International investment law and arbitration in cyberspace

Abstract

Cybersecurity in international investment law and arbitration is a recent point of attention. Foreign investors, as any other businesses, are increasingly subjected to cyberattacks as part of the general rise of cyberattacks. Cyberattacks also have increased in terms of sophistication. The question of cybersecurity, and the role and responsibility of the host State in which the foreign investor has invested has thus gained prominence, although so far based on the current publicly available information, no claim on that ground seems to have been brought. First of all, States seem to increasingly rely on concerns relating to the digital economy, such as security and consumer protection, in order to take measures or adopt a certain conduct which in itself may be considered detrimental to foreign investors and constitute a breach of the State’s investment treaty obligations. Secondly, investment claims by targeted foreign investors against the host State for failure to provide the necessary security cannot be excluded. In this chapter, I will first address the question of whether digital assets can qualify as ‘investments’, as defined both in international investment treaties and under the Convention on Settlement of Investment Disputes (ICSID Convention).12 I will next address the related question of entry requirements for foreign investors and security screening operated by host States for investments in digital assets.13 I will then turn to analysing possible claims by foreign investors against host States for breaches of their obligations, under applicable international investment treaties, in relation to cybersecurity. This will be done through an analysis of what I consider to be the two most relevant provisions regularly found in international investment treaties: fair and equitable treatment (FET) and (full) protection and security (FPS).