Authored by Shrishti Sharma currently pursuing her LLM from Symbiosis Law School, Pune

“History shows that, more often than not, loss of sovereignty leads to liberalization imposed in the interests of the powerful.”

                                                                                            Noam Chomsky

Introduction

The evolution of humankind led the world towards a more authoritative society. The fundamental of co-existence lies in the fabric of mutual respect for each other’s boundaries. Humans fought over territories for ages – sometimes to acquire and sometimes to save them from intrusion. Later in a more democratic world, the concept of Sovereignty took over and the approach was stranded in territorial control and neutrality from external forces. This concept is not new and has evolved parallel with human history according to societies’ changing needs and preferences.

Traditionally in agricultural land-based economies, the idea of sovereignty swirled around protecting territorial land. The Industrial Revolution further expanded the horizons of sovereignty and included jurisdiction overseas and airspace. The shift from an agrarian economy to a machine-dominated one due to the advent of new technologies and growing interconnectedness among nations, countries needed to redefine the scope and nature of state boundaries. Now, in today’s era when humans are evolving at a fast pace and so are their technologies, giving rise to a new frontier called Cyberspace which again emerged as a challenge. This modern peril necessitated more collaborative global governance and how nations perceive and employ their sovereignty.

Different from what happens in physical territories, cyberspace being a borderless domain allows information to move and flow rapidly. This has now become a crucial space for states in order to exercise their control over internal affairs, safeguarding national interests, and growing risks. Whether it is protecting cyber infrastructure or securing the free flow of data, managing cyberspace comes with various complex challenges. While the principle of state sovereignty as envisioned in the “Charter of the United Nations” forms a firm foundation of international relations, its application in the cyberspace domain is not straightforward. Different countries interpret it in numerous ways, leading to diverse strategies and conflicts.

Now, the question is about how states will balance out their need for national control with the principles of globalization and receptiveness. This blog will deal with how state sovereignty evolved and reshaped the age-old idea of state sovereignty with the arrival of cyberspace and how nations are adapting and asserting their authority over this new frontier.

Understanding the Principle of State Sovereignty under the Westphalian Treaty

The concept of state sovereignty traces back to the 17^th century and since then has been a cornerstone of international relations. The treaty that ended thirty years-long war in Europe, known as the Treaty of Westphalia, established the modern state system and is a foundational document recognizing sovereignty. In a series of treaties, the member states of the Holy Roman Empire were given full territorial sovereignty. These treaties further allowed them to decide with one another including with foreign powers but on one condition that the emperor and the empire would remain prejudice-free. The peace treaties of Westphalia laid the groundwork for the nation-state model, emphasizing state autonomy and independence.

Key Requisites of Traditional Sovereignty

1. States have autonomous authority within their physical boundaries with no external forces. 
2. External powers will not intervene in state affairs further upholding the principle of Non-Interference.
3. Exclusivity of state’s rights to use physical force within the internal territory.

International law and diplomatic relations have long been braced by these principles, rendering a framework for state dialogue.

Shift in Perspective: Sovereignty and the Inception of Cyberspace

The traditional application is based on premises such as territorial control, non-intervention in domestic affairs, exclusivity of exercising legitimate force within state boundaries, and mutual recognition of political independence. Nevertheless, in today’s digital world where the borders are blurred out with interconnectedness and digital technologies, states are facing complications in law enforcement, and hence indulging in redefining these principles.

Digitalization gave birth to concepts like “digital sovereignty” where states are pursuing to control data and digital infrastructure limited to their territories. This also extends to further regulating the flow of information, maintaining cyber security, and protecting citizens’ data. The European Union is one of the examples that took proactive steps in shaping digital sovereignty and aimed at diversifying its technological capabilities. Some key initiatives include: –

1. Extensive Digital Regulations like General Data Protection Regulation (GDPR), Digital Markets Act (DMA) and Digital Services Act (DSA), and Artificial Intelligence Act (AI Act). These regulations aim to safeguard user rights, promote fair competition, and enhance cybersecurity. They collectively strengthen digital sovereignty, foster trust in technology, and create a secure, competitive, and human-centric digital economy.
2. Strategic Technological Investments that have special focus on reducing dependency on foreign tech, strengthening cybersecurity, and enhancing innovation. The Iris2 satellite constellation, a €10 billion initiative, aims to provide secure communication and cut throat competition to global networks like Starlink. On the other hand, the European Chips Act seeks to boost semiconductor production, which will increase the EU’s share in the global market from 9% to 20% by 2030, and reduce reliance on external suppliers..

Furthermore, because of globalization, nations have become economically interdependent, and domestic policies often have repercussions beyond national borders. For instance, the European Union’s General Data Protection Regulation (GDPR) applies not only to businesses within the EU but also to companies worldwide that process the personal data of EU residents. This extraterritorial reach impacts global data governance, compelling firms in other jurisdictions to comply with EU privacy standards. These interdependencies are the reason for a more flexible apprehension of sovereignty that has a perfect blend of national interest and collaborative global governance.

What’s Unique about Cyberspace?

1. Borderless Nature – Cyberspace is different from the traditional realm of authority over land, sea, or airspace. Because of the unrestricted nature, data flows across nations and creates challenges for governments who try to regulate and control information within the territory. Take for example YouTube, a platform where any user from a country can upload content and it can be accessible in some different countries worldwide.
2. Speed and Scale – Cyberspace has unprecedented speed when it comes to information transfer. Everything occurs in real time be it social media posts, financial transactions, news updates, and influences the global market. One such example is X (formerly known as Twitter). Right from the stock market to political movements, all can get triggered with just one tweet.

Decentralization of Governance – Unlike state sovereignty, cyberspace doesn’t have centralized governance rather it relies on a decentralized form of mechanism. It has a reliance on a combination of international organizations, private entities, individuals, and governments as stakeholders. One crucial example is “ICANN (Internet Corporation for Assigned Names and Numbers)”. It looks after domain names and Internet protocol addresses which demonstrate a fragmented approach to controlling this global frontier.

International Cooperation and Treaties

Cyberspace is a borderless frontier that is far beyond the traditional boundaries of a state. Nations came together to combat this new domain through conventions and international agreements, one such agreement is the “Budapest Convention on Cybercrime”. It was adopted in 2001 and emphasized criminalizing certain acts like hacking and data theft and further encouraged countries to join forces in order to track down the offenders outside the territorial limits. However, the idea was not supported by all the nations out there. and countries like Russia and China disapproved of the convention on the grounds that allowing cross-border data access would somehow infringe the concept of sovereignty. Both Russia and China advocate for state control over free flow of information within their borders. They argue that cross-border data access could undermine national sovereignty by allowing foreign entities to interfere with their internal affairs and data governance. This perspective has led them to oppose international conventions that they believe infringe upon their control over domestic information spaces.​

The United Nations has also launched intriguing initiatives like the “Open-Ended Working Group (OEWG)” and the “Group of Governmental Experts (GGE)” to vitalize the worldwide discussions on cyber security. Furthermore, the latest and most talked about response to increasing cyber threats is the “Tallinn Manual” which is a guiding light for the application of international law in cyber operations. Despite the fact of its non-binding nature, it has highlighted the crucial aspect of respecting state sovereignty and taking precautions while using cyber tools to interfere with another country’s boundaries.

Adaptation is the key to survival and these international efforts illustrate this principle well. The world is adapting complexities of cyberspace and combating them through treaties, guidelines, and collaborations to redefine the concept of state sovereignty. Now sovereignty is not limited to exercising authority within state borders but involves international cooperation also, for a better and secure virtual future worldwide.

Sovereignty Reconceptualized: How States Are Retorting

Cyberspace Sovereignty goes beyond mere defining authority and control; it encompasses innovation, interdependence, and collaborative approach and shared vision for the digital future. Let’s analyze how nations are dealing with digital destinies.

China has constructed its cyberspace sovereignty with precision and balance. Legislations such as “Cyber security Law”, “Data Security Law”, and “Personal Information Protection Law 2021” established the groundwork for an exhaustive framework to protect digital infrastructure and secure the flow of data. With initiatives like the “Global Security Initiative (GSI)”  and international collaborations like the “China-ASEAN Digital Economy Partnership”, China has asserted a dual strategy of having control at home while advocating for a shared vision globally.  Further, the creation of the “World Internet Conference” solidifies China’s role in reshaping cyberspace governance globally.

Concurrently, Russia in 2019 introduced Stable Runet Law which established a centralized internet management system that can counter external threats. Russia focuses on information sovereignty and securing its borders in the digital realm. To implement this, it has introduced two strategic planning documents such as the “Doctrine of Information Security” and the “Basic Principles of State Policy on International Information Security”. Russia has also banned certain platforms which further underpin the intent of prioritizing national interest over transnational dependencies. 

During the COVID-19 pandemic, Indian sectors such as education, healthcare, agriculture, research, etc. have seen an increase in digitization. This has accelerated the sense of awareness and the need to establish sovereignty in cyberspace. Initiatives like “Digital India” and “Smart Cities” introduced by the Prime Minister further exemplify the efforts towards governing cyberspace.

The introduction of the Information Technology Act of 2000 was the first legislative step towards governing the commercial use of cyberspace and was subsequently amended in 2008 to accommodate new challenges. Apart from this, India’s “Cyber security Strategy 2023” marks a significant step in protecting the vast online community. The strategy introduced many cohesive frameworks that can address the growing challenges of cyber threats and guarantee digital protection. The strategy focuses on critical infrastructure protection, threat intelligence sharing, capacity building, and robust incident response mechanisms to ensure a secure digital ecosystem. By fostering public-private collaboration and global partnerships, it aims to enhance cybersecurity preparedness and safeguard India’s vast online community from evolving cyber risks.

As a part of this framework, the “Indian Computer Emergency Response Team (CERT-In)” was established under the IT Act 2000 and operates a 24/7 incident response system. It also provides security management with cyber security drills to further enhance preparedness across sectors. India has also enacted its privacy legislation – Digital Personal Data Protection Act, 2023 which safeguards individual privacy through a consent-based framework, requiring clear, informed consent before data collection. The Act also mandates data accuracy, minimization, and security protocols to prevent misuse of digital data. Individuals have rights to access, correct, and erase their data, along with grievance redressal mechanisms. Organizations are required to report data breaches and ensure compliance with strict safeguards. Though the Act allows cross-border transfers, it also grants powers for the government to blacklist certain countries. 

Another framework to combat cybercrime is the introduction of the “Indian Cyber Crime Coordination Centre (I4C)” to refine law enforcement agencies’ responses, whereas citizens can report cybercrime incidents directly through the “National Cyber Crime Reporting Portal”. Furthermore, “Cyber Swachhta Kendra” is established and managed by CERT-In for –

• malware detection and removal, 
• spreading awareness of cyber security practices, and 
• implementing a Cyber Crisis Management Plan for counterattacking in critical situations of cyber-attack

Conclusion

We can see a paradigm shift in how nations interact and protect the interests of their subjects in an evolving era of state sovereignty. The digital revolution gave humankind new freedom and innovation at the same time-imposed challenges and exposed states to cyber threats, and jurisdictional conflict. 

In international arrangements where economies are now interconnected as well as interdependent, it is important to strike a balance between safeguarding national interests and promoting global cooperation. “Budapest Convention on Cybercrime”, initiatives from different organizations such as the United Nations and the “International Telecommunication Union (ITU)”, all these frameworks and organizations lay crucial steps on norms for creating responsible behavior in cyberspace. With globalization and digitalization driving evolution, there is a growing need for a unified framework that ensures cybersecurity and digital rights while allowing states to interact and thrive freely in the digital era.

Sovereignty is a part of society and as society evolves so is the sovereign nature of that society. The future evolution has reliance upon adaptability and shared vision.  Since cyberspace has become an integral part of global governance and security, states hold the responsibility of embracing new interpretations of sovereignty that go beyond territories and foreground collaborations to address challenges posed by the digital era.