics and Information Technology, Vol. 25, No. 7, 2023.

53 R. Liivoja, M. Naagel and A. Väljataga, above note 11, p. 10; T. McFarland, above note 11, pp. 23–26.

54 ICRC, The Potential Human Cost of Cyber Operations: ICRC Expert Meeting, 14–16 November 2018, Geneva, 2019, p. 71, p. 33.

55 T. McFarland, above note 11, p. 23.

56 ICRC, above note 8, pp. 475–476.

57 Ibid., p. 476.

58 Arthur Holland Michel, The Black Box, Unlocked: Predictability and Understandability in Military AI, UNIDIR, Geneva, 2020.

59 Robin Geiß and Henning Lahmann, “Cyber Warfare: Applying the Principle of Distinction in an Interconnected Space”, Israel Law Review, Vol. 45, No. 3, 2012.

60 ICRC, above note 12, p. 7. On the risk of an uncontrolled escalation of conflict – or, as described by Scharre, a “flash cyberwar” – see P. Scharre, above note 32, p. 230; UNIDIR, above note 4, p. 10; Guglielmo Tamburrini, “The AI Carbon Footprint and Responsibilities of AI Scientists”, Philosophies, Vol. 7, No. 4, 2022, p. 9.

61 The notion of due diligence was first used in the Alabama Claims case, where it was affirmed that neutrality implies the duty of the neutral State to prevent its subjects from aiding or supplying arms and ammunition to belligerent States. Arbitral Tribunal, Alabama Claims (United States of America v. United Kingdom), Final Award, 14 September 1872, Reports of International Arbitral Awards, Vol. 29. For an examination of the history of due diligence, see G. Bartolini, above note 13; A. Ollino, above note 13.

62 Arbitral Tribunal, Frederick Wipperman Arbitration (United States of America v. Venezuela), Final Award, 2 September 1890, Reports of International Arbitral Awards, Vol. 3.

63 Permanent Court of International Justice, The Case of the S. S. “Lotus” (France v. Turkey), Judgment No. 9, Series A, No. 10, 7 September 1927 (where Judge Moore branded as “well-settled” the principle that “a State is bound to use due diligence to prevent the commission within its dominion of criminal acts against another nation or its people”); International Court of Justice (ICJ), Corfu Channel (United Kingdom of Great Britain and Northern Ireland v. Albania), Judgment (Merits), 9 April 1949, 1949 ICJ Reports of Judgements, Advisory Opinions and Orders, p. 22 (where the ICJ stressed that the State is under the “obligation not to allow knowingly its territory to be used for acts contrary to the rights of other States”).

64 Report of the International Law Commission, above note 14.

65 A. Ollino, above note 13, pp. 76–97.

66 P. De Sena, above note 15; H. Krieger, A. Peters and L. Kreuzer, “Due Diligence in the International Legal Order”, above note 15; A. Peters, H. Krieger and L. Kreuzer, “Due Diligence: The Risky Risk Management Tool”, above note 15.

67 International Tribunal for the Law of the Sea (ITLOS), Responsibilities and Obligations of States Sponsoring Persons and Entities with Respect to Activities in the Area, Advisory Opinion, 1 February 2011, para. 110.

68 A. Peters, H. Krieger and L. Kreuzer, “Due Diligence: The Risky Risk Management Tool”, above note 15, p. 126.

69 M. Longobardo, “The Relevance of the Concept of Due Diligence”, above note 16, p. 56.

70 Article 1 common to the four Geneva Conventions (common Article 1); AP I, Art. 1(2). See also ICRC, Commentary on the Fourth Geneva Convention: Convention (IV) relative to the Protection of Civilian Persons in Time of War, 2nd ed., Geneva, 2025 (ICRC Commentary on GC IV), paras 187–261.

71 Geneva Convention (I) for the Amelioration of the Condition of the Wounded and Sick in Armed Forces in the Field of 12 August 1949, 75 UNTS 31 (entered into force 21 October 1950) (GC I), Art. 47; Geneva Convention (II) for the Amelioration of the Condition of Wounded, Sick and Shipwrecked Members of Armed Forces at Sea of 12 August 1949, 75 UNTS 85 (entered into force 21 October 1950) (GC II), Art. 48; Geneva Convention (III) relative to the Treatment of Prisoners of War of 12 August 1949, 75 UNTS 135 (entered into force 21 October 1950) (GC III), Art. 127; Geneva Convention (IV) relative to the Protection of Civilian Persons in Time of War of 12 August 1949, 75 UNTS 287 (entered into force 21 October 1950) (GC IV), Art. 144; AP I, Art. 83; Protocol Additional (II) to the Geneva Conventions of 12 August 1949, and relating to the Protection of Victims of Non-International Armed Conflicts, 1125 UNTS 609, 8 June 1977 (entered into force 7 December 1978), Art. 19; Protocol Additional (III) to the Geneva Conventions of 12 August 1949, and relating to the Adoption of an Additional Distinctive Emblem, 2404 UNTS 261, 8 December 2005 (entered into force 14 January 2007), Art. 7. See also ICRC Customary Law Study, above note 39, Rules 142–143.

72 GC I, Art. 49; GC II, Art. 50; GC III, Art. 129; GC IV, Art. 146; AP I, Art. 85. See also ICRC Customary Law Study, above note 39, Rule 158.

73 AP I, Art. 36.

74 Regulations concerning the Laws and Customs of War on Land, annexed to Hague Convention (IV) respecting the Laws and Customs of War on Land, 18 October 1907 (entered into force 26 January 1910), Art. 27; AP I, Art. 57; Second Protocol to the Hague Convention of 1954 for the Protection of Cultural Property in the Event of Armed Conflict, 26 March 1999 (entered into force 9 March 2004) (Hague Second Protocol), Arts 6–7.

75 AP I, Art. 58; Hague Second Protocol, above note 74, Art. 8.

76 ICRC Commentary on GC IV, above note 70.

77 The customary nature of this rule has been recognized by the ICJ, as well as by the ICRC in its Customary Law Study. ICJ, Military and Paramilitary Activities in and Against Nicaragua (Nicaragua v. United States), Judgment, 27 June 1986, ICJ Reports 1987, para. 220; ICRC Customary Law Study, above note 39, Rule 139.

78 Knut Dörmann and Jose Serralvo, “Common Article 1 to the Geneva Conventions and the Obligation to Prevent International Humanitarian Law Violations”, International Review of the Red Cross, Vol. 96, No. 895–896, 2014, p. 708.

79 ICRC Commentary on GC IV, above note 70, paras 224–228.

80 Ibid., paras 214–220.

81 A. Berkes, above note 16.

82 See M. Longobardo, “Due Diligence in International Humanitarian Law”, above note 16, p. 186, where the author contends that the rules regarding the dissemination and training of IHL (see above note 71) may be considered as “specifications of the duty to ensure respect”, since they aim at reducing the risk that States will violate IHL.

83 ICRC Commentary on GC IV, above note 70, paras 221–223.

84 Ibid., paras 229–253. On the external application of the duty to ensure respect for IHL, see also K. Dörmann and J. Serralvo, above note 78, pp. 708–709; Robin Geiß, “Common Article 1 of the Geneva Conventions: Scope and Content of the Obligation to ‘Ensure Respect’ – ‘Narrow but Deep’ or ‘Wide and Shallow’?”, in Heike Krieger (ed.), Inducing Compliance with International Humanitarian Law: Lessons from the African Great Lakes Region, Cambridge University Press, Cambridge, 2015.

85 ICRC Commentary on GC IV, above note 70, paras 221, 224.

86 Ibid., para. 222. On the obligation to disseminate IHL, see above note 71; on the obligation to repress and suppress breaches of IHL, see above note 72.

87 ICRC Commentary on GC IV, above note 70, para. 229. See also ICRC Customary Law Study, above note 39, Rule 144.

88 As contended by Coco and Dias, “[t]his obligation also applies in cyberspace and entails a duty to act, as far as possible, to prevent and halt cyber operations constituting violations of IHL. Its broad scope of application covers potential violations by state agents, as well as private entities over which a state exercises authority, such as populations under belligerent occupation, or exerts a reasonable degree of influence, including other states and non-state groups located in different parts of the world.”. T. Dias and A. Coco, above note 17, p. 802.

89 Hitoshi Nasu, “Artificial Intelligence and the Obligation to Respect and to Ensure the Respect for IHL”, in Eva Massingham and Annabel McConnachie (eds), Ensuring Respect for International Humanitarian Law, Routledge, Oxon and New York, 2021.

90 According to the ICRC, “States have a due diligence obligation to prevent international humanitarian law violations by civilian hackers on their territory …. Of course, a State cannot prevent all violations of the law. However, it must take feasible measures, such as taking public positions requiring civilian hackers not to conduct cyber operations in relation to armed conflicts [and] to respect IHL if they do, and suppress violations under national law.” ICRC, “Eight Rules for ‘Civilian Hackers’ during War, and Four Obligations for States to Restrain Them”, 2 August 2024, available at: www.icrc.org/en/article/8-rules-civilian-hackers-during-war-and-4-obligations-states-restrain-them.

91 A. Coco and T. Dias, above note 18, p. 245.

92 As contended by Boutin with respect to autonomous weapons systems (AWS), the duty to respect and ensure respect for IHL implies “a duty to ensure that AI can comply with IHL, to design and train algorithms in line with IHL standards, and to refrain from developing and adopting technology that cannot be IHL-compliant”, as well as a duty to verify, at the stage of procurement from third parties, “that AI technology has been designed and developed in line with the obligations of the state”. Bérénice Boutin, Legal Questions Related to the Use of Autonomous Weapon Systems, Asser Institute Centre for International and European Law, The Hague, 2021, p. 8. On the duty to legally review ACC pursuant to Article 36 of AP I, see the following section of this article.

93 AP I, Art. 6; ICRC Customary Law Study, above note 39, Rule 142. Training should be provided in IHL, as well as with respect to the technical implications and limitations of ACC. As contended by Amoroso with respect to AWS, “military personnel training should foster awareness of both ascertained and likely limits in the proper autonomous functioning of weapon systems, and related human predicaments in the capability to predict and control their behavior”. Daniele Amoroso, Autonomous Weapons Systems and International Law: A Study on Human-Machine Interactions in Ethically and Legally Sensitive Domains, Edizioni Scientifiche Italiane and Nomos Verlag, Naples, 2020, pp. 246–247. On the need to include specialized “high-tech” training to armed forces, see also Marco Longobardo, “Training and Education of Armed Forces in the Age of High-Tech Hostilities”, in Elena Carpanelli, Nicole Lazzerini (eds), Use and Misuse of New Technologies: Contemporary Challenges in International and European Law, Springer, Leiden, 2019.

94 AP I, Art. 82; ICRC Customary Law Study, above note 39, Rule 141. While these provisions only refer to legal advisers, technical experts should also be made available to military commanders when necessary in order to better understand the technical implications and limitations of ACC.

95 Tilman Rodenhäuser, Samit D’Cunha, Laurent Gisel, Anna Rosalie Greipl and Marco Roscini, “From Hackers to Tech Companies: IHL and the Involvement of Civilians in ICT Activities in Armed Conflict”, Humanitarian Law and Policy Blog, 4 November 2025, available at: https://blogs.icrc.org/law-and-policy/2025/11/04/from-hackers-to-tech-companies-ihl-and-the-involvement-of-civilians-in-ict-activities-in-armed-conflict/; ICRC and Geneva Academy of International Humanitarian Law and Human Rights (Geneva Academy), International Humanitarian Law and the Growing Involvement of Civilians in Cyber Operations and Other Digital Activities during Armed Conflict, Geneva, November 2025.

96 ICRC, Protecting Civilians against Digital Threats during Armed Conflict: Recommendations to States, Belligerents, Tech Companies, and Humanitarian Organizations, Final Report of the ICRC Global Advisory Board on Digital Threats during Armed Conflict, Geneva, September 2023, p. 13; ICRC and Geneva Academy, above note 95, p. 21. On the role of the private sector in the development of cyber and autonomous technologies, see UNIDIR, above note 4, pp. 5–6. While this paper focuses on States’ due diligence obligations under IHL, it should be mentioned that private technology companies should also consider implementing practical measures to improve respect for IHL. In this respect, see ICRC, Australian Red Cross and French Red Cross, Private Business and Armed Conflict: An Introduction to Relevant Rules of International Humanitarian Law, Geneva, November 2024, pp. 33–34; Jonathan Horowitz, “One Click from Conflict: Some Legal Considerations Related to Technology Companies Providing Digital Services in Situations of Armed Conflict”, Chicago Journal of International Law, Vol. 24, No. 2, 2024, pp. 334–337.

97 See ICRC Commentary on GC IV, above note 70, para. 222; ICRC and Geneva Academy, above note 95, p. 10; Tilman Rodenhäuser, “Civilian Hackers in War: The Limits that International Humanitarian Law Imposes on Volunteer IT Armies, Hacktivists and Other Civilian Hackers”, International Review of the Red Cross, Vol. 107, No. 930, 2025, pp. 36–38.

98 ICRC Commentary on GC IV, above note 70, para. 243.

99 Ibid., para. 251.

100 Ibid.; ICRC Customary Law Study, above note 39, Rule 144.

101 M. Longobardo, “The Relevance of the Concept of Due Diligence”, above note 16, p. 67.

102 AP I, Art. 36.

103 ICRC, A Guide to the Legal Review of New Weapons, Means and Methods of Warfare: Measures to Implement Article 36 of Additional Protocol I of 1977, Geneva, January 2006, p. 4.

104 Netta Goussac, “Safety Net or Tangled Web: Legal Reviews of AI in Weapons and War-Fighting”, Humanitarian Law and Policy Blog, 18 April 2019, available at: https://blogs.icrc.org/law-and-policy/2019/04/18/safety-net-tangled-web-legal-reviews-ai-weapons-war-fighting/.

105 ICRC, above note 103, pp. 9–10; Yves Sandoz, Christophe Swinarski and Bruno Zimmerman (eds), Commentary on the Additional Protocols, ICRC, Geneva, 1987 (ICRC Commentary on the APs), para. 1475.

106 Natalia Jevglevskaja, International Law and Weapons Review: Emerging Military Technology under the Law of Armed Conflict, Cambridge University Press, Cambridge, 2021, pp. 163–194.

107 ICRC, International Humanitarian Law and the Challenges of Contemporary Armed Conflicts: Recommitting to Protection in Armed Conflict on the 70th Anniversary of the Geneva Conventions, Geneva, 2019, p. 34.

108 For a definition of “cyber attack” in the sense of Article 49 of AP I, and of the required threshold of harm, see above note 26. On the classification of cyber capabilities as weapons, see Vincent Boulanin and Maaike Verbruggen, Article 36 Reviews: Dealing with the Challenges Posed by Emerging Technologies, SIPRI, Solna, December 2017, pp. 9–10; Jeffrey T. Biller and Michael N. Schmitt, “Classification of Cyber Capabilities and Operations as Weapons, Means, and Methods of Warfare”, International Law Studies, Vol. 95, 2019.

109 Currently, only Australia, Brazil, Canada, Costa Rica, the Czech Republic, Germany and Switzerland have mentioned legal review of cyber weapons in their national positions on cyberspace. All these States have explicitly referred to Article 36 of AP I – besides Germany, which has however adopted language similar to that of AP I. Likewise, the United States has publicly declared that it carries out legal reviews of new weapons, means and methods of warfare, including cyber capabilities; the United States is, however, not party to AP I. See, respectively, Australian Government, Australia’s Submission on International Law to Be Annexed to the Report of the 2021 Group of Governmental Experts on Cyber, 28 May 2021, p. 4; Official Compendium of Voluntary National Contributions on the Subject of How International Law Applies to the Use of Information and Communications Technologies by States Submitted by Participating Governmental Experts in the Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security Established Pursuant to General Assembly Resolution 73/266, UN Doc. A/76/136, 13 July 2021, p. 23; Government of Canada, International Law Applicable in Cyberspace, April 2022; Ministry of Foreign Affairs of Costa Rica, Costa Rica’s Position on the Application of International Law in Cyberspace, 21 July 2023, pp. 15–16; Ministry of Foreign Affairs of the Czech Republic, Position Paper on the Application of International Law, 27 February 2024, p. 10; Federal Government of Germany, On the Application of International Law in Cyberspace, March 2021, p. 10; Swiss Federal Department of Foreign Affairs, Switzerland’s Position Paper on the Application of International Law in Cyberspace, May 2021, pp. 10–11; Harold Koh, “‘International Law in Cyberspace’, Speech at the USCYBERCOM Inter-Agency Legal Conference”, in CarrieLyn D. Guymon (ed.), Digest of United States Practice in International Law, Office of the Legal Adviser, Washington, DC, 2012, p. 6.

110 L. Perez, above note 37, p. 201; UNIDIR, above note 4, p. 7.

111 N. Goussac, above note 104; Netta Goussac and Rain Liivoja, “CyCon 2025 Series – Legal Reviews of Military Artificial Intelligence Capabilities”, Articles of War, 25 August 2025, available at: https://lieber.westpoint.edu/legal-reviews-military-artificial-intelligence-capabilities/.

112 ICRC, Autonomous Weapons Systems and International Humanitarian Law: Selected Issues, Position Paper, Geneva, October 2025, pp. 17–18.

113 L. Perez, above note 37, p. 202.

114 N. Goussac and R. Liivoja, above note 111.

115 Alec Tattersall and Damian Copeland, “Reviewing Autonomous Cyber Capabilities”, in R. Liivoja and A. Väljataga (eds), above note 11. See also ICRC, above note 103.

116 Dustin A. Lewis, “Legal Reviews of Weapons, Means and Methods of Warfare Involving Artificial Intelligence: 16 Elements to Consider”, Humanitarian Law and Policy Blog, 21 March 2019, available at: https://blogs.icrc.org/law-and-policy/2019/03/21/legal-reviews-weapons-means-methods-warfare-artificial-intelligence-16-elements-consider/.

117 A. Coco and T. Dias, above note 18, pp. 248–249.

118 See M. Longobardo, “The Relevance of the Concept of Due Diligence”, above note 16, pp. 65–66, where the author correctly points out that “[t]he rules pertaining to the conduct of hostilities are a mix of obligations of result and obligations of diligent conduct. This is particularly manifest in the interplay between the three main principles governing the conduct of hostilities – the principle of distinction, the principle of proportionality, and the principle of precaution – which are the main components of the law of targeting.” He further explains that “[t]he principle of precaution is the principle on targeting that best illustrates the significant role played by due diligence in the conduct of hostilities and targeting process”.

119 AP I, Art. 57(1). See also ICRC Customary Law Study, above note 39, Rule 15.

120 ICRC Commentary on the APs, above note 105, para. 2191.

121 Asaf Lubin, “The Duty of Constant Care and Data Protection in War”, in Laura A. Dickinson and Edward Berg (eds), Big Data and Armed Conflict: Legal Issues Above and Below the Armed Conflict Threshold, Oxford University Press, Oxford, 2023, p. 237.

122 International Law Association Study Group on the Conduct of Hostilities in the 21st Century, “The Conduct of Hostilities and International Humanitarian Law: Challenges of 21st Century Warfare”, International Law Studies, Vol. 93, 2017, p. 381.

123 M. Longobardo, “The Relevance of the Concept of Due Diligence”, above note 16, p. 67.

124 AP I, Art. 57(2)(a)(i)–(iii). See also ICRC Customary Law Study, above note 39, Rules 16–18.

125 AP I, Art. 57(2)(b). See also ICRC Customary Law Study, above note 39, Rule 19.

126 Protocol on Prohibitions or Restrictions on the Use of Mines, Booby-Traps and Other Devices, 2048 UNTS 93, 3 May 1996 (entered into force 3 December 1998), Art. 3(10). On the feasibility of precautions in attack, see also Yoram Dinstein, The Conduct of Hostilities under the Law of International Armed Conflict, 4th ed., Cambridge University Press, Cambridge, 2022, pp. 189–190.

127 Heather A. Harrison Dinnis, “AI and military cyber operations”, in R. Geiß and H. Lahmann (eds), above note 18, p. 273.

128 Tallinn Manual 2.0, above note 17, Rule 114, para. 5.

129 A. Lubin, above note 121, p. 237; A. Coco and T. Dias, above note 18, p. 246.

130 Dominik Steiger, “Employment of AI in Decisions on the Use of Force”, in R. Geiß and H. Lahmann (eds), above note 18, p. 159; Peter Margulies, “A Moment in Time: Autonomous Cyber Capabilities, Proportionality, and Precautions”, in R. Liivoja and A. Väljataga (eds), above note 11, pp. 172–173.

131 M. Roscini, above note 49, p. 234.

132 Loren Voss, “The Overlooked Importance of Intelligence Analysis in IHL”, International Review of the Red Cross, Vol. 107, No. 928, 2025, p. 309.

133 A. Guarino, above note 33.

134 L. Voss, above note 132.

135 D. Steiger, above note 130, p. 156.

136 Y. Dinstein, above note 126, pp. 190–191.

137 L. Voss, above note 132.

138 Tallinn Manual 2.0, above note 17, Rule 114, para. 6.

139 Eric Talbot Jensen, “Cyber Attacks: Proportionality and Precautions in Attack”, International Law Studies, Vol. 89, 2013, p. 203.

140 E. Tyugu, above note 33; C. Heinl, above note 32.

141 Vincent Boulanin, Neil Davison, Netta Goussac and Moa Peldán Carlsson, “Limits on Autonomy in Weapon Systems: Identifying Practical Elements of Human Control”, SIPRI and ICRC, Solna, June 2020, pp. 25–27.

142 L. Perez, above note 37, pp. 204–205.

143 A. Coco and T. Dias, above note 18, p. 254.

144 M. Roscini, above note 49, p. 229.

145 N. Tsagourias and R. Buchan, above note 30.

146 ICRC, above note 9, p. 35; L. Perez, above note 37, pp. 204–205; M. Stroppa, above note 52.

147 Ashley Deeks, Noam Lubell and Daragh Murray, “Machine Learning, Artificial Intelligence, and the Use of Force by States”, Journal of National Security Law and Policy, Vol. 10, 2019, p. 9; Rebecca Crootof, “A Meaningful Floor for ‘Meaningful Human Control’”, Temple International and Comparative Law Journal, Vol. 30, No. 1, p. 56.

148 A. Coco and T. Dias, above note 18, p. 257.

149 For a general overview of the debate on human control and AWS, see R. Crootof, above note 147; D. Amoroso, above note 93, pp. 224–240; Diego Mauri, Autonomous Weapons Systems and the Protection of the Human Person, Edward Elgar, Cheltenham and Northampton, 2022, pp. 236–243; David Abbink et al., “Introduction to Meaningful Human Control of Artificially Intelligent Systems”, in Giulio Mecacci et al. (eds), Research Handbook on Meaningful Human Control of Artificially Intelligence Systems, Edward Elgar, Cheltenham and Northampton, 2024; Bérénice Boutin and Taylor Woodcock, “Aspects of Realizing (Meaningful) Human Control: A Legal Perspective”, in R. Geiß and H. Lahmann (eds), above note 18.

150 Article 36, Key Areas for Debate on Autonomous Weapons Systems (Memorandum for Delegates at the Convention on Certain Conventional Weapons (CCW) Meeting of Experts on Lethal Autonomous Weapons Systems (LAWS)), Briefing Paper, Exeter, 2014.

151 D. Amoroso, above note 93, pp. 241–249; Daniele Amoroso and Guglielmo Tamburrini, “Toward a Normative Model of Meaningful Human Control over Autonomous Weapons Systems”, Ethics and International Affairs, Vol. 35, No. 2, 2021.

152 On the notion of “context-appropriate human judgement and control”, see the working paper submitted by Bulgaria, Denmark, Finland, France, Germany, Italy, Luxembourg, the Netherlands, Norway, Spain and Sweden at the GGE LAWS: Working Paper on the “Human Element”, UN Doc. CCW/GGE.1/2025/WP.4, 21 August 2025.

153 D. Amoroso, above note 93, p. 262; D. Amoroso and G. Tamburrini, above note 151, pp. 252–253.

154 M. Stroppa, above note 26.

155 ICRC Commentary on the APs, above note 105, para. 2241.

156 AP I, Art. 58.

157 Ibid, Art. 58(a). See also ICRC Customary Law Study, above note 39, Rule 24.

158 AP I, Art. 58(b). See also ICRC Customary Law Study, above note 39, Rule 23.

159 AP I, Art. 58(c). See also ICRC Customary Law Study, above note 39, Rule 22.

160 Eric Talbot Jensen, “Cyber Warfare and Precautions against the Effects of Attacks”, Texas Law Review, Vol. 88, 2010, pp. 1551–1552; M. Roscini, above note 49, p. 238.

161 ICRC, above note 9, p. 27.

162 ICRC, above note 54, p. 59.

163 Pursuant to Article 58(c) of API. For the fulfilment of this obligation in the cyber domain, see also E. T. Jensen, above note 160; ICRC, above note 9, p. 27.

164 A. Coco and T. Dias, above note 18, p. 247.

165 ICRC, above note 9, p. 27.

166 M. Roscini, above note 49, p. 238.

167 Ibid.

168 Ibid, pp. 238–239.

169 See, for instance, ICRC, above note 54, pp. 40–41; ICRC, above note 9, pp. 27–28; Adriano Iaria, “Digital Emblems: The Protection of Health Care Facilities in the Cyber Domain in the Age of Pandemics”, Opinio Juris, 28 October 2020, available at: http://opiniojuris.org/2020/10/28/digital-emblems-the-protection-of-health-care-facilities-in-the-cyber-domain-in-the-age-of-pandemics/; Tilman Rodenhäuser, Laurent Gisel, Larry Maybee, Hollie Johnston and Fabrice Lauper, “Signaling Legal Protection in a Digitalizing World: A New Era for the Distinctive Emblems?”, Humanitarian Law and Policy Blog, 16 September 2021, available at: https://blogs.icrc.org/law-and-policy/2021/09/16/legal-protection-digital-emblem/; Tilman Rodenhäuser and Mauro Vignati, “Towards a ‘Digital Emblem’? Five Questions on Law, Tech, and Policy”, Humanitarian Law and Policy Blog, 3 November 2022, available at: https://blogs.icrc.org/law-and-policy/2022/11/03/digital-emblemfive-questions-law-tech-policy/; ICRC, Digitalizing the Red Cross, Red Crescent and Red Crystal Emblems: Benefits, Risks, and Possible Solutions, Geneva, 2022.

170 ICRC, above note 9, p. 27.

171 Samit D’Cunha, “Conceive, Standardize, Integrate: The Past, Present, and Future of Adopting Distinctive Emblems and Signs under IHL”, Humanitarian Law and Policy Blog, 12 September 2024, available at: https://blogs.icrc.org/law-and-policy/2024/09/12/conceive-standardize-integrate-the-past-present-and-future-of-adopting-distinctive-emblems-and-signs-under-ihl/; Felix Linker and David Basin, “ADEM: An Authentic Digital Emblem”, Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 21 November 2023. During the 2025 edition of the Crossed Swords exercise organized by the NATO CCDCOE, the ICRC’s ADEM was tested for the first time within an operational environment. Olivier Nüesch, “A Red Cross for Cyberspace: NATO Tests Innovation from ETH Zurich”, ETH Zurich, 28 January 2026, available at: https://inf.ethz.ch/news-and-events/spotlights/infk-news-channel/2026/01/ein-rotes-kreuz-fuer-den-cyberspace-nato-testet-entwicklung-der-eth-zuerich.html.

172 Felix E. Linker and David Basin, “Signaling Legal Protection during Cyber Warfare: An Authenticated Digital Emblem”, Humanitarian Law and Policy Blog, 21 September 2021, available at: https://blogs.icrc.org/law-and-policy/2021/09/21/legal-protection-cyber-warfare-digital-emblem/.

173 ITLOS, Responsibilities and Obligations of States Sponsoring Persons and Entities with Respect to Activities in the Area, Advisory Opinion, 1 February 2011, para. 117.

174 Articles on Responsibility of States for Internationally Wrongful Acts, UNGA Res. 56/83, 12 December 2000, Art. 14(3). For a general overview of the notion of due diligence and State responsibility, see Riccardo Pisillo Mazzeschi, “Due diligence” e responsabilità internazionale degli Stati, Giuffrè Editore, Milan, 1989; Riccardo Pisillo Mazzeschi, “The Due Diligence Rule and the Nature of the International Responsibility of States”, German Yearbook of International Law, Vol. 35, 1992; A. Ollino, above note 13, pp. 187–230.

175 T. Dias and A. Coco, above note 17, pp. 45–46.

176 F. Delerue, above note 17, p. 25.