武汉大学
中国现代国际关系研究院
上海社会科学院
复旦大学
北京航空航天大学
中国社会科学院国家全球战略智库
清华大学
对外经济贸易大学
联合发起
《网络主权:理论与实践》(3.0版)专家组成员:
黄志雄 武汉大学教授,专家组召集人
蔡翠红 复旦大学教授
尼古拉斯·查哥里亚斯 英国谢菲尔德大学教授
戴丽娜 上海社会科学院副研究员
郎 平 中国社会科学院研究员
李 艳 中国现代国际关系研究院研究员
刘 晗 清华大学副教授
许 可 对外经济贸易大学副教授
赵 云 香港大学教授
周学峰 北京航空航天大学教授
纵观世界文明史,国家主权的含义因时而变、不断丰富。人类先后经历了农业革命、工业革命、信息革命,每一次产业技术革命,都给国家主权的内涵外延带来巨大而深刻的影响。农业时代,人类活动空间主要集中在陆地,国家主权的重点在于捍卫领土完整。工业时代,人类活动空间从陆地拓展到了海洋、天空,国家主权的范围也随之延伸扩展。进入信息时代,网络空间与人类活动的现实空间高度融合,成为了现代国家的新疆域、全球治理的新领域,网络主权由此而生。特别是在全球新冠疫情形势日趋复杂背景下,维护各国在网络空间的主权安全和发展利益,显得尤为重要。
主权国家是开展网络空间活动、维护网络空间秩序的关键行为体。《联合国宪章》确立的主权平等原则是当代国际关系的基本准则,覆盖国与国交往各个领域,其原则和精神也适用于网络空间。实践中,各国都将国家主权延伸适用于网络空间,但对在网络空间行使主权的理念和具体做法仍存在不同认识。为推动全球互联网治理朝着更加公正合理的方向迈进,构建网络空间命运共同体,国际社会应坚持以人类共同福祉为根本,秉持网络主权理念,平等协商、求同存异、积极实践。
一、网络主权的涵义
(一)网络主权的权利维度
网络主权是国家主权在网络空间的自然延伸,是一国基于国家主权对本国境内的网络设施、网络主体、网络行为及相关网络数据和信息等所享有的对内最高权和对外独立权。具体而言,主要包括以下权利:
1.独立权
主权国家有权自主选择网络发展道路、治理模式和公共政策,不受任何外来干涉。
2.平等权
按照《联合国宪章》的主权平等原则,主权国家有权平等参与网络空间国际治理,共同制定国际规则。
3.管辖权
立法规制权。主权国家为保障国家安全、社会公共利益,保护公民、法人和其他组织的合法权益,有权对本国境内的网络设施、网络主体、网络行为及相关网络数据和信息等制定法律法规。
行政管理权。主权国家为维护良好的网络空间秩序,有权依法对本国境内的网络设施、网络主体、网络行为及相关网络数据和信息等加以管理。
司法管辖权。主权国家有权依法对本国境内的网络设施、网络主体、网络行为及相关网络数据和信息等进行司法管辖。
主权国家有权基于公认的国际法原则和规则,对本国境外与本国具有真实充分联系的特定网络行为,以及与之相关的网络设施、网络主体、网络数据和信息等行使必要且合理的属人管辖权、属地管辖权和保护性管辖权等。为顺利实施此类管辖权,主权国家可以本着克制、礼让和对等的精神,寻求其他国家和地区的协助。
4.防卫权
主权国家有权开展本国的网络安全能力建设,并有权在《联合国宪章》框架下采取合法合理措施,维护本国在网络空间的正当权益不受外来侵犯。
(二)网络主权的义务维度
无论在物理世界还是网络空间,主权都意味着权利和义务的统一。各国在网络空间的互联互通和相互依存,更要求各国在享有网络主权所衍生权利的同时,应遵守国际法一般原则和基本规则,切实履行国际法所规定的相关义务。
第一,不侵犯他国。各国未经许可不得进入另一国网络基础设施,或入侵另一国管辖范围内的网络系统,不得实施网络监控、窃密或破坏活动。
第二,不干涉他国内政。各国不得干涉其他国家在网络空间享有的生存、安全与发展的权利,不得干涉其他国家维护其自身网络秩序、安全和发展的权利;不得支持纵容分裂势力通过网络空间危害他国领土完整、国家安全和社会稳定。
第三,审慎预防义务。各国不得蓄意允许其领土,或在政府控制下的领土或网络设施、网络数据和信息,被用于实施损害他国国家安全和利益的网络活动。
第四,保障义务。各国有义务保障其管辖范围内相关网络主体的合法权益,也有义务在保障网络空间秩序、安全和发展的同时,促进网络空间开放与自由。
(三)网络主权的国际法属性
网络主权作为国家主权在网络空间的延伸,同样是一项具有法律约束力的原则和规则。各国可能对网络主权的概念有不同的界定,对侵犯网络主权的标准存在不同的理解,但这些差异并不影响网络主权作为一项独立原则和规则的法律地位。
如果一国未经许可侵犯他国基于国家主权对其境内的网络设施、网络主体、网络行为及相关网络数据和信息等享有的对内最高权和对外独立权,包括未经许可入侵他国领土或管辖范围内的网络系统,或对有关网络基础设施造成损害或破坏,或未经许可损害一国在网络空间对内对外的排他性主权权利,都违反了主权原则,构成国际不法行为。一项网络行动可能同时违反主权原则、不干涉内政原则以及禁止使用武力原则,需要在有关具体场景中进行个案分析。
(四)与网络主权相关的几个概念
基于主权原则在网络空间多元的适用场景和领域,国际社会各方近年来陆续提出“信息主权”“技术主权”“数据主权”“数字主权”等概念。
强调信息内容管理的“信息主权”。信息有广义与狭义之分,前者涵盖技术与内容等,如俄罗斯提出的“信息安全”。而在学界探讨的“信息主权”中,信息更多是狭义界定,主要是指利用信息通信技术与网络制造和传播的信息内容。“信息主权”的核心诉求体现为对信息内容的有效治理与规范。
聚焦重要技术自主能力的“技术主权”。2020年2月,欧盟委员会接连发布三份重要战略文件,《塑造欧洲的数字未来》《人工智能白皮书》和《欧洲数据战略》。欧盟委员会主席乌尔苏拉·冯德莱恩称系列举措旨在重新夺回“技术主权”,重点强化欧盟在人工智能、大数据、5G等前沿技术及应用的发展和规范方面的独立自主能力。
重视数据战略价值的“数据主权”。其要义在于大数据时代,数据的战略价值得到前所未有的重视。相关国家积极探索数据的有效治理,力图找到确保安全与促进发展的平衡点,例如2020年欧洲接连发布《欧洲数据战略》和《欧洲数据治理条例提案》等。
旨在提升“战略自治”的“数字主权”。2020年7月欧洲议会发布的《欧洲数字主权》文件中,“数字主权”被明确定义为“欧洲在数字世界独立行动的能力,应该从保护性机制和促进数字创新的防御性工具(包括与非欧盟公司合作)两方面来理解它”。这一概念是欧盟面对数字世界的竞争、为保持独立性,竞争力与领导力提出的,强调国家主导本国数字发展的能力。
上述概念的核心关切或侧重点有所不同,但又有所联系,相关实践探索在客观上丰富和拓展了网络主权的内涵与外延。
二、行使网络主权的基本原则
(一)平等原则
《联合国宪章》提出的主权平等原则,是各国行使网络主权时应遵循的首要原则。主权国家无论大小、强弱、贫富,在法律上是平等的,都有权平等参与网络空间国际事务,也有权受到他国的平等对待,更有义务平等对待他国。
(二)公正原则
各国应坚持网络空间的公平正义,推动互联网治理体系向公正合理的方向发展,使其反映世界大多数国家的意愿和利益,尤其是要维护好广大发展中国家的正当权益,确保网络空间的发展由各国人民共同掌握。各国不应滥用自身在网络领域的设施、技术、系统、数据优势地位,对他国行使网络主权进行干涉,或推行网络霸权、网络孤立等不公正行为。
(三)合作原则
网络空间具有全球性,任何国家都难以仅凭一己之力实现对网络空间的有效治理。基于《联合国宪章》所提倡的“善意合作”原则,各国应尊重他国的国际法主体地位,秉持共商、共建、共享的理念,坚持多边参与、多方参与,打造多领域、多层次、全方位的治理体系,致力于维护网络空间的安全与发展。
(四)和平原则
网络空间互联互通,各国利益深度交融。各国应遵守《联合国宪章》的宗旨与原则,和平利用互联网,以和平方式解决网络空间争端。各国应采取有效措施,防范利用信息通信技术从事破坏和平的行动,防止网络空间军备竞赛,预防并打击网络犯罪与网络恐怖主义,维护网络空间的和平与安全。
(五)法治原则
各国应推进网络空间国际治理法治化,共同维护国际法的权威性,反对双重标准。各国应完善国内立法,依法行使网络主权,对内保护本国公民、法人和其他组织在网络空间的合法权利,对外尊重他国网络主权,遵守国际规则和国际法原则,不得利用网络干涉他国内政,不得从事、纵容或支持损害他国国家安全和利益的网络活动。
三、网络主权的主要体现
从网络空间架构的角度来看国家主权在网络空间中的体现,可以将网络空间划分为物理层、逻辑层、应用层和社会层,国家主权在各分层中均有所体现。
(一)在物理层的体现。包括:国家对于其境内的物理基础设施和基础电信服务可行使管辖权,并有权为维护基础设施安全而依法采取必要措施;国家有权参与国际网络基础设施的管理和国际合作。
(二)在逻辑层的体现。包括:国家可以在不违反其承担的国际法义务的前提下,在维护互联网兼容性的同时,独立地制定或采用相关的技术法规或标准。
(三)在应用层的体现。包括:国家对应用软件的开发和运营依法管理,保护合法网络数据与信息,特别是涉及国家安全的网络数据与信息不被窃取或破坏;国家依法对境内网络信息传播实施保护、管理与指导,限制侵犯合法权利或损害公共秩序的信息传播;国家遏制境外组织在本国境内捏造、歪曲事实,散播危害国家安全、公共秩序的网络信息内容;国家参与数据跨境流动、信息治理的国际协调与合作。
(四)在社会层的体现。包括:国家自主管理本国境内网络用户和互联网平台的行为,培育与网络发展相适应的社会环境;维护本国独立自主的互联网治理体制,平等参与完善互联网治理模式的国际合作;有权平等参与全球数字经济发展建设。
上述体现反映了网络主权活动的系统性与完整性,尊重网络主权有利于促进网络空间的有序合作,维护网络空间的和谐稳定,推动网络空间的可持续发展。同时网络主权的行使应当遵循公认的国际法原则和规则,尊重网络空间“互联、互通、互动”的特性,防止互联网“碎片化”。各国不应以行使网络主权为名,将网络安全问题政治化,违反国际通行经贸规则和市场化原则,干扰正常网络基础设施及服务领域项目合作,对他国实施网络孤立等;不应凭借自身技术、经济与政治的优势,不公平分配或封锁重要网络资源,危害全球供应链安全。
四、网络主权的实践进程
(一)许多重要的国际文件已经确认了国家主权原则适用于网络空间。
2003年,联合国信息社会世界峰会通过的《日内瓦原则宣言》就提出“互联网公共政策的决策权是各国的主权”;该峰会2005年通过的《突尼斯议程》强调各国政府在峰会进程中的关键作用和责任。
2011年和2015年,中俄等国在《信息安全国际行为准则》中,提出“重申与互联网有关的公共政策问题的决策权是各国的主权”。
2013年、2015年和2021年,联合国信息安全政府专家组在其报告中指出,“国家主权和在主权基础上衍生的国际规范及原则适用于国家进行的信息通信技术活动”“国家主权原则是增强国家运用信息通信技术安全性的根基”“国际合作、对话以及对所有国家主权的应有尊重至关重要”。
2015年,二十国集团领导人《安塔利亚峰会公报》中指出,“确认国际法,特别是《联合国宪章》,适用于国家行为和信息通信技术运用,并承诺所有国家应当遵守进一步确认自愿和非约束性的在使用信息通信技术方面的负责任国家行为准则”。
2016年,金砖国家领导人《果阿宣言》重申,“在公认的包括《联合国宪章》在内的国际法原则的基础上,通过国际和地区合作,使用和开发信息通信技术。这些原则包括政治独立、领土完整、国家主权平等、以和平手段解决争端、不干涉别国内政、尊重人权和基本自由及隐私等。这对于维护和平、安全与开放的网络空间至关重要”。
2019年,世界互联网大会发布《携手构建网络空间命运共同体》概念文件,强调“网络主权是国家主权在网络空间的自然延伸,应尊重各国自主选择发展道路、治理模式和平等参与网络空间国际治理的权利”。
2020年,世界互联网大会发布《携手构建网络空间命运共同体行动倡议》,再次重申了尊重网络主权的重要性。
2020年,《中国-东盟关于建立数字经济合作伙伴关系的倡议》指出,“在考察各国法律与社会实际基础上,充分尊重网络主权”“推动建立多边、民主、透明的全球网络空间命运共同体”。
2021年,中非互联网发展与合作论坛发起《中非携手构建网络空间命运共同体倡议》,提出“在尊重各国网络主权、尊重各国网络政策的前提下,探索以可接受的方式扩大互联网接入和连接,让更多发展中国家和人民共享互联网带来的发展机遇”。
(二)相关国家在有关国际法适用于网络空间的立场文件中对网络主权问题加以宣示。
近年来,一些国家陆续发表了有关国际法适用于网络空间的立场文件,就国家主权原则在网络空间的适用问题宣示了本国的立场主张。
在确认国家主权原则适用于网络空间方面,2020年新西兰《适用于网络空间国家行动的国际法》文件表示,“领土主权作为一项独立的国际法规则适用于网络空间”。同年芬兰《关于国际法与网络空间的国家立场》也主张,“主权作为一项国际法首要规则”完全适用于网络空间。
在肯定网络主权原则构成有约束力的国际法原则和规则方面,2019年荷兰《现有国际法有关规则在网络空间的适用》文件表示,主权构成一项独立的、有约束力的国际法规则,“各国有义务尊重其他国家的主权,并避免从事构成侵犯其他国家主权的活动”。2021年德国《国际法在网络空间的适用》文件明确,“可归因于国家的侵犯另一国主权的网络行动违反国际法,国家主权本身构成一项法律规范”。
在确定何种行为构成对他国网络主权的侵犯方面,2019年法国《适用于网络空间行动的国际法》文件指出,“他国未经授权进入法国系统的行为或任何通过数字载体对法国领土造成影响的行为,至少可构成对主权的侵犯”。2020年伊朗《关于国际法适用于网络空间的宣言》强调,“任何对网络空间的利用,如果涉及对另一国控制下的公共或私人网络系统的非法侵入,可能构成对目标国主权的侵犯”。此外,2021年俄罗斯《国家安全战略》指出,“利用信息通信技术干涉他国内政、破坏国家主权和领土完整的情况越来越多,这对国际和平与安全构成威胁”。
(三)世界各国还纷纷通过立法、行政、司法等实践活动行使网络主权。
在倡导和践行网络主权原则方面,中国在2015年第二届世界互联网大会上提出,尊重网络主权是推进全球互联网治理体系变革的一项重要原则;2016年通过《网络安全法》,将“维护网络空间主权”作为网络空间立法的根本宗旨;2016年发布《国家网络空间安全战略》,提出“国家主权拓展延伸到网络空间”,并将网络空间主权作为国家主权的重要组成部分;2017年发布《网络空间国际合作战略》,将主权原则列为网络空间国际合作的基本原则之一,并将“维护主权与安全”作为参与网络空间国际合作的首要战略目标;中国还在联合国信息安全政府专家组和开放式工作组、亚非法律协商组织等多边平台明确主张主权原则适用于网络空间。
在探索互联网发展道路和网络管理模式方面,越南2018年出台《网络安全法》明确将“相互尊重独立、主权、领土完整、互不干涉内政、平等互利”作为网络安全合作的基本原则,并详细列举了各种网络禁止行为,包括歪曲历史、破坏民族团结、触犯宗教等侵犯国家主权、利益、安全的行为。欧盟于2020年2月提出“技术主权”,强化欧盟对网络空间的技术、规则和价值的控制力和主导权。
在保护本国网络免受威胁、干扰、攻击和破坏方面,俄罗斯于2019年5月出台《稳定俄罗斯网络法案》,旨在确保俄罗斯互联网资源的自主性与可靠性,在无法连接国外服务器情况下仍能保障俄罗斯网络正常运行。
在保障本国公民在网络空间权益方面,欧盟于2018年5月实施《通用数据保护条例》,对个人数据的跨境流动予以严格管制,并通过个人数据处理活动的域外管辖权拓展其主权边界。
五、基于网络主权建立更具包容性的国际协作框架
尊重网络主权,是在网络空间尊重《联合国宪章》所确立宗旨与原则的表现,是维护网络空间和平安全的基础与前提,也是维护网络空间战略稳定的必要路径。倡导和实践网络主权,并不意味着各国在网络空间各行其是、以邻为壑。基于网络主权建立更具包容性的国际协作框架,旨在尊重各国主权的基础上,平衡各国主权权利与义务之间的关系,有利于各方享受数字时代的发展红利,进而维护网络空间的和平、安全与发展。
一是要以理念认同为基础,推动和巩固网络主权国际共识的形成。各国行使网络主权的实践将长期存在多样性,但国家主权原则适用于网络空间,已在许多重要的国际文件中得到确认。各国应摒弃成见,正视网络空间休戚与共的事实,维护以联合国为核心的国际体系和以国际法为基础的国际秩序,承认网络主权是客观存在的,求同存异,相互尊重,相互谅解,积极互动,避免相互掣肘,鼓励开展全球、区域、多边、双边与多方等各层级的合作与对话,共同促成网络主权的国际共识,增进国家间在网络空间的互信,共同推进实现和平、发展、公平、正义、民主、自由的全人类共同价值。
二是要以制度构建为保障,在网络主权的基础上,积极构建有助于包容性国际协作的网络空间国际规则和制度。各国除应增加内部制度构建外,还应完善国际制度协作,积极参与网络空间的国际机制构建。各国应以联合国为主渠道,以《联合国宪章》宗旨和原则为基础,积极推动构建网络空间基础设施和行为主体合理权利的安全保障机制、数字技术和数据信息等交流共享与合作机制、网络空间恶意活动的风险防范机制、网络犯罪的打击惩治机制、解决网络空间争端的磋商与调停机制等制度规范。各国应秉承坦诚和善意,尽可能促成网络空间国际制度和国际准则的订立,并采取一切必要措施保证相关准则或制度的严格执行,以实现国际规则的长效约束力,从而推动网络主权权利的平等实现,推动国际社会对网络主权义务的共同遵守,为人类共同利益推进网络空间合作,避免霸权主义、零和思维、冷战思维等对网络空间和平发展带来不利影响,促进网络主权的相互协作和良性发展。
三是要以合作行动为途径,在行动实践中积极推进各国网络主权的协调发展与合作。网络主权存在于网络空间命运共同体中,网络主权的有效保障有赖于国际社会在网络主权基础上的合作与努力,即发展共同推进,采取更加积极、包容、协调、普惠的政策,加快全球信息基础设施建设,推动数字经济创新发展,提升公共服务水平;安全共同维护,倡导开放合作的网络安全理念,坚持安全与发展并重,共同维护网络空间和平与安全;治理共同参与,坚持多边参与、多方参与,加强对话协商,推动构建更加公正合理的全球互联网治理体系;成果共同分享,坚持以人为本、科技向善,缩小数字鸿沟,实现共同繁荣。通过共同合作和行动实践,共同推动网络主权的“善意合作”,从而实现网络空间的共享、共治和共赢。
六、尊重网络主权,携手构建网络空间命运共同体
网络主权原则是习近平主席关于构建网络空间命运共同体“四项原则”“五点主张”中的首要原则。倡导与实践网络主权,绝不意味着封闭或割裂网络空间,而是要在国家主权基础上构建公正合理的网络空间国际秩序,共同构建网络空间命运共同体。构建网络空间命运共同体是维护网络主权的内在动力和远景目标,将网络空间建设成造福全人类的发展共同体、安全共同体、责任共同体和利益共同体,必须在尊重各国主权的基础上实现。
构建网络空间命运共同体必须坚持网络主权的原则。构建网络空间命运共同体需要各国共同努力来应对风险和挑战。只有首先明确和界定国家在网络空间的主权,在尊重各国网络主权的基础上,才能携手构建网络空间命运共同体。只有确保各国拥有自主选择网络发展道路、治理模式和公共政策的独立权,参与网络空间国际治理和规则制定的平等权,通过立法、行政和司法手段对其网络进行管理的管辖权,抵御网络空间外来风险和应对外部侵犯的防卫权,才有可能通过平等协商和合作,在国家之间建立有效的对话与协商机制,携手构建网络空间命运共同体。
网络主权需要通过构建网络空间命运共同体来加以更好的维护和保障。互联网的飞速发展为人类文明进步创造了前所未有的机遇,但发展不平衡、规则不健全、秩序不合理等问题也更加突出;霸权主义和强权政治以及保护主义和单边主义在网络空间持续存在。侵犯隐私、侵犯知识产权、散播虚假信息、网络诈骗、网络恐怖主义等违法犯罪活动已成为全球公害。在网络空间,各国命运相连,休戚与共,有效应对网络空间安全与发展的威胁有赖于各国共同参与、协同合作,唯有通过构建网络空间命运共同体,才能有效维护网络主权。
然而,各国国家利益存在差异,有时甚至相互冲突,在维护本国利益与提供国际公共产品之间始终保持平衡并不容易。面对跨境数据流动、虚假信息、供应链安全等新问题,日益加剧的地缘政治紧张局势使得相关国际规则和规范的谈判进程步履维艰。只有遵循尊重网络主权、维护和平安全、促进开放合作、构建良好秩序的基本原则,才能找到各国国家利益的最大公约数。
构建网络空间命运共同体是一个长期的过程,我们呼吁国际社会在联合国框架下共同努力,秉持平等协商、求同存异、互利共赢的原则,加强沟通,协调立场,在维护国家网络主权的基础上,制定普遍接受的网络空间国际规则和行为准则,凝聚广泛共识,贡献智慧力量,共同构建和平、安全、开放、合作、有序的网络空间。
Jointly Launched by
Wuhan University
China Institute of Contemporary International Relations
Shanghai Academy of Social Sciences
Fudan University
Beihang University
National Institute for Global Strategy, Chinese Academy of Social Sciences
Tsinghua University
University of International Business and Economics
Members of the Group of Expert for Sovereignty in Cyberspace: Theory and Practice (Version 3.0)
ZhixiongHuang Professor, Wuhan University; Project Coordinator
Cuihong Cai Professor, Fudan University
Lina Dai Associate Research Fellow, Shanghai Academy of Social Sciences
Ping Lang Research Fellow of Chinese Academy of Social Sciences
Yan Li Research fellow, China Institute of Contemporary International Relations
Han Liu Associate Professor, Tsinghua University
Nicholas Tsagourias Professor, University of Sheffield, UK
Ke Xu Associate Professor, University of International Business and Economics
Yun Zhao Professor, the University of Hong Kong
Xuefeng Zhou Professor, Beihang University
Throughout the history of world civilization, the meaning of national sovereignty has changed and been enriched over time. Humanity has successively undergone agricultural, industrial, and information revolutions, which have had enormous and profound impacts on the connotation and denotation of national sovereignty. In the agricultural age, human activity was mainly confined to land, so the focus of national sovereignty was on protecting territorial integrity. In the industrial age, human activity extended from land to the sea and sky. The scope of national sovereignty expanded accordingly. Highly integrated with the physical space of human activity in the information age, cyberspace has become a new frontier for modern states and a new domain of global governance. It is from this that sovereignty in cyberspace has emerged. It is especially important to safeguard the sovereignty, security and development interests of all countries in the context of growing complexity caused by the Covid-19 pandemic.
Sovereign states are key actors in carrying out activities and maintaining order in cyberspace. The principle of sovereign equality enshrined in the Charter of the United Nations is a basic norm governing contemporary international relations. Covering all aspects of state-to-state relations, its principle and spirit also apply to cyberspace. In practice, all countries have extended national sovereignty to cyberspace, but different understandings exist around the ideas and practices for exercising it. To facilitate more just and equitable global Internet governance and build a community with a shared future in cyberspace, the international community should, with the common well-being of humanity in mind, follow and practice the notion of sovereignty in cyberspace in line with the principles of equal consultation and seeking common ground while setting aside differences.
The Concept of Sovereignty in Cyberspace
I. Rights
Sovereignty in cyberspace is the extension of national sovereignty to cyberspace. It is the internal supremacy and external independence that a state enjoys, on the basis of its national sovereignty, over cyber infrastructure, entities, behavior as well as relevant data and information in its territory. Specifically speaking, it primarily includes the following rights.
·Independence. A sovereign state has the right to independently choose its own path of cyber development, model of cyber governance, and Internet public policies, free from any external interference.
·Equality. In line with the principle of sovereign equality enshrined in the UN Charter, a sovereign state has the right to participate in global governance in cyberspace on an equal footing and jointly formulate international rules.
·Jurisdiction
·Legislative Jurisdiction. A sovereign state has the right to enact legislation to regulate cyber infrastructure, entities, behavior as well as relevant data and information in its territory, in order to protect its national security, public interests, and the legal rights and interests of its citizens, legal persons, and other organizations.
·Administrative Jurisdiction. A sovereign state has the right to administer cyber infrastructure, entities, behavior as well as relevant data and information in its territory according to law, so as to maintain good order in cyberspace.
·Judicial Jurisdiction. A sovereign state has the right to exercise judicial jurisdiction over cyber infrastructure, entities, behavior as well as relevant data and information in its territory according to law.
A sovereign state has the right to exercise, in accordance with the universally recognized principles and rules of international law, necessary and reasonable personal, territorial and protective jurisdiction etc. over specific cyber activities outside its territory that have genuine and substantial connection to the State as well as over relevant cyber facilities, entities, data and information. In order to exercise its jurisdiction, a State may seek assistance from other countries and regions in the spirit of self-restraint, comity and reciprocity.
·Cyber-defense
A sovereign state has the right to conduct capacity building on cyber security and adopt lawful and reasonable measures under the framework of the UN Charter to protect its legitimate rights and interests in cyberspace from external infringement.
II. Obligations
Whether in the physical world or cyberspace, sovereignty incorporates both rights and obligations. The connectivity and interdependence among countries in cyberspace all the more requires countries to respect the basic norms and general principles of international law and earnestly fulfill their due obligations specified in international law while enjoying the rights derived from sovereignty in cyberspace.
·Non-infringement of the sovereignty of other countries. No country shall without permission access the cyberinfrastructure of another country or infringe on the network systems within the jurisdiction of another country. No country shall engage in acts of cyber surveillance, theft or sabotage.
·Non-interference in other countries’ internal affairs. No country shall interfere in other countries’ rights to survival, security and development in cyberspace, or their rights to maintain cyberspace order, security and development. No country shall support or allow separatist forces to undermine other countries' territorial integrity, national security and social stability through cyberspace.
·Due diligence. No country shall knowingly allow its territory, or territory or Internet facilities, data and information under the control of its government, to be used for cyber activities undermining national security or interests of other countries.
·Protection. All countries have the obligation to protect lawful rights and interests of relevant cyberspace entities within their jurisdiction. They also have the obligation to promote openness and freedom of cyberspace while ensuring order, security and development.
III. The Legal Status of Sovereignty in Cyberspace
As the extension of state sovereignty in cyberspace, sovereignty in cyberspace is also a legally binding principle and rule. States may define their sovereignty differently and may have different perceptions of the threshold for violating sovereignty in cyberspace, but these differences do not affect the legal status of sovereignty in cyberspace under international law.
If a country infringes on the internal supremacy and external independence that another country enjoys on the basis of its national sovereignty over cyber infrastructure, entities, behavior as well as relevant data and information in its territory, this will be a violation of the principle of sovereignty and will constitute a wrongful act under international law. The acts may include, among others, unauthorized penetration into the network systems in the territory or within the jurisdiction of another country, causing disruption or damage of relevant infrastructure or undermining a country’s exclusive sovereign rights both internally and externally in cyberspace. A cyber operation may simultaneously violate the principles of sovereignty, non-interference in internal affairs and the prohibition of the use of force. The application of this principle to a specific set of circumstances may require certain contextualization.
IV. Some Concepts Related to Sovereignty in Cyberspace
In view of the diverse application scenarios and domains of the principle of sovereignty in cyberspace, the concepts of "information sovereignty", "technological sovereignty", "data sovereignty" and "digital sovereignty" have been put forward by various parties in the international community in recent years.
"Information sovereignty" that focuses on content management. Information can be divided into broad and narrow senses. The former covers technology and content, as is meant by "information security" proposed by Russia. However, "information sovereignty" is more narrowly defined among the academic community. It mainly refers to the information content produced and disseminated by using information and communication technologies and network. The main goal of upholding "information sovereignty" is to ensure effective governance and regulation of information content.
"Technological sovereignty" that focuses on capabilities in developing home-grown technologies in key areas. In February 2020, the European Commission released three important strategic documents: Shaping Europe's Digital Future, the White Paper on Artificial Intelligence and the European Data Strategy. According to Ms. Ursula von der Leyen, President of European Commission, this was aimed at regaining "technological sovereignty" and strengthening EU's ownership in the development and standard setting of cutting-edge technologies and applications such as artificial intelligence, big data and 5G.
"Data sovereignty" that places importance on the strategic value of data. In the era of big data, the strategic value of data has drawn unprecedented attention. Relevant countries are working to improve data governance in an effort to balance security and development. For example, in 2020 the European Commission issued A European Strategy for Dataand the Data Governance Act.
"Digital sovereignty" aimed at enhancing "strategic autonomy". In the Digital Sovereignty for Europe released by the European Parliament in July 2020, "digital sovereignty" was defined as "Europe's ability to act independently in the digital world and should be understood in terms of both protective mechanisms and offensive tools to foster digital innovation (including in cooperation with non-EU companies)". The notion was put forward by the EU to maintain its independence, competitiveness and leadership in the face of competition in the digital world, emphasizing the ability of states to lead their own digital development.
The above concepts may differ in their goals or emphasis, but they are interrelated. Relevant practices and explorations have substantiated and expanded the connotation and extension of sovereignty in cyberspace.
Fundamental Principles of Sovereignty in Cyberspace
I. Equality
Sovereign equality as set forth in the UN Charter is the primary principle that all states should follow in the exercise of their sovereignty in cyberspace. All sovereign states, regardless of size, wealth, or strength, are equal before the law and have the right to participate on an equal footing in international cyberspace affairs. Each state should be treated equally, and each state is also obligated to treat others as equals.
II. Fairness
All states should uphold the principles of fairness and justice in cyberspace and facilitate a more just and equitable global Internet governance system that reflects the wishes and interests of the majority of countries, protects the legitimate rights and interests of developing countries, and ensures the people of countries around the world get to decide on the development of cyberspace. States should not abuse their superiority in facility, technology, system and data in the cyber domain to interfere in other countries' exercise of sovereignty in cyberspace or promote unjust acts such as cyber hegemony or isolation.
III. Cooperation
Cyberspace is global in nature. It is difficult for any state to achieve effective governance in cyberspace solely through its own efforts. In line with the principle of cooperation in good faith contained in the UN Charter, states should respect others as subjects of international law, follow the principle of extensive consultation, joint contribution and shared benefits, support multilateral and multi-party participation, and build a holistic governance system across multiple fields and levels to ensure the security and development of cyberspace.
IV. Peace
In an interconnected cyberspace, the interests of all countries are deeply intertwined. All countries should act in conformity with the purposes and principles enshrined in the UN Charter, use the Internet for peaceful purposes, and settle cyber disputes by peaceful means. They should take effective measures to guard against the use of information and communications technology (ICT) to engage in activities that undermine peace, prevent an arms race in cyberspace, and prevent and fight cyberterrorism to maintain peace and security in cyberspace.
V. Rule of Law
All states should make steady progress in domestic legislation and advance the rule of law in global governance in cyberspace, uphold the authority of international law, and oppose the practice of double standards. In the exercise of sovereignty in cyberspace domestically, states should protect their citizens, legal persons, and other organizations’ legal rights in cyberspace, and internationally, states should respect the sovereignty of others in cyberspace, and observe international law; states shall not use the Internet to interfere in the internal affairs of other countries or engage in, encourage, or support cyber activities that endanger the national security of other countries.
Key Manifestations of Sovereignty in Cyberspace
Based on the architecture of cyberspace, sovereignty in cyberspace can be divided into four layers, namely physical layer, logic layer, application layer and social layer. Each of these layers is a manifestation of national sovereignty.
I. Manifestation of Sovereign in the Physical Layer
A sovereign state has jurisdiction over the physical infrastructure and basic telecommunications services within its territory. In some circumstances, a state may also be entitled to take necessary measures to maintain the security of the physical infrastructure according to national law and in conformity with international law. A sovereign state has the right to participate in the management of and international cooperation on the global cyber infrastructure.
II. Manifestation of Sovereignty in the Logical Layer
A sovereign state can independently enact or adopt the relevant technical regulations or standards on the premise of not violating their obligations under international law, while maintaining the interoperability of the Internet.
III. Manifestation of Sovereignty in the Application Layer
A sovereign state may exercise its jurisdiction over the development and operation of software, protects lawful data and information, especially those related to national security, from theft or destruction in accordance with national and international law. The state can regulate the dissemination of online content stored in its territory in accordance with national and international law, and restricts the dissemination of information that infringes upon public interests. A sovereign state prohibits overseas organizations from fabricating and distorting facts and disseminating online information content in its territory that seriously damages its national security and public interests. A sovereign state participates in international coordination and cooperation on cross-border data flow and information governance.
IV. Manifestation of Sovereignty in the Social Layer
A sovereign state can exercise jurisdiction over its Internet users and platforms, and foster a social environment suitable for the development of cyberspace; upholds its independent Internet governance system and participates in international cooperation on improving the Internet governance model on an equal footing. A state has the right to take an equal part in the development of the global digital economy.
The above reflects the systemic nature and integrity of sovereign activities in cyberspace. Respect for sovereignty in cyberspace promotes orderly cooperation, harmony and stability in cyberspace and its sustainable development. At the same time, when exercising sovereignty in cyberspace, a country should adhere to universally recognized principles and rules of international law, respect the interconnected and interactive nature of cyberspace, and prevent fragmentation of the Internet. A state should not politicize cyber security issues in the name of exercising sovereignty in cyberspace, violate prevailing international economic and trade rules or market principles, interfere with normal cooperation in cyber infrastructure and service projects, and exclude other states from cyberspace. A state should not use its technological, economic and political power to unfairly allocate or block important network resources or endanger the security of the global supply chain.
Sovereignty in Cyberspace in Practice
I. A number of important international documents affirmed the application of the principle of state sovereignty to cyberspace.
The Declaration of Principles adopted at the World Summit on the Information Society in 2003 stated that “policy authority for Internet-related public policy issues is the sovereign right of States”. The Tunis Agenda for the Information Society adopted at the 2005 WSIS highlighted the key roles and responsibilities of national governments in the summit process.
In 2011 and 2015, the International Code of Conduct for Information Security put forward by China, Russia and other countries reaffirmed that “policy authority for Internet-related public policy issues is the sovereign right of States”.
The reports of the UN Group of Governmental Experts (UN GGE) in 2013, 2015 and 2021 stressed that “state sovereignty and international norms and principles that flow from sovereignty apply to State conduct of ICT-related activities”, emphasized “the principle of sovereignty as the basis for increased security in the use of ICTs by States” and the centrality of “international cooperation, dialogue, and due regard for the sovereignty of all States".
The Leaders Communiquéof G20 Antalya Summit in 2015 affirmed that “international law, and in particular the UN Charter, is applicable to state conduct in the use of ICTs and commit ourselves to the view that all states should abide by norms of responsible state behavior in the use of ICTs”.
The Goa Declaration at 2016 BRICS Summit reiterated that “the use and development of ICTs through international and regional cooperation and on the basis of universally accepted norms and principles of international law, including the Charter of the UN in particular political independence, territorial integrity and sovereign equality of States, the settlement of disputes by peaceful means, non-interference in internal affairs of other States as well as respect for human rights and fundamental freedoms, including the right to privacy; are of paramount importance in order to ensure a peaceful, secure and open and cooperative use of ICTs”.
In 2019, the World Internet Conference released the concept document entitled Jointly Build a Community with a Shared Future in Cyberspace, stressing that "Sovereignty in cyberspace is a natural extension of the national sovereignty in cyberspace. We should respect the right of each country to independently choose its own development path and governance model, and to participate in global governance in cyberspace on an equal footing."
In 2020, the World Internet Conference released the Initiative on Jointly Building a Community with a Shared Future in Cyberspace, reaffirming the importance of respecting sovereignty in cyberspace.
The China-ASEAN Initiative on Establishing a Digital Economy Partnership issued in 2020emphasized "respect for sovereignty in cyberspace on the basis of respecting laws and Internet policies of individual countries,” and“building a global community with a shared future in cyberspace in a multilateral, democratic and transparent way".
The China-Africa Internet Development and Cooperation Forum in 2021 launched the Initiative on China-Africa Jointly Building a Community With a Shared Future in Cyberspace, which stated that “On the basis of respecting sovereignty in cyberspace and Internet policies of individual countries, we should explore acceptable means of expanding Internet access and connection, and deliver development opportunities brought by the Internet to more developing countries and peoples.”
II. Relevant states have affirmed the application of the principle of state sovereignty to cyberspace in their position papers.
In recent years, some countries have issued position papers on the application of international law in cyberspace, stating their positions and propositions on the application of the principle of national sovereignty in cyberspace.
In confirming the applicability of state sovereignty to cyberspace, New Zealand released in 2020 the Application of International Law to State Activity in Cyberspace which said that it "considers that the standalone rule of territorial sovereignty also applies in the cyber context". In the same year, the International Law and Cyberspace: Finland’s National Positions also stated that “Finland sees sovereignty as a primary rule of international law” and that “this rule is fully applicable in cyberspace”.
In confirming sovereignty in cyberspace as a binding rule in international law, the document entitled International law in Cyberspace issued by the Netherlands in 2019 said that sovereignty constitutes an independent and binding rule in international law and that "States have an obligation to respect the sovereignty of other states and to refrain from activities that constitute a violation of other countries’ sovereignty." In its document On the Application of International Law in Cyberspace issued in 2021, Germany clearly states that "Germany agrees with the view that cyber operations attributable to States which violate the sovereignty of another State are contrary to international law. In this regard, State sovereignty constitutes a legal norm in its own right."
In determining what constitutes an infringement of a state's sovereignty in cyberspace, according to the French document entitled International Law Applied to Operations in Cyberspace released in2019, “Any authorized penetration by a State of French systems or any production of effects on French territory via a digital vector may constitute, at the least, a breach of sovereignty." Iran stressed in its Declaration of General Staff of the Armed Forces of the Islamic Republic of Iran Regarding International Law Applicable to the Cyberspace issued in 2020 that "Any utilization of cyberspace if and when involves unlawful intrusion to the (public or private) cyber structures which is under the control of another state, maybe constituted as the violation of the sovereignty of the targeted state." In addition, the National Security Strategy of the Russian Federation adopted in 2021 states that "The use of information and communications technology is expanding. The use of communication technologies to interfere in the internal affairs of states, undermine their sovereignty and violate their territorial integrity, is posing a threat to international peace and security."
III. States affirm the exercise of their sovereignty in cyberspace through legislative, administrative and judicial means.
With regards to advocating and practicing principle of sovereignty in cyberspace, China stated at the 2nd World Internet Conference that respecting sovereignty in cyberspace is an important principle in the reform of the global Internet governance system. In the Law on Cybersecurity adopted in 2016, China embraces “safeguarding national sovereignty in cyberspace” as a fundamental purpose of cyberspace legislation. The National Cyberspace Security Strategy released in 2016 stresses that “national sovereignty extends to cyberspace” and upholds sovereignty in cyberspace as an important part of national sovereignty. The Strategy on International Cooperation in Cyberspace released in 2017 places the principle of national sovereignty on the list of the basic principles for international cooperation in cyberspace and regards “safeguarding national sovereignty and security” as the primary strategic goal of engaging in such cooperation. China has also made it clear that national sovereignty applies to cyberspace in the UN Group of Government Experts and the Open-Ended Working Group (OEWG), the Asian-African Legal Consultative Organization and in other multilateral fora.
As far as exploring the Internet development path and cyber administration models is concerned, The Law on Cybersecurity of Vietnam in 2018 makes it clear that “mutual respect for independence, sovereignty and territorial integrity, mutual non-interference in internal affairs, equality and mutual benefit” form the basic principles of cybersecurity cooperation. It provides a detailed list of acts that are prohibited in cyberspace such as distorting historical facts, undermining ethnic unity, offending religious belief and other acts that violate national sovereignty, interests and security. The European Union put forward “technological sovereignty” in February 2020 in a bid to reinforce its control and dominance in technologies, rules and values in cyberspace.
As for protecting domestic network from threats, disruptions, attacks and sabotage, Russia adopted the Stable Runet Act in May 2019 to ensure independence and reliability of its own Internet resources so that it can still function properly when it is unable to connect to servers outside the country.
In regard to protecting the rights and interests of citizens in cyberspace, the EU adopted the General Data Protection Regulation in May 2018 to put cross-border flow of personal data under strict control, and expands the confines of sovereignty through extra-territorial jurisdiction over processing of personal data.
Building a More Inclusive International Coordination Framework Based on Sovereignty in Cyberspace
Respect for sovereignty in cyberspace means respect for the purposes and principles enshrined in the UN Charter in cyberspace. It is the basis and the prerequisite for upholding peace and security in cyberspace and a necessary means to ensure strategic stability in cyberspace. Advocating and practicing sovereignty in cyberspace does not mean that countries can do as they wish in cyberspace or pursue a beggar-thy-neighbor policy. The establishment of a more inclusive international coordination framework based on sovereignty in cyberspace aims to balance the relationship between sovereign rights and obligations of all states on the basis of respecting their sovereignty. It helps all parties enjoy the benefits of the digital era and promotes peace, security and development of cyberspace.
First, it is important to coordinate different perceptions of sovereignty in cyberspace, and on this basis promote and consolidate international consensus on sovereignty in cyberspace. The difference among states in exercising sovereignty in cyberspace will remain for a long time, but the application of the principle of state sovereignty in cyberspace has been confirmed by many important international documents. States should remove prejudice, recognize the fact that cyberspace is a world of shared interests, uphold the international system with the UN at its core and the international order based on international law. States should recognize that sovereignty in cyberspace is an objective reality, seek common ground while shelving differences, respect and understand each other, actively interact and avoid mutual constraints. States should encourage multilateral, bilateral and multi-party cooperation and dialogue at global and regional levels, jointly build international consensus on sovereignty in cyberspace, enhance mutual trust in cyberspace, and jointly promote the realization of the common values of peace, development, equity, justice, democracy and freedom for humanity.
Second, based on the principle of sovereignty in cyberspace, international rules and systems conducive to inclusive coordination should be established as an institutional guarantee. Countries should not only improve their domestic systems, but also enhance international coordination and actively participate in global institutional building on cyberspace. With the UN as the main channel and based on the purposes and principles of the UN Charter, countries should work together to build systems and norms such as a security mechanism to protect the cyber infrastructure and the legal rights of entities, a cooperative mechanism on exchange and sharing of data information and digital technology, a risk prevention mechanism against malicious activities in cyberspace, a mechanism to crack down on cybercrimes, and a consultation and mediation mechanism on settling disputes in cyberspace. All countries should, in the spirit of honesty and goodwill, do their best to establish effective international rules and systems to govern cyberspace. Countries should ensure the equal realization of sovereign rights in cyberspace and universal compliance with international law obligations in cyberspace. States should promote cooperation in cyberspace for the benefit of mankind. They should prevent hegemonism, zero-sum thinking and Cold War mentality from adversely affecting peace and development in cyberspace.
Third, states should promote cooperation among countries on sovereignty in cyberspace with concrete actions. Sovereignty in cyberspace exists in the community with a shared future in cyberspace. Effective protection of sovereignty in cyberspace requires joint efforts of the international community in the following aspects:
Achieving shared development. Countries should adopt more proactive, inclusive and coordinated policies that benefit all, speed up global information infrastructure construction, promote innovative development of the digital economy and enhance public service capacity.
Ensuring common security. Countries should advocate a cybersecurity vision that features openness and cooperation, and encourage Internet development while laying equal emphasis on cybersecurity so as to jointly uphold peace and security in cyberspace.
Realizing joint governance. Countries should stay committed to a multilateral and multi-party approach to cyberspace governance. Dialogues and consultation should be stepped up to foster a more just and equitable governance system in cyberspace.
Enjoying benefits together. Countries should advocate Tech for Good with a people-centered approach, narrow the digital divide, and achieve common prosperity.
Respecting Sovereignty in Cyberspace and Jointly Building a Community with a Shared Future in Cyberspace
The principle of sovereignty in cyberspace comes first in President Xi Jinping's "Four Principles" and "Five Proposals" on building a community with a shared future in cyberspace. Advocating and practicing sovereignty in cyberspace does not mean sealing off the cyberspace or breaking it up. Instead, it means facilitating a just and equitable international cyberspace order that respects national sovereignty and building a community with a shared future in cyberspace. The latter is the driving force and long-term goal for safeguarding sovereignty in cyberspace. Building cyberspace into a community of common development, security, responsibility and interests that benefits all humanity must be achieved on the basis of respecting the sovereignty of all countries.
In building a community with a shared future in cyberspace, countries must adhere to the principle of sovereignty in cyberspace. Building a community with a shared future in cyberspace requires concerted efforts of all countries to address risks and challenges. Clearly defined national sovereignty in cyberspace and respect for it is essential for jointly building a community of shared future in cyberspace. Only when countries are assured that they have independent rights in choosing their own cyberspace development paths, governance models and public policies, have equal rights in participating in the rule setting for international cyberspace governance, have jurisdiction over their own cyberspace through legislative, administrative and legal means, and enjoy right of defense against external risks and infringements in cyberspace, can there be an effective dialogue and consultation mechanism among countries through exchange and cooperation on an equal footing, which serves a community with a shared future in cyberspace.
Sovereignty in cyberspace needs to be better secured and protected through building a community of shared future in cyberspace. The rapid development of the Internet has created unprecedented opportunities for the progress of human civilization, yet problems such as unbalanced development and flaws in rules and order have become more prominent. Hegemonism, power politics, protectionism and unilateralism persist in cyberspace. Infringement on privacy and intellectual property rights, dissemination of false information, online fraud, cyber terrorism and other illegal and criminal activities have become a global scourge. In cyberspace countries have enormous shared interests. Effective responses to threats on security and development in this domain count on cooperation and coordination of all countries. Building a community with a shared future in cyberspace can effectively safeguard the sovereignty of all countries in cyberspace.
However, as national interests are not the same and are sometimes even conflicting with one another, it is not always easy to strike a balance between safeguarding national interests and providing international public goods. Rising geopolitical tensions in the context of emerging issues concerning cross-border data flow, disinformation and supply chain security etc. have made it difficult to push for progress in negotiations on international rules and norms. To identify the converging interests among all countries, it is imperative to follow the principles of respecting sovereignty in cyberspace, upholding peace and security, promoting openness and cooperation and building a sound order.
Building a community with a shared future in cyberspace is a long-term process. We call on the international community to work together under the UN framework and uphold the principles of engaging in discussions as equals, seeking common ground while shelving differences, and pursuing mutual benefits. We call on them to strengthen communication, harmonize positions, and on the basis of upholding sovereignty in cyberspace, formulate universally acceptable international rules and codes of conduct for cyberspace, broaden consensus and contribute wisdom and strength for building a peaceful, secure, open, cooperative, and orderly cyberspace.
