The Swedish Defence Research Agency (FOI) has been commissioned to support the Swedish Armed Force's ability to conduct operations in the cyber domain, focusing on active operations and compliance with international law. This is a situational report on the current developments of international law norms for cyber operations and their implications for active cyber. The report focuses on normative development within supranational organizations of strategic interest for Swedish security and defence policy, especially the United Nations, the European Union, the North Atlantic Treaty Organization, and the Organization for Security and Cooperation in Europe. The normative development often coincides with a diplomatic will to establish confidencebuilding measures for the governance of and, in particular, the security and stability of the Internet. While there is a widespread consensus that international law applies in the cyber domain, especially the UN Charter, the international laws of armed conflict, and human rights, there is no widespread consensus on how to implement them. In cases where implementation measures are beginning to develop, it is frequently through nonbinding instruments such as guides, manuals and studies.