In parallel with the expansion of cyberspace, cyber warfare has also expanded as a tool for exerting power against various countries. The imposition of legal restrictions on them has become inevitable. In the realm of international criminal law, imposing limitations of the laws of war on cyberattacks, which differ from conventional warfare, faces challenges. Because the regulations governing the laws of war and war crimes has been formulated to align with conventional warfare. Yet disruptive cyberattacks on critical infrastructure are a type of cyberwarfare that, without causing physical effects similar to conventional wars and solely through non-physical impacts on a country's vital infrastructure, are considered capable of producing consequences more severe than those of conventional wars. Employing a descriptive-analytical method and gathering materials through a library-based approach, this study addresses its central question whether under the existing framework of the Rome Statute, disruptive cyberattacks on critical infrastructure could constitute war crimes particularly Article 8 on war crimes. Ultimately, it holds the view that by adopting a dynamic interpretation of the concept of 'intensity' under existing regulations, it can be affirmed the possibility of cyber conflict and war crimes via  severe disruptions to critical infrastructure. However, this approach will face challenges when dealing with critical infrastructure with dual-use.

Despite the increasing prevalence of cyber warfare and the need to apply the laws of armed conflict (jus in bello), existing regulations were designed for traditional physical warfare, making their application to modern cyber operations a significant challenge. A primary hurdle to prosecuting war crimes in this domain is establishing the requisite contextual element: the existence of an armed conflict. Specifically, cyber attacks by non-state armed groups can constitute war crimes only if they occur within the context of a non-international armed conflict. Consequently, this research investigates the feasibility of a non-international armed conflict arising from cyber warfare as a condition for realizing cyber war crimes. Using a descriptive-analytical method and library resources, the study concludes that the nature of cyber groups, characterized by the physical dispersal of members, potential lack of consensus, and absence of traditional internal discipline, does not fully align with established legal criteria for an organized armed group. Therefore, only through a contemporary and dynamic interpretation of existing regulations and jurisprudence can the threshold for a non-international cyber armed conflict be met, thereby enabling the contextual element for war crimes to be satisfied.

Various countries have focused on cyber-attacks as part of the modern threat environment. For this reason, it is necessary to impose restrictions on the laws of war on cyber-attacks manifested in the form of cyber wars. The limitations related to the laws of war, the violation of which is considered to be a war crime and can be dealt with by the International Criminal Court, have been established for traditional physical wars and their application in the field of cyber wars is faced with ambiguities, and one of the mentioned ambiguities is the threshold of the severity of cyber war crimes for the proceedings before the ICC. Based on this, this research deals with the fundamental question of what level of severity threshold is necessary to deal with war crimes caused by cyber wars before the International Criminal Court. For this purpose, despite the ambiguity of the severity threshold, it is possible to clarify the level of jurisdiction of the court to deal with some behaviors committed in cyber wars as war crimes. In this regard, using the descriptive-analytical method and inferred from the decisions issued by the Court in previous cases and cases, two types of "threshold of the severity of proceedings before the International Criminal Court", i.e. "threshold of legal severity" and "threshold of relative severity", recognized and by analyzing how they are used in cyber war crimes, quantitative and qualitative indicators, such as the scale, nature, manner of committing crimes and their effects, are considered as effective factors in reaching the threshold of the severity in proceedings. Keywords: Cyber ​​War Crime, Severity Threshold, International Criminal Court, Legal Severity, Relative Severity 1. IntroductionAlthough no cyber warfare situation had been analyzed by the International Criminal Prosecutor until 2023, in a significant written submission, the Prosecutor of the International Criminal Court made it clear that while no article of the Rome Statute specifically addresses cyberattacks, such conduct could potentially meet the elements of international crimes, such as war crimes, as previously defined, and the Office of the Prosecutor of the Court confirmed this as the current official position of the International Criminal Court. In light of this strategy, it is necessary to apply the general and specific elements of “war crimes” to “cyberwarfare.” In this regard, one of the necessary contextual elements is the fulfillment of the “threshold of severity” for war crimes committed in the context of cyberwarfare before the International Criminal Court.As stated in the preamble to the Rome Statute, the ICC was established only to investigate and prosecute the most serious crimes of concern to the international community as a whole, with other crimes remaining within the domestic jurisdiction of national legal systems. One mechanism devised to ensure this division of labour is the inclusion in the Rome Statute of a threshold of gravity that a situation must meet in order to be admissible to the Court. In Article 17 of the Statute of the International Criminal Court, “gravity” is considered a common element for all crimes, and there are numerous references to gravity in the definitions of crimes set out in Articles 6, 7, 8 and 8 bis of the Rome Statute. Article 5 also states that the jurisdiction of the Court is limited to the most serious crimes of concern to the international community as a whole.On the other hand, with regard to war crimes, Article 8, paragraph 1, of the Rome Statute stipulates that the Court shall prosecute war crimes " in particular when committed as part of a plan or policy or as part of a large-scale commission of such crimes" and thus it appears that the Rome Statute has set a "special threshold" for the prosecution of war crimes before the International Criminal Court. The Office of the Prosecutor of the International Criminal Court has also acknowledged this article as a legal guideline indicating that the Court should focus on war crimes that meet these requirements. However, the Pre-Trial Chamber of the Court is of the opinion that the term “in particular” mentioned in Article 8, paragraph 1, implies that the existence of a plan, policy, or large-scale commission, contrary to what is stated, is not a condition for the jurisdiction of the Court and is not necessary to establish the existence of severity.In any case, the criterion of "severity" is still considered an acceptable and necessary threshold for determining the Court's jurisdiction to investigate war crimes; moreover, an important question that this study attempts to answer is: assuming the possibility of war crimes occurring in the context of cyberwars, which has also been clarified by the Prosecutor of the International Criminal Court, what level of severity is required for the International Criminal Court to investigate war crimes committed in the context of cyberwars?The criterion of “severity” is, first, the threshold for non-discretionary proceedings in the International Criminal Court and is referred to as “legal severity” and, second, based on Article 53, paragraph 1, subparagraph (c) and Article 53, paragraph 2, subparagraph (c) of the Rome Statute, it also serves another function within the framework of the Court’s proceedings and guides the Prosecutor’s decision in selecting and prioritizing situations and cases that are admissible for investigation and prosecution, which is referred to as “relative severity.” The aforementioned severity is intended to focus the Court’s resources on the most serious incidents. 2. MethodologyBecause the present study has a documentary approach to the jurisprudence of international courts, international documents, and research studies, it uses a descriptive-analytical method and, by utilizing library resources, in the first part of this study, the "legal severity" necessary to address war crimes resulting from cyberwars before the International Criminal Court is addressed, and in the second part, the "relative severity" necessary to address war crimes resulting from cyberwars before the International Criminal Court is addressed. 3. Results and DiscussionThe increasing use of cyberattacks in the world has led to the expansion of their effects and has created cyberwars, which, like all other types of war, all countries in the world are forced to regulate and impose restrictions on them. Among the aforementioned restrictions is the possibility of war crimes in cyberwars. Some actions committed in cyber operations can be considered as cyberwar crimes based on existing regulations if there are general background elements for the occurrence of war crimes in cyberwar. One of the necessary background elements is reaching the threshold of severity for jurisdiction before the International Criminal Court. As can be deduced from Articles 17 and 53 of the Rome Statute, there are two types of severity thresholds for proceedings before the International Criminal Court, namely the threshold of legal severity and the threshold of relative severity.Regarding the threshold of legal severity, the jurisprudence of the International Criminal Court, such as the decision of the Prosecutor not to open an investigation into the Mavi Marmara incident, indicates that the assessment of legal severity should be based on quantitative and qualitative factors, such as the scale, nature, manner of commission of the crimes, as well as their effects. The “scale” factor, which can be considered to some extent in line with the opinion of the Tallinn Manual, emphasizes the scope of general physical effects and, from this perspective, is the subject of criticism in cyber warfare, which, despite the conventional perception of their severity, has not created a range of physical effects. The “nature” factor cannot be considered as an appropriate criterion for assessing the threshold of legal severity due to its lack of inclusion in liability arising from omissions in cyberwar crimes. The “manner of commission” factor cannot be mentioned as an effective factor in assessing the threshold of legal severity of cyberwarfare; Because the examples of the aforementioned factor cannot be considered to be very evident in cyberwarfare and only some acts committed in the cyberwarfare domain, such as causing serious disruption to data related to the general health of patients, can be assessed by this index as crimes reaching the threshold of legal severity. Finally, the factor of “impact” can be considered a widely used factor in assessing reaching the threshold of legal severity of the investigation; because its scope has also been extended to cyberwarfare causing non-physical disruptions. The sum of these factors does not have a fixed importance and must be assessed on a case-by-case basis and if the overall assessment indicates sufficient severity, it is not necessary that all conditions be met collectively.Regarding the threshold of relative gravity, the Office of the Prosecutor’s Policy Document on Case Selection and Prioritization states that the threshold of relative gravity is higher than the threshold of legal gravity and that it is assessed using the quantitative and qualitative factors assessed for the threshold of legal gravity. Cyberwarfare, like crimes committed by traditional means, can potentially meet all the factors identified by the Court to reach the threshold of relative gravity. For this purpose, the quantitative and qualitative factors of gravity, together with the mental element of the alleged perpetrator and the circumstances and circumstances of the crime, can be considered equally.

The increase of cyber wars has made the application of criminal war regulations on them inevitable, and this is while the said regulations have been established in accordance with traditional wars and it is challenging to apply these regulations to cyber wars. The aforementioned challenges are proportionately greater for disruptive warfare that does not create physical effects -versus destructive cyber warfare-. Based on this, how to determine the background element necessary for the occurrence of a war crime, that is, "occurrence of cyber armed conflict", is necessary and is the main question of this research. To answer this question, by collecting data through library sources, descriptive-analytical method is used in the research. The opinions of the opponents of the implementation of cyber armed conflict through disruptive cyber warfare are analyzed and answered. The Tallinn Manual as the most important non-binding international document for the application of international law regulations in the cyberspace, is the subject of a comparative study. The result of this research is that the emphasis of the Tallinn Manual on the necessity of creating physical effects as a result of cyber wars to fulfill the Severity criterion, causes the impunity of a large number of disruptive cyber wars whose effects are not necessarily less than destructive cyber wars. on this basis, it is suggested that, while emphasizing the criteria of the Tallinn Manual, the International Criminal Court to follow the severity criterion, regardless of the need to create physical effects, in line with modern approaches And to verify it, use the micro-indicators of scale, nature, method of committing, influence, disturbance in vital infrastructures and circumstances of committing.