Increasing conflict potentials in the digital space require a sharpening of transnational responsibility, but they also make this more difficult. From the perspective of international law, the norm of due diligence for cyberspace has already been extensively discussed. We take up this debate from a political science perspective by first discussing the conditions for norm emergence theoretically and then examining state practice in the narrower sense (four short case studies) and in the broader sense (on the basis of the new Heidelberg Cyber Conflict Dataset). Our findings show that, although there are approaches for a retrospective norm of due diligence, there is hardly any discernible prospective norm effect so far. The state practice of central state “norm entrepreneurs” illustrates the lack of intersubjective recognition of the norm of due dilligence to date. In addition, the comparison with systematically collected cyber conflict data from 2014-2016 suggests that authoritarian states such as Russia and China particularly undermine the norm’s regulatory effect through the use of non-state actors. All in all, the emergence of the norm, which is still in its early stages, can be attributed primarily to different motivations and priorities of the norm entrepreneurs in their actions.