Cybersecurity Threats and the WTO National Security Exceptions

The practice of the GATT/WTO is inconclusive on the issue of national security. From Nicaragua Embargo to China-Rare Earth, the key question of the security exceptions remains unanswered. The examination of Article XXI(b)(iii) in accordance with Articles 31 and 32 of the Vienna Convention on the Law of Treaties confirms that the security exception is not totally self-judging. This article argues that the principle of good faith can explain how far the self-judging power can go. After taking the potential dispute on Huawei as an occasion for exploring the trade implications of security measures, this paper finds that fact-finding and evidence gathering are the most troubling aspect of application of such exceptions. The responding member invoking Article XXI(b) must ‘reasonably’ classify cybersecurity as ‘essential security interests’ in the context of an ‘international relations emergency’, and it must ‘genuinely believe’ that cybersecurity regulations based solely upon where the supplier’s headquarter is located in a globally connected world can contribute to the achievement of the country’s national security protection. After engaging in the two-stage exercises of the ‘good faith’ test, this article maintains that there is a need for a WTO panel to actively intervene by seeking information from other governments or nongovernmental bodies, evaluating and weighing the evidence, carefully balancing rights and obligations constructed by the WTO Agreement, and establishing an appropriate trade regime to deal with cybersecurity threats.