Year Ahead 2026 – The Law of Cyber Operations

In 2026, the law governing cyber operations in armed conflict is unlikely to undergo dramatic change. Instead, trendlines from the first half of the decade will persist, as States remain reluctant to clarify how core IHL rules apply in cyber contexts, despite cyber operations becoming increasingly embedded in military campaigns. As in 2025, States will continue to affirm that existing international law, including international humanitarian law (IHL), applies to cyber operations conducted during armed conflicts. However, the discussion will likely shift to an analysis of how cyber operations are increasingly affected by the speed and autonomy of artificial intelligence (AI). The result is likely to be continued formal stability in the law alongside growing practical indeterminacy in its application.

This post begins by briefly reviewing developments in 2025 that revealed the trajectory of international law and cyber operations in armed conflict. It then assesses how State positions, both within and outside multilateral processes, reinforced a pattern of reaffirmation without elaboration. Against that backdrop, it offers three predictions for 2026. First, States will increasingly employ cyber operations for strategic rather than tactical effects in armed conflicts. Second, States will continue to resist expanding civilian protections for data and cyber infrastructure due to the perceived value of strategic cyber operations. Third, the speed of AI-enabled cyber operations will shift legal review away from the employment stage toward ex ante governance through system design, training, and testing.

What 2025 Revealed

Developments in 2025 largely confirmed that States remain unwilling to revisit foundational questions concerning the application of IHL to cyber operations. States failed to meaningfully advance new or widely accepted positions on when cyber operations trigger an international or non-international armed conflict. Nor did States converge on whether loss of functionality, data corruption, or denial of access constitutes an attack under IHL. Long-standing debates concerning civilian cyber operators, dual-use infrastructure, and the status of data as an object likewise remained unresolved.

The final report of the United Nations Open-Ended Working Group (OEWG) on security of and in the use of information and communications technologies reinforced this pattern. While the OEWG reaffirmed that international law, including IHL, applies to State conduct in cyberspace, it emphasized that IHL applies only in situations of armed conflict and cautioned against invoking IHL in a manner that could legitimize conflict. Discussions of international law were framed primarily as deepening exchanges of views, capacity-building, and voluntary sharing of national positions, rather than steps toward doctrinal clarification.

At the same time, the OEWG process revealed increased consolidation around voluntary norms of responsible State behavior, particularly the protection of critical and information infrastructure. Implementation-focused tools, including voluntary checklists and templates, accompanied norms related to restraint, assistance, and cooperation. This maturation of norms, however, did not translate into more explicit legal constraints on cyber operations in armed conflicts. Instead, it illustrated the growing divergence between norm-based governance mechanisms and the law governing hostilities. This result appeals to States that view voluntary norms as flexible and capable of advancing security by fostering cooperation and mutual benefit. In contrast, those States see legal rules as imposing constraints they prefer to avoid.

State Positions in 2025: Reaffirmation Without Clarification

Developments outside the OEWG process reflected a similar dynamic. In official documents, speeches, and doctrinal materials, States maintained the position that IHL applies to cyber operations conducted during armed conflicts. At the same time, they remained notably silent on how core principles such as distinction, proportionality, and precautions in attack should be applied. States broadly reaffirmed the applicability of IHL to cyber operations while declining to articulate cyber-specific interpretations of attack, military objective, or collateral damage.

Effects-based reasoning remained the preferred analytical approach for States, but it lacked elaboration of thresholds that would meaningfully categorize cyber operations during conflict under IHL. Russia and China likewise accepted the general applicability of international law while refraining from engaging with its operationalization in the context of cyber warfare. This silence is legally significant. It indicates both a lack of consensus and a shared reluctance to adopt positions that could limit operational use in a domain increasingly viewed as strategically valuable.

State practice during armed conflict further illustrates this pattern. Cyber operations are increasingly integrated into military campaigns alongside kinetic force, but in a manner that avoids physical destruction, injury, or clearly classifiable attacks. Instead, cyber activities tend to focus on pre-positioning within adversary networks, disrupting infrastructure supporting both civilian and military functions, and shaping information environments. These operations have the advantage of permitting States to employ cyber operations in legally ambiguous frameworks.

Prediction for 2026: Strategic Cyber Operations and Civilian Protection

In 2026, cyber operations are likely to be used increasingly as strategic instruments in armed conflicts rather than as tactical tools in direct support of military operations. Strategic operations may aim to demoralize or intimidate a civilian population by degrading services, altering public opinion, and influencing political decision-making. In contrast, tactical operations focus on gaining battlefield advantages. The strategic use of cyber operations will involve targeting civilian data systems, online services, and cyber infrastructure to degrade societal resilience. This approach is designed to avoid physical effects that definitely trigger the most restrictive IHL rules. Consequently, States can pursue strategic goals while declaring that their actions do not constitute attacks under IHL.

The value of this operational flexibility suggests that clarification regarding the protection of civilian data and cyber infrastructure will remain the purview of international organizations and academics, rather than States, for the foreseeable future. The establishment of a “Global Mechanism” as a continuation of the OEWG is a notable exception.

Prediction for 2026: Artificial Intelligence, Speed, and Legal Review

The convergence of cyber operations and artificial intelligence will further accelerate these trends. AI-enabled cyber capabilities promise to operate at speeds and cycles that exceed those of human operators by significant margins. For instance, some AI systems can identify and exploit vulnerabilities in milliseconds, far outpacing the traditional legal review processes that are designed for human-paced operations. These radically compressed timeframes threaten to make traditional military legal review processes untenable. Target-specific approval for each operational use is poorly suited to high-tempo cyber operations conducted through AI-enabled systems.

In response, there will be a shift toward ex ante governance mechanisms. These include training AI-driven systems in applicable IHL rules and rules of engagement, constraining system design, and validating capabilities through testing and red-teaming. Legal review will increasingly focus on approving broad categories of capability rather than individual cyber actions. Accountability will shift accordingly toward commanders and system designers, and away from individual operators. Ironically, this shift to an ex anteregime may force States to clarify, at least internally, the applicable IHL rulesets for purposes of system training and programmed constraints.

Conclusion

In 2026 and beyond, States will continue to affirm that IHL applies to cyber operations conducted during armed conflict. Yet its practical influence on State behavior is likely to be limited as cyber operations become more strategic, more automated, and more deeply integrated with artificial intelligence. States will continue to affirm IHL in principle while resisting its elaboration in cyber contexts, particularly where clarification would constrain strategic cyber capabilities.

The developmental challenge for IHL and cyber will continue to shift from whether its basic provisions apply to determining how a legal framework developed for human-paced, physically destructive warfare in physical domains can meaningfully regulate conflict conducted at machine speed, in a digital domain, and through systems trained, rather than supervised, to comply with the law.

***

Jeff Biller is an Associate Professor of Cyber Law and Policy with CyberWorx, a department of the Office of Research at the United States Air Force Academy (USAFA).

The views expressed are those of the authors, and do not necessarily reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense. 

Articles of War is a forum for professionals to share opinions and cultivate ideas. Articles of War does not screen articles to fit a particular editorial agenda, nor endorse or advocate material that is published.

 Photo credit: Getty Images via Unsplash