International Law at NATO’s Brussels Summit

The June 2021 NATO summit in Brussels was noteworthy for the U.S. renewal of its commitment to the Alliance. Speaking with Secretary-General Stoltenberg, President Biden reassured NATO members (the “Allies”) that “NATO is critically important for U.S. interests” and “Article 5, we take as a sacred obligation.” Also noteworthy was the extent to which NATO pointed to Russia and China as adversaries in the final communiqué issued by the 30 NATO Heads of State and Government. 

Commentary on the summit, however, generally overlooked international law’s place of prominence in the agreement reached by the Allies. Brussels 2021 was perhaps the NATO summit at which international law came of age in the Alliance’s strategic calculations. Indeed, in Brussels, the Allies confirmed that NATO serves, inter alia, to guarantee shared values, including human rights and the rule of law. Worryingly, they also concluded that both State and non-State actors are challenging the “rules-based international order.” This post examines the consensus reflected in the communiqué on three key international law issues – Russia, operational domains, and nuclear weapons. It concludes that the Summit marked an inflection point for the role of international law in the Alliance, both in terms of scope and depth.

Russia

In the communiqué, the Allies forcefully reaffirmed the 2014 Wales Summit condemnation of various Russian actions as unlawful.

We condemn in the strongest terms Russia’s escalating and illegal military intervention in Ukraine and demand that Russia stop and withdraw its forces from inside Ukraine and along the Ukrainian border. This violation of Ukraine’s sovereignty and territorial integrity is a serious breach of international law and a major challenge to Euro-Atlantic security. We do not and will not recognise Russia’s illegal and illegitimate ‘annexation’ of Crimea. We demand that Russia comply with international law and its international obligations and responsibilities; end its illegitimate occupation of Crimea; refrain from aggressive actions against Ukraine; withdraw its troops; halt the flow of weapons, equipment, people and money across the border to the separatists; and stop fomenting tension along and across the Ukrainian border. Russia must use its influence with the separatists to de-escalate the situation and take concrete steps to allow for a political and a diplomatic solution which respects Ukraine’s sovereignty, territorial integrity, and internationally recognised borders.

The NATO States agreed that “[u]ntil Russia demonstrates compliance with international law and its international obligations and responsibilities, there can be no return to ‘business as usual’.”  Importantly, the communiqué highlighted specific unlawful actions by Russia. These include: activities inconsistent with the “Vienna Convention on Diplomatic Relations,” which is code for spying by diplomats, most significantly from the Russian Embassy in Prague; violations of the national airspace, as has occurred in Estonia; “illegal and destructive activities by Russian Intelligence Services on Allied territory, some of which have claimed lives of citizens and caused widespread material damage,” a reference to the Novichok poison attack in the United Kingdom and the case of sabotage in the Czech Republic respectively.

The Allies also reiterated support for Georgia and Moldova’s territorial integrity and sovereignty and called on Russia to withdraw forces it has non-consensually stationed in those countries, as well as in Ukraine. Other international law-related concerns about Russia raised in the communiqué include human rights abuses against the Crimean Tatars and other communities, impeded access to the Sea of Azov and Ukrainian ports, Russian’s unlawful recognition of the Abkhazia and South Ossetia regions of Georgia as independent states, and human rights violations, including arbitrary detentions, of Georgian citizens. For the Alliance, compliance with international law is now a sine qua non issue for the resumption of full NATO – Russia relations.

Operational Domains

The communiqué also underscored the centrality of international law in two key operational domains, space, and cyberspace.  In 2019, NATO recognized space as an operational domain, joining air, sea, land, and cyberspace. It also adopted a Space Policy. At Brussels, the Allies noted that NATO space policy “will remain fully in line with international law.”

Of particular note, the communiqué confirmed that “attacks to, from, or within space… could lead to the invocation of Article 5” of the North Atlantic Treaty. In other words, space operations can qualify as “armed attacks” under Article 51 of the UN Charter and customary law, thereby entitling the victim State to respond with its own use of force and to look to the Alliance (or individual States) for assistance in collective defense. Agreement on this point allows NATO to plan, equip, and train for forcible responses to hostile space operations. Of course, the condition precedent to taking such action would be a request from the victim State and a decision by the North Atlantic Council to invoke Article 5. Should the ensuing hostilities rise to the level of “armed conflict,” the space-related operations of all parties to that conflict would be fully subject to the prohibitions, limitations, and requirements of international humanitarian law.

Consensus among the Allies that the right of self-defense applies in space, thereby opening the door to Article 5 operations, is significant. It is an unambiguous rejection by 30 States of the flawed assertion that the reservation of space for “peaceful purposes” precludes its military use, including uses of force in space.

Misunderstanding on this matter derives from the 1967 Outer Space Treaty’s preambular references to the “use of outer space for peaceful purposes.” In fact, the treaty’s only express provision prohibiting military activities in space is Article IV, which bans the stationing of weapons of mass destruction in outer space and prohibits establishing military bases, testing weapons, and conducting military maneuvers on celestial bodies (except for scientific activities related to peaceful exploration). Indeed, space has been used for military purposes from the beginning of the Space Age, a practice that belies claims that space is a military-free zone.

Today, the prevailing view, now expressly embraced by NATO, is that States may operate in space for lawful military purposes, including self-defense. This is precisely the interpretation given to Article 88 of the Law of the Sea Convention, which reserves the high seas for peaceful purposes. The general understanding of that article is that it allows for military operations, including self-defense, subject to the law of naval warfare. The U.S. Space Force’s capstone doctrine, Spacepower, also mirrors the NATO interpretation. That doctrine notes that, “[i]n keeping with international law, the United States acknowledges that the use of space is for peaceful purposes,” but cautions that “[a]s a warfighting force, military space forces must steadfastly prepare to prosecute the appropriate amount of violence against an opponent subject to strategic objectives, legal, and policy restraints.”

As with cyber operations, the precise threshold at which an operation into, from, or through space rises to the level of an armed attack is uncertain. For instance, it is unclear if an operation that merely disables an individual satellite or interferes with the functioning of a satellite constellation would qualify; the answer is highly contextual. Analogous uncertainty exists with respect to cyber operations (Tallinn Manual, Rule 71). Uncertainty sometimes even surfaces in the kinetic context, as in the International Court of Justice’s indecision as to the characterization of the “mining of a single military vessel” (Oil Platforms judgment, para. 72). But NATO’s acknowledgment of the applicability of the law of self-defense to space operations allows the armed attack threshold discussion amongst the Allies to proceed unimpeded.

The Brussels summit also advanced the discussion about how international law applies in cyberspace. NATO has long addressed the cyber threat, which it first highlighted at the 2002 Prague Summit. It adopted its initial cyber defense policy in 2008 and included cyber in its Strategic Concept at the 2010 Lisbon Summit. NATO made further progress at the 2014 Wales Summit, where the Alliance acknowledged that a cyber-attack could justify invocation of Article 5, and in 2016 cyberspace was recognized as an operational domain at the Warsaw Summit. In 2020, NATO released Allied Joint Publication 3.20, Allied Joint Doctrine for Cyberspace Operations (see discussion of its legal aspects here).

At this year’s Brussels Summit, the Allies endorsed NATO’s Comprehensive Cyber Policy, a muscular approach by which NATO will “employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law.” Their communiqué also condemned Russia for “malicious cyber activities … and turning a blind eye to cyber criminals operating from its territory, including those who target and disrupt critical infrastructure in NATO countries.”

The latter condemnation implicates the international law obligation of “due diligence.” That rule obligates States to take feasible measures to put an end to hostile cyber operations from or through their territory that have serious adverse consequences for the international legal rights (like respect for sovereignty or non-intervention into internal affairs) of other States. Unfortunately, the NATO Allies are split on the issue of whether due diligence is a binding rule of international law or only a so-called “voluntary, non-binding norm of responsible State behavior,” that is, behavior in which responsible members of the international community should engage. Disagreement in the U.N. Group of Governmental Experts (GGE) sessions that just concluded likewise precluded securing agreement on this critical issue.

Nevertheless, that the 30 NATO States consider due diligence to be at least conduct expected of responsible States and have committed in the communiqué to follow both international law and “voluntary norms of responsible state behaviour in cyberspace,” is cause for optimism that they will act accordingly and jointly condemn States that do not. It is worth noting that agreement on the status of due diligence as a rule of international law would go far in opening the door to robust responses to hostile cyber operations that cannot be attributed to States, either because the relationship with a State necessary to satisfy the law of State responsibility standards cannot be factually established or because the operations are conducted by a non-State actor operating alone (see analysis here).

At Brussels, the Alliance reaffirmed that the North Atlantic Council may invoke the North Atlantic Treaty Article 5 collective defense provision on a case-by-case basis in the face of cyber operations, whether conducted solely in cyberspace or as part of a hybrid conflict. Any action taken would be “in accordance with international law, including the UN Charter, international humanitarian law, and international human rights law as applicable.”  The latter point is crucial because it comes on the heels of the U.N. Sixth GGE’s acknowledgment that IHL applies to cyber operations with a nexus to an armed conflict, a point that had counter-normatively been questioned during the previous GGE. NATO has consistently maintained that international humanitarian law applies to cyber operations, but re-emphasizing the point helps bury the issue once and for all (see, e.g., Wales Summit, Warsaw Summit, Cyber Defence Pledge, AJP 3.20).

Notably, the NATO Allies advanced the discussion on self-defense in cyberspace by taking the position that “that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack.” To illustrate, hostile cyber operations against isolated sectors of a nation’s economy might amount to a violation of sovereignty, but likely not a use of force at the armed attack level, which, according to the International Court of Justice in its Nicaragua judgment, is the “most grave form[ ] of the use of force” (para. 191). Combining the effects of distinct actions to reach the armed attack threshold has also been labeled variously as the “pin-prick,” “accumulation of effects,” and “Nadelstichtaktik” theory of self-defense. It is an approach that the International Court of Justice recognized in its Armed Activities judgment (para. 146).

Although the issue of aggregation of effects presents itself in the non-cyber context, it looms largest in cyberspace. This is because most cyber operations fall below the threshold of an armed attack, but, when aggregated, the effects of multiple related hostile cyber operations could be devastating for a State they target. 

France is the NATO Ally that has most definitively embraced the cumulative approach for cyber operations. Its Ministry of the Armies noted in 2019 that “[c]yberattacks which do not reach the threshold of an armed attack when taken in isolation could be categorised as such if the accumulation of their effects reaches a sufficient threshold of gravity.” The Tallinn Manual 2.0 International Group of Experts was of the same view.  For those experts, “the determinative factor is whether the same originator (or originators acting in concert) has carried out smaller-scale incidents that are related and that taken together meet the requisite scale and effects. If there is convincing evidence that this is the case, there are grounds for treating the incidents as a composite armed attack” (at p. 342). Along the same lines, Professor Terry Gill and Brigadier General Paul Ducheine have usefully characterized  such operations as a “phased armed attack.” That 30 States have now adopted the composite armed attack approach through the NATO lens is its most normatively meaningful indication of support to date; it is now the prevailing view among States that have spoken on the issue.

Also noteworthy is the communiqué’s discussion of responses to hostile cyber operations: “If necessary, we will impose costs on those who harm us. Our response need not be restricted to the cyber domain.”  For self-defense, this indicates that NATO is willing to consider a kinetic or a combined kinetic and cyber response at the use of force level to a cyber armed attack. NATO is on firm ground, for self-defense does not impose an in-kind requirement for defensive responses; instead, the defensive response need merely be necessary and proportionate to the objective of putting an end to the armed attack [see, e.g., the Nuclear Weapons advisory opinion (para. 41) and Armed Activities judgment (para. 147)].

But that text also raises the issue of responses to less severe hostile cyber operations. Absent U.N. Security Council authorization or consent of the State into which a response is mounted, there is broad agreement that forcible [as understood in Article 2(4) of the U.N. Charter] kinetic or cyber responses are unlawful. Non-forcible responses are usually permissible only when they are lawful under any circumstance (retorsion), enjoy the territorial State’s consent, necessary to address a grave and imminent or qualify as a countermeasure under the law of State responsibility (Articles on State Responsibility, arts. 20, 22, 25).

Countermeasures are responses that would be unlawful but for the fact that they are a response to another State’s unlawful conduct and are designed to compel the latter to desist (ASR, art. 49) and/or secure any reparations that may be due (ASR art. 31). The pressing question for the Alliance is whether collective countermeasures are permissible. It is an essential question, for some Allies lack the capacity to effectively respond to hostile cyber operations that do not qualify as armed attacks (where the right of collective response is clear). The right to take collective countermeasures would enable such States to turn to the Alliance or individual Allies for help when entitled to take countermeasures. It would even justify asking other States to take countermeasures on their behalf. France has indicated that collective countermeasures are impermissible, whereas Estonia has taken the opposite approach. Although both views are reasonable, Professor Sean Watts and I have examined the matter in depth and concluded that the better position allows for collective countermeasures. It would seem that the same is true from the strategic perspective for NATO.

Nuclear Weapons

The Alliance addressed two treaties dealing with nuclear weapons in the Brussels Summit communiqué. It began by emphasizing that the “Treaty on the Non-Proliferation of Nuclear Weapons (NPT) remains the essential bulwark against the spread of nuclear weapons,” and the Allies are fully committed to its implementation. Their goal, albeit a distant one, is “a world without nuclear weapons.” Additionally, the communiqué expresses support for the five-year extension of the New Start Treaty between Russia and the United States.

However, it also makes it crystal clear that the path to achieving that goal does not include the 2021 Treaty on the Prohibition of Nuclear Weapons (TPNW). For the Alliance, the TPNW, which outlaws using or threatening to use nuclear weapons and entered into force this January, “is inconsistent with the Alliance’s nuclear deterrence policy, … at odds with the existing non-proliferation and disarmament architecture, risks undermining the NPT, and does not take into account the current security environment.” The communiqué stresses, correctly so, that the “TPNW does not change the legal obligations” of NATO members and does not reflect nor “contribute to the development of customary international law.” This position is hardly surprising considering that the Alliance includes three nuclear powers, States the territory upon which U.S. nuclear weapons are deployed, and non-nuclear States that provide dual-capable aircraft to NATO’s nuclear deterrence mission.

Interestingly, the communiqué also expresses commitment “to ensuring that Iran will never develop a nuclear weapon.” To achieve that end, the Allies “welcome the substantive discussions between Joint Comprehensive Plan of Action (JCPoA) participants, and separately with the United States, to accomplish a mutual return to compliance with the JCPoA by the United States and Iran.” This is a sharp reversal of the Trump Administration’s withdrawal from the agreement.

Concluding Assessment

The discussion above has only scratched the surface of the communiqué’s treatment of issues grounded in international law. They range from the situations in Belarus, Syria, and China to human security and arms control. But what is broadly striking about the communiqué for those who follow NATO legal affairs is its saturation with international law from start to finish.

The Alliance clearly understands, perhaps to an unprecedented degree in its history, that successful strategy, tactics, and policy must reflect deep sensitivity to the legal rules of the game.  That international law can serve as a rallying point at a time when other States aggressively exploit the seams of the law to disrupt and frustrate peaceful relations makes the communiqué all-the-more remarkable. Indeed, the effort of rogue and authoritarian States’ efforts to abuse and undermine confidence in a rules-based international legal order obviously have united the law-abiding States of NATO. The Brussels Summit is testament to the commitment of the Allies to international law, the Secretary-General’s rule-of-law vision, and the hard work of NATO legal advisors throughout the Alliance, particularly the leadership of the present NATO Headquarters Legal Advisor and his predecessor.