Late last week, the International Criminal Court (ICC) in The Hague detected and contained a “new, sophisticated and targeted” cybersecurity incident, marking the second major breach in under two years. The attack came at a sensitive time, as The Hague hosted the NATO summit and local Dutch authorities reported a series of related distributed denial-of-service (DDoS) attacks attributed to pro-Russian hacktivists. While the ICC has not disclosed whether sensitive legal data was compromised, the incident has once again raised critical questions about the digital security of international institutions based in the Netherlands.
This is not the first time the ICC has faced such threats. In 2023, Dutch intelligence services attributed a similar cyber-espionage attempt to a Russian military intelligence officer posing as a Brazilian intern. That earlier attack targeting sensitive case data was linked to the Court’s issuance of arrest warrants, including one for Russian President Vladimir Putin over alleged war crimes in Ukraine. The latest breach appears to follow the same pattern of strategic digital targeting, likely with geopolitical motives.
As the host nation of the ICC, the Netherlands has long taken pride in its identity as the “legal capital of the world.” However, the Headquarters Agreement between the ICC and the Dutch government, signed in 2002, was conceived in a different era, and did not fully anticipate the modern cyber threat landscape. Article 3 of the Agreement obliges the Netherlands to “facilitate the smooth functioning of the Court,” but it remains legally ambiguous whether this includes proactive cybersecurity support.
The National Cyber Security Center (NCSC), under the Dutch Ministry of Justice and Security, plays a vital role in protecting public institutions. Yet its jurisdiction over independent international courts remains limited. The 2023 and 2025 incidents suggest the need for an updated interpretation or perhaps even a revision of this legal relationship to address digital vulnerabilities.
This breach also underscores a growing trend: the politicization of cyber warfare against international judicial bodies. The ICC’s investigations into state leaders have positioned it as a high-value target for both state and non-state actors. These incidents cannot be dismissed as isolated technical failures. They represent direct challenges to the legitimacy, independence, and operational capacity of global justice mechanisms.
As a Dutch law student and correspondent, I find this deeply concerning. The ICC, like other courts headquartered in The Hague, depends on a safe and stable environment both physically and digitally to function effectively. Our national reputation is intertwined with their security.
From a legal standpoint, repeated cyber intrusions into ICC infrastructure may constitute violations of international law. Frameworks like the Tallinn Manual 2.0 provide guidance on state responsibilities in cyberspace, including the prohibition of operations that interfere with the sovereign functions of another state or international organization. If attribution to a state actor can be confirmed, these attacks could rise to the level of internationally wrongful acts or even digital aggression.
Dutch domestic law criminalizes unauthorized digital access under Article 138ab of the Dutch Criminal Code, with enhanced penalties for targeting protected systems. However, such laws have limited applicability when attacks originate abroad or target international institutions.
As cyberattacks on international institutions become more sophisticated and frequent, the Netherlands must take proactive steps. These might include:
- Expanding the cybersecurity obligations under the Headquarters Agreement to include incident prevention, not just response.
- Bolstering cooperation between Dutch intelligence and international institutions headquartered in The Hague.
- Advocating international legal instruments that specifically address the digital protection of international courts.
- Leading diplomatic efforts within the EU and NATO to establish a shared cyber defense policy for international justice institutions.
Opinions expressed in JURIST Dispatches are solely those of our correspondents in the field and do not necessarily reflect the views of JURIST’s editors, staff, donors or the University of Pittsburgh.
