Submit your essay to the AI-Cybersecurity Essay Prize Competition by January 2, 2025.
The AI-Cybersecurity Essay Prize Competition
Read more
Main Logo Expert commentary on tech and security

Responsible tech business in conflict

Isabel Ebert / Timothy Charlton-Czaplicki 8 March 2024
Share On:
Isabel Ebert and Timothy Charlton-Czaplicki explore the challenges faced by technology companies operating in conflict
Main Top Image
Image created with the assistance of Dall-E 2

During the past decade, social media platforms have been used to incite violence in Myanmar and Ethiopia and to spread disinformation around the invasion of Russia into Ukraine. Most recently they have played an ambiguous role in the Israel-Gaza war. Communications infrastructure required to operate digital services is also often an early target for physical destruction, as was the case in the Gaza Strip in October 2023. Internet shutdowns are a frequent reality in several countries. Many other digitally mediated impacts in conflicts, in particular around surveillance technology, remain hidden under the surface.

Digital tools and services underpin both civilian and military activity, entangling them and their creators in a complex web of responsibilities and duties. Humanitarian actors find themselves in a similar predicament, as the aid they provide increasingly depends on sophisticated digital solutions licensed from global corporations. These technologies range from productivity software to low earth orbit satellite connectivity.

Understanding and anticipating the use of technology in conflict is becoming a central challenge for its creators and users alike. Corporate actors are faced with ensuring their products are used in accordance with international law in fast-paced and fluid conflict settings.

Where should business begin?

In 2011, the UN Human Rights Council unanimously endorsed the “UN Guiding Principles on Business and Human Rights (UNGPs), welcomed by both business and civil society. The principles reaffirm the duty of states to protect human rights and articulate how states’ obligations under international human rights law are to be understood in relation to business activities. Further, the UNGPs recognise and elaborate on the responsibility of business enterprises to respect human rights. As part of this responsibility, all business enterprises are expected to conduct “human rights due diligence”, a process for identifying, preventing, mitigating, and accounting for how they address their impacts on human rights. This means that tech companies, including ‘big tech’, should identify and address how they might negatively affect human rights through their own activities or as a result of their business relationships. This process can be integrated into established corporate risk management processes and policy commitments to respect human rights.

The UNGPs also account for operating environments, such as conflict-affected areas, that may increase the risk of enterprises becoming involved with severe human rights abuses. In such complex contexts, businesses should ensure at the very least that they do not exacerbate the situation. In 2020, the UN Working Group on Business and Human Rights further clarified the expectations of business in such contexts to entail seeking advice and assistance from government bodies, including embassies; engaging in heightened human rights due diligence; and making space for local grievances regarding company activities in a conflict-sensitive way.

Heightened human rights due diligence

 The UNGPs provide business enterprises with a blueprint for addressing human rights risks, including through the exercise of human rights due diligence. This will vary in complexity with the risk of severe human rights impacts and the nature and context of operations. 

Situations of armed conflict should automatically raise red flags within the enterprise and trigger human rights due diligence processes that are finely tuned and sensitive to this higher level of risk. As noted in the UNGPs, in such situations, enterprises are expected to respect the standards of international humanitarian law (IHL) in addition to internationally recognised human rights. 

IHL and international human rights law are complementary and share some aims. Both IHL and human rights law prohibit torture or cruel treatment, prescribe basic rights for persons subject to criminal processes, prohibit discrimination, contain provisions for the protection of women and children, and regulate aspects of the right to food and health. However, IHL specifically applies to armed conflict. IHL is articulated as a series of treaties and protocols agreed at state level, as well as customary rules, meaning general practice accepted as law, which apply to states, non-state actors, and individuals in international and non-international armed conflict.

However, deferring solely to IHL leaves a gap in the advisory literature on responsible corporate conduct in borderline conflict or fast-moving situations. Since IHL “applies only in situations of armed conflict”, it does not guide actors in the periods preceding or following it. Monitoring ongoing debates and commentary in this developing space, such as when cyber operations constitute armed conflict or how geographically dispersed civilian data should be safeguarded, is highly relevant to globally operating tech companies. As digital technologies dissolve the temporal and spatial boundaries of conflict, knowing which body of law applies in a situation is crucial.

To be effective for the wide range of corporate actors involved in kinetic and cyber conflict, ‘heightened human rights due diligence’ should include voluntary measures to avoid civilian harm and guarantee the ability of humanitarian organisations to act unimpeded where conflict might be reasonably anticipated. Interpretations of international law and norms related to novel technologies in conflict situations are currently emerging, meaning a definitive set of instructions is not yet available. However, the expectations of the UNGPs are clear – all companies should conduct human rights due diligence with respect to all internationally recognised human rights and IHL in conflict situations. The exact ways in which new technologies impact human rights and IHL may not be fully understood, though companies can begin by implementing a range of measures.

Where to go from here?

What should conflict-sensitive corporate responsibility look like? A set of recommendations for technology companies, based on the UNGPs and IHL, can help address human rights concerns in conflict settings:

  1. Adopt Conflict-Specific Policies and Practices applicable to all business units, addressing emerging normative standards related to international human rights. These allow companies to prepare for potential conflicts with state actors and commit to pushing back against government requests that conflict with human rights standards.
  2. Practice Heightened Human Rights Due Diligence to identify areas of conflict where technology is currently in use or might be in the future. This applies even if the company has no operations or employees present. Enhanced Due Diligence can also help assess potential human rights implications in conflict through research and stakeholder engagement, eg, with regard to considerations for remaining and exiting. The boundaries of modern conflicts are spatially and temporally fluid.
  3. Involve Legal and Compliance Team(s) to treat human rights and IHL abuses in conflict areas as compliance issues.
  4. Apply conflict-sensitive Product Design to prevent and mitigate adverse human rights and IHL impacts by introducing security features or limiting certain functionalities. Appropriate Contract Drafting can limit abuse by requiring rights-compatible usage of technology products.
  5. Establish Avenues for Early Warning, Crisis Protocols, and Rapid Response involving employees, contractors, civil society, and community stakeholders. This may entail Industry Collaboration and Information Sharing to engage with other companies.
  6. Establish or participate in effective operational-level grievance mechanisms that are conflict sensitive to help identify and address adverse impacts of digital technologies in conflict settings (see also the full range of UNGPs effectiveness criteria).
  7. Carry out Conflict-Sensitive Training for employees and workers, including an introduction to IHL and considerations for engaging with victims of trauma, to prepare staff to act in an informed manner.
  8. Implement Enhanced Privacy Policies to safeguard people in conflict settings, minimise data risks, and conduct ongoing human rights due diligence on third-party partnerships.

These recommendations emphasise the importance of proactive measures, collaboration, and consideration of the unique challenges posed by conflict settings to safeguard human rights in the technology sector.

The views expressed are those of the authors and do not necessarily reflect the official views of any UN organisation.

avatar
Isabel Ebert
avatar
Timothy Charlton-Czaplicki

Related

Featured image
Hooked On Trends
Crowdstrike reveals a “small catastrophe” pattern in cyber insurance
Tom Johansmeyer 23 August 2024
Read more arrow
Featured image
Hooked On Trends
European influence in cyber conflict studies is growing
Myriam Dunn Cavelty / Tobias Pulver / Max Smeets 13 May 2024
Read more arrow
Featured image
Hooked On Trends
Drones enhance defences in the Ukraine war
Mauro Gilli / Niklas Masuhr 10 January 2024
Read more arrow

Terms and Conditions for the AI-Cybersecurity Essay Prize Competition

Introduction

The AI-Cybersecurity Essay Prize Competition (the “Competition”) is organized by the European Cyber Conflict Research Incubator (“ECCRI CIC”) in partnership with the Munich Security Conference (“MSC”). It is sponsored by Google (the “Sponsor”). By entering the Competition, participants agree to these Terms and Conditions (T&Cs).

Eligibility

The Competition is open to individuals worldwide who are experts in the fields of cybersecurity and artificial intelligence (“AI”). Participants must ensure that their participation complies with local laws and regulations.

Submission Guidelines

Essays must address the question: “How will Artificial Intelligence change cybersecurity, and what are the implications for Europe? Discuss potential strategies that policymakers can adopt to navigate these changes.”

Submissions must be original, unpublished works between 800-1200 words, excluding footnotes but including hyperlinks for references.

Essays must be submitted by 2 January 2025, 00:00 am CET., through the official submission portal provided by ECCRI CIC.

Only single-authored essays are accepted. Co-authored submissions will not be considered.

Participants are responsible for ensuring their submissions do not infringe upon the intellectual property rights of third parties.

Judging and Awards

Essays will be judged based on insightfulness, relevance, originality, clarity, and evidence by a review board comprising distinguished figures from academia, industry, and government.

The decision of the review board is final and binding in all matters related to the Competition.

Prizes are as follows: 1st Place: €10,000; Runner-Up: €5,000; 3rd Place: €2,500; 4th-5th Places: €1,000 each. The winner will also be invited to attend The Munich Security Conference

Intellectual Property Rights

The author retains ownership of the submitted essay.

By submitting the essay, the author grants ECCRI CIC exclusive, royalty-free rights to use, reproduce, publish, distribute, and display the essay for purposes related to the Competition, including but not limited to educational, promotional, and research-related activities.

The author represents, warrants, and agrees that no essay submitted as part of the essay prize competition violates or infringes upon the rights of any third party, including copyright, trademark, privacy, publicity, or other personal or proprietary rights, breaches, or conflicts with any obligation, such as a confidentiality obligation, or contains libellous, defamatory, or otherwise unlawful material.

The author agrees that the organizers can use your name (or your pseudonym) and an image of you in association with your essay for purposes of publicity, promotion and any other activity related to the exercise of its rights under these Terms.

The organizers may remove any essay-related content from its platforms at any time and without explanation.

The organizers may block contributions from particular email or IP addresses without notice or explanation.

The organizers may enable advertising on its platforms and associated social media accounts, including in connection with the display of your essay. The organizers may also use your Material to promote its products and services.

The organizers may, at its sole discretion, categorise Material, whether by means of ranking according to popularity or by any other criteria.

Data Protection

Personal information collected in connection with the Competition will be processed in accordance with Virtual Routes’ Privacy Policy. Participants agree to the collection, processing, and storage of their personal data for the purposes of the Competition.

Liability and Indemnity

ECCRI CIC, MSC, and the Sponsor will not be liable for any damages arising from participation in the Competition, except where prohibited by law.

Participants agree to indemnify ECCRI CIC, MSC, and the Sponsor against any claims, damages, or losses resulting from a breach of these T&Cs.

General Conditions

ECCRI CIC reserves the right to cancel, suspend, or modify the Competition or these T&Cs if fraud, technical failures, or any other factor beyond ECCRI CIC’s reasonable control impairs the integrity or proper functioning of the Competition, as determined by ECCRI CIC in its sole discretion.

Any attempt by any person to deliberately undermine the legitimate operation of the Competition may be a violation of criminal and civil law, and, should such an attempt be made, ECCRI CIC reserves the right to seek damages from any such person to the fullest extent permitted by law.

Governing Law

These Terms and Conditions are governed by the laws of the United Kingdom, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the courts of the United Kingdom. The participants agree to submit to the exclusive jurisdiction of the courts located in the United Kingdom for the resolution of all disputes arising from or related to these Terms and Conditions or the Competition.