The Netherlands has made public its detailed position on the applicability of international law in cyberspace, outlined in the letter from the Minister of Foreign Affairs of the Netherlands to the President of the House of Representatives. According to the letter, and the thorough analysis by the experts, the Netherlands understands the concept of sovereignty in cyberspace as a rule, takes the position that cyber-operations are included in the prohibition on the threat or use of force (though each case should be assessed individually), and stands for the obligation of due diligence in the cyber context. It re-affirms that the international humanitarian law, as well as neutrality law, applies to cyber-operations conducted during armed conflict, as well as that the international human rights laws applies to cyberspace, though it acknowledges that human rights are not absolute and sometimes lawfully may be limited (with legitimacy and proportionality taken into consideration). The Netherlands re-aligns its position on legal attribution, particularly of the acts of non-state actor, with the Tallinn Manual 2.0, yet it emphasises there is no need to publicly disclose the basis of attribution (except for providing evidence to the international tribunal that considers cyber operations). Finally, the letter clarifies the Dutch position to the much contested issue of self-defence: retorsion, as well as both cyber and non-cyber countermeasures are allowed responses to cyber-attacks, necessity plea applies in case of attacks against critical infrastructure, and when there are potentially very serious consequences at stake, while self-defence may include response by all means in case of a cyber “armed attack” (where cyber-operation may be characterised as “armed attack” if, in terms of scale and effects, it represents the gravest form of use of force).