Introduction

The draft policy explains how the Office of the Prosecutor (OTP) will apply the Rome Statute to crimes committed or facilitated through cyber means. It responds to the increasing use of digital technologies in serious international crimes and clarifies that the Statute is technology-neutral and adaptable to cyber-enabled conduct.

Addressing new technologies

The OTP concludes that existing international law is largely sufficient to address cyber-enabled crimes. Cyber conduct is assessed by its effects rather than the technology used. Drawing on State practice, UN processes, and academic work such as the Tallinn Manuals, the policy confirms that cyber operations may fall within established international criminal law without violating the principle of legality.

Policy objectives

The policy aims to affirm the OTP’s commitment to investigating and prosecuting cyber-enabled crimes within ICC jurisdiction, ensure institutional readiness through training and specialist expertise, support national proceedings under complementarity, strengthen cooperation with States, civil society and the private sector, and contribute to the development of international jurisprudence.

History and methods

Development followed the OTP Strategic Plan 2023–2025 and involved internal consultations, expert input, and engagement with States, industry and civil society, including a 2024 conference held with Microsoft. A public consultation began in March 2025, with a final policy planned for publication by the end of 2025.

Key terms and concepts

Cyber-enabled crimes are defined as Rome Statute crimes committed or facilitated through cyber means, including genocide, crimes against humanity, war crimes, aggression, and offences against the administration of justice. Ordinary domestic cybercrime, such as fraud or unauthorised access, remains outside ICC jurisdiction, although related cyber conduct may provide contextual or evidentiary value. The policy notes that most future investigations are likely to include a cyber component.

Applicable law and jurisdiction

Cyber-enabled crimes are governed by the Rome Statute, Elements of Crimes, and Rules of Procedure and Evidence, interpreted consistently with international human rights. Jurisdiction is based on existing territorial and nationality principles. Cyber conduct may establish jurisdiction where conduct begins, is completed, or causes harm on the territory of a State Party. The OTP does not anticipate asserting jurisdiction based solely on the transit of data through infrastructure. Gravity remains a central admissibility criterion.

Committing rome statute crimes by cyber means

The policy explains that all crimes within ICC jurisdiction may, in principle, be committed by cyber means. Examples include cyber attacks on critical infrastructure causing death or injury, online incitement to genocide, cyber-enabled persecution through mass surveillance, and cyber operations constituting attacks under international humanitarian law. While purely cyber scenarios may be rare, combined cyber and physical conduct is expected to increase.

Facilitating rome statute crimes by cyber means

Cyber means may be used to order, solicit, aid and abet, or otherwise contribute to Rome Statute crimes. Examples include digital surveillance to locate victims or online communications to coordinate criminal activity. The OTP confirms that facilitators using cyber means may incur criminal responsibility.

Principles

The OTP will apply consistency, objectivity, diligence, and proportionality. Decisions on case selection will be guided by gravity, impact, and practical considerations, ensuring cyber-enabled crimes are assessed on the same basis as other international crimes.

Practical considerations

Effective investigation requires specialist technical expertise, access to digital evidence, joint investigations, and robust institutional structures. Capacity-building and training are identified as priorities to address the growing cyber dimension of cases.

Prosecutions

Prosecutions of cyber-enabled crimes will follow the same legal standards as other cases. The OTP highlights challenges relating to digital evidence, attribution, and complexity, and stresses the importance of early technical assessment and cooperation to support successful prosecutions.

Cooperation and complementarity

The policy emphasises cooperation with States Parties, international organisations, civil society, and private sector entities, particularly those controlling relevant data or infrastructure. Complementarity remains central, with the OTP encouraging and supporting national authorities to investigate and prosecute cyber-enabled crimes where possible.

Way forward

The OTP will continue consultations, monitor technological developments, and refine its approach to ensure accountability for serious cyber-enabled crimes under international criminal law.