International arbitration: Cybersecurity protocolPrint publication
Commercial dispute resolution and international arbitration specialists Gwendoline Davies and Nick McQueen highlight a new cybersecurity protocol which should help to ensure that arbitration remains a safe and sensible option for international dispute resolution in today’s – and tomorrow’s – tech-driven commercial world.
International arbitration: Pros and cybersecurity cons
Arbitration has firmly established itself as a popular alternative form of dispute resolution to court litigation. It is more flexible and confidential than litigation and parties are free to choose, within their commercial contracts, the applicable law and jurisdiction to govern the arbitration. In addition, international conventions are in place which facilitate the enforcement of arbitration awards. Arbitration is therefore often the dispute resolution method of choice for international commercial contract disputes.
In addition, arbitration will be unaffected by Brexit. It is governed by the 1958 New York Convention rather than by any EU legislation. Since the UK is a long standing signatory to the 1958 New York Convention (to which there are currently 156 signatories, including EU members states, the US, China, Russia and most of the UK’s other major trading partners worldwide), an arbitration award will be enforceable in the courts of other signatory countries. As we have reported previously, therefore, arbitration is increasingly likely to be seen as a sensible and popular ADR option going forward.
However, arbitration is also increasingly a largely digital process. There are, therefore, inherent cybersecurity risks. These can be exacerbated in international arbitrations, where the cross-border, multi-jurisdictional nature of disputes may involve multiple technologies and networks, different data protection requirements and regimes, and potentially extensive international travel.
Cybersecurity framework for today and tomorrow
To address those risks, and to help ensure that arbitration remains a prudent, practical and credible international commercial dispute resolution option now and in the future, the Cybersecurity Protocol for International Arbitration 2020 (the Protocol) has been published.
The Protocol has been produced by the International Council of Commercial Arbitration, the New York City Bar Association and the International Institute for Conflict Prevention & Resolution, following extensive consultation and multi-organisational collaboration over recent years.
Key aspects of the Protocol include:
- A practical and procedural framework to enable tribunals, parties and administering institutions to determine reasonable information security measures for individual arbitrations.
- Awareness-raising of risk factors within international arbitration generally, risk mitigation and accessible/available information security measures to improve everyday practices.
- Practical advice regarding improved information security – including a detailed baseline security measures checklist. That includes, for example, how to keep abreast of security threats and solutions; identifying, classifying, protecting and transmitting sensitive data; data encryption; and tips to improve physical, environmental and operational security.
- The Protocol does not establish any legal or other liability or responsibility. It does, however, provide a framework for information security within arbitration and, where it is adopted, it provides a power for the arbitral tribunal to impose costs or sanctions in the event of a breach of security measures or an information security incident.
- The Protocol is a ‘living’ document. It is intended that the Protocol will be maintained to take into account changing technology, evolving cyber threats, changing and proliferating worldwide data protection laws and regulation, and emerging consensus from institutions and users as to best practice. Feedback is therefore encouraged and can be given to email@example.com.
If you would like any further advice or expert assistance in relation to international arbitration, cybersecurity and/or commercial dispute resolution generally, please do not hesitate to contact Gwendoline Davies, Nick McQueen or any member of our Commercial Dispute Resolution team or our cross-discipline International group.