The concepts and laws applicable to hybrid threats, with a special focus on Europe

The question of how to fight hybrid threats with the tools of the law is fundamental, but by no means straightforward. The adjectives used in this context, such as hybrid, grey, asymmetric, unbalanced, and unconventional, are not always interchangeable and are indicative of the lack of stability in this field. Indeed, when we try to apply the law to such threats, we often find that the sands shift beneath our feet. Moreover, the international environment is becoming increasingly hybrid in nature. International law is meant to promote security, justice, cooperation, predictability, and common values, but hybrid activities play the opposite role. In this sense, Aurel Sari mentions "the tragedy of international law" in his work (Sari, 2019, p. 4). The legal tools, procedures, and institutions that exist today were created primarily to prevent and mitigate Cold War controversies and so there is a school of thought that they may no longer be completely suited to preventing the highly disconcerting and complex covert operations of the so-called grey zone. The latter may consist of activities undertaken by one state that are harmful to another, although not legal acts of war, which can be thought of as a malevolent manifestation of the concept of peace. Of note, the order of the international environment has shifted from being fairly stable, with all the players understanding where their enemies lay, to a much more volatile post-Cold War era, defined neither by open conflict nor by enduring peace. In this sense, hybrid threats exist, by their very nature, in the realm of legal uncertainty. They remain below the threshold of warfare because of their low intensity. Education, prevention, monitoring, and raising social awareness are powerful tools to combat hybrid threats, although even military means may be necessary. Hence, it can also be argued that international law, or even any law, may not be needed to counter such threats. However, hybrid threats usually navigate between the troubled waters of what is legal, illegal, and alegal. Therefore, the law applicable to the grey zone is needed to identify whether specific activities fall within the limits of legal order, and if not, further legislation will again be required to counter that action or behaviour. The law helps to determine any possible illegal conduct and identify the guilty actors behind it. In other words, in modern societies, there is no other way to mitigate or neutralise possible unlawful behaviours and actions, except through application of the law. Thus, the question then becomes whether new legal mandates or structures are needed to combat these hybrid tactics or whether those already in place are sufficient to respond to hybrid threats and/or low-intensity conflicts. Conversely, should international law and in particular, humanitarian law, be changed to adapt to unarmed hybrid campaigns? However, before responding to these questions, the concept of hybrid threat itself should first be explored in detail.

• Hybrid threats are poorly and inconsistently defined. NATO and the EU avoid a closed definition, instead characterising hybrid threats as multidimensional, adaptive combinations of conventional and non-conventional means designed to be hard to detect and attribute. • Hybrid threats span political, informational, cyber, military, economic, legal, and societal domains. Tools range from cyberattacks and disinformation to the weaponisation of migration, economic coercion, and lawfare. Vulnerabilities include critical infrastructure, cyberspace, finance, public administration, and social cohesion. • Democratic states are more vulnerable to hybrid tactics due to transparency, media scrutiny, and human rights obligations; authoritarian regimes face fewer internal constraints and can leverage proxies and ambiguity more readily. • Existing international law applies but is stressed by grey-zone tactics: jus ad bellum thresholds (UN Charter art. 2(4), 51) and NATO Article 5 thresholds are rarely met by hybrid operations, complicating collective defence responses. EU mutual assistance (TEU art. 42(7)) and the solidarity clause (TFEU art. 222) offer tools, with the EU comparatively well-equipped on disinformation, trade defence, FDI screening, cybercrime, and border management. • Lawfare—strategic manipulation of legal norms—is a central hybrid tactic, used to sow confusion, erode customary law, and justify faits accomplis (e.g., passportization, maritime claims, proxy use). • Human rights law constrains state responses: under the ECHR, restrictions must be lawful, pursue legitimate aims, and be necessary in a democratic society (arts. 8–11), with safeguards against abuse (arts. 15, 17, 18). Case law limits overbroad security measures while permitting curbs on incitement and hate speech. • Attribution is a core challenge. The ILC Articles on State Responsibility (2001) provide bases to attribute conduct to states (arts. 2, 5, 7–9, 11), but strict standards and proxy use often frustrate accountability. When attribution to a state fails, national criminal and civil law generally govern responses to non-state actors. • Overall, peacetime domestic and international legal frameworks remain the primary, sufficient tools to counter hybrid threats, complemented by prevention, resilience, counterintelligence, and strategic communication.

The paper addresses the central question of whether existing law can effectively counter hybrid threats by examining conceptual ambiguity, operational characteristics, and the applicability of international and European legal regimes. It finds that while hybrid tactics intentionally operate below the thresholds that trigger jus ad bellum and collective defence mechanisms, they do not exist in a legal vacuum. International human rights law, the UN Charter framework, IHL (inapplicable absent armed conflict), NATO and EU clauses, and especially domestic criminal and regulatory law provide a robust, albeit constrained, toolkit. This framework compels democratic states to calibrate proportionate, lawful countermeasures, preserving legitimacy while complicating rapid responses. The analysis shows that lawfare and attribution challenges are deliberately exploited to erode norms and obscure responsibility. Nonetheless, the ILC Articles allow attribution where states direct, control, empower, or adopt proxy conduct, and the ECHR sets boundaries for necessary and proportionate security measures. The EU’s regulatory capacities (disinformation, trade, FDI, cyber, borders) illustrate how regional instruments can mitigate vulnerabilities without redefining foundational concepts such as force or aggression. The findings underscore that strengthening legal resilience—clarifying thresholds, enhancing investigative attribution, and harmonising domestic laws on cyber, migration, finance, and critical infrastructure—addresses the hybrid threat while upholding the rule of law, thereby protecting democratic legitimacy and international order.

Despite the ongoing unresolved debate over the real need for a definition of hybrid threats, there is an international consensus that hybrid threats represent a growing security problem. Addressing these threats is a major challenge because, in addition to being a never-ending task, this process erodes democracy from within. The grey zone is the arena in which actors operate on the fringes of legality. Threats in the grey zone are always evolving and so our responses must also be proactive and flexible. Hybrid operations constantly and surreptitiously undermine the ability of states to function. If a state uses hybrid capabilities, it will be acting contrary to its obligations under international law, in a non-transparent manner, and against the principle of good faith. Hybrid threats also run counter to the principle of non-interference in domestic affairs. Thus, although they are short of open warfare, hybrid threats clearly evade the idea of the peaceful resolution of disputes. Hybrid threats exploit the vacuum of law, but law is needed to address these same threats. While prevention, social awareness, and education are also required to counter hybrid threats, the law is paramount because actors using such threats move between the realms of what is legal, illegal, and alegal. Unless an attack is lethal, law-abiding states should not apply the law of armed conflict in response to hybrid tactics. It is important that this rule remain unchanged. Nor is redefinition of the meaning of the terms 'force', 'aggression', 'war', 'intimidation', or 'conflict' necessary because the inclusion of hybrid threat attacks within these concepts would only add confusion. In general, peacetime law applies to hybrid threats, which forces law-abiding states to carefully measure their responses and fully respect human rights, placing them in a precarious position. In this respect, democratic regimes can become prisoners of ethical standards and rule-of-law principles because they must not retort against aggressors with weapons or other means. This is because hybrid threats must be countered by using the law in good faith. Importantly, international law should not be by-passed when responding to hybrid threats, rather it must be applied with determination and further developed. Thus, dismantling the current international legal system is not required, although the system should be made more resilient to better deal with these threats. In addition, awareness, preparation, prevention, counterintelligence, diplomacy, and strategic communication are all required, although these needs do not undermine the critical importance of international law and its institutions as they currently stand. The potential damage that hybrid threats could cause to international peace and stability should not be underestimated: the covert way in which they show up can confuse law-abiding states. This makes hybrid threats one of the main ongoing challenges to world order. Nevertheless, these risks have probably always been present throughout history, with political groups, whether state or non-state actors, always having attempted to upset the stability of their perceived rivals using these tactics. Hence, in some ways, hybrid threats are endogenous to the international political system. What makes them special is that they attempt to surreptitiously circumvent the law, making their detection and attribution particularly difficult. The novelty of hybrid threats in the 21st century is the multifaceted forms they now often adopt, usually through the application of new technologies, as well as the exponential speed of their propagation. Hybrid threats can cause critical damage to basic infrastructure, making them an immensely powerful weapon both in times of peace and of war. Notwithstanding, such threats must be tackled using the means of the law, as well as through prevention, resilience, and education. Both the current international and national legal systems, especially their civil and criminal branches, are sufficient to counter these risks. In any case, is there even an alternative to enforcement through the law? Can a solution against hybrid threats not firmly anchored in legal standards be praised? Moreover, can illegal means be used to counter these threats and what would an illegal response look like? It is worth remembering that state responsibility comes first in the fight against hybrid threats. However, states should not solely rely on international law to solve all these problems. While international law must remain the overall guiding framework to deal with hybrid threats, each state should also legislate at the domestic level. States need clear national norms regarding cyberspace, migration, drugs, money laundering, human trafficking, infrastructures, and privacy law, among others, because these are some of the principal vulnerabilities leveraged by hybrid tactics. States should also enact comprehensive national defence legislation and cyber security laws sooner rather than later. Furthermore, they should legislate on their diplomatic services to update their functions and capacity to face these threats in their everyday work. Thus, international law cannot and should not replace state law in this respect.