During the 20th century, two major international agreements shaped how nations interact with one another. The Geneva Conventions established legal standards for humanitarian treatment during war — including explicit protection for medical facilities and ambulances marked with the Red Cross, Red Crescent, or Red Diamond, which “should not be targeted by military action.” The Vienna Convention defined the rules of diplomacy. Embassies enjoy diplomatic immunity, and the laws applied within embassy walls are those of the embassy’s home nation rather than the host country. This article explores how these two foundational conventions are being reinterpreted for the digital age. The Vienna Convention in Cyberspace Over the past 15 years, organisations have shifted from on‑premises servers to cloud‑based infrastructure hosted by multinational companies such as Microsoft, AWS, and Google. National data‑protection laws — like the EU’s GDPR — require organisations to ensure their data resides within the correct jurisdiction. Because many data centres are owned by foreign companies, concerns about data sovereignty have grown. As the document notes, “It is feasible for EU data centres owned by USA companies to be ordered by the US Administration to gain access to data.” To address this, some organisations are moving to EU‑owned data centres. where organisations are guaranteed where data there will be stored and what jurisdiction it falls under. Luxembourg has gone further by creating “data embassies” — data centres protected under the Vienna Convention in the same way as physical embassies. Why Data Embassies Matter Two key use cases illustrate their value: Resilient national backups Countries can store sensitive data offshore while still keeping it under their own national laws. This is especially useful for smaller nations vulnerable to major internet outages, such as the loss of undersea cables. Hosting services for nations with weaker infrastructure Services like visa applications can run in Luxembourg’s advanced data embassy while remaining subject to the originating nation’s laws. This allows countries to benefit from high‑quality infrastructure without triggering GDPR or other foreign regulations. Estonia and Monaco have already signed data‑embassy agreements with Luxembourg. See E-embassies in Luxembourg – Luxembourg for more information. The Geneva Convention in Cyberspace The Geneva Convention’s protective emblems date back to 1864, when the Red Cross was adopted to mark medical facilities. As the time passed, the red crescent and red diamond was adopted later and have the same meaning. In the 21st century, medical systems have become deeply digitised. Hospitals and clinics rely heavily on digital infrastructure and cyberattacks can severely disrupt or halt critical services. Modern warfare now includes a parallel cyberwar, conducted by both state and non‑state actors. Just as physical medical sites should not be targeted, the International Committee of the Red Cross (ICRC) is developing digital emblems to mark protected medical infrastructure in cyberspace. What a Digital Emblem Does The concept is simple: Hospitals and medical services tag their digital assets with an internationally recognised emblem. State actors should avoid cyberattacks on systems marked with this emblem. This will not eliminate attacks entirely — just as physical emblems do not always prevent bombings — but it establishes a clear humanitarian norm. As the document notes, “doing something like this is much better than doing nothing at all.” Picture credit ICRC Importantly, digital emblems do not replace robust cybersecurity practices. They complement them. SeeModern Warfare; Timeless Emblems: The Digital Emblem Project | ICRCfor more information. Final Thoughts Both conventions — originally designed for physical spaces — are being reimagined for a world where critical national functions live in the cloud and warfare includes digital fronts. Data embassies extend diplomatic protection to information, while digital emblems extend humanitarian protection to medical systems Post navigation Combatting GNSS jamming and spoofing