Cyber-attacks are a real challenge for international arbitration. In a multi-billion US$ post M&A dispute, internationally known under the label Eldorado case, the defeated party is requesting the State Court of Sao Paulo (Brazil) to set a partial award aside on the grounds, among others, that the successful counterparty took advantage of information, which was obtained by means of a cyber-attack. The challenge is in its early stages and, for the time being, the court maintains confidentiality of the case files. Thus, this article will and cannot discuss the Eldorado case specifically because there is no public access to the facts.
Therefore, the issue will be analyzed on the basis of a hypothetical scenario characterized by two assumptions: first, a cyber-attack took place, but it only surfaced after the arbitral award was rendered; and second, solely one party had access to the “fruits” of the attack and used it in the arbitral proceedings. Against this background I will discuss how the New York Convention on the Recognition and Enforcement of Foreign Arbitral Awards of 1958 (NY-Convention), and the UNCITRAL Model Law on International Commercial Arbitration (Model Law) should be applied; in other words, I will try to answer the question: Does the impact of a cyber-attack give grounds to deny exequatur of the award and/or to set it aside?
