
This article is written by Pavni Dua of OP Jindal Global University, an Intern under Legal Vidhiya
Abstract
Foreign interference in electoral processes through cyber means has emerged as a significant challenge to state sovereignty and democratic governance. The increasing use of cyber operations, disinformation campaigns, and digital manipulation enables States to influence foreign elections in ways that are covert, difficult to attribute, and largely insulated from traditional enforcement mechanisms. This article examines the legal consequences of foreign election interference and cyber manipulation under international law. It analyses the applicability of established legal principles, including state sovereignty, the prohibition of non-intervention, international human rights obligations, and the law of State responsibility, to cyber-enabled electoral interference. The article further evaluates the legal responses available to injured States, such as retorsion, countermeasures, and sanctions, while highlighting the limited scope for individual criminal accountability. Particular attention is given to the challenges of attribution, evidentiary standards, and political constraints that undermine enforcement and contribute to the persistence of impunity. The article argues that although international law provides a coherent framework for assessing the legality of foreign election interference, structural and political barriers significantly limit its effectiveness, resulting in a persistent gap between legal norms and meaningful accountability in cyberspace.
Keywords
Foreign Election Interference, Cyber Manipulation, State Sovereignty, Principle of Non-Intervention, International Law and Cyberspace, State Responsibility, Attribution and Accountability, Democratic Processes
Introduction
The world of technology has taken leaps and bounds in the 21st century and grown in ways that were beyond anyone’s predictions. While this has led to progress that no one anticipated, it has also led to problems that no one expected. Information and Communication Technology (ICT) is an innocent tool, but when applied to international security and politics, it can result in outcomes that change the fates of nations, economies and world trade. The bedrock of any nation is its sovereignty, enshrined in Article 25 of the International Covenant on Civil and Political Rights. Citizens have the right to political participation in their respective countries, without any external influence. This principle, however, has been severely compromised in recent years with the rise of interference through cyber manipulation. While foreign interference in elections is not a new phenomenon, what is novel is the covertness and untraceable nature of the interference. Whether it is bots flooding social media with disinformation and manipulative posts pushing propaganda, or AI-generated content being used to defame parties, the effect is not just on the internet; it is real, and so is the outrage felt by the people when their votes are changed with the hacking of Electronic Voting Machines and software. Democracy and sovereignty are sacred, and there needs to be a framework in international law that recognises the gaps and protects the people.
Nature of Foreign Election Interference and Cyber Manipulation
The aim of such attacks is not always to directly influence electoral outcomes; it can take multiple forms. Attacks on electoral infrastructure such as voter registration databases, vote counting systems or election management software may not always alter the electoral outcome, but it shakes the trust of the people in the institution, which can have a direct impact on voter turnout. Moreover, such distrust weakens the institution of democracy and erodes credibility. In the 2024 US elections, an election that arguably had the most foreign influence, the outcomes of which had ripples worldwide, social media was taken over and used to facilitate political agendas. It was not just the dissemination of information; it was the propagation of false narratives, fake news, and polarising posts targeted at specific demographic groups meant to exploit existing societal divisions and operate through automated accounts, coordinated networks, or algorithmic manipulation. While disinformation campaigns may not involve technical breaches of systems, their strategic use in election contexts raises serious concerns regarding external manipulation of political discourse and voter autonomy.
Cyber interference may also involve the hacking and strategic release of political data. Illicitly obtained communications, internal party documents, or personal information of candidates may be selectively disclosed to influence voter perceptions. This is where often big interests lie, foreign intelligence agencies, along with third-party actors with unlimited budgets, combine cyber intrusion with information warfare, blurring the line between espionage and unlawful intervention. Although espionage is not per se prohibited under international law, the deliberate use of stolen information to shape electoral outcomes introduces a coercive dimension that distinguishes election interference from ordinary intelligence activities.
Cyber interference also offers a feature that makes its appeal even stronger, plausible deniability. With states using proxies, non-state actors, or loosely affiliated groups, tracing the source and attributing it to a party that can then be held accountable becomes not only increasingly complex, but in most cases, near impossible. This ambiguity complicates legal responses and allows States to deny involvement while continuing to benefit from the effects of interference. As a result, cyber manipulation has become an attractive tool for exerting influence while minimising the risk of legal or political consequences.
Importantly, foreign election interference through cyber means does not typically amount to a use of force under international law. However, its legal significance lies elsewhere. Elections are a core expression of state sovereignty and democratic self-determination, and interference in electoral processes may still constitute an internationally wrongful act even in the absence of physical harm. Understanding the nature of cyber election interference is therefore essential for assessing its legal consequences and determining how existing principles of international law apply to modern threats against democratic governance.
Applicable International Legal Framework
Foreign electoral interference conducted through cyber means may not meet the standard for “armed force”; nonetheless, it engages several established principles of international law. Contrary to claims that cyber operations exist in a legal vacuum, the prevailing view among States, international bodies, and legal scholars is that existing rules of international law apply to State behaviour in cyberspace. The central challenge that exists here is not whether legal norms exist, but their applicability to digital interference with democratic processes.
State sovereignty stands as a pillar of the maintenance of the international legal order. Sovereignty encompasses a State’s exclusive authority over its internal affairs, including the organisation and conduct of elections. Although international law has not yet articulated a universally accepted threshold for when cyber operations breach sovereignty, there is growing consensus that operations producing significant effects on inherently governmental functions, such as elections, engage sovereign interests. The principle of non-intervention is closely tied to that of sovereignty and prohibits states from intervening in the internal or external affairs of another state in a coercive manner. As articulated by the International Court of Justice in the Nicaragua v. United States judgment, intervention is unlawful when it bears on matters in which each State is permitted to decide freely, including its political system and electoral choices. Such intervention also stands in violation to Article 25 of the ICCPR. While the line between permissible influence and prohibited intervention remains contested, cyber operations designed to undermine electoral integrity or alter voter behaviour through deceptive or coercive means may satisfy the coercion requirement, particularly when conducted by or attributable to a foreign State.
The doctrine of due diligence has emerged as a relevant framework for accountability in this context. Under this principle, states must take reasonable measures to ensure that their territory is not used to cause serious harm to other States. This accords international responsibility to states in cases where cyber infrastructure within a state is knowingly used for election interference operations, and no steps are taken to prevent such conduct. While the precise mechanism and scope of this doctrine are yet to be established, it reflects an effort towards adapting existing norms to the transboundary nature of the cyber world. Importantly, cyber election interference does not generally amount to a “use of force” under Article 2(4) of the United Nations Charter, nor does it typically trigger the right of self-defence under Article 51. Nevertheless, conduct that falls below the armed force threshold may still constitute an internationally wrongful act. International law recognises a spectrum of unlawful conduct, and violations of sovereignty, non-intervention, or human rights obligations may engage legal consequences even in the absence of kinetic harm.
Legal Consequences of Foreign Election Interference and Cyber Manipulation
In cases where such foreign electoral interference through cyber means is attributable to a State and found to be a breach in international obligation, it may give rise to legal consequences under the law of State responsibility. It is not required that for an act to be classified as intentionally wrongful, there needs to be use of armed force; however, conduct that violates principles of sovereignty, non-intervention, or applicable human rights obligations may still engage responsibility even when it occurs below the armed conflict threshold. Therefore, cyber-enabled interference in another State’s electoral process, where sufficiently serious, may constitute an intentionally wrongful act giving rise to duties of cessation, non-repetition, and reparation.
The primary framework governing these consequences is set out in the International Law Commission’s Articles on Responsibility of States for Internationally Wrongful Acts. Under this, a state is liable for conduct that violates an international obligation. Such attribution is possible in cases where the cyber operations are carried out by the State organs, individuals acting under State direction or control, or through non-State actors whose conduct is subsequently acknowledged or adopted by the State. Once responsibility is established, the injured State is entitled to invoke responsibility and demand that the wrongful conduct cease and that assurances of non-repetition be provided. In theory, this framework applies fully to cyber election interference; in practice, its enforcement is often limited by hurdles of proof and enforcement.
One frequently used response to cyber-attacks is retorsion, which consists of unfriendly but lawful acts, such as diplomatic protests, the suspension of cooperation agreements, or the imposition of economic or political sanctions. Retorsion does not require proof of an internationally wrongful act and is therefore frequently used in response to suspected cyber interference. While such measures may carry political and economic consequences, they do not in themselves constitute legal accountability and often function more as expressions of disapproval than as corrective mechanisms.
More legally significant are countermeasures, which are acts that would otherwise be unlawful but are permitted as a response to a prior internationally wrongful act. Under the ILC Articles, countermeasures must be proportionate, reversible, and aimed at inducing compliance with international obligations. In the cyber context, this may include reciprocal cyber operations or other restrictive measures directed at the responsible State. However, the use of countermeasures in response to election interference remains legally and politically contentious. States are often reluctant to acknowledge the use of countermeasures publicly, particularly where attribution is uncertain, as doing so risks escalation and reciprocal action.
Another potential consequence lies in the realm of international and domestic criminal accountability, though this avenue remains limited. Foreign election interference through cyber means does not neatly fit within the existing categories of international crimes under the Rome Statute of the International Criminal Court, which focuses primarily on genocide, crimes against humanity, war crimes, and aggression. While certain cyber activities could theoretically contribute to crimes against humanity if conducted as part of a widespread or systematic attack against a civilian population, this threshold is rarely met in the electoral context. As a result, individual criminal responsibility for cyber election interference is more likely to arise under domestic law, through prosecutions for cybercrime, espionage, or election-related offences, rather than through international criminal mechanisms.
Legal consequences may also arise through collective or institutional responses, particularly at the regional or multilateral level. States and international organisations have increasingly relied on coordinated sanctions regimes, public attribution statements, and normative condemnations to respond to cyber interference. While such measures contribute to the gradual development of international norms and expectations, they remain largely political in character and lack the binding force associated with judicial determinations of responsibility.
Overall, the legal consequences available under international law reflect a fragmented and uneven response to foreign election interference and cyber manipulation. Although the law of State responsibility provides a coherent framework in principle, its practical impact is limited by attribution challenges, political caution, and the absence of specialised enforcement mechanisms. As a result, the gap between legal wrongdoing and meaningful consequences remains significant, reinforcing the perception that cyber election interference is a low-risk, high-reward activity for States seeking to influence foreign political processes.
Challenges of Attribution, Evidence, and Enforcement
Despite the applicability of international law to foreign election interference through cyber means, meaningful accountability remains rare in practice. This is largely due to persistent difficulties relating to attribution, evidentiary standards, and enforcement, all of which are compounded by broader political considerations. Together, these factors significantly weaken the capacity of international law to respond effectively to cyber manipulation of electoral processes.
Attribution presents the most immediate challenge. Cyber operations are designed to obscure their origin, allowing States to operate through proxies, private actors, or loosely affiliated groups while maintaining plausible deniability. Operations are often routed through multiple jurisdictions and third-party infrastructure, making it difficult to establish a clear link between the act and a particular State. Even where technical indicators suggest State involvement, international law requires that conduct be legally attributable under recognised standards, such as State organ involvement or effective control over non-State actors. Meeting these thresholds in the cyber context is frequently difficult, limiting the ability of affected States to formally invoke responsibility.
Evidentiary constraints further undermine enforcement. Public allegations of cyber election interference often rely on classified intelligence that States are unwilling to disclose due to concerns about protecting sources and methods. As a result, claims of interference may be politically persuasive but legally insufficient to meet the standard required for formal proceedings or lawful countermeasures. This evidentiary gap encourages reliance on diplomatic protests or public attribution statements rather than legal processes grounded in proof.
Enforcement mechanisms themselves are also limited. International adjudicatory bodies lack compulsory jurisdiction over disputes concerning cyber operations, and proceedings before the International Court of Justice depend on State consent, which is rarely forthcoming in politically sensitive cases. In the absence of binding dispute settlement, legal responsibility is seldom established through authoritative judicial decisions. Instead, responses tend to take the form of unilateral or collective political measures, such as sanctions or diplomatic pressure.
Political considerations further constrain accountability. Election interference often involves powerful States, making collective action difficult and responses uneven. States may be reluctant to escalate disputes or risk retaliation in cyberspace, particularly given the uncertainty surrounding escalation dynamics. This selective enforcement undermines the credibility of international law and reinforces perceptions that cyber interference carries relatively low legal risk. Domestic enforcement offers only limited relief. While States may pursue criminal investigations against individuals involved in cyber interference, jurisdictional barriers and the inability to secure extradition frequently prevent meaningful prosecution. Such proceedings often focus on technical cyber offences rather than addressing the broader international legal implications of election interference.
Overall, the lack of accountability for foreign election interference reflects structural weaknesses rather than gaps in the law itself. Difficulties in attribution, high evidentiary thresholds, limited enforcement mechanisms, and political reluctance combine to ensure that cyber manipulation of elections is rarely met with effective legal consequences, despite the clear relevance of international legal norms.
Conclusion
Foreign election interference through cyber means poses a serious threat to sovereignty and democratic self-determination. It not only threatens the whole structure, it also threatens to unravel the pillars of international customary law. The prevalence of such interference, because of it being low-cost, difficult to attribute and highly disruptive, is dangerous. However, contrary to certain beliefs, it does not exist in a legal vacuum, international norms, such as, state sovereignty, non-intervention, human rights and due diligence, do apply. The real challenge with such interference is application not the absence of law.
If such act is attributed to a party/state, consequences do follow. State responsibility, countermeasures and retorsion, sanctions and diplomatic measures, criminal accountability are all measures that in theory could be taken, however, these often fail in practice. This is because it is difficult to concretely establish connections with states directly, moreover, concrete proof and evidence are paramount to establish a breach on international law. This coupled with the pressures of powerful parties and reluctance in prosecution and enforcement, makes the process even more complicated. This is the primary reason that cyber interference thrives, hackers and these parties are aware that legal risks are low and consequences are uncertain.
Overall, this undermines the public’s trust in the electoral process and weakens the state’s democratic legitimacy. When voters believe that elections are rigged, their notions of powerlessness increase and this goes to fuel unrest amongst the populace. This as a tool of statecraft, not only impacts the state’s voters, but also the world’s confidence in international law. When such acts go by unpunished, it motivates others, and erodes the trust of people in customary international law. Hence, there need to be incremental improvements that facilitate a better formation of international law. Some suggested improvements are, greater transparency in attribution, clearer articulation of legal thresholds, continued norm development through UN processes, and increased cooperation on election security. Together with these reforms and political will, international law can adequately address cyber election interference. Ultimately, the effectiveness of international law in this area ultimately depends not on the novelty of cyber threats, but on the willingness of States to treat interference in democratic processes as a genuine legal wrong rather than a tolerable political tactic.
References
- Charter of the United Nations arts. 2(1), 2(4), 51.
- International Covenant on Civil and Political Rights arts. 19, 25, Dec. 16, 1966, 999 U.N.T.S. 171.
- Military and Paramilitary Activities in and against Nicaragua (Nicar. v. U.S.), Merits, 1986 I.C.J. 14.
- International Law Commission, Draft Articles on Responsibility of States for Internationally Wrongful Acts, U.N. Doc. A/56/10 (2001),
https://legal.un.org/ilc/texts/instruments/english/draft_articles/9_6_2001.pdf. - Michael N. Schmitt (ed.), Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Cambridge Univ. Press 2017).
- United Nations Group of Governmental Experts, Report on Developments in the Field of Information and Telecommunications in the Context of International Security, U.N. Doc. A/70/174 (2015),
https://www.un.org/disarmament/ict-security/. - United Nations Group of Governmental Experts, Report, U.N. Doc. A/76/135 (2021),
https://www.un.org/disarmament/ict-security/.
Disclaimer: The materials provided herein are intended solely for informational purposes. Accessing or using the site or materials does not establish an attorney-client relationship. The information presented on this site is not to be construed as legal or professional advice, and it should not be relied upon for such purposes or used as a substitute for advice from a licensed attorney in your state. Additionally, the viewpoint presented by the author is personal.