Cross-Border Cyber Incidents in International Commercial Arbitration: Private International Law Approaches to Jurisdiction and Applicable Law

This article examines the private international law (PIL) challenges arising from cross-border cyber incidents in the context of international commercial arbitration. As commercial transactions increasingly rely on digital infrastructure, disputes involving ransomware attacks, data breaches, cyber fraud, and electronic contract manipulation have proliferated, generating complex questions of arbitral jurisdiction and applicable law. The article analyses three interlocking issues: first, the determination of arbitral jurisdiction over multi-party and multi-contract cyber disputes; second, the identification of the law applicable to cyber-related claims under leading PIL instruments, including the Rome I and Rome II Regulations, the UNCITRAL Model Law, and common law frameworks; and third, the recognition and enforcement of arbitral awards involving cyber incidents under the 1958 New York Convention. Special attention is given to the tension between territorially anchored PIL connecting factors and the inherently borderless nature of cyberspace. The article concludes that existing PIL frameworks require purposive adaptation to address the specificities of cyber incidents, and proposes a set of principles for choice-of-law clauses and procedural orders designed to reduce legal uncertainty in cyber-related international arbitration.