Law, Tech, Humanity, and Trust

Summary

This discussion focused on the International Committee of the Red Cross (ICRC) project to establish a digital form of the protective emblems of the Geneva Conventions—the Red Cross, Red Crescent, and Red Crystal—for use in cyberspace during armed conflicts. The session featured Samit D’Cunha, a legal advisor at ICRC, and Mauro Vignati, a tech advisor, moderated by Joelle Rizk, a digital risks advisor.

The project emerged from growing concerns about the increasing dependence of medical and humanitarian operations on digital infrastructure, combined with the reality that cyber operations have become part of modern armed conflicts. Since physical protective emblems that have safeguarded humanitarian operations for over 160 years are not visible in cyberspace, there is a critical need for digital equivalents that can signal protection under international humanitarian law to cyber operators.

Key milestones include the 2023 publication of an expert feasibility report, adoption of Resolution 2 at the 34th International Conference of the Red Cross and Red Crescent encouraging ICRC’s digital emblem work, and the Cyber Security Tech Accords’ Digital Emblem Pledge supporting the project. Most recently, the Internet Engineering Task Force established a working group to develop technical standards for digital emblems.

The digital emblem would function as a cryptographic certificate that marks protected digital assets, similar to how physical emblems identify protected persons and objects in traditional warfare. Addressing concerns about potential misuse or increased targeting, the experts explained that the emblem replicates the same protections and risks as physical emblems, with built-in safeguards including the ability to remove the emblem when exposure becomes risky and public monitoring of certificate issuance to detect misuse.

The project emphasizes multi-stakeholder collaboration, involving governments, tech companies, humanitarian organizations, and even engagement with hacker communities through initiatives like “The Eight Rules for Hackers.” Technical standardization is crucial for global interoperability, with the IETF providing the primary venue for developing internet standards. The initiative also addresses the digital divide by ensuring simple, accessible technology that can be implemented by countries with varying levels of technological sophistication.

Potential legal incorporation methods include amending existing protocols, creating new binding agreements, or through unilateral state declarations and special agreements between conflict parties. This groundbreaking project represents a critical adaptation of humanitarian law to the digital age, ensuring that life-saving medical and humanitarian operations remain protected in an increasingly cyber-dependent world.

Keypoints

## Major Discussion Points:

– **Digital Emblem Project Overview**: The International Committee of the Red Cross (ICRC) is developing a digital version of the protective emblems (Red Cross, Red Crescent, Red Crystal) to extend their protective function from physical battlefields to cyberspace, allowing computer-to-computer recognition of protected humanitarian and medical assets.

– **Technical Implementation and Standards**: The project involves creating cryptographic certificates that serve as digital markers, with development happening through the Internet Engineering Task Force (IETF) working group. The emphasis is on using existing, simple technologies to ensure global accessibility and interoperability.

– **Risks and Mitigation Strategies**: Discussion of potential misuse of digital emblems (such as protecting military assets) and exposure risks for humanitarian organizations, with proposed solutions including removable emblems in dangerous situations and public certificate monitoring to detect unauthorized use.

– **Multi-stakeholder Collaboration and Adoption**: The project has gained support from 196 states through international resolutions, 160+ technology companies through the Cyber Security Tech Accords, and involves ongoing outreach to hacker communities, governments, and humanitarian organizations to build common understanding of international humanitarian law in cyberspace.

– **Legal Integration Pathways**: Various options for incorporating the digital emblem into international humanitarian law, including amending existing protocols, creating new binding agreements, unilateral state declarations, or special agreements between conflict parties.

## Overall Purpose:

The discussion aimed to present and explain the ICRC’s Digital Emblem Project, which seeks to translate the 160-year-old protective function of humanitarian emblems into the digital age. The goal is to create a technical solution that signals to cyber operators that certain digital assets are protected under international humanitarian law, thereby extending traditional battlefield protections to cyberspace operations.

## Overall Tone:

The discussion maintained a consistently professional, collaborative, and optimistic tone throughout. The speakers demonstrated expertise while remaining accessible to a diverse audience. The tone was forward-looking and solution-oriented, with presenters acknowledging challenges while emphasizing progress and multi-stakeholder support. Questions from the audience were welcomed and addressed constructively, reinforcing the collaborative atmosphere. The overall sentiment was one of cautious optimism about the project’s potential impact on protecting humanitarian operations in an increasingly digital world.

Speakers

– **Joelle Rizk** – Digital risks advisor at the International Committee of the Red Cross (ICRC), session moderator

– **Mauro Vignati** – Tech advisor at the International Committee of the Red Cross (ICRC), technical lead on the Digital Emblem Project

– **Samit D’Cunha** – Legal advisor at the International Committee of the Red Cross (ICRC)

– **Speaker** – Representative from the Global Cyber Security Forum (identified as Amin)

– **Audience** – Multiple audience members including:

– Preetam Malur from ITU

– Ambassador for Cyber and Digital of Luxembourg

– Ollie from Australia (works in humanitarian law)

Additional speakers:

None identified beyond those in the speakers names list.

# Digital Emblem Project: Extending Humanitarian Protection to Cyberspace

## Executive Summary

This discussion examined the International Committee of the Red Cross (ICRC) Digital Emblem Project, an initiative to establish digital versions of the protective emblems of the Geneva Conventions for use in cyberspace during armed conflicts. Moderated by Joelle Rizk, a digital risks advisor at ICRC, the session featured presentations from Samit D’Cunha, legal advisor at ICRC, and Mauro Vignati, tech advisor and technical lead on the Digital Emblem Project participating online. The discussion included active participation from representatives of the Global Cyber Security Forum, ITU, Luxembourg’s Ambassador for Cyber and Digital, and humanitarian law experts from Australia.

The project addresses a critical gap in modern warfare: while physical protective emblems have safeguarded humanitarian operations for over 160 years, these protections are not visible in cyberspace where medical and humanitarian operations increasingly depend on digital infrastructure. The initiative seeks to create digital markers that enable recognition of protected humanitarian and medical assets under international humanitarian law.

## Project Genesis and Development

The Digital Emblem Project emerged from the ICRC’s recognition that cyber operations have become integral to modern armed conflicts, while traditional protective mechanisms remain confined to physical spaces. Samit D’Cunha explained that the project began in 2020 following extensive consultations with states, the Red Cross movement, private sector entities, and cyber experts. The initiative was driven by the fundamental challenge that “the emblem is not visible in cyberspace,” creating a protection gap for increasingly digitalized humanitarian operations.

The project has achieved significant milestones since its inception. In 2023, the ICRC published an expert feasibility report that laid the technical and legal groundwork for digital emblems. This was followed by the adoption of Resolution 2 at the 34th International Conference of the Red Cross and Red Crescent, which encouraged the ICRC’s digital emblem work with support from 196 states. The Cyber Security Tech Accords subsequently launched a Digital Emblem Pledge a few weeks later, garnering support from over 160 technology companies.

D’Cunha also noted that the African Union developed a common position on international humanitarian law application to information and communication technologies approximately two years prior to this discussion, demonstrating leadership in this area.

Most recently, the Internet Engineering Task Force (IETF) established a working group called DIEM (Digital Emblems) to develop technical standards for digital emblems, with work beginning at IETF 123 in Madrid.

## Technical Implementation Approach

Mauro Vignati provided insights into the technical approach of the digital emblem system. The concept involves creating certificates that serve as digital markers, similar to how physical emblems identify protected persons and objects in traditional warfare. These would be embedded in digital infrastructure to signal protection under international humanitarian law.

Vignati emphasized that the goal is to “develop simple technology using already standardized components to ensure accessibility for all states regardless of technological sophistication.” The certificates would be publicly visible, allowing organizations to monitor for unauthorized use, and would be removable when exposure might create security risks.

The Internet Engineering Task Force serves as the primary venue for developing these technical standards. Vignati noted that the IETF is “the most recognized international entity producing internet standards that are implemented worldwide.” The DIEM working group allows participation from governments, technology companies, civil society organizations, and technical experts.

D’Cunha highlighted that incorporating technical standards into international humanitarian law has historical precedent, dating back to the 1863 standardization of the Red Cross emblem itself, and includes the 1970s incorporation of International Civil Aviation Organization (ICAO) and International Telecommunication Union (ITU) standards into Additional Protocol I of the Geneva Conventions.

## Risk Management and Security Considerations

The discussion addressed concerns about potential risks associated with digital emblems, including misuse and targeting of humanitarian assets. Vignati acknowledged that “misuse is possible in digital space just as in physical space,” but emphasized that the digital emblem incorporates safeguards to address these challenges.

Key protection mechanisms include the ability to remove digital emblems when exposure might create security risks, replicating the flexibility of physical emblems. The system also incorporates public monitoring capabilities through publicly visible certificates, allowing organizations to identify unauthorized use.

Addressing concerns about increased targeting, Vignati argued that “protected entities are already identifiable through various means, so the digital emblem doesn’t necessarily increase targeting risks.” He explained that hospitals and humanitarian facilities can already be identified through multiple digital footprints.

## Legal Framework and Compliance

The legal foundation for digital emblems rests on existing international humanitarian law, particularly the Geneva Conventions and their Additional Protocols. D’Cunha emphasized that the digital emblem “serves as a pragmatic technical tool to support compliance by enabling cyber operators to identify protected infrastructure” rather than creating new legal obligations.

D’Cunha mentioned that there are different possible means for legal incorporation, though he did not elaborate extensively on specific mechanisms. He addressed skepticism about emblem effectiveness by noting that “the distinctive emblems remain among the most respected symbols globally,” and provided personal testimony that “a lot of the work that’s done by the medical services in situations of armed conflict is only possible because of the trust in the emblem.”

## Multi-Stakeholder Engagement

The project has engaged diverse actors in humanitarian law compliance. D’Cunha described the ICRC’s publication of “Eight Rules for Hackers,” which received “mixed but ultimately positive feedback from hacker groups.” This represents engagement with non-traditional actors in cyber operations.

Vignati reported that direct dialogue with hacktivist groups operating in conflict zones has yielded positive feedback regarding potential respect for digital emblems. This engagement recognizes that international humanitarian law applies to all persons participating in hostilities.

The Global Cyber Security Forum representative (Amin) proposed hosting an impact network to bring together various stakeholders for digital emblem implementation, including national organizations, cybersecurity companies, standardization bodies, governments, and infrastructure owners.

## Addressing the Digital Divide

An audience member from Australia raised concerns about countries and services in developing countries being less able to access ICT services where the digital emblem would be most needed, particularly during humanitarian crises.

D’Cunha responded by highlighting capacity building initiatives, noting that relevant resolutions recognize the importance of state-led capacity building for access to humanitarian and medical digital infrastructure. He pointed to the African Union’s leadership in developing common positions despite technological constraints.

The technical approach addresses these concerns through emphasis on simplicity and existing standards. The ITU representative (Preetam Malur) offered collaboration on standardization efforts, noting their network infrastructure standards expertise and global membership of 194 states plus 1,000 private sector entities.

## Artificial Intelligence Considerations

When asked about AI, Vignati explained that AI is increasingly used in cyber offensive and defensive operations, requiring digital emblems to be recognizable by autonomous systems. He noted that “malware and offensive code operating without human intervention must be programmed” to look for and respect digital emblems.

Vignati acknowledged that “technology development often outpaces regulation, necessitating thorough testing before presenting solutions to state actors.”

## Stakeholder Collaboration and Support

The discussion revealed strong support among participants for multi-stakeholder collaboration. All speakers recognized that governments, international organizations, private sector entities, civil society, and technical communities must work together for successful implementation.

Technical standardization emerged as a key area of agreement, with participants recognizing that standards are fundamental for ensuring the digital emblem works consistently across different systems and jurisdictions globally.

The Luxembourg representative mentioned co-chairing a working group with Mexico and Switzerland, indicating ongoing diplomatic engagement on these issues.

## Next Steps and Future Directions

Key immediate steps include the commencement of technical development work at IETF 123 in Madrid and continued multi-stakeholder consultations. The Global Cyber Security Forum’s proposal to host an impact network and the ITU’s offer of collaboration on standardization efforts provide concrete opportunities for advancing the project.

The project benefits from existing support from 196 states through the International Conference resolution and over 160 technology companies through the Tech Accords pledge, creating a foundation for implementation.

## Conclusion

The Digital Emblem Project represents an important adaptation of humanitarian law to the digital age, ensuring that medical and humanitarian operations remain protected in an increasingly cyber-dependent world. The discussion demonstrated stakeholder support, clear technical pathways through the IETF, and recognition of the need to address capacity building and digital divide issues.

The project’s innovative engagement with diverse cyber actors, including hacker communities, provides a model for expanding humanitarian law compliance beyond traditional state-centric approaches. Success will require continued multi-stakeholder collaboration, robust technical standardization, and sustained attention to ensuring developing countries can participate in digital emblem implementation.

By translating the protective function of humanitarian emblems into cyberspace, the project aims to preserve humanitarian principles in an evolving technological landscape while maintaining the fundamental distinction between civilian and military targets that lies at the heart of international humanitarian law.

Joelle Rizk: in here is Mauro, but we don’t see, I see him here, but not up there. Should I wait? For tech, can we please have Mauro on the big screen for the audience? All right, let’s go. Ladies and gentlemen and excellencies, thank you for being here with us today. The session right now is about a project of the International Committee of the Red Cross to establish a digital form of the protective emblems of the Geneva Conventions, the Red Cross, Crescent and Crystal in the cyber domain. And today, you’ll be joined with our colleagues, Samit Dikmina, who’s a legal advisor at the International Committee of the Red Cross. And online, we have Mauro Vignanzi, who’s a tech advisor also at the International Committee of the Red Cross. And I’ll be with you moderating the session. My name is Romel, and I’m a digital risks advisor also at the Red Cross. So ladies and gentlemen, over 160 years ago, states established a distinctive emblem to identify during armed conflict, medical and humanitarian operations that benefit from specific protections under international humanitarian law. The use of these distinctive emblems, like I said, the Red Cross, Red Crescent and Red Crystal, as you see on the screen, the use of these emblem indicates to adversaries in armed conflict that a certain person or an object or an entity are protected. And by that, we mean that their function is otherwise not a legitimate military target. These are universally endorsed and accepted symbols. They have global recognitions by states and also even non-state actors, and therefore they have that protective function during armed conflict. Today, advances in ICTs and other technologies are rapidly changing and giving rise to new methods and shifts in trends during armed conflict and the conduct of warfare and the behaviors of parties involved in armed conflict. Amongst others, we see increasing use of cyber attack on critical infrastructure. We also observe how harmful information activities may also be targeting humanitarian organizations and others. Back when the emblems were endorsed or created, they became a marker of protected persons and entity. However, today the type, back then also, the type of actors involved, the weapon delivery systems, the mechanisms were quite different. Today with digital technologies, we see an introduction of new or different type of actors in the ecosystem of armed conflict, such as hackers, cyber groups. Some may be motivated by criminality, others by ideology, others maybe just proxies to states. Either way, the digital ecosystem that is surrounding armed conflict and violence today becomes a space through which harmful and malicious activities using ICTs are conducted in ways that may also cause harm to civilians and to people. So, an attack on humanitarian organizations’ data systems, for example, may actually eventually lead to disappearances of people. A cyber attack on a critical infrastructure, especially in terms of conflict or crisis, may mean that the functioning of essential services of services essential to the well-being and the survival of the population may be disrupted. And as you imagine, in situations of armed conflict, we may be talking about life and death situations. So today we ask in this session and with our colleagues, with our experts, how can this mark, this protective mark, this emblem, that signals protection under IHL be extended to digital infrastructure? How can it also be extended to the cyber domain? In the same way, how can states ensure that the protection of data, of medical services and humanitarian operations is respected? How can states and parties to armed conflict fulfill their obligation to respect and protect these services? Cyber activities by states or other that may lead to damaging, deleting, encrypting, or otherwise interfering with such data may become an IHL violation. So how can that be addressed through the use of this emblem? Today in a world that is as interconnected and reliant on digital tools as we use today and powered by digital infrastructure, it is imperative to consider that the use and the adaptation of protective emblems in ways that are usable and can deliver on their purpose, not only in the physical context, but also in the context of cyber operations during armed conflict. For all of these reasons, for the past few years, the ICRC has worked with tech experts, I imagine some of them in the room today, with governments, with humanitarian organizations and the private sector to identify avenues to digitalize this emblem. As a digital marker of protection, meaning to find a way to signal through cyber means, computer to computer, the same protection message that the Red Cross emblem sends on the battlefield to adversaries or between adversaries. So now on that, I turn back to. who are experts and to hear from them about the Digital Red Cross Emblem project. So, Samit, if I may begin with you. Can you first tell us a bit more about the project? Why and how did this project get started and what has been achieved so far?

Samit D’Cunha: Yeah, of course, thank you so much. Thank you so much, Joelle. So maybe I’ll start first by thanking the ITU and really all of the organizers of WSIS Plus 20 for giving us the space this year to talk about this project. It’s a project that I think from humble beginnings has really grown into a force for good with multi-stakeholder buy-in and involvement. So the Digital Emblem project is really rooted in very concrete operational concerns. First of all, the increasing dependence of the medical services and humanitarian operations on digital infrastructure, very much mirroring, of course, the digitalization of our societies and the dependence also of civilian populations on digital infrastructure. And then second is just simply the growing reality that cyber operations have become part of armed conflicts, part of the landscape of armed conflict. So the project began for the ICRC in 2020. It was really sort of prompted by this growing concern and kind of the recognition that the legal protections under international humanitarian law, specifically those that are afforded to the medical services and humanitarian operations, are not visible in cyberspace. And this was, with that landscape that I just portrayed, that this was becoming increasingly untenable. You know, the specific protections of the medical services and the humanitarian operations of the Red Cross and Red Crescent movement are some of the oldest rules of international humanitarian law. I mean, if you think about the basis for the signing of the very first Geneva Convention, a few minutes drive from here in the town hall of Geneva, in 1864, the logic was to create these specific protections. for the personnel, the objects, and the infrastructure that provides support to victims of armed conflict, to the wounded, to the sick, to civilians that are affected by conflict. And also to integrate then this distinctive emblem, the Red Cross, which was eventually joined by the sister emblems, the Red Crescent and Red Crystal, to identify then that specific protection that was created in the law. So that’s really where it all starts, this desire of states to protect those persons, those objects, and that infrastructure in situations of armed conflict. But today, with the reality of cyber operations being part of armed conflict, and the reality that of course there’s a dependence on digital infrastructure, there is yet an equivalent signal in cyberspace for that legal protection. So since 2020, we’ve really taken a collaborative, multi-stakeholder approach to the Digital Emblem Project, which ultimately, and my colleague Mauro, who’s the technical lead on the project, will do a much better job explaining sort of the technical nuances of what a digital emblem is, but ultimately, it’s a marker that signals to cyber operators that a given digital asset is protected under international humanitarian law. So Joelle, you asked about some of the milestones. I mean, one key milestone was in 2023, the publication of the expert report on the feasibility, the use, and the means of integrating into international humanitarian law a digital emblem. And that report, of course, it’s a report of an expert meeting, but really, it was three years in the making, because it came from consultations that we did with states, more broadly with the Red Cross and Red Crescent movements. When I refer to the movement, I’m referring, of course, to the International Federation of the Red Cross, one component of the movement, as well as the 191 national societies of the Red Cross and the Red Crescent. So consultations with the movement, consultations with the private sector, and consultations more broadly with cyber experts on questions of feasibility, of use, of what would a digital emblem look like if we could have one. And that really culminated. with that report, which suggested that yes, this is something that stakeholders are interested in, yes, this is something that the international community recognizes as important, and really since the publication of that report, we’ve really moved the project forward in many different as sort of the different pillars of law, diplomacy, and of course, the technical development. And that sort of then also reflects some of the other milestones that I’ll talk about. So the next milestone, and really a key one, was at the last international conference of the Red Cross and the Red Crescent, so this is a conference that takes place every four years, and at the 34th conference, and this is, you know, a conference that brings together all 196 states party to the Geneva Conventions, as well as all of the different components of the movement that I just mentioned, a resolution was adopted, Resolution 2, on protecting civilians and other protected persons and objects from the potential harms of ICT activities in armed conflict, the resolution is colloquially known as the ICT resolution, that resolution was adopted at the international conference, and encouraged in operative paragraph 12, encouraged work by the ICRC on the digital emblem. So this was of course a monumental moment for the project, because it was the first time you had sort of this interstate buy-in and the entire movement coming together and supporting the work on the digital emblem. A few weeks after the adoption of the resolution, the Cyber Security Tech Accords adopted something called the Digital Emblem Pledge, so for those of you that don’t know, the Cyber Security Tech Accords is a group of something like 160 technology companies that together represent over a billion clients globally, and the Tech Accords adopted the Digital Emblem Pledge, also in a way mirroring the resolution, supporting, you know, continued work on the digital emblem, and pledging support for the digital emblem project. So, you know, together, you know, these are incredibly significant milestones, I mean, if we combine the ICT… the ICT resolution with the pledge on the digital emblem, we see that we really have a broad group of stakeholders recognizing the importance, first of all, of the applicability of international humanitarian law to the use of ICTs in armed conflict, but also the importance of developing tools that make sure that IHL stays relevant in the 21st century. The final milestone I’ll talk about is sort of on the technical development. So about a year and a half ago, and this will be, of course, a big part of our conversation today, we brought the digital emblem project to the Internet Engineering Task Force. And this was the result, this is one of the fruits, if you will, of our discussions with the private sector that very much encouraged bringing the digital emblem to the IETF, the Internet Engineering Task Force, where there have been now discussions for over a year on the project. And we’re very grateful that a few weeks ago, a charter was adopted at the IETF for the establishment of a working group. The working group, the DIEM, or D-I-E-M Working Group, will begin work actually in a couple of weeks at IETF 123 in Madrid. And so here is one of the sort of avenues, one of the work streams where we’ll really have technical development of internet standards for the digital emblem, which of course doesn’t foreclose other avenues for technical development, for discussion on standards, but is one, I think, important avenue where we’ll have that discussion. Of course, now at the IETF, the working group is on digital emblems more broadly. So of course, today we’re talking about the Red Cross Crescent and Crystal. There are other IHL emblems, for example, the Blue Shield emblem of the 1954 Hague Convention. UNESCO has also joined the discussions at the IETF, as well as the Blue Shield International, which sort of brings together many organizations working on the Blue Shield, have also joined these technical discussions. And then also more broadly, the IETF is looking at what could this concept of digital emblem mean in international law more broadly. even outside of international law. So, it’s a really, I think, interesting and flexible discussion where we’ll really be able to develop sort of meaningful technical standards for the project.

Joelle Rizk: Thank you so much. If I may also continue on this positive note and all the achievements that have been accomplished so far, I wanna challenge you a little bit. Today, if we look at international headlines, it is not the protections that you indicated that dominate the headlines. It’s rather potentially violations of the law. So, if I may challenge, how, on what basis do we believe that the use of a protective emblem also in the cyberspace, a digital emblem, can also be protective?

Samit D’Cunha: Thanks, Joelle. That’s a really fair and, I think, necessary question. Maybe I’ll actually answer this question by challenging you back. This is how discussions go internally at ICRC all the time, actually. You’re absolutely right, of course. The fact that there have been cases of misuse of the emblem or, in fact, targeting of infrastructure that bear the physical emblem is often in the news. And maybe I’ll challenge this by saying that’s actually a good thing, right? The fact that violations of international humanitarian law make the news is sort of part of how international humanitarian law is designed. I mean, it’s important to see that happening. It’s important that different stakeholders, communities, states, civilian populations are aware that these violations happen and then are able in their different ways and different capacities to take action. But it’s really important here that we don’t lose sight of the forest for the trees because the reality is when IHL is respected and when the emblem is respected, which I dare say is most of the time, that doesn’t make it in the news. And that’s also a good thing. We don’t wanna be overwhelmed with cases of, well, the emblem was respected here and here and here and it led to all of these positive results. Of course, that’s not going to be in the news and it shouldn’t be in the news. We need to focus on when things go wrong and how to mitigate that. But the fact is, and this is not at all hyperbole, the distinctive emblems remain one of the most respected symbols globally and we really cannot lose sight of that in this discussion. And its legal and moral weight has been incredibly significant in the last 160 years. And so of course we will lose sight of that if we only think of the violations, but that’s simply not the reality. A lot of the work that’s done by the medical services in situations of armed conflict is only possible because of the trust in the emblem, because of the trust that the medical services have in the emblem, because of the trust that parties to conflict have that when the emblem is born, it’s born by entities that in fact have this specific protection under international humanitarian law. That’s the reason they’re able to undertake that work. A lot of us at ICRC have also had past lives in operational situations of conflict. I personally can say that without the emblem a lot of the work that I did would be completely impossible because you’re working in situations of armed conflict and you need to believe that if you’re bearing the emblem the emblem will be respected. And that really is the case a lot of the time. And I think your question actually ties more broadly to this broader question of compliance with international humanitarian law. And I think there’s a lot that we can be discouraged about in recent history. Let’s say in the last few years. It’s also important to remember that accountability is not the only tool of compliance. Compliance is multifaceted. There’s many different aspects of compliance and I dare say when IHL is violated and we look to accountability as a tool for compliance, it’s not the perfect tool because it means a violation has already taken place. But there’s many other tools for compliance. There’s prevention strategies that are in place. There’s trainings to the armed forces and to parties to armed conflict. The ICRC has a bilateral confidential dialogue with parties to armed conflict, what we call our protection dialogue, which is a key tool. of compliance. It’s not a public tool, it’s not always recorded when a party respected international humanitarian law because of a dialogue, because of protection, but those are also really really important tools so we have to remember that as well. It is frustrating when IHL is violated, it is frustrating when accountability doesn’t work the way it needs to work, but compliance is much broader than that and if we look simply at the history of the emblem and really broadly the history of international humanitarian law, I mean it has been an incredible tool to protect victims of armed conflict over the last 160 years. Maybe one last thing I’ll say is that you know cyberspace of course poses new challenges and one question Mauro and I and all you know we always get is this question of what about accountability in cyberspace. I mean this is another demand, you know a whole like a exponentially you know more difficult question and that’s true and the digital emblem is not going to be a panacea for that accountability discussion that takes place in Geneva, in New York and elsewhere, but again it’s a tool for that. It’s not just symbolic, I mean it’s a pragmatic technical tool that’s designed to support compliance like some of the other tools that I’ve just mentioned and it creates the possibility of restraint because we’ve been directly told by cyber operators that sometimes it is impossible or very difficult to identify certain digital infrastructure as you know specifically protected. So it is a tool in that broader toolbox of compliance to encourage respect for international humanitarian law. Thank

Joelle Rizk: you Samit. You make my next question to Mauro a bit difficult. Mauro if I may bring you in on the conversation now, speaking of the tools and in the beginning of its answer Samit mentioned potential misuse. I want to go to you now with a question about risks involved in using the digital emblem. For example digitally marking or identifying a medical or humanitarian entity, could that also expose them or could for example a false use or misuse of the digital emblem be marked? For example, when falsely marking a military as otherwise unprotected infrastructure. How are we looking at mitigating such risks and what other risks should we be aware of? Thank you very much, Joelle. And we also thank you for giving us the opportunity to speak today and also welcoming all our guests and listening to our panelists.

Samit D’Cunha: So, Ed, this is a very interesting question as we have received this remarkable question through our times from sort of stakeholders and from state, from governments, from private and non-companies, from civil society. The goal of the project is to translate one-to-one to quote the physical emblem into the digital space. We’re using the same concept, the same rules that apply in the physical space in the digital one. So, as the protected entities in the physical space, they show the emblem, right? And we need to have exactly the same situation in the digital one. So the main goal is to show and to present the emblem to potential threat actors that if they behave responsibly, they will avoid, they will refrain from attacking those assets. So, that said, we have seen groups, criminal groups, like ransomware groups, for instance, that are targeting specifically hospitals. This means that even without a digital emblem, it’s already possible to identify a specially protected asset, like the service of hospitals through different ways, like using specific search engines or other methodology to identify those assets. So, with or without a digital emblem, it’s already now possible to identify those possible potential. time. So, we don’t think that the emblem will increase the impact on these, on this asset. But again, we don’t have statistical meaning to say this. We tend to think that it’s, we are replicating exactly the same situation as the physical one. But to, to avoid that the emblem could become a risk for, a risk for those assets, one of the function, fundamental function of the emblem is to be removed in situation where exposing the emblem could become a risky factor. And so, this means that once the emblem is created, the digital emblem is created,

Mauro Vignati: every, every asset that is using the emblem can remove or use the emblem depending from the situation that they believe to be in. So, this is the aspect about presenting the emblem. On the misuse, there could be potentially misuse of the emblem. What we try to do is with the cryptographic certificates, because the emblem is represented by cryptographic certificates, and those cryptographic certificates will be published and will be publicly seen. So, every new certificate that will be published will be visible in a bucket of cryptographic certificates. This means that every organization can monitor if new certificates will be published with their private key, meaning that a possible breach happened at the organization, and someone is producing a certificate on their name. So, this is something that we are willing to implement. And then, state and non-state actors could logically also use the digital emblem to protect digital military assets. This is also happening in the physical space, where the emblem is misused to protect a military asset. And so, this is also possible, could be possible also in the digital space, but it’s not because we are talking about a digital project that magically all the problems of the physical emblem will be solved with the digital digital space. So this is something that happened, but we also know that the misuse can be addressed. And then the state must respond to these misuse. So if there’s going to be misuse in the digital space, because someone’s producing certificates that are protecting meat-heavy assets, by announcing and seeing how these digital certificates are used, that those kind of misuse can be addressed.

Joelle Rizk: Thanks a lot, Mauro. Another question for you. You mentioned that we’re trying to translate from the physical to the digital the same realities and uses and preventions. Can you walk us through the importance of developing technical standards for the digital emblem to that end? And since we’re also speaking of misuses, has there been any precedence in IHL with regards to incorporating technical standards so they are respected and adopted? Technical standards are key to speak the same language, so to say, right? In many fields, standards are paramount to

Mauro Vignati: harmonize a globalized exchange. So without standards, we could not have exchange at different levels, not just the technological one, but at different activities of our societies. So specifically in our domain, the internet standards are the ones that give us the possibility to build the applications that create a common capability to communicate. So I’m thinking about web surfing, to the use of applications, all those technologies are standardized. So without a standardization, we would have a very fragmented world with all the challenges that are bind to this kind of fragmentation. So specifically in the domain of digital technologies, we can imagine if every country has a different standard, we would have a problem in the interoperability of those. Why is it very important now to be at the Internet Engineering Task Force? We have a dedicated working group. Why the Internet Engineering Task Force, the IETF? It’s because it’s the international entity that is producing the majority of the Internet standards. So it’s the most recognized and most implemented standards worldwide coming from the IETF. And that’s why we started this working project. And the working project and the working group means that all the parties, and they can be a government, can be tech companies, can be the society at all, can participate in the discussion on how to standardize technology. So this is why it’s very fundamental for this kind of standardization.

Joelle Rizk: Thank you. Before I go back to Mauro for one last question, do you want to compliment on the IHL precedents? I would love to. So your question touched on whether there’s precedents for this, for potentially incorporating technical standards into international humanitarian law, and the answer is definitely there’s precedents.

Samit D’Cunha: So I’ll talk about a historical one and maybe a more recent one. So I mentioned already the 1864, the very first Geneva Convention, the 1864 Geneva Convention that was signed a few minutes from here, Jive. A year before the signing of the 1864 Geneva Convention, there was in a way what was the first international conference of the Red Cross and the Red Crescent. Obviously it wasn’t called that in 1863. It’s not even really formally recognized as the first conference if we count the last one as the 34th conference. But at least spiritually it was sort of the first conference in 1863, and they had a role of finding some kind of standardized way of identifying the medical services and what would eventually become the movement of the Red Cross and the Red Crescent. And it was actually at that 1863 conference. that there was a resolution that adopted the Red Cross. Like I said, later came the Red Crescent and the Red Crystal. It was at that 1863 conference where that Red Cross was adopted. Why? Because before that, the medical services used some way to distinguish themselves, but it was different. Every state had a different way of identifying themselves. So some states, for example, used the rod of Asclepius, right, so the medical, you know, the rod with the serpent. They used that for their medical services. Others used simply, you know, a white armlet. There were many different ways of identifying the medical services, and it wasn’t standardized. What was determined in 1863 was that as sort of a complement to the fact that this was being adopted in Switzerland, so there was a few other reasons, what was adopted was the inverse of the Swiss flag. So the Swiss flag being a white cross on a red background. The emblem that was adopted was a red cross on a white background. And that became a standard that was then incorporated one year later into that very first Geneva Convention. So if you think about it, that kind of technical standardization being incorporated into law, which granted it’s not the same level of technical standardization, you know, the history of that is as old as international humanitarian law itself. But a more recent example comes in the 1970s where technologies were changing and the means of certain technologies to identify yourself were also changing. And basically when the first additional protocol was adopted, the additional protocol to the Geneva Conventions, there were three protocols, two of them were adopted in 1977. When the first protocol was adopted, something was created called a distinctive signal. So the distinctive signal is a certain light and radio signals to identify, for example, medical aircraft as well as medical ships. And in the annex of additional protocol one, you have the standards of ICAO, the International Civil Aviation Organization. I think it’s document 1951, that’s directly incorporated in article seven of the technical annex, so annex one of additional protocol one. In article eight, so the very next article of that annex, you have radio regulations actually of the ITU that are directly incorporated into article eight of the annex and therefore directly incorporated into international humanitarian law. So we absolutely have precedence for this and that discussion of how do we, once standards are developed, how do we incorporate them into international humanitarian law, well, that’s going to be a conversation that we will have with the movement, with states and with other stakeholders to determine the best way of doing that.

Joelle Rizk: Thank you, Sami. Mauro, last question for you. Hearing from Sami, moving from colors and flags to crypto certificates, we are right now also alongside the AI for Good Summit and I feel like it’s an important question to ask. How, as we understand the digital emblem as a protective emblem, how do you think it will also interact or how will the AI interact with such a digital emblem? We can’t hear you. Sorry. Excuse me, but I was not able to hear you. So thank you for the question, do you want to answer? What we observe is that AI is more and more equipped in capabilities in armed conflict,

Mauro Vignati: so being the cyber domain, but also most generally in the more broad digital domain. So we see the first use of AI in cyber offensive operations. We see AI implemented in cyber defensive capabilities, but also many other fields like decision support systems or drones are now equipped with AI too. And this is why we need a digital emblem. also by cyber-offensive tools that have no human being operating them. So, and here I’m thinking about tools that are able to self-replicate from computer to computer, from network to network, that are able to take their own decision on how to spread the network and how to operate against a target. So this means that malware, or we call them offensive or malicious code that operates without human intervention must be equipped with the capability to identify the IDs independently from the operating source. From one perspective, operators are very fundamentally identified as cryptographic certificates. From the other, we need a possibility, a technological possibility where the malware must be coded in a way that they look for the emblem and understanding if the emblem is present, the attack must be avoided. And this is something that we would like to see in the implementation in the coming month through the standardization. Thank you, Mauro. That brings to mind a lot more questions,

Joelle Rizk: but since we have 20 minutes left, I’d like to move right now and give the floor to the room and to the audience online. I am, however, told that we have colleagues online that would like to make a statement or ask a question. I’m not sure if we can bring them on. I believe it’s a question from the Global Cybersecurity Forum. Colleagues online? Yep, okay. All right, well, until that is addressed, then we move to the audience in the room. If there are any questions, I. I see a hand over here, do you have a microphone? Sit down? Yeah, thanks. My name is Preetam Malur and I’m from the ITU. It’s just an observation I wanted to make. The ITU constitution highlights the importance of protection of telecommunication infrastructure.

Audience: Also, the right of access to means of communication. It’s spread throughout the constitution convention. But there are very specific areas including the preamble, which talks about peaceful means and all that. So, this topic is very important to us. And we are here at the business forum, look at the business outcome documents. It’s all about delivering citizen services, use of ICTs and emergency response and disaster risk reduction. There are so many of these examples. So, what you’re doing is extremely valuable for us. Regarding the standardization aspect, I’m sure you know ITU is a standards body also. We have the AI for Good Happening in the same venue. AI standards is something we work on. But this is something we are doing new. We have a long history in network infrastructure standards. So, while you’re targeting the internet standards, there might be other layers that you might also want to look at. And ITU has 194 member states, but also more than 1,000 private sector entities. So, it will be interesting to explore what other layers this could go into network standards. And that’s a conversation. we are happy to initiate with you. Probably, while I know that when ICRC developed this, you had multi-stakeholder consultations, but I think to take it forward, you probably need a lot more consultations. So we’d be happy to be part of that also. So again, overall great work, happy to engage.

Joelle Rizk: Thank you. I will take maybe one or two more comments and questions, please. If you may, please identify yourself. Thank you very much. I’m the Ambassador for Cyber and Digital of Luxembourg, and we are very happy and proud to host

Audience: the ICRC’s Cyber Delegation in Luxembourg, and we’re also happy to be able to help you together with Mexico and Switzerland to co-chair the working group on impact of ICTs on international security that was launched by the ICRC President. This is a very helpful session, I think, and you’ve come to the right place because WSIS is all about multi-stakeholderism, and you’ve mentioned the work that’s being done with the technical community at the IETF, and we have an opening with ITU, which I think is excellent as well. You’ve also mentioned the Cyber Tech Accord people. I was wondering if there were also openings or things that you can be doing or that you can talk about, about reaching out to the broader tech community about the hackers and about others and the cultural work that can be done. I mean, international humanitarian law over decades and generations has been inculcated into militaries that they realize that you don’t shoot at the Red Crescent or the Red Cross or the Red Crystal, but what more can we do to reach out to activists and to others? Is there something that states can help with or that other community members of WSIS

Joelle Rizk: can be helpful with? Thank you. Thank you very much for this question. Almost like drawing a roadmap for the steps going. going forward on the project. I will take one last question before I move back to the experts.

Audience: Yes, please. Hi, I’m Ollie, I work in humanitarian law and I’m from Australia. My question is surrounding the digital gap we’re seeing between developed and developing countries. Obviously, we see particularly in terms of humanitarian crises, lots of countries and services in these more developing countries are less able to access ICT services where the digital emblem would be most needed. So I wanted to know what strategies Red Cross is using to try and overcome this digital gap. Thank you.

Joelle Rizk: Thank you. Samit and Mauro, not easy questions, inspiring as well. Samit, may I start with you? Sure, yeah, definitely. So thank you for all of those questions and comments. Preetam, thank you so much for the support. We’ll definitely be in touch.

Samit D’Cunha: We’re very happy to work with the ITU and sort of build our multi-stakeholder process. That would be wonderful. So in terms of reaching out to sort of, kind of non-traditional, we’ll say, interlocutors for the International Committee of the Red Cross, I mean, it’s really important and it’s definitely something we’re doing. Of course, we focus now on the digital emblem project. The reality is that our work on cyber and new technologies more broadly is multifaceted and there’s multiple different aspects to that. Yeah, one of them is indeed reaching out to hacktivist communities, to hacker groups, to certain groups that might be also associated with parties to conflict and working in the cyber domain. Perhaps you’re familiar, but last year, the ICRC published something called The Eight Rules for Hackers. Actually, I’ll probably let Mauro talk a little bit more about that because he was one of the authors of The Eight Rules. So I’m sure he’ll build on that, but that was an important part of our work. It ended up getting quite a bit of traction. It was published by the BBC and by some other big organizations. The interesting thing about The Eight Rules for Hackers and then The Four Recommendations for States is that they’re actually just restatements of existing rules. So one thing that people might not be familiar with is that IHL… applies of course to parties to conflicts, it also applies to any person who’s participating in hostilities. So the conduct hostilities rules apply to everyone. And of course, if you’re participating in hostilities as a individual activist that’s not affiliated with a party to a conflict, but in the context of an armed conflict, then of course the conduct hostilities rules of IHL apply to you. And it is a violation of international humanitarian law to target medical infrastructure or to target humanitarian infrastructure or even civilian infrastructure. I mean, that is absolutely clear. And we did actually publicly get, there was feedback from certain groups, hacker groups on the eight rules. There were some groups that supported the rules. There were some groups that said, this is not feasible. What I found really interesting was that there were a few groups that initially said, these rules are totally not feasible. And a few days later, actually then republished a position and said, we will abide by all of these rules. And for me, that’s really key. Like the key thing for the ICRC in this new domain is building common understandings. We often talk about those common understandings with states. Certainly you’re very familiar that the global initiative was launched this year on galvanizing respect for international humanitarian law by the ICRC in six states. And the ICT work stream is one of the, a key work stream on building common understandings. Those common understandings are for states and they’re also for private technology companies. And therefore really anyone that has some role to play in armed conflict where IHL touches upon that. So yeah, that’s a really important part of our work. And then bringing in the digital emblem as an additional tool to encourage compliance is of course very important. And then on the final point, and then Mauro, I’ll pass to you. You’re absolutely right about the digital divide. I mentioned the international conference resolution that was adopted by consensus in October last year. As pen holders of that resolution, it was so essential for us to make sure that that was reflected in the resolution. It was so important for us to reflect the fact that look, we’re talking about ICT. We’re talking about rules, you know, IHL rules that apply to ICTs. We also have to talk about who’s disproportionately affected by this, and also, you know, where there are these massive gaps in terms of access to ICTs, because the resolution talks about all of these benefits in the humanitarian sector for victims of armed conflict, and we also have to talk about where those benefits don’t reach. And so, actually, the very first preambulatory paragraph of the ICT resolution recognizes that gap. Well, it recognizes the importance of ICTs for digitalizing societies, it recognizes the importance of ICTs, and then it also recognizes that there is this gap. That’s the first preambulatory paragraph, and then in Operative Paragraph 12, which is the paragraph on the digital emblem, it recognizes that states need to play a role in capacity building. It’s absolutely essential. They need to play a role for capacity building for other states, you know, in terms of access to humanitarian and medical digital infrastructure, and the ability to identify that infrastructure with the digital emblem, and they also need to play a role with their respective national societies in making sure that their national societies are also able to build their capacities and ensure, you know, continuation of the provision of assistance to victims of armed conflict in a digitalized age. That’s absolutely important. The last thing I’ll mention, though, you know, when we talk about this digital divide, I think it’s important to mention who are some of the leaders, actually, in developing these rules. Today, there are states that are developing national positions on how international humanitarian law applies to the use of ICTs, and I would be absolutely remiss if I didn’t mention that the first regional group to develop a common position on, one, the fact that IHL applies to the use of ICTs, and second, how it applies, and the fact that medical and humanitarian infrastructure must absolutely be protected, is actually the African Union. So 55 states together adopted the common African position last February, sorry, not last February, like two Februaries ago. adopted the common African position that recognized that IHL applies, that recognized that medical infrastructure has to be protected, that recognized that humanitarian infrastructure has to be protected, and that common African position has been essential for us in building support for common understandings on how IHL applies. We’ve brought that to the Americas, we’ve brought that to Europe, we’ve brought that to Asia, we’ve brought it all over the world. So, you know, despite the gap in technologies, I mean, leadership on recognition of the importance of humanitarian protections has really been actually quite global. Voila, and happy now to pass to Mauro. Before I give the

Joelle Rizk: floor to Mauro, if I may, the colleagues from the Global Cyber Security Forum are online right now so that we don’t lose that. I’d like to give them the floor for

Speaker: a comment or a question. Can you hear me? Yes. Wonderful. Thank you very much for giving me the floor. This is Amin from the Global Cyber Security Forum, and allow me first to present my sincere appreciation to ICRC for bringing this important topic to the OASIS Plus20. Undoubtedly, our relies on cyberspace is growing exponentially, and that’s why it is our collective duty to ensure that cyberspace is safe and secure. To do so, it is very important to have a proactive stance on many topics, and we can only congratulate ICRC for their forward thinking in addressing this topic of digital emblem. Since its inception, GCF vision, strategy, and operation were guided by three important principles. First, it is important to look at cybersecurity from the lens of cyberspace, with its geopolitical, technical, economical, social, and behavioral dimensions. Second, security and safety are not the ultimate objective. But they are means to enable prosperity of individuals, society and nations in cyberspace. The third one is that collaboration is a must. And when we talk about collaboration here, it is not about collaboration between stakeholders in the cybersecurity sector alone, but collaboration with all the sectors from health, energy, humanitarian, transport and others. So on this very particular topic of collaboration, and as an action-oriented organization, GCF created several collaboration platforms that include our knowledge community, the Center of OT Cybersecurity with Aramco, and the Center of Cyber Economics with the World Economic Forum. Another type of collaborative platforms the GCF is hosting is the impact networks. They are driven by the objective of implementation and actions. In this context, we are very happy to propose hosting an impact network that will bring together the national organization, cybersecurity companies, standardization organization, governments, infrastructure owner, to discuss and design strategy for the implementation of the digital emblem and other similar initiatives. So we bring this proposal to the attention of all stakeholders, including all colleagues who took the floor from ITU, ITF, and attending this meeting, and we will work with all interested parties in this initiative to extend an invitation to all the actors related to this topic to ensure inclusivity and effectiveness of the network. This is the end of our intervention.

Joelle Rizk: Thank you again for giving us the floor. Thank you very much. And this definitely speaks to the coordination and collaboration needed to create global common standards. On that matter, I give you back the floor maybe to complement, but in the of time if you may also focus on the question on expanding also this dialogue beyond recognized institutions to actors in the cyber domain that may not be your typical interlocutor and standardized institutions that we have dialogue with.

Mauro Vignati: So I would like to thank the representative of GCF for the support to this project, very very important although to the representative of the IQ who are absolutely interested in working with you and I think that to have him submitted will also start to facilitate this exchange. Also the representative of the government of Luxembourg, so the support of the government of Luxembourg to the ICC in the digital domain with the delegation of the ICC. Luxembourg is very very welcome and thank you very much for supporting that, for supporting this. On the specific of the hacker community or this typology of non-state hackers, Sumit already mentioned the hate routes, possibly the hackers, mentioned that we are publishing videos to explain those routes that are nothing new, it’s not that we are creating a new convention, it’s just that the good old IHL that is applied to the digital space, explaining with different words and different perspectives, but there is a direct approach we are having with those groups. We talk to them for different reasons, for the reasons of the countries where those groups are operating in, and we use this opportunity also to ask questions about the possible future in respect of the digital environment when they operate in this space, and we are having very good feedback from them. So we hope that in the future, activist groups that are running cyber operations for the sake of the armed conflict, in favor of… of one or the other particular conflict will respect the digital emblem. It’s not necessarily about the criminal group, it is something that we would like to increase our capability to discuss with a crime group. And we are keen and open to have any support from states or any other organization in this direction. And on the remark of the representative from Australia about the digital gap, I mean, one of the key word of the project is inclusion in technological terms. So that’s why we also welcome less technological countries to join us at the ITF to bring their perspective on how we should standardize the technology knowing that the goal here is to have a very simple technology, not reinventing anything new, but using technologies that are already standardized and to bring them together for the sake of the digital image. So the goal is, as I said, a very simple technology so that it can be used by any state and non-state actor independently from the level of sophistication in technological terms.

Joelle Rizk: Thank you, Mauro. I will return to the room for any last question or comment. And if not, I have one last question for you, Samir. Actually, it’s been on my mind since we started preparing for this session. As we progress on this project, how do we concretely imagine that states will technically and legally adopt the protective value of the digital emblem and being here, taking some risk with this question? Is there an ambition for a binding legal protocol? Well, yeah, that’s a really good question. I’ve kind of already hinted at this a little bit when I talked about Annex One of Additional Protocol One.

Samit D’Cunha: We’ve looked at sort of different means of incorporation. And again, I don’t want to preempt the discussion because ultimately, it’s for states to have new binding agreements on international humanitarian law. Our role as ICRC is to contribute, of course, to the discussion to the respect for and development of international humanitarian laws. We’re certainly part of that conversation, but it’s ultimately for states. But we’ve definitely thought about different possible means of incorporating the digital emblem into international humanitarian law, which is part of our consultations with states. So happy to share that now. So one possibility is actually amending the annex. So it’s amending the annex of Additional Protocol 1. That’s something that’s been done in the past. The last time, I believe, was in 1993. So there’s a possibility to amend Annex 1, which, as I mentioned earlier, is a technical annex, and to include sort of a chapter on the digital emblem, which would then, in a simpler way, let’s say, bring the digital emblem directly into international humanitarian law. Another possibility, as you suggested, is indeed an adoption of a new protocol. So this would be a fourth protocol. I’ve already talked about the first two additional protocols of the Geneva Conventions. The third protocol was adopted in 2005 on the red crystal emblem. So each time I talked about the emblems, I mentioned the Red Cross and the Red Crescent, of course, and also the red crystal emblem. The red crystal emblem was created in that 2005 protocol. So there is precedence in that sense, then, to create a new protocol, a fourth protocol, for the digital emblem. And both options sort of have their advantages and disadvantages, and maybe we don’t have time to talk about that now. But it’s definitely part of our, again, discussions with states on what the best means forward is. But then there’s other possibilities as well. So one is a unilateral declaration by a state. So it’s kind of an ad hoc means that a state says, we recognize the digital emblem as part of international humanitarian law, and they can then recognize the standards as part of international humanitarian law. And then another ad hoc means is what we call a special agreement between parties to a conflict. So this is foreseen both in international and non-international. national armed conflicts, where parties to conflicts can simply agree to additional rules that apply in an ad hoc way to that conflict, and what we can envision is having sort of a boilerplate or a template for the digital emblem that then parties to conflict can use, and integrate then into their rules that apply in a specific conflict. And that might sound strange, parties coming to agreement, but the truth is parties to conflict come to agreements on different things, on prisoners of war, on different aspects of conflicts often, so that’s definitely a possibility that they could do that as well for the digital emblem, so those are kind of the different possible means. Another thing to keep in mind is that, I mentioned Annex I of Additional Protocol I, Additional Protocol I applies in international armed conflicts, and it created some other specific IHL emblems, like what we call the dangerous forces emblem, which is the three kind of concentric orange circles for dams, dikes, and nuclear generating facilities in armed conflict. Another emblem is the civil defense emblem, which if you live in Switzerland, you’ve probably seen everywhere, because it’s one of the places where I’ve seen this civil defense emblem all the time, for of course the bunkers and other things. And so those are used outside of situations of international armed conflict, so even though there’s a legally binding document that creates a certain emblem, it’s then used outside of situations foreseen by that legal agreement. So we can also foresee sort of that more organic way of a use of a digital emblem. What’s key is the respect aspect and the trust aspect, that one, parties to conflict respect a digital emblem, and on the other side, that parties trust that when the emblem is used, it’s used to identify the applicable specific protections of IHL, and also trusted by the humanitarian organizations that can use the emblem, and also the medical services that use the emblem, which by the way, I’ve talked about a lot of different stakeholders. One stakeholder I haven’t mentioned yet is, of course the medical, the civilian medical services that can also use the emblem. situations of armed conflict that have also been unimportant and interlocutor for this process from the beginning. And the trust has to be there with them as well. And in that regard, the point made on filling the digital gap is indeed very important. Mauro, I turn over to you for any last comments

Joelle Rizk: before we close the session. Apologies, so I wanted just to reply to one remark

Mauro Vignati: that was in the chat, saying that the regulation is coming after the technology. So this is something that we are now used to see. I mean, the technology, the speed of development is faster than the legal one, which is not a bad thing, per se. So with the digital, we received several times the remark from the state that we should test, test, and test this solution. So to be able to present in front of the state a solution that is robust from a technological perspective, this is why we have no concern. We’ve seen a faster development from a technological perspective to be presented to a state actor to be able afterward to go through the paths that Samit explained in the previous answer.

Joelle Rizk: Thank you very much. Thank you. On this, I will repeat some of the key terms we heard in the session, trust, testing, and filling the digital gap, and working towards common standards through collaborating with cyber actors, states, technical and cybersecurity institutions, and humanitarian organizations and medical institutions. I cannot believe the task that is ahead of you. And thank you for all the work you’re putting into this and for all the technical experts and organizations collaborating on this. Thank you. Thank you. Thank you. Thank you. Thank you.

Agreement points

Multi-stakeholder collaboration is essential for digital emblem success

Speakers

– Samit D’Cunha
– Mauro Vignati
– Audience
– Speaker

Arguments

The ICRC took a collaborative, multi-stakeholder approach to the Digital Emblem Project since 2020, involving consultations with states, Red Cross movement, private sector, and cyber experts

The working group at IETF allows all parties including governments, tech companies, and civil society to participate in discussions on how to standardize technology

ITU offers support for standardization efforts given their role in network infrastructure standards and 194 member states plus 1,000 private sector entities

The Global Cyber Security Forum proposes hosting an impact network to bring together various stakeholders for digital emblem implementation

Summary

All speakers agreed that successful implementation of the digital emblem requires extensive collaboration across governments, international organizations, private sector, civil society, and technical communities

Topics

Cybersecurity | Legal and regulatory | Infrastructure

Technical standardization is crucial for global interoperability

Speakers

– Samit D’Cunha
– Mauro Vignati
– Audience

Arguments

Historical precedents exist for incorporating technical standards into international humanitarian law, including the 1863 standardization of the Red Cross emblem and 1970s incorporation of ICAO and ITU standards into Additional Protocol I

Technical standards are essential for harmonizing globalized exchange and enabling common communication capabilities across the internet

ITU offers support for standardization efforts given their role in network infrastructure standards and 194 member states plus 1,000 private sector entities

Summary

Speakers unanimously recognized that technical standards are fundamental for ensuring the digital emblem works consistently across different systems and jurisdictions globally

Topics

Infrastructure | Digital standards | Legal and regulatory

Digital divide must be addressed for inclusive implementation

Speakers

– Samit D’Cunha
– Mauro Vignati
– Audience

Arguments

The ICT resolution recognizes the importance of state-led capacity building for access to humanitarian and medical digital infrastructure

The goal is to develop simple technology using already standardized components to ensure accessibility for all states regardless of technological sophistication

The digital gap between developed and developing countries poses challenges for digital emblem implementation in humanitarian crises

Summary

All speakers acknowledged that the digital divide poses significant challenges and that capacity building and simple, accessible technology solutions are essential for inclusive implementation

Topics

Development | Digital access | Infrastructure

Similar viewpoints

Both ICRC experts emphasized that the digital emblem is a practical, technical solution that directly translates existing physical world protections into cyberspace without creating new legal frameworks

Speakers

– Samit D’Cunha
– Mauro Vignati

Arguments

The digital emblem serves as a pragmatic technical tool to support compliance by enabling cyber operators to identify protected infrastructure

The project aims to translate the physical emblem one-to-one into the digital space using the same concepts and rules that apply in physical space

Topics

Cybersecurity | Legal and regulatory

Both speakers demonstrated that direct engagement with non-traditional cyber actors, including hacker groups, is not only possible but has shown promising results for building understanding and compliance

Speakers

– Samit D’Cunha
– Mauro Vignati

Arguments

The ICRC published ‘Eight Rules for Hackers’ to engage non-traditional interlocutors, receiving mixed but ultimately positive feedback from hacker groups

Direct dialogue with hacktivist groups operating in conflict zones has yielded positive feedback regarding potential respect for digital emblems

Topics

Cybersecurity | Legal and regulatory

Both experts acknowledged that risks and misuse are inherent challenges but emphasized that the digital emblem incorporates the same risk management mechanisms as physical emblems

Speakers

– Samit D’Cunha
– Mauro Vignati

Arguments

Misuse is possible in digital space just as in physical space, but can be addressed through monitoring and state response to violations

The digital emblem can be removed when exposing it could become a risk factor, replicating the flexibility of physical emblems

Topics

Cybersecurity | Legal and regulatory

Unexpected consensus

Engagement with hacker communities and non-state cyber actors

Speakers

– Samit D’Cunha
– Mauro Vignati

Arguments

The ICRC published ‘Eight Rules for Hackers’ to engage non-traditional interlocutors, receiving mixed but ultimately positive feedback from hacker groups

Direct dialogue with hacktivist groups operating in conflict zones has yielded positive feedback regarding potential respect for digital emblems

Explanation

It was unexpected that a traditional humanitarian organization like the ICRC would have direct, successful engagement with hacker groups and that these groups would show willingness to respect humanitarian principles in cyberspace

Topics

Cybersecurity | Legal and regulatory

African Union leadership in developing IHL-ICT frameworks

Speakers

– Samit D’Cunha

Arguments

The African Union was the first regional group to develop a common position on IHL application to ICTs, demonstrating global leadership despite technological gaps

Explanation

Despite discussions about digital divides, it was unexpected that the African Union, representing countries often considered to have less technological infrastructure, would lead global efforts in developing legal frameworks for cyber-humanitarian law

Topics

Legal and regulatory | Development

Technology development outpacing regulation as acceptable approach

Speakers

– Mauro Vignati

Arguments

Technology development often outpaces regulation, necessitating thorough testing before presenting solutions to state actors

Explanation

It was unexpected that in a legal and humanitarian context, there would be acceptance that technology should develop faster than regulation, with the approach being to test and prove technical solutions before seeking legal incorporation

Topics

Legal and regulatory | Infrastructure

Overall assessment

Summary

The discussion revealed strong consensus on the need for multi-stakeholder collaboration, technical standardization, addressing digital divides, and the practical feasibility of translating physical humanitarian protections into cyberspace. There was remarkable agreement between ICRC experts and external stakeholders on implementation approaches.

Consensus level

Very high level of consensus with no significant disagreements identified. The implications are highly positive for the digital emblem project, suggesting broad stakeholder support, clear technical pathways, and realistic approaches to addressing challenges. The consensus indicates strong potential for successful implementation and adoption of digital humanitarian protections in cyberspace.

Different viewpoints

Unexpected differences

Technology-first versus law-first development approach

Speakers

– Samit D’Cunha
– Mauro Vignati

Arguments

Several legal incorporation options exist, including amending Additional Protocol I, creating a fourth protocol, unilateral state declarations, or special agreements between conflict parties

Technology development often outpaces regulation, necessitating thorough testing before presenting solutions to state actors

Explanation

While both speakers are from the same organization (ICRC), they revealed different philosophical approaches to the project. Samit emphasized the legal framework development and diplomatic processes, while Mauro acknowledged that technology development should proceed faster than legal development and that states specifically requested extensive testing before legal incorporation. This represents an unexpected internal tension between legal and technical perspectives within the same project team.

Topics

Legal and regulatory | Infrastructure

Overall assessment

Summary

The discussion showed remarkably high consensus among speakers, with no direct disagreements identified. The main areas of difference were in implementation approaches rather than fundamental disagreements about goals or principles.

Disagreement level

Very low disagreement level. The discussion was characterized by collaborative consensus-building rather than debate. All speakers supported the digital emblem project and agreed on its importance, legal basis, and technical feasibility. The few areas of difference were constructive variations in approach (legal vs. technical priorities, different engagement strategies) rather than fundamental disagreements. This high level of agreement suggests strong momentum for the project but may also indicate limited critical examination of potential challenges or alternative approaches. The implications are positive for project advancement but may require seeking out more diverse perspectives to identify potential blind spots.

Partial agreements

Similar viewpoints

Both ICRC experts emphasized that the digital emblem is a practical, technical solution that directly translates existing physical world protections into cyberspace without creating new legal frameworks

Speakers

– Samit D’Cunha
– Mauro Vignati

Arguments

The digital emblem serves as a pragmatic technical tool to support compliance by enabling cyber operators to identify protected infrastructure

The project aims to translate the physical emblem one-to-one into the digital space using the same concepts and rules that apply in physical space

Topics

Cybersecurity | Legal and regulatory

Both speakers demonstrated that direct engagement with non-traditional cyber actors, including hacker groups, is not only possible but has shown promising results for building understanding and compliance

Speakers

– Samit D’Cunha
– Mauro Vignati

Arguments

The ICRC published ‘Eight Rules for Hackers’ to engage non-traditional interlocutors, receiving mixed but ultimately positive feedback from hacker groups

Direct dialogue with hacktivist groups operating in conflict zones has yielded positive feedback regarding potential respect for digital emblems

Topics

Cybersecurity | Legal and regulatory

Both experts acknowledged that risks and misuse are inherent challenges but emphasized that the digital emblem incorporates the same risk management mechanisms as physical emblems

Speakers

– Samit D’Cunha
– Mauro Vignati

Arguments

Misuse is possible in digital space just as in physical space, but can be addressed through monitoring and state response to violations

The digital emblem can be removed when exposing it could become a risk factor, replicating the flexibility of physical emblems

Topics

Cybersecurity | Legal and regulatory

Key takeaways

The ICRC’s Digital Emblem project aims to extend the protective function of physical Red Cross/Crescent/Crystal emblems to cyberspace through cryptographic certificates that signal IHL protection to cyber operators

Strong multi-stakeholder support exists with 196 states adopting Resolution 2 at the 34th International Conference and 160+ tech companies pledging support through the Cyber Security Tech Accords

Technical standardization through the Internet Engineering Task Force (IETF) is essential for global interoperability, with the DIEM working group established to develop internet standards

Historical precedents exist for incorporating technical standards into IHL, dating back to the 1863 standardization of the Red Cross emblem and 1970s integration of ICAO/ITU standards

The digital emblem serves as a compliance tool rather than a panacea, designed to enable identification of protected infrastructure by cyber operators including autonomous AI systems

Risk mitigation strategies include removable emblems when exposure creates risk, public cryptographic certificate monitoring, and state responsibility for addressing misuse

Addressing the digital divide is crucial, with capacity building needed to ensure developing countries can access and implement digital emblem technology

Direct engagement with non-traditional actors like hacktivist groups has shown positive results, with some groups agreeing to respect IHL rules in cyberspace

Resolutions and action items

ITU offered to collaborate on standardization efforts given their network infrastructure standards expertise and global membership of 194 states plus 1,000 private sector entities

Global Cyber Security Forum proposed hosting an impact network to bring together national organizations, cybersecurity companies, standardization bodies, governments, and infrastructure owners for digital emblem implementation

IETF DIEM working group to begin technical development work at IETF 123 in Madrid in coming weeks

Continued multi-stakeholder consultations needed with states, humanitarian organizations, and private sector on legal incorporation pathways

Enhanced outreach to hacktivist communities and non-state cyber actors to build understanding of IHL obligations in cyberspace

Capacity building initiatives required to address digital divide and ensure developing countries can participate in digital emblem implementation

Unresolved issues

The specific legal mechanism for incorporating digital emblems into international humanitarian law remains undecided (amendment to Additional Protocol I, new fourth protocol, unilateral declarations, or special agreements)

How to effectively reach and engage criminal cyber groups beyond hacktivist communities that may be motivated purely by profit rather than ideology

Concrete strategies for overcoming the digital divide to ensure humanitarian services in developing countries can access and implement digital emblem technology

The interaction between AI-powered autonomous cyber weapons and digital emblem recognition requires further technical development and testing

Accountability mechanisms for digital emblem violations in cyberspace remain challenging given attribution difficulties

The extent to which the digital emblem might inadvertently increase targeting risks by making protected assets more visible to malicious actors

Suggested compromises

Flexible implementation approach allowing for multiple legal incorporation pathways (treaty amendment, new protocol, unilateral declarations, or bilateral agreements) rather than requiring a single binding mechanism

Emphasis on simple, accessible technology using existing standardized components to accommodate varying levels of technological sophistication across countries

Removable emblem functionality to balance protection benefits with security risks when exposure might increase targeting

Organic adoption approach where digital emblems could be used outside formal legal frameworks while building trust and respect over time

Collaborative standardization process through multiple bodies (IETF, ITU) to ensure comprehensive coverage across different technical layers

Today, if we look at international headlines, it is not the protections that you indicated that dominate the headlines. It’s rather potentially violations of the law. So, if I may challenge, how, on what basis do we believe that the use of a protective emblem also in the cyberspace, a digital emblem, can also be protective?

Speaker

Joelle Rizk

Reason

This comment directly challenges the fundamental premise of the digital emblem project by questioning its effectiveness based on real-world violations of existing physical emblems. It forces the discussion to confront the gap between theoretical protection and practical implementation, addressing potential skepticism about the project’s viability.

Impact

This challenge prompted Samit to provide one of the most comprehensive defenses of the project, leading him to reframe violations as actually demonstrating the emblem’s importance (violations make news precisely because they’re violations of respected norms). It shifted the conversation from technical implementation to fundamental questions of compliance and effectiveness, deepening the analytical level of the discussion.

The goal of the project is to translate one-to-one to quote the physical emblem into the digital space… So, with or without a digital emblem, it’s already now possible to identify those assets. So, we don’t think that the emblem will increase the impact on these assets.

Speaker

Mauro Vignati

Reason

This comment addresses a critical concern about whether digital emblems might actually increase targeting by making protected assets more visible. Mauro’s insight that malicious actors can already identify hospitals and humanitarian assets through other means reframes the risk assessment and challenges assumptions about digital visibility creating new vulnerabilities.

Impact

This response helped address security concerns and moved the discussion toward practical risk mitigation strategies, including the ability to remove emblems when they might become risk factors. It demonstrated sophisticated thinking about the dual-use nature of identification systems and helped establish credibility for the project’s security considerations.

My question is surrounding the digital gap we’re seeing between developed and developing countries. Obviously, we see particularly in terms of humanitarian crises, lots of countries and services in these more developing countries are less able to access ICT services where the digital emblem would be most needed.

Speaker

Ollie (Australia)

Reason

This comment introduces a crucial equity dimension that challenges the universal applicability of a digital solution. It highlights the paradox that those most in need of humanitarian protection may be least able to access the digital infrastructure required to benefit from digital emblems, raising fundamental questions about technological solutions to humanitarian problems.

Impact

This question forced both speakers to address inclusivity and capacity building, leading Samit to highlight how the African Union was actually a leader in developing common positions on IHL in cyberspace. It shifted the conversation from technical implementation to questions of global equity and access, and prompted discussion of how the project must actively address rather than exacerbate existing inequalities.

We see AI implemented in cyber defensive capabilities, but also many other fields… malware, or we call them offensive or malicious code that operates without human intervention must be equipped with the capability to identify the IDs independently from the operating source… the malware must be coded in a way that they look for the emblem and understanding if the emblem is present, the attack must be avoided.

Speaker

Mauro Vignati

Reason

This comment introduces the complex intersection of AI and autonomous weapons systems with humanitarian protection, raising profound questions about how to program ethical constraints into autonomous systems. It represents a forward-looking challenge that goes beyond current cyber operations to anticipate future technological developments.

Impact

This observation opened up an entirely new dimension of the discussion, connecting the digital emblem project to broader debates about autonomous weapons and AI ethics. It demonstrated how the project must anticipate not just current cyber threats but future technological developments, adding significant complexity to the standardization requirements.

The distinctive emblems remain one of the most respected symbols globally and we really cannot lose sight of that in this discussion… A lot of the work that’s done by the medical services in situations of armed conflict is only possible because of the trust in the emblem… without the emblem a lot of the work that I did would be completely impossible.

Speaker

Samit D’Cunha

Reason

This personal testimony provides crucial context often missing from technical discussions – the lived experience of humanitarian workers who depend on emblem protection. It grounds the abstract legal and technical discussion in human reality and provides empirical evidence for the emblem’s continued effectiveness despite high-profile violations.

Impact

This comment fundamentally reframed the discussion from focusing on failures to recognizing successes, providing a more balanced assessment of emblem effectiveness. It added emotional weight and personal credibility to the technical arguments, and helped establish why digital translation of this protection is worth the complex effort being described.

Overall assessment

These key comments transformed what could have been a purely technical presentation into a nuanced exploration of the challenges and complexities of translating humanitarian protection into the digital age. The moderator’s direct challenge about effectiveness forced a deeper examination of compliance mechanisms, while the audience questions about digital divides and AI introduced critical equity and future-proofing considerations. The speakers’ responses demonstrated sophisticated thinking about risk mitigation, inclusivity, and the intersection of technology with humanitarian principles. Together, these exchanges elevated the discussion from technical implementation details to fundamental questions about how humanitarian protection can remain relevant and effective in an increasingly digital and automated world, while ensuring that technological solutions don’t exacerbate existing inequalities or create new vulnerabilities.

How can states ensure that the protection of data, of medical services and humanitarian operations is respected in cyberspace?

Speaker

Joelle Rizk

Explanation

This fundamental question about state obligations in protecting humanitarian digital infrastructure was posed but requires further exploration of practical implementation mechanisms.

What about accountability in cyberspace for violations of the digital emblem?

Speaker

Samit D’Cunha (referencing questions they receive)

Explanation

Accountability for digital emblem violations presents exponentially more difficult challenges than physical violations and requires further research into enforcement mechanisms.

How can we reach out to the broader tech community, hackers, and activists to ensure cultural adoption of digital emblem protections?

Speaker

Ambassador for Cyber and Digital of Luxembourg

Explanation

Beyond formal institutions, there’s a need to research how to effectively engage non-traditional cyber actors who may not be bound by formal agreements but operate in conflict zones.

What strategies can overcome the digital gap between developed and developing countries for digital emblem implementation?

Speaker

Ollie (humanitarian law expert from Australia)

Explanation

The digital divide creates disparities in who can access and implement digital emblem protections, particularly in humanitarian crises where they’re most needed.

How will AI-equipped cyber weapons and autonomous malware be programmed to recognize and respect digital emblems?

Speaker

Mauro Vignati (in response to Joelle Rizk’s AI question)

Explanation

As AI becomes more prevalent in cyber operations, research is needed on technical implementation of emblem recognition in autonomous systems.

What other network layers beyond internet standards might need digital emblem integration?

Speaker

Preetam Malur (ITU representative)

Explanation

The suggestion that ITU network infrastructure standards might also need digital emblem integration requires exploration of multiple technical layers.

How can we increase capability to engage with criminal cyber groups about respecting digital emblems?

Speaker

Mauro Vignati

Explanation

Unlike hacktivist groups, criminal organizations present different challenges for engagement and compliance that need further research and state support.

What are the advantages and disadvantages of different legal incorporation methods for the digital emblem?

Speaker

Samit D’Cunha

Explanation

While multiple legal pathways were identified (protocol amendment, new protocol, unilateral declarations, special agreements), their comparative analysis was noted as requiring more detailed discussion.

How can we develop statistical evidence about whether digital emblems increase or decrease targeting risks?

Speaker

Mauro Vignati

Explanation

The assumption that digital emblems replicate physical emblem dynamics needs empirical validation through research and testing.

How can we ensure robust testing of digital emblem solutions before presenting them to states?

Speaker

Mauro Vignati

Explanation

States have requested extensive testing of digital emblem technology, requiring research into comprehensive testing methodologies and validation processes.