The positive obligations of states in case of cyberattacks : a legal study of European human rights law

Abstract

Cyberattacks constitute a common threat in many States, and cybersecurity has become an integral part of States’ legislation over the past years. Cyberattacks affect various States’ interests, including national security, economic stability, and the protection of human rights and fundamental freedoms. This thesis aims to consider the implications of cyberattacks from a human rights perspective and to clarify States’ positive obligations in case of cyberattacks. In particular, this work investigates whether the cybersecurity legal framework of the European Union provides a set of States’ positive obligations stringent enough to guarantee the protection of freedom of expression in case of cyberattacks affecting Internet availability. To answer this question the thesis describes and analyses various legal provisions and policies through a legal dogmatics approach, but it also employs secondary sources, including reports and literature. This research points out the limits of the current legislation of the European Union and its possible risks from a human rights perspective. It also highlights the difficulties in reconciling the body of States’ positive obligations framed in the EU cybersecurity laws and policies with the set of States’ positive obligations introduced by the European and international human rights framework.