"The ICC Office of the Prosecutor's Policy on Cyber-Enabled Crimes under the Rome Statute" December 2025

What is the main content of the Policy?

This Policy sets out how the Office of the Prosecutor (OTP) can apply its existing mandate to investigate and prosecute crimes under the Rome Statute, including when they are committed or facilitated through cyber means. It reflects the growing reality that digital technologies may increasingly be used to enable serious crimes — for instance, to plan or coordinate attacks, incite violence, or manipulate evidence.

Why did the OTP develop the Policy? And why now?

The growing use of cyberspace is already transforming the way that international crimes may be committed, and this is likely to continue. The digital sphere or digital ecosystem or cyberspace can now be used to plan, facilitate, or even directly commit acts that may amount to genocide, crimes against humanity, war crimes, or offences against the administration of justice at the ICC. The Policy sets out the Office’s interpretation of how the Rome Statute applies to cyber-enabled conduct, and provides principles and guidance for identifying, investigating, and prosecuting such crimes within the Court’s jurisdiction.
The OTP’s Policy—which is the first to address the implications of new technology in this way—comes as part of a much broader series of expert initiatives and other measures addressing the misuse of cyberspace and its implications for international law more generally. Critically, these measures all affirm that cyberspace is not a ‘law free zone’. This important principle applies no less to international criminal law.

What are the key objectives of the Policy?

Among other objectives, the Policy seeks to:

• Affirm the OTP’s commitment to investigating and prosecuting cyber-enabled crimes under the Rome Statute on an equal basis with crimes committed by other means;
• Demonstrate that the Rome Statute remains relevant in the context of technological change;
• Contribute to the development of international law on conduct in cyberspace which amounts to or facilitates core international crimes;
• Strengthen institutional expertise and training within the OTP;
• Encourage and support national efforts to address such crimes;
• Enhance cooperation with civil society, corporations, and other non-State actors...

Policy on Cyber-Enabled Crimes under the Rome Statute (pg 60)

...CRIMES COMMITTED WITHIN THE CONTEXT OF COMMERCIAL ACTIVITY

170. While the Court may only exercise jurisdiction under the Rome Statute over “natural persons” (and therefore not over purely legal persons such as corporations), the Statute is to be applied “equally to all persons without any distinction” based on official capacity or other role or status.198 Accordingly, within the framework of the overall discretion afforded to the Prosecutor under the Rome Statute to select and prioritise cases for the investigation, the Office will investigate alleged crimes within the jurisdiction of the Court equally, irrespective whether they are committed within the context of commercial activity.

171. Notwithstanding any investigative steps that the Office might take, if the Office has reason to believe that a corporation or corporate officer, employee, or similar person is involved in the commission or facilitation of cyber-enabled crimes within the jurisdiction of the Court, the Office may directly engage with that corporation or person, or other relevant corporations or persons, if appropriate, consistent with its powers under the Rome Statute. Such engagement may seek, among other objectives, to:

• Affirm that relevant person(s) are aware of their alleged involvement in cyber-enabled crimes within the jurisdiction of the Court (“putting them on notice”);
• Ensure that corporations or persons who possess or may come into possession of proceeds, property, assets, or instrumentalities of crimes, are not to be regarded as bona fide third parties who may be protected from identification, tracing, freezing, or seizure of the same for the purpose of eventual forfeiture;
• Prompt a relevant corporation to take appropriate lawful action, including conducting its own internal inquiries not inconsistent with the Office’s investigation or applicable national law, pursuant to its due diligence obligations, and/or;
• Inform relevant corporations or persons of the legal, financial, and reputational risks associated with the alleged activities, and thereby encourage them to cease and desist from such activities and/or to terminate their cooperation with others allegedly engaged in such activities...