Maritime piracy and Best Management Practices

Legal definition and international framework

UNCLOS and the high-seas requirement

The foundational legal definition of piracy appears in Articles 100 to 107 of the United Nations Convention on the Law of the Sea, adopted in 1982 and in force from 16 November 1994. Article 101 defines piracy as any illegal act of violence, detention, or depredation committed for private ends by the crew or passengers of a private ship or aircraft, directed against another ship or aircraft, or against persons or property on board such ships, on the high seas or in a place outside the jurisdiction of any state. Two elements are essential: the acts must be committed for private ends (distinguishing piracy from state-sponsored interference), and they must occur on the high seas or in airspace beyond national jurisdiction.

The high-seas requirement is operationally significant. The exclusive economic zones of coastal states extend to 200 nautical miles, but the EEZ is not the high seas for this purpose; UNCLOS Article 58(2) applies the high-seas articles to the EEZ only as far as they are not incompatible with Part V. The practical effect is that piracy law under UNCLOS does not reach acts committed within a state’s 12-nautical-mile territorial sea. Article 105 grants every state universal jurisdiction to seize pirate ships and aircraft and to arrest those on board, and Article 107 limits such seizures to warships, military aircraft, or other government ships authorised to that end. Article 100 places all states under an obligation to cooperate in the repression of piracy.

Armed robbery against ships

When the same conduct - boarding, attacking, or robbing a vessel - occurs within territorial waters, it falls outside the UNCLOS piracy definition and is instead described as armed robbery against ships. The International Maritime Organization has developed guidance on this category, and regional cooperation agreements address it directly. In the Strait of Malacca, for instance, most incidents statistically classified as piracy by industry bodies in fact occurred in Indonesian territorial waters and were therefore armed robbery under international law, even though the operational response by mariners was identical.

The SUA Convention 1988 and 2005 Protocols

The Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation, concluded in Rome on 10 March 1988 and in force from 1 March 1992, was the direct legislative response to the 1985 hijacking of the cruise ship Achille Lauro. The SUA Convention fills the jurisdictional gap left by the UNCLOS high-seas requirement by creating offences that apply to acts committed on board ships navigating or scheduled to navigate into, through, or from waters beyond the territorial sea of a single state. Covered offences include seizing control of a ship by force, threats, or intimidation; acts of violence against persons on board likely to endanger safe navigation; and placing destructive devices on a ship.

The 2005 Protocol to the SUA Convention, adopted in London on 14 October 2005, extended coverage to include using a ship as a weapon of mass destruction, transporting persons suspected of terrorist offences, and the discharge of biological, chemical, nuclear, or radiological material from a ship. The 2005 Protocol also introduced a ship-boarding regime allowing states parties to board and search vessels on the high seas with flag-state consent, an important tool in the Somali context.

Interaction with domestic law

Universal jurisdiction under UNCLOS Article 105 is permissive, not mandatory; states must enact domestic legislation to prosecute captured pirates. During the Somali piracy peak the gap between operational capture and successful prosecution became acute. Kenya, Seychelles, Mauritius, and Tanzania entered into transfer agreements with the European Union and other naval forces, receiving captured suspects for trial under their own criminal codes. The United States prosecuted several Somali pirates under its federal piracy statute. EU NAVFOR Atalanta operating rules, agreed between participating member states, established a common framework for handing suspects to regional states or to the flag state of the attacked vessel.

Historical waves of piracy

Strait of Malacca: 1990s to mid-2000s

The Strait of Malacca, an 800-kilometre waterway between the Malay Peninsula and Sumatra carrying approximately 25% of world seaborne trade, experienced a sustained period of high incident rates through the 1990s and early 2000s. The International Maritime Bureau Piracy Reporting Centre, established in Kuala Lumpur in 1992, recorded the Strait as the world’s most active piracy zone for much of this period. The IMB annual report for 2003 catalogued 189 incidents in Southeast Asia, and 2004 saw 220 or more incidents in the broader region.

Incidents ranged from opportunistic robbery of ships at anchor or slow speed - where gangs boarded from small craft to steal cash and portable equipment from the bridge - to organised hijackings of product tankers for cargo theft, a crime that required connections with buyers in regional ports. The Indonesian archipelago, with its thousands of islands and limited coast-guard capacity, provided refuge for perpetrators.

The pivotal change came with the Regional Cooperation Agreement on Combating Piracy and Armed Robbery against Ships in Asia, known as ReCAAP, which was concluded in November 2004 and entered into force on 4 September 2006. Sixteen states signed, including Japan, South Korea, China, India, and the Southeast Asian nations most affected. The ReCAAP Information Sharing Centre, established in Singapore, became the first government-to-government information-sharing mechanism dedicated to maritime piracy in the region. By 2009 incident rates in the Strait had fallen sharply, a reduction attributed to coordinated patrols by Indonesia, Malaysia, and Singapore under the Malacca Strait Patrols arrangement launched in 2004, as well as the ReCAAP reporting framework.

Somali piracy: 2005-2017

Somali piracy emerged from the collapse of state authority in Somalia following the civil war of the early 1990s. Fishermen who originally described their activities as protecting Somali waters from illegal foreign fishing eventually developed into sophisticated criminal networks operating hundreds of nautical miles offshore in the western Indian Ocean.

Significant attacks on large vessels began around 2005. The kidnapping for ransom business model proved highly profitable: a single VLCC or bulk carrier captured in deep water could yield ransoms of several million US dollars, shared among investors, action-group members, and shore-based facilitators according to structured agreements. The hijacking of the Sirius Star, a Saudi Aramco VLCC with a cargo of approximately two million barrels of crude oil, on 15 November 2008 approximately 450 nautical miles southeast of Kenya marked a new phase of the threat. The Sirius Star, one of the largest ships ever hijacked, was released after a ransom reportedly in the region of US$3 million was delivered by parachute. See the oil tanker article for background on VLCC operations and vulnerabilities.

The year 2008 produced 111 attacks in the region; 2010 saw 219 attacks; and 2011 reached 237 attacks, the peak year by most counts. The geographic area of operations expanded continuously as pirate groups used captured mother ships to extend range across the full western Indian Ocean, reaching targets off the coast of India and the Seychelles.

Naval response

The United Nations Security Council adopted a series of resolutions authorising member states and regional organisations to use all necessary means, including entering Somali territorial waters, to repress piracy. The European Union launched Operation Atalanta - formally EU NAVFOR Somalia - on 8 December 2008 under EU Council Joint Action 2008/851/CFSP, the first EU naval operation in history. Headquartered initially at Northwood in the United Kingdom and subsequently at Rota in Spain, Atalanta conducted escort missions for World Food Programme vessels supplying Somalia, deterred and disrupted pirate activity in the Gulf of Aden and western Indian Ocean, and monitored fishing activity. Combined Task Force 151 was established on 11 January 2009 under Combined Maritime Forces, headquartered in Bahrain, to conduct counter-piracy operations. Earlier CTF 150 had focused on maritime security and interdiction under Operation Enduring Freedom; CTF 151 was created specifically to address the piracy mission. NATO launched Operation Allied Protector in March 2009, subsequently renamed Operation Ocean Shield, which operated until 15 December 2016.

China deployed its first People’s Liberation Army Navy escort task force to the Gulf of Aden in December 2008, the first overseas deployment of Chinese naval vessels since the 15th century voyages of Zheng He. India’s Eastern Fleet vessels conducted extended patrols from late 2008. Japan, operating under the Act on Punishment of and Measures against Acts of Piracy 2009 (the Anti-Piracy Measures Law), deployed Japan Maritime Self-Defence Force destroyers and P-3C Orion maritime patrol aircraft.

The combination of naval presence, industry self-protection measures, and - reportedly - reduced ransom payments that lowered the return on investment produced a steep decline. Attacks fell from 237 in 2011 to 15 in 2016 and to single digits by 2017. At the peak of the crisis it was estimated that several hundreds of seafarers were held simultaneously on hijacked ships or ashore in Somalia awaiting ransom payment, with captivities sometimes exceeding one year.

MV Maersk Alabama, April 2009

The container ship Maersk Alabama, flagged to the United States and sailing without armed guards under US rules in force at the time, was attacked on 8 April 2009 approximately 240 nautical miles southeast of Eyl, Somalia. Four Somali pirates boarded from a skiff. The crew, who had been briefed on anti-piracy procedures, locked themselves in the engine room, leaving the pirates without the ability to manoeuvre the ship. After negotiations broke down, the ship’s captain, Richard Phillips, allowed himself to be taken hostage in a lifeboat in exchange for the pirates departing the vessel. US Navy SEAL snipers aboard USS Bainbridge shot and killed three of the four pirates simultaneously on 12 April 2009, freeing Phillips. The fourth pirate, Abduwali Muse, was brought to the United States and convicted of piracy and hostage-taking, receiving a 33-year sentence. The incident demonstrated both the potential of crew self-protection and the limits of unarmed resistance against determined attackers.

MV Faina, September 2008

The Ukrainian-flagged ro-ro vessel Faina was hijacked on 25 September 2008 while carrying a cargo that included 33 Soviet-era T-72 battle tanks, grenade launchers, and anti-aircraft guns. The presence of the arms cargo and the destination of the shipment attracted international attention and a naval cordon was maintained around the vessel. After negotiations extending four months, the Faina was released in February 2009 following payment of a reported US$3.2 million ransom.

Gulf of Guinea: 2012 to present

As Somali piracy declined, the Gulf of Guinea - encompassing the Bight of Benin, the Bight of Bonny, and the waters off Nigeria, Ghana, Benin, Togo, Cameroon, Equatorial Guinea, and Gabon - became the world’s most dangerous maritime region by several measures. The dominant criminal model in the Gulf of Guinea is kidnap for ransom targeting crew members, distinct from the Somali vessel-hijack model. Gangs board vessels, abduct officers and crew members, transfer them to speedboats, and hold them ashore in the Niger Delta for ransom negotiations with shipowners, managers, and insurance underwriters. The vessel itself is typically released promptly; the economic value is in the human hostages.

The IMB Piracy and Armed Robbery Report for 2020 recorded 130 incidents globally, with the Gulf of Guinea accounting for 130 of 195 crew members taken hostage or kidnapped worldwide. During the 2019-2020 period, the region accounted for approximately 95% of all crew kidnappings globally. Nigerian criminal networks, operating from the Delta creeks with high-speed boats capable of operating 200 nautical miles offshore, conducted the majority of attacks. The use of bulk carriers, container ships, and oil tankers as targets reflected their slower speeds and lower freeboard when loaded.

Regional naval capacity has improved incrementally. The Gulf of Guinea Maritime Collaboration Forum - known as GoG MCF or Shade West, modelled on the Shared Awareness and Deconfliction mechanism used in the Indian Ocean - began meeting from 2014. The Yaoundé Architecture, established by the Heads of State Summit in Cameroon in June 2013, created an Interregional Coordination Centre with regional maritime security centres including CRESMAC (Central Africa), CRESMAO (West Africa), and associated Zonal Maritime Centres. The piracy Gulf of Guinea transit calculator assists passage planning for vessels transiting this region, while the voyage piracy transit calculator covers planning across multiple high-risk areas.

Incident numbers began declining from 2021 following sustained regional naval activity and the arrest of several key gang leaders in Nigeria. The IMB recorded 57 incidents in the Gulf of Guinea in 2021 and fewer in subsequent years, though the threat has not been eliminated.

Strait of Hormuz and Persian Gulf: 2019-2024

A distinct category of maritime security incident involves state-sponsored seizure and harassment of commercial vessels, most prominently by the Iranian Islamic Revolutionary Guard Corps Navy in the Strait of Hormuz, Strait of Hormuz approaches, and the Persian Gulf. These incidents fall outside the UNCLOS piracy definition because they are carried out for political rather than private ends, but they produce similar operational effects for affected shipowners.

From 2019, in the context of the United States maximum-pressure campaign against Iran following the withdrawal from the Joint Comprehensive Plan of Action, IRGCN fast-attack craft began harassing, and in several cases seizing, tankers transiting the Strait of Hormuz. The British-flagged Stena Impero was seized by IRGCN personnel in July 2019 after a period of maritime tension involving the detention of an Iranian tanker in Gibraltar. The IRGCN boarded the vessel using helicopters and small boats while it was navigating in the Strait of Hormuz. The vessel was released in September 2019 after diplomatic negotiations. Further seizures and attempted seizures occurred across 2021, 2022, 2023, and 2024, involving vessels with connections to the United States, Israel, and other adversary states. The affected vessels included both oil tankers and other ship types. The IMB excludes state-actor incidents from its piracy statistics, though they are tracked by UKMTO and reported to industry through maritime security bulletins.

Red Sea and Bab el-Mandeb: November 2023 to present

The most significant disruption to world shipping since the Somali piracy peak began on 19 November 2023 when Houthi forces - the Ansar Allah movement controlling much of northwestern Yemen - conducted the first of a sustained series of attacks on commercial vessels transiting the southern Red Sea, the Bab el-Mandeb Strait, and the Gulf of Aden. The opening attack involved a helicopter assault on the Galaxy Leader, a car carrier operating for a company with Israeli connections. Houthi personnel boarded the vessel after a helicopter insertion, seized it, and diverted it to the port of Hudaydah, where it was subsequently displayed to media as a trophy. The Galaxy Leader and its crew of 25 remained in Houthi custody for an extended period.

The Houthi campaign employed a range of weapons: Iranian-supplied Shahed-136 type one-way attack unmanned aerial vehicles; anti-ship ballistic missiles including variants of the Quds-3; anti-ship cruise missiles; naval mines in some reports; and, from early 2024, unmanned surface vessels loaded with explosives. The weapons were used in combination to saturate the defences of individual vessels and the naval escorts protecting them.

The True Confidence, a Barbados-flagged bulk carrier, was struck by an anti-ship ballistic missile on 6 March 2024 approximately 60 nautical miles southwest of Aden. Three crew members - a Vietnamese sailor and two Filipino sailors - were killed, constituting the first confirmed commercial mariner fatalities of the Houthi campaign. The Rubymar, a Belize-flagged bulk carrier carrying approximately 21,000 tonnes of ammonium phosphate fertiliser, was struck by missiles on 18 February 2024 and sank on 2 March 2024 in the Red Sea, the first complete loss of a commercial vessel in the campaign and the first maritime pollution event.

Other significant incidents included attacks on the Tutor, a Greek-flagged bulk carrier that sank in June 2024 after being struck by a missile and subsequently rammed by an unmanned surface vessel; the MV Genco Picardy in April 2024; and the MV Iolcos Courage in 2024. By mid-2024 hundreds of attacks or attempted attacks had been recorded, and the majority of major container lines - including Maersk, MSC, CMA CGM, Hapag-Lloyd, and Evergreen - had suspended Red Sea transits and were routing vessels around the Cape of Good Hope, adding approximately 3,500 nautical miles and ten to fourteen days to Europe-Asia voyages.

The United States assembled Operation Prosperity Guardian, under the umbrella of Combined Maritime Forces with a new Combined Task Force designation, from December 2023 to provide naval escort and shoot down attacking drones and missiles. EU Operation Aspides, a defensive-only naval mission, launched from February 2024 under an EU Council decision. Unlike in the Somali context, purely naval escorts could not prevent all attacks given the range and volume of munitions available to the Houthi forces.

Best Management Practices: evolution

BMP origins and the Somali era

Best Management Practices for Protection against Somalia Based Piracy, commonly called BMP1, was first issued in 2009 by a group of industry associations including BIMCO, the International Chamber of Shipping, INTERCARGO, INTERTANKO, and the Oil Companies International Marine Forum (OCIMF), with support from the IMO and the flag states of most affected vessels. The document codified the self-protection measures that experienced masters had already begun adopting and provided a common framework for training, transit planning, and incident reporting.

BMP2 followed rapidly in 2009, incorporating lessons from the initial Somali peak. BMP3 appeared in 2010 with further refinements. BMP4, published in August 2011 at the height of the Somali crisis, became the definitive reference for the Indian Ocean High Risk Area. It introduced the concept of the High Risk Area with defined geographic boundaries, the requirement to register with MSCHOA and report to UKMTO before transit, and detailed recommendations on citadels, physical hardening, and cooperation with naval forces.

BMP5 (2018)

BMP5 was published in 2018, restructured to address not only the residual Somali threat but the Indian Ocean as a whole and the broader Gulf of Aden and Arabian Sea. The full title reflects the expansion: Best Management Practices to Deter Piracy and Enhance Maritime Security in the Red Sea, Gulf of Aden, Indian Ocean and Arabian Sea. BMP5 introduced a web-based vessel transit reporting system replacing the earlier MSCHOA-specific registration, standardised guidance on the self-protection measures expected of vessels transiting the High Risk Area, and aligned more closely with flag-state and port-state expectations under the ISPS Code.

The Global Counter Piracy Guidance for Companies, Masters and Seafarers, published simultaneously with BMP5 in 2018 by a joint industry coalition, provided company-level guidance on risk assessment, contingency planning, and crew briefing that complemented the operational detail in BMP5 itself.

BMP West Africa (2020)

The distinct nature of the Gulf of Guinea threat - kidnap-for-ransom of crew members rather than vessel hijacking, attacks at greater distances from the coast than previously seen, and a different regional naval and legal framework - prompted the development of a geographically specific guidance document. BMP West Africa was published in 2020 by the same industry coalition, covering the region from Senegal to Angola and addressing the specific recommendations for vessels transiting this area: enhanced watchkeeping at distances of up to 250 nautical miles from the Nigerian coast, crew muster and response drills for kidnap scenarios, coordination with the Gulf of Guinea Maritime Collaboration Forum, and reporting protocols to the Maritime Domain Awareness for Trade - Gulf of Guinea system (MDAT-GoG), a joint UK-France reporting centre analogous to UKMTO in the Indian Ocean.

Ship hardening measures

Physical barriers

The most basic category of self-protection involves making it physically difficult for attackers to board a vessel. Razor wire - also described as concertina wire or barbed tape - is fixed to bulwark rails, freeing ports, anchor hawse pipes, rope guards on mooring lines, and the lower rungs of accommodation ladders. The objective is to slow boarders during the critical minutes when the crew can react. Wire barriers must be maintained and inspected regularly; improvised fixing methods can result in failures at sea.

Dummy persons - full-size human silhouettes fixed to vantage points on deck - create the visual impression of an active crew watch and have been reported to deter approach in some cases. Anti-piracy bridge wing shutters are fitted to enclose exposed bridge wings and protect the officer of the watch from small-arms fire. Safe muster areas within the accommodation house, where crew can shelter during an attack with communication equipment but without requiring access to citadel construction, supplement the main citadel.

Electric fences of the type developed for anti-piracy use deliver a high-voltage, low-ampere shock to anyone touching the wire. Systems marketed specifically for maritime use typically include circuit breaks that disable the fence when crew must work in the area. Class societies and flag states have issued guidance on the installation requirements to avoid crew injury.

Water cannon and foam systems

Pressurised water cannon systems, including products from manufacturers such as Unifire (the FMM series) and Marlin, discharge seawater at high pressure and volume from nozzles fixed to the ship’s rail or superstructure. The purpose is to make boarding impossible during the approach phase by drenching attackers in the skiff and preventing them from using grappling hooks or ladders. Systems capable of covering the full perimeter of a vessel require multiple nozzles and a dedicated pump arrangement. High-expansion foam dispensers have also been deployed, particularly on vessels with freeboard low enough to allow boarding from skiffs without grappling equipment, to coat the ship’s side and make it too slippery to climb.

Citadel doctrine

A citadel - also described in some IMO guidance as a secure muster station or safe room - is a compartment within the vessel’s structure that has been hardened to delay or prevent forced entry for a period sufficient for a naval response to arrive. The theory is that if all crew members secure themselves in the citadel and shut down non-essential machinery, particularly the main engine, attackers who board the vessel gain no operational value: a drifting ship with no hostages accessible and no crew to operate it has limited ransom value and naval forces will arrive within hours.

For a citadel to meet IMO guidance requirements it should: have independent communications equipment including GMDSS-compatible radio and SSAS capable of alerting authorities; have water and food for all crew for at least 72 hours; have independent ventilation or an air supply; be of construction sufficient to delay forced entry for several hours; and be designed so that all crew can reach it within two to three minutes of the piracy alarm. Air conditioning and toilet facilities are recommended for extended occupation.

The ISPS Code and SOLAS Convention provide the overarching framework for ship security planning within which citadel requirements are specified at the company level in the Ship Security Plan.

PCASP: privately contracted armed security personnel

Regulatory framework

The use of armed guards on commercial vessels was initially opposed by many flag states and shipowners on the grounds that it would escalate violence, create legal liability, and erode the distinction between merchant ships and naval vessels. The sharp increase in successful hijackings from 2009 and the limited effectiveness of purely passive measures on slow, laden tankers shifted the consensus. By 2011 the majority of vessels transiting the Gulf of Aden High Risk Area carried PCASP teams.

The IMO responded with a series of circulars establishing a regulatory framework. MSC.1/Circ.1405/Rev.2, titled Revised Interim Guidance to Shipowners, Ship Operators and Shipmasters on the Use of Privately Contracted Armed Security Personnel on Board Ships in the High Risk Area, set out the responsibilities of the shipowner and master, including the requirement for a use-of-force policy, rules for the carriage and storage of weapons on board, and procedures for handover of weapons at ports and flag state requirements. MSC.1/Circ.1406/Rev.3 provided guidance to flag states on the conditions under which they might authorise the carriage of PCASP on vessels flying their flag, noting that the decision was a matter for each flag state individually. MSC.1/Circ.1408/Rev.1 addressed the selection and contracting of private maritime security companies, emphasising the need for companies to obtain references, verify licences, and ensure that security personnel met minimum training standards. MSC.1/Circ.1443 provided interim recommendations for port and coastal states on the handling of vessels carrying PCASP and weapons, addressing the practical difficulty of transit port calls.

ISO 28007 and PMSC certification

The International Organization for Standardization published ISO 28007-1:2015, Guidelines for Private Maritime Security Companies (PMSC) Providing Privately Contracted Armed Security Personnel (PCASP) on Board Ships, providing a certification standard to which PMSCs could demonstrate compliance. Certification under ISO 28007 involved third-party audit of the company’s management system, vetting procedures for personnel, training standards, use-of-force policy, incident reporting arrangements, and insurance coverage. The standard has been adopted by many major flag states as a minimum benchmark for PMSCs permitted to operate under their flags.

Floating armouries

The carriage of weapons into port raises legal difficulties in almost all jurisdictions: port-state law governing firearms importation, customs requirements, and bilateral agreements between flag states and coastal states all create compliance risk. The floating armoury - a vessel anchored in international waters, typically outside territorial waters of any state, carrying weapons that can be temporarily issued to PCASP teams boarding commercial vessels for transit through the High Risk Area and returned after transit - emerged as an industry solution from around 2011. Floating armouries operate in the Arabian Sea, off Sri Lanka, and in the Gulf of Guinea. Their legal status is managed through flag-state registration under jurisdictions with appropriate firearms carriage authorisations, though the regulatory position remains complex and multiple flag states have issued guidance on conditions for use.

Marine insurance and war risk

Joint War Committee listed areas

The Joint War Committee, a standing committee of underwriters from Lloyd’s of London and the International Underwriting Association’s London market, maintains the Hull War, Strikes, Terrorism and Related Perils Listed Areas (commonly called the JWC Listed Areas or the Hull War Listed Areas Bulletin). Vessels transiting a listed area trigger a notice requirement under standard hull war clauses: the shipowner must notify the war-risk underwriter before entering the area. Insurers may require additional premium or impose conditions before agreeing to continue cover.

The JWC has included the Gulf of Aden and Indian Ocean High Risk Area continuously since 2008. The Gulf of Guinea has been listed for an extended period. The Red Sea and adjacent waters were added or expanded following the commencement of Houthi attacks in late 2023. The war risk premium calculator provides indicative estimates for transit additional premiums based on vessel type, the listed area, and market benchmark rates.

War risk clauses and additional premium

Standard hull and machinery policies in the London market use Institute War and Strikes Clauses (Hulls) or equivalent London Market Association forms. The LMA5390 and related forms govern the war risk coverage for most ocean-going vessels. Separate war risk P&I cover for crew liabilities, cargo war risk insurance, and loss-of-hire war risk extensions are placed concurrently. When a vessel transits a JWC-listed area, additional premium is payable, typically calculated as a percentage of the vessel’s hull insured value per single transit, with the specific rate varying with market conditions, vessel type, vessel age, trading area, and the security measures in place.

At the height of the Somali piracy crisis, additional premium rates for single Gulf of Aden transits reached approximately 0.05% to 0.1% of hull value per voyage, representing several tens of thousands of US dollars for a large tanker. Rates for Red Sea transits increased sharply from late 2023 as the Houthi campaign intensified. The interaction between hull war cover, cargo war cover, and voyage charter party war risk provisions is addressed in standard voyage charter party and time charter party forms, with the BIMCO CONWARTIME clause and VOYWAR clause governing war risk trading exclusion zones and additional premium allocation between owner and charterer.

Ship security: SOLAS, ISPS, and SSAS

The ISPS Code, mandated by SOLAS Chapter XI-2 from 1 July 2004, established the global ship and port facility security management system. The principal roles created by the Code are the Ship Security Officer, responsible for implementing the Ship Security Plan on board; the Company Security Officer, the shore-based counterpart responsible for the overall security management system; and the Port Facility Security Officer. Each vessel must carry a Ship Security Plan, a confidential document approved by the flag state or its Recognised Security Organisation, specifying responses to each of three security levels and the responsibilities of each crew member. Flag states may delegate the approval of Ship Security Plans and the issuance of International Ship Security Certificates to Recognised Security Organisations, which include major classification societies. The ISPS port facility security level calculator assists operators in assessing declared security levels at ports of call.

The Ship Security Alert System, required by SOLAS XI-2/6 for ships of 500 gross tons and above on international voyages, transmits a covert alert to the flag state authority when activated, without any indication to persons on board that the alert has been sent. The SSAS is distinct from GMDSS distress signals; it is designed specifically for the piracy scenario in which the crew cannot make an open call without risk to themselves. The alert includes vessel identity and position. The flag state receiving the SSAS alert is responsible for coordinating the response with the coastal state and with naval forces in the area. For SSAS system selection, see the ISPS Code article and the guidance under GMDSS overview.

Long-Range Identification and Tracking, required by SOLAS V/19-1 for ships of 300 gross tons and above on international voyages, transmits vessel identity and position to the administrations of flag states and port states automatically at six-hour intervals, with on-demand polling intervals available to authorities. LRIT data are provided through the LRIT International Data Exchange to authorised states. The shipboard LRIT coverage calculator and the LRIT terminal system tool assist operators in verifying coverage. AIS, required under SOLAS V/19 and addressed in the AIS and ECDIS article, provides real-time vessel tracking to a much broader audience but is designed for collision avoidance rather than covert security alerting, and in high-risk transit areas masters may be advised to switch off or reduce AIS transmissions to avoid providing positional information to potential attackers - a measure that requires notification to UKMTO and flag state authorities. The AIS Class A carriage calculator and AIS transponder system tool cover carriage requirements. Interaction between AIS and the wider electronic navigation suite is covered in AIS and ECDIS.

Industry data sources and reporting infrastructure

IMB Piracy Reporting Centre

The ICC International Maritime Bureau Piracy Reporting Centre, based in Kuala Lumpur, has maintained continuous monitoring since its establishment in 1992. The PRC operates a 24-hour call centre where masters can report incidents, attempted attacks, or suspicious approaches. It publishes quarterly and annual piracy and armed robbery reports containing globally aggregated statistics, incident narratives, geographic analysis, and recommendations. The annual report is the primary source for year-on-year comparison of global incident trends, vessel-type breakdown, and crew impacts. The PRC data, while widely cited, cover only incidents actually reported to it; under-reporting - particularly by vessels that fear detention for investigation or commercial disruption - is acknowledged.

MSCHOA

The Maritime Security Centre Horn of Africa, operated by EU NAVFOR Atalanta and based at the Maritime Operations Centre in Brest, France, provides the primary web portal for vessels transiting the Gulf of Aden High Risk Area. Vessels are requested to register their transit details - including routing, timetable, vessel particulars, and security measures in place - before entering the High Risk Area. MSCHOA data enable naval forces to maintain a recognised maritime picture and to prioritise escort and response resources. The web-based vessel transit reporting system introduced with BMP5 unified the MSCHOA and UKMTO registration process.

UKMTO

UK Maritime Trade Operations Dubai, operated by the Royal Navy from its Dubai base, provides 24/7 telephone reporting for vessels in the High Risk Area and the Gulf of Aden. The UKMTO duty officer receives reports from vessels under attack or in suspicious situations and coordinates with naval forces and maritime rescue coordination centres. The UKMTO broadcast provides masters with a daily summary of incidents in the area. The MDAT-GoG facility, a joint UK-France operation modelled on UKMTO, provides equivalent services for the Gulf of Guinea.

ReCAAP ISC

The ReCAAP Information Sharing Centre in Singapore publishes incident alerts and quarterly and annual reports covering piracy and armed robbery in Asia. The ReCAAP categorisation system uses three categories - Category 1 (actual boarding, hijacking or fired upon), Category 2 (persons on board or close approach frustrated), Category 3 (suspicious approach) - providing finer granularity than the IMB classification in some respects. The ReCAAP data are shared among member states through the information-sharing system and with the public through its website.

Naval coalitions and multilateral response

Combined Maritime Forces

Combined Maritime Forces, established in 2002 and headquartered at Naval Support Activity Bahrain, is a multinational naval partnership currently including more than 40 member nations. It operates three Combined Task Forces. CTF 150 conducts maritime security operations, focused on interdicting trafficking in narcotics, weapons, and related cargo in the Gulf of Aden, Gulf of Oman, Red Sea, and Arabian Sea. CTF 151, established on 11 January 2009 specifically for counter-piracy operations, patrols the same geographic area with a mandate to deter and disrupt piracy. CTF 152 covers the Persian Gulf, coordinating with Gulf Cooperation Council navies. The rotation of command among member nations follows an agreed schedule.

EU NAVFOR Atalanta

Operation Atalanta, launched on 8 December 2008 under EU Council Joint Action 2008/851/CFSP, remains the longest-running EU naval operation. Its primary mandate covers protection of World Food Programme and African Union Mission in Somalia logistics vessels, deterrence of piracy, monitoring of fishing activity off the Somali coast, and, from 2012, authority to conduct operations ashore against infrastructure used in support of piracy under UNSCR 2020. The operation has been periodically renewed and extended, with its mandate adapted to include the Red Sea and Bab el-Mandeb context from 2024. Its headquarters were relocated from Northwood, United Kingdom to Rota, Spain, following the United Kingdom’s withdrawal from the European Union.

NATO Ocean Shield

NATO Operation Ocean Shield ran from 17 August 2009 to 15 December 2016. Operating under the same UN Security Council resolutions as Atalanta and CTF 151, it conducted counter-piracy patrols in the Gulf of Aden and the Indian Ocean. Ocean Shield cooperated closely with Atalanta and CTF 151 through the Shared Awareness and Deconfliction mechanism at Bahrain, which coordinated the movements of all three commands and prevented duplicative effort. At its peak, Ocean Shield involved up to ten vessels and associated maritime patrol aircraft.

Chinese PLAN escort task forces

China’s deployment of escort task forces to the Gulf of Aden from December 2008 continued into successive deployments thereafter. Each task force, typically comprising two surface combatants and a replenishment vessel, conducted escort missions for Chinese-flagged and chartered vessels and provided escort services to other states’ ships when available. The deployments served both the counter-piracy mission and broader strategic objectives related to PLAN blue-water capability development. China has not participated in CMF and its escort task forces operate independently, though information is exchanged with SHADE.

Crew welfare

Psychological impacts of piracy

Seafarers who have survived piracy attacks, particularly extended captivities under the Somali model where crews were held for months in difficult conditions with uncertain outcomes, experience significant post-incident trauma. Research published in peer-reviewed maritime medicine journals identified high rates of post-traumatic stress disorder, depression, and anxiety among released hostages. The duration of captivity, conditions of detention, violence experienced during or after capture, and the adequacy of post-release support all influence long-term outcomes.

The International Transport Workers’ Federation maintains an anti-piracy fund that provides financial support for affected seafarers and families and funds advocacy for improved naval protection and legal accountability of captured pirates. Ship management companies and P&I Clubs with welfare obligations under the Maritime Labour Convention have developed incident management protocols that include immediate post-release counselling, medical evaluation, and support during repatriation. The MLC 2006 establishes baseline obligations for shipowners regarding seafarer welfare that apply in the piracy context, including the obligation to maintain payment of wages during captivity and to repatriate seafarers at the end of their period of captivity. The STCW Convention training requirements, including the security awareness training mandated by the Manila Amendments of 2010, cover responses to security threats including piracy.

Watchkeeping and fatigue

Extended high-risk transits impose additional watchkeeping burdens on crews, particularly on smaller vessels where watch-keepers must maintain continuous lookout during daylight hours. Anti-piracy watch routines, including doubled bridge watches, regular radar sweeps for small craft, and night vision device deployment during dark hours in the High Risk Area, add to the already demanding workload of ocean passage. The interaction between fatigue, as governed by STCW hours-of-rest requirements under the STCW Convention, and the enhanced security watchkeeping requirements is a recognised tension that company security management must address in voyage planning.

Interaction with port state control

Port states enforce the security provisions of the ISPS Code through port state control inspections. A vessel arriving at a port with a security level higher than that of the port facility may be required to implement additional security measures or may be refused entry until the situation is resolved. Officers conducting port state control inspections examine the International Ship Security Certificate, the Continuous Synopsis Record (which records flag, class, and ownership history), and may request access to elements of the Ship Security Plan relevant to the current security level. Deficiencies related to SSAS, LRIT, and security documentation can result in detention. The interaction between flag-state inspection obligations, RSO oversight, and port state control enforcement creates the verification architecture within which ship security functions in practice. For the broader port state control framework, see the port state control article.

Flag state and registry considerations

The flag state bears primary responsibility for authorising and overseeing the carriage of PCASP under MSC.1/Circ.1406/Rev.3, for approving Ship Security Plans, and for receiving and acting on SSAS alerts from its vessels. The decision by a flag state whether to authorise PCASP on ships in its registry, and on what conditions, has been a significant commercial differentiator. Flags that early authorised PCASP - including the Bahamas, Marshall Islands, Liberia, and Panama - attracted vessel registrations from owners who wished to carry armed guards without regulatory obstacles. The flag state and flag of convenience article covers the broader context of flag state responsibilities and the open registry system.

Related Calculators

• Piracy, Gulf of Guinea Precautions Calculator
• Piracy, BMP5 Transit Speed Calculator
• War Risk, Additional Premium Calculator
• ISPS, Port Facility Security Level Calculator
• LRIT, Reporting Interval Calculator
• System - LRIT Terminal: INMARSAT / Iridium Calculator
• AIS, Carriage Class A vs B Calculator
• System - AIS Transponder: Class A Calculator

See also

• ISPS Code - International Ship and Port Facility Security Code, the primary mandatory ship security framework
• SOLAS Convention - the parent convention establishing ISPS, SSAS, and LRIT requirements
• UNCLOS overview for shipping - the Convention on the Law of the Sea underpinning the piracy definition
• AIS and ECDIS - automatic identification system and electronic chart systems
• GMDSS overview - Global Maritime Distress and Safety System
• Oil tanker - vessel type disproportionately targeted for cargo-theft and state-actor seizure
• Bulk carrier - vessel type frequently targeted in the Gulf of Guinea and Red Sea
• Container ship - vessel type affected by Red Sea disruption from 2023
• LNG carrier - vessel type subject to heightened war-risk underwriting scrutiny
• Flag state and flag of convenience - flag-state responsibilities for PCASP authorisation
• Port state control - enforcement of ISPS and security certificate requirements
• Voyage charter party - CONWARTIME and VOYWAR war risk clause interaction
• Time charter party - charterer obligations and war risk zone provisions
• Bill of lading - cargo documentation affected by piracy rerouting and delay
• MLC 2006 - seafarer welfare obligations during captivity
• STCW Convention - security training and fatigue management
• ShipCalculators.com calculator catalogue - full list of maritime calculators

References

1. United Nations Convention on the Law of the Sea, Articles 100-107, Montego Bay, 10 December 1982, in force 16 November 1994.
2. Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation, Rome, 10 March 1988, in force 1 March 1992. IMO Doc. SUA/CON/15.
3. Protocol of 2005 to the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation, London, 14 October 2005.
4. IMO MSC.1/Circ.1405/Rev.2, Revised Interim Guidance to Shipowners, Ship Operators and Shipmasters on the Use of Privately Contracted Armed Security Personnel on Board Ships in the High Risk Area, 25 May 2012.
5. IMO MSC.1/Circ.1406/Rev.3, Revised Interim Recommendations for Flag States Regarding the Use of Privately Contracted Armed Security Personnel on Board Ships in the High Risk Area, 25 May 2012.
6. IMO MSC.1/Circ.1408/Rev.1, Revised Interim Recommendations for Port and Coastal States Regarding the Use of Privately Contracted Armed Security Personnel on Board Ships in the High Risk Area, 25 May 2012.
7. IMO MSC.1/Circ.1443, Interim Recommendations for Port and Coastal States Regarding the Use of Privately Contracted Armed Security Personnel on Board Ships in the High Risk Area, 25 May 2012.
8. ISO 28007-1:2015, Ships and marine technology - Guidelines for Private Maritime Security Companies (PMSC) providing Privately Contracted Armed Security Personnel (PCASP) on Board Ships (and pro forma contract). International Organization for Standardization, Geneva.
9. BIMCO, ICS, INTERCARGO, INTERTANKO, OCIMF. Best Management Practices to Deter Piracy and Enhance Maritime Security in the Red Sea, Gulf of Aden, Indian Ocean and Arabian Sea (BMP5). Witherby Publishing Group, Edinburgh, 2018.
10. BIMCO et al. Best Management Practices for West Africa (BMP West Africa). Witherby Publishing Group, Edinburgh, 2020.
11. ICC International Maritime Bureau. Piracy and Armed Robbery against Ships: Annual Report 2020. ICC-IMB, London, 2021.
12. EU Council Joint Action 2008/851/CFSP of 10 November 2008 on a European Union military operation to contribute to the deterrence, prevention and repression of acts of piracy and armed robbery off the Somali coast.
13. Regional Cooperation Agreement on Combating Piracy and Armed Robbery against Ships in Asia (ReCAAP), concluded 11 November 2004, in force 4 September 2006.
14. SOLAS Convention, Chapter XI-2, Special measures to enhance maritime security, as adopted by the Conference of Contracting Governments, December 2002. IMO.
15. SOLAS Regulation V/19-1, Long-range identification and tracking of ships, as adopted by MSC resolution MSC.202(81), 2006.

Further reading

• Chalk, Peter. Piracy off the Horn of Africa: Scope, Dimensions, Causes and Responses. RAND Corporation, Santa Monica, 2010.
• Murphy, Martin N. Small Boats, Weak States, Dirty Money: Piracy and Maritime Terrorism in the Modern World. Columbia University Press, New York, 2009.
• Kraska, James. Contemporary Maritime Piracy: International Law, Strategy, and Diplomacy at Sea. Praeger Security International, Santa Barbara, 2011.
• Bahadur, Jay. The Pirates of Somalia: Inside Their Hidden World. Pantheon Books, New York, 2011.
• Sekkingstad, Rolf, and Tor Farstad. “Long-term psychological effects on seafarers after piracy attacks”. International Maritime Health, 2014.

External links

• ICC International Maritime Bureau Piracy Reporting Centre - quarterly and annual piracy statistics and incident alerts
• EU NAVFOR Somalia Operation Atalanta - official site of the EU naval operation
• UKMTO Dubai - UK Maritime Trade Operations vessel reporting
• MSCHOA - Maritime Security Centre Horn of Africa vessel registration
• ReCAAP Information Sharing Centre - Asia piracy reports and information sharing
• IMO Maritime Security - IMO official page on maritime security including ISPS and piracy