CYBERSECURITY AS DUE DILIGENCE IN REDEFINING THE FULL PROTECTION AND SECURITY STANDARD

AUTHORS – SHUBHAM SHARMA & DEEKSHA RAMPAL

STUDENTS AT NATIONAL LAW INSTITUTE UNIVERSITY, BHOPAL

BEST CITATION – SHUBHAM SHARMA & DEEKSHA RAMPAL, CYBERSECURITY AS DUE DILIGENCE IN REDEFINING THE FULL PROTECTION AND SECURITY STANDARD, INDIAN JOURNAL OF LEGAL REVIEW (IJLR), 6 (3) OF 2026, PG. 968-980, APIS – 3920 – 0001 & ISSN – 2583-2344.

ABSTRACT

International investment law is changing as investments increasingly rely on digital systems, data, and technology rather than physical assets. This shift creates new risks, especially from cyber threats such as data breaches and hacking, which are not fully addressed under the traditional understanding of the Full Protection and Security (FPS) standard. FPS has mainly been seen as a duty to protect investments from physical harm, but this approach is no longer sufficient in the digital age. This paper argues that cybersecurity should be treated as an essential part of the State’s duty of due diligence under the FPS standard. While arbitral tribunals have started to recognise that FPS applies to intangible and digital investments, they have not clearly defined what States are actually required to do in cases involving cyber risks. This lack of clarity has led to inconsistent decisions and uncertainty. To solve this problem, the paper proposes a structured, risk-based framework for cybersecurity due diligence. It suggests that States should follow basic cybersecurity measures, take stronger steps for high-risk sectors, and respond effectively to cyber incidents. The paper also emphasises the need to consider technical standards and the capacity of different States.