Information about the author:
Mgr. Hovsep Kocharyan, Ph.D., is the Co-founder and Head of the Legal Department of Artlex Consult s.r.o. (Prague, Czech Republic), as well as a member of “Metaverse Bar Association” (Ontario, Canada).
He is an experienced FinTech lawyer, providing his legal and business support services in the field of payment systems (PSD2), crypto-industry, GDPR and data protection, AML/CFT compliance, as well as corporate and investment laws in various jurisdictions (Czech Republic, Poland, Netherlands, Cyprus, Estonia, Latvia, Lithuania, UK, SVG, and so on).
Hovsep is also a legal scholar at Palacky University Olomouc (Olomouc, Czech Republic), specialising in International and EU law and conducting research in the field of EU data protection law. He is an author and co-author of a number of Scopus-indexed academic papers devoted to contemporary issues and existing challenges to the protection of the right to be forgotten, Internet access and digital integrity of the person in EU law. In the framework of his academic activities and research grant projects, Hovsep conducted his research at the University of Geneva (Switzerland), University of Copenhagen (Denmark), Karl-Franzens-Universitat Graz (Austria), and University of Oslo (Norway).
1. Introduction
International law has traditionally been based on an obvious and simple intuition: a territory is a physical land defined by borders and controlled by a State. In particular, as Malcolm Shaw points out: “Territory is the physical aspect of the life of the community as an entity and therefore reflects and conditions the identity of that community”.[1] At the same time, as noted by researchers Marcelo G. Kohen and Mamadou Hébié: “strictly speaking, ‘territory’ as a term of art comprises not only emerged land, but also → airspace, the → territorial sea, and → internal waters (see Military and Paramilitary Activities in and against Nicaragua [Nicaragua v United States of America] [Merits] [1986] ICJ Rep 14 at para. 212; → Military and Paramilitary Activities in and against Nicaragua Case [Nicaragua v United States of America])”.[2]
It is this understanding of territory that underlies the recognition of States, the definition of their jurisdiction, the outbreak of armed conflicts, as well as the resolution of issues related to the delimitation and demarcation of territories, including in the context of unrecognized or partially recognized States.
The 21st century brings new challenges for international law. The problem is that in the digital space, data moves instantly, infrastructure is scattered all over the world, while interactions between people and organizations are no longer tied to a specific place.[3] In this context, the question increasingly arises: can there be a digital state as such in international law? And if so, will such an entity be able to pass the classic "statehood test" provided by the Montevideo Convention on the Rights and Duties of States (1933), signed during the Seventh International Conference of American States (hereafter referred to as the "Montevideo Convention")?[4] To determine to what extent such entities can claim the role of states, it is necessary to refer to the classical criteria of statehood, enshrined in the Montevideo Convention of 1933, and analyze their applicability in digital reality.
However, before proceeding to the analysis of the applicability of the criteria of statehood to digital entities, it should be noted that in the framework of this work, the question of the nature of international recognition — namely, the dispute between constitutive and declarative theories — is left out of the brackets.[5] In this research, we proceed from the fact that recognition does not create a state, but only fixes or confirms the already existing fact that it meets the established criteria, although there are opposing opinions in the scientific literature. In particular, we adhere to the position that the international community is a derivative of the will of existing States. Consequently, the recognition of statehood by other States cannot be considered as the basis for the emergence of the state-legal status of a new entity. Such an approach would conflict with the principle of par in parem non habet imperium — "an equal has no power over an equal" — by virtue of which States do not have the right to single-handedly determine the legal personality of another, equal to him in the international legal status of the subject. Just as a person does not cease to be a person in the absence of recognition from others, so the state, in the presence of all material attributes, exists independently of external recognition. That is why we use the Montevideo Convention (1933) as the basis of our analysis, which establishes the classic, most widely cited and internationally applied list of necessary signs/elements of statehood.
Despite the fact that the Montevideo Convention was signed within the framework of the regional American-Latin forum, it can be argued that its provisions have acquired the status of a generally accepted doctrine (in particular, in part of Article 1 of the Convention), and continue to be used as a starting point in assessing state-legal subjectivity, including in the context of modern challenges, including digitalization.
In the following sections, we will take a closer look at exactly which criteria of statehood are enshrined in the Montevideo Convention, and analyze how digital entities can meet these requirements.
2. The Montevideo Convention and the Four Criteria of Statehood
In accordance with Article 1 of the Montevideo Convention: “[t]he state as a person of international law should possess the following qualifications:
(a) a permanent population;
(b) a defined territory;
(c) government; and
(d) capacity to enter into relations with the other states.”[6]
It seems that clear criteria for statehood have been established, but each of these criteria has long been the subject of legal discussions. This is especially true of the second element: "a defined territory", which has become even more controversial in the context of the development of digital technologies.
As already noted, traditionally, a territory is understood as a specific piece of land with clearly defined borders where the state exercises its sovereignty. For example, in the Island of Palmas case (1928), the Court emphasized that sovereignty is the “peaceful and continuous display of State authority over [a territory]”.[7] That is, in this classic model:
The boundaries of the territory are fixed geographically on the map,
The legal regime depends on the control over a certain physical space,
Territorial disputes are usually resolved based on the principle of de facto control.
Later, with the development of international relations and scientific and technological progress (especially in the field of aviation and cosmonautics), water, air and space objects and spaces also began to be considered under the territory, not to mention the fact that the building of diplomatic and consular missions, water, air and space vessels began to be considered as the territory of the state.
However, today the Internet poses new challenges to this model of understanding the territory. Of course, the digital space is based on physical infrastructure, for example, on certain data centers, cables, servers and satellites, and all of them are under the jurisdiction of certain states. But the digital world as such is not just a "physical shell". We should not forget that there is also a "secondary space" that is created through such an infrastructure — that is, a network of rights, obligations, norms and relationships that operate independently of the location of servers, cables and infrastructures. For example, a website can be hosted on a server in the Netherlands, but it is subject to several legal systems at once: the EU, the USA, and Russia, if it works with citizens of these countries.
As you can see, today a territory in international law is not only a physical space, but also the space of operation of the legal system as such. In the digital age, the territory is changing:
l) From geography to jurisdiction: control is determined not by the location of the servers, but by the applicable law;
2) From borders to rights: borders are "drawn" where the state protects the rights of its citizens;
3) From fixity to mobility: the digital territory moves along with data and users.
This "secondary" layer of the digital territory already goes beyond the borders of one state, even if the entire physical infrastructure formally belongs to it. This expansion of the concept of territory creates new challenges, namely:
1) Conflicts of laws: International companies (including also holdings, concerns, and financial and industrial groups), especially in the field of digital technologies and data processing, face the need to comply with different — and often contradictory — legal regimes in different jurisdictions. For example, the GDPR requires strict rules for the storage and processing of personal data, including a ban on the transfer of data to countries with an "insufficient" level of protection. At the same time, for example, the FISA law (USA) may oblige American companies to provide access to the data of foreign users at the request of intelligence services.[8] In turn, some countries (for example, Russia or China) require data localization so that information about citizens is stored and processed within the country.[9] This situation contradicts both the freedom of cross-border data transfer and the interests of international corporations.
Moreover, this situation leaves negative consequences for the development of companies' business activities. In particular, commercial companies are forced to invest in complex legal structures (for example, to open branches or subsidiaries, to appoint a responsible specialist to the extent of business development and customer targeting). At the same time, there is a risk of fines or lawsuits if one legislation is not followed in favor of another. It should be noted that small and medium-sized companies often cannot afford such adaptation and are forced to limit or completely cease their international activities, which often becomes fatal for their business.
2) Politicization of regulation: digital law is very often used as an instrument of geopolitical pressure. For example, the EU promotes its own standards (for example, GDPR) as global norms, and countries and companies that do not comply with them are excluded from the European market.[10] Moreover, the rules of digital regulation are becoming not only a tool for protecting data and the interests of citizens, but also a means of geopolitical pressure and an instrument of economic warfare.
3) Fragmentation of the Internet: there are "sovereign" network segments with different rules. Instead of a single global Internet, national or regional "sovereign" segments are being formed with their own technical and legal rules for access, content, and data processing. For example, China has implemented the so-called "Great Firewall", which isolates the internal part of the Internet from the global network, allowing access only to "approved" resources.[11] Russia is creating the concept of a "sovereign Internet", which assumes the possibility of autonomous operation of the Runet, filtering traffic and blocking unwanted resources.[12] Meanwhile, India, Iran and a number of other countries restrict access to foreign platforms and require compliance with local rules on censorship, data storage, etc.[13]
3. Human rights as a new frontier?: extraterritoriality of digital rights
One of the most striking examples is the decision of the EU Court of Justice in the case of Google Spain SL and Google Inc. v. Agencia Española de Protección de Datos (2014), which approved the "right to be forgotten". [14] Later, the Court itself developed its analysis in other cases regarding the right to be forgotten and ruled that an EU citizen can request the deletion of his personal data from search results, even if the servers are located outside the EU and the data is processed in other countries. In this case, EU jurisdiction is no longer determined by physical control over the infrastructure, but by the protection of the rights of its citizens, wherever they are.
This means that the digital territory of the EU is spreading "all over the world" to where the data of its citizens goes — as if the borders of the country were moving with the population [15]. The fact is that the General Data Protection Regulation (GDPR) establishes the logic of extraterritoriality: that is, its rules are mandatory for all organizations that work with the data of EU citizens, regardless of their place of registration or the location of servers [16].
In response, the United States adopted the Cloud Act, which obliges American companies to transfer data at the request of the authorities, even if the data is stored outside the United States [17]. Thus, the digital territory and law in the 21st century acquire an extraterritorial character.
4. Legal uncertainty: where exactly is the state border?
Digitalization is already destroying the previous framework in which state law operated. The emergence of transnational digital platforms, decentralized autonomous organizations (DAOs), and new forms of digital citizenship poses fundamental questions for lawyers: where does the power of the traditional state end and digital autonomy begin?
In classical law, the jurisdiction of a State is determined by its territory. But what if the platform or organization does not have a physical "address", and its members are located in different countries? For example, the DAO, as a decentralized autonomous organization, is managed by smart contracts and unites thousands of people from different countries. In the DAO, decisions are made by voting, and funds are stored on the blockchain. But if a dispute arises, in which court should it be considered? And on the basis of what legislation? And here legal difficulties arise in practice, since DAOs are often not registered as legal entities. Moreover, the participants of the DAO can be anonymous, and smart contracts do not provide conflict resolution mechanisms.
Practice shows that when the State is faced with a violation of the law, it can usually bring an individual or a legal entity to legal responsibility. But in the digital world, this link is blurring. For example, the DAO smart contract made a mistake that caused users to lose their funds. Or artificial intelligence (AI) embedded in digital control makes decisions without direct human intervention. In such cases, who is legally responsible: the developers of the software code, administrators, platform owners, and the participants of the DAO who voted for this or that decision? Or is no one responsible at all? These questions do not have a definite answer.
At the same time, the emergence of digital citizenship programs — such as Estonia's e-Residency, Korean and Japanese experiments with digital identities, as well as self-styled "digital nations" (BitNation, Nation3, Plumia, etc.) — raises an important question: is it possible to be a citizen online without being tied to a physical state? Can a person have digital citizenship without rights and obligations to a real state? What happens if digital citizenship comes into conflict with national citizenship? These issues require in-depth analysis.
There are other serious problems. Can digital states be considered analogues of existing traditional states? (for example, France and Digital France). Or can digital states exist only in the digital space and without a geographical territory?
Moreover, is it possible to recognize digital citizenship in BitNation or Nation3 as legally significant? Can such a "digital nation" conclude agreements with other states, provide its "citizens" with protection, or collect taxes?
Based on the constitutive theory of state recognition, in practice such digital structures certainly do not have sovereignty in the traditional sense — they are not recognized by the international community and do not control the physical territory. And the classical states themselves will not agree with this state of affairs, given that it will weaken their power in the digital world: it is not profitable for them to have digital “competitors”. But we should not forget that there is also a declarative theory, and platforms such as BitNation or Nation3 are creating a new model of social and political organization where people unite not on a territorial basis, but on interests, values and digital identities. Their laws are code, their institutions are decentralized protocols, and their courts are algorithms for dispute resolution or voting. And while states increasingly perceive digital platforms as a threat to their sovereignty, demanding data localization, blocking unwanted services and creating "digital walls," at the same time, the very idea of the state is being rethought. Young people born in the digital age may not associate themselves with the flag and coat of arms, but rather feel involved in the DAO, digital project, or metaverse. It turns out that this is a new form of civic identity.
It should be noted that legal science today lags behind the technological reality. Territorial principles, recognition of states, the concept of citizenship, the institution of responsibility — all this requires a deep rethink in the era of the digital world.
5. Other criteria for Montevideo's statehood in a digital context
In addition to the territory, the digital world is changing other signs/elements of statehood:
5.1. A permanent population
Digital technologies blur the connection between a citizen and a physical territory. A person can be involved in the economy, management, and community life while in another country or even continent. For example, Estonia's E-Residency is a government initiative that allows anyone to obtain "digital citizenship." This gives access to the establishment of a company, banking services and public services, and no physical residence in Estonia is required. New forms of "population" are emerging: DAO participants; residents of metaverses; subscribers and users of platforms united by common interests and rules. [18]
But there are also key issues and challenges. In particular, what makes a person a "citizen" in the digital sense? Is it enough to participate in such a community? Does such a "population" have rights and responsibilities? Who guarantees them? Won't there be many "digital nations" in the future, where membership is determined not by birth, place of residence, or the political and legal relationship between a citizen and the state, but by interests, values, and participation?
5.2. Government
Digital spaces need to be managed. Depending on the structure of the community, this can be a centralized management (as in large platforms), or a decentralized one, as in a DAO. That is, in practice, there are two poles. The first pole is centralized platforms (Meta, Google, X) that establish rules of behavior; control information; can "punish" users (ban, censorship). At the same time, the second pole is decentralized autonomous organizations (DAOs). They work on the basis of smart contracts, where decisions are made through voting. The DAO lacks a single center of power that ensures equality of participants.
And here key issues and challenges arise. For example, who is responsible for management? What should I do in case of conflict or error? Can an algorithm (smart contract) be a fair ruler? To what extent are such forms of governance democratic? Who makes the final decisions — the participants or the owners of the code? On the one hand, DAOs represent the dream of a “decentralized democracy,” but on the other hand, they are still far from mature political structures.
5.3. Capacity to enter into relations with the other states
Digital platforms are gradually becoming independent subjects of global politics and diplomacy. And if it was unthinkable in international law to talk about multinational private companies as subjects of international public law, then such issues are already reasonably brewing. For example, they sign data protection agreements, participate in shaping standards (for example, AI, privacy, and digital identity), and actually regulate the behavior of millions of citizens from different countries.
However, who regulates digital platforms? Are they obeying local laws or are they already creating their own? And can the digital platform already be recognized by an international entity? Is digital "diplomatic immunity" possible?
As we can see, digitalization challenges traditional concepts of sovereignty, jurisdiction, responsibility, and citizenship. The old legal mechanisms are not always applicable to decentralized digital structures, and the world is on the verge of developing a new legal framework.
6. Conclusion: Cyberspace as a new world map?
The Montevideo Convention's "defined territory" criterion was created in the era of two-dimensional, well-defined maps. Digital reality shows that the territory is becoming multi-layered. The lower layer is the physical (geographical) infrastructure in the jurisdictions, while the upper layer is the legal space, extraterritorial and mobile.
The example of the "right to be forgotten" proves that the sovereignty of the 21st century is measured not only by control over a piece of land, water or airspace, but also by the ability to protect the rights of citizens in the digital space. If international law adopts this logic, the concept of territory will change significantly. And the question will no longer be "Can there be a digital state?", but "Who will be the first to recognize it on the map of the new, networked world?".
[1] Shaw, M.N. (1997). Peoples, Territorialism and Boundaries. EJIL. Vol. 3, pp. 478-507 https://www.ejil.org/pdfs/8/3/1457.pdf
[2] Kohen, M.G. & Hébié, M. (2021). Territory, Acquisition. Oxford Public International Law. Max Planck Encyclopedias of International Law [MPIL]. Available at: https://opil.ouplaw.com/display/10.1093/law:epil/9780199231690/law-9780199231690-e1118
[3] Yiallourides, C.; Gehring,M.; & Gauci, J.P. (2018). The Use of Force in relation to Sovereignty Disputes over Land Territory. British Institute of International and Comparative Law. ISBN 978–1–000000–00–0. Available at: https://www.biicl.org/documents/2_territorial_disputes_web_ready_version.pdf
[4] Montevideo Convention on the Rights and Duties of States. Date enacted: 1933-12-26; In force: 1934-12-26. Available at: https://www.jus.uio.no/english/services/library/treaties/01/1-02/rights-duties-states.html
[5] Talmon, Stefan A. G. (2006). The Constitutive Versus the Declaratory Doctrine of Recognition: Tertium Non Datur?. Available at: https://ssrn.com/abstract=900568
[6] Article 1 - Montevideo Convention on the Rights and Duties of States. Date enacted: 1933-12-26; In force: 1934-12-26. Available at: https://www.jus.uio.no/english/services/library/treaties/01/1-02/rights-duties-states.html
[7] Island of Palmas case (Netherlands, USA), 4 April 1928, Volume II, pp. 829-871, Available at: https://legal.un.org/riaa/cases/vol_ii/829-871.pdf
[8] Hildén, J. (2021). Mitigating the risk of US surveillance for public sector services in the cloud. Internet Policy Review, Vol. 10, No, 3. https://doi.org/10.14763/2021.3.1578
[9] Savelyev, A. (2016). Russia's new personal data localization regulations: A step forward or a self-imposed sanction?, Computer Law & Security Review, Vol. 32, Issue 1, 2016, Pages 128-145, ISSN 2212-473X, https://doi.org/10.1016/j.clsr.2015.12.003.
[10] Buckley, G.; Caulfield, T.; Becker, I. (2024). How might the GDPR evolve? A question of politics, pace and punishment, Computer Law & Security Review, Vol. 54, 2024, 106033, ISSN 2212-473X, https://doi.org/10.1016/j.clsr.2024.106033.
[11] Chander, A. (2025). The National Security Internet. Draft, January 19, 2025. Available at: https://www.law.columbia.edu/sites/default/files/2025-01/National%20Security%20Internet%20v%200.95.pdf
[12] Epifanova, A. (2020). Deciphering Russia’s “Sovereign Internet Law”: Tightening Control and Accelerating the Splinternet. (DGAP Analysis, 2). Berlin: Forschungsinstitut der Deutschen Gesellschaft für Auswärtige Politik e.V.. https://nbn-resolving.org/urn:nbn:de:0168-ssoar-66221-8
[13] For example, see: MacLellan, S. (2018). What You Need to Know about Internet Censorship in Iran. Centre of International Governance Innovation. Available at: https://www.cigionline.org/articles/what-you-need-know-about-internet-censorship-iran/
[14] Hamulak, O., Vardanyan, L., Kocharyan, H. (2021). The Global Reach of the Right to be Forgotten through the Lenses of the Court of Justice of the European Union. Czech Yearbook of Public and Private International Law, 2021, roč. 2021, č. 12, s. 196-211. ISSN 1805-0565.
[15] Gstrein, O.J., & Zwitter, A.J. (2021). Extraterritorial application of the GDPR: promoting European values or power? Internet Policy Review, Vol. 10, No. 3. https://doi.org/10.14763/2021.3.1576
[16] Claes G. Granmar (2021). Global applicability of the GDPR in context, International Data Privacy Law, Vol. 11, Issue 3, August 2021, Pages 225–244, https://doi.org/10.1093/idpl/ipab012
[17] Halefom H. A. (2019). How compatible is the US ‘CLOUD Act’ with cloud computing? A brief analysis, International Data Privacy Law, Vol. 9, Issue 3, August 2019, pp. 207–215, https://doi.org/10.1093/idpl/ipz009
[18] Lustenberger, M.; Spychiger, F, et al. (2025). DAO Research Trends: Reflections and Learnings from the First European DAO Workshop (DAWO). Appl. Sci. Vol. 15, No. 7, 3491. https://doi.org/10.3390/app15073491; See also: Furnari, S.L. & Villani, C. (2024). Regulation of Financial Protocol DAOs. Addressing the problems of decentralization and AI governance. SSRN. http://dx.doi.org/10.2139/ssrn.5023440
Top comments (0)