Cybercrime law around the world | Links and updates

International cybercrime conventions

• African Union Convention on Cyberspace Security and Personal Data Protection
• Council of Europe Convention on Cybercrime (also known as the Budapest Convention on Cybercrime)

Model cybercrime law

• CW Model Law – Model Law on Computer and Computer-related Crime
• SADC Model Law –  SADC Model Law on Computer Crime and Cybercrime
• HIPCAR – Harmonization of ICT Policies, Legislation and Regulatory Procedures in the Caribbeans (Cybercrime/e-Crimes)
• ITU – International Telecommunications Union Cybercrime Legislation Resources – ITU Toolkit for Cybercrime Legislation

Some specific cybercrime law

Africa

• Botswana – Chapter 08:06 (Cybercrime and Computer- related Crimes) 
• South Africa
  • Cybercrimes Act 2021 – South Africa (South Africa signed the Budapest Convention in 2001)
  • National Cybersecurity Policy Framework (‘NCPF’)
• Tanzania – Cybercrimes Act, 2015 

The Americas

• The United States of America 
  • Cybersecurity Information Sharing Act (CISA) 
  • United States Code 
  • Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 

• Brazil’s Internet Act stipulates that connection and application providers must comply with certain security standards when storing personal data and private communications. 

Canada

• The Personal Information Protection and Electronic Documents Act, SC 2000 c 5 (‘PIPEDA‘) is a privacy statute, but establishes two central cybersecurity obligations for private sector organisations in Canada. The PIPEDA requires organisations to 
  • notify the regulator and affected individuals of certain cybersecurity incidents, and
  • adopt appropriate security safeguards.
• Criminal Code of Canada 

Asia-Pacific

• Australia 
  • Privacy Principles (‘APPs‘) under the Privacy Act 1988 contain information security obligations.
  • Criminal Code Act 1995 Australia
  • Cybercrime Act 2001 Australia
• Brunei Darussalam has the Computer Misuse Act, 2007 
• China has two main laws governing cybercrimes: 
  • the Cybersecurity Law 2016, and 
  • the Data Security Law of the People’s Republic of China which came into effect in September 2021.
• India has two laws that recognise the importance of cybersecurity: 
  • The Information Technology Act, 2000, and 
  • specific rules, like the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
• Japan’s Basic Act on Cybersecurity is the central law governing cybersecurity. 
• Malaysia has the Computer Crimes Act 
• Philippines has the Cybercrime Prevention Act of 2012 
• Thailand has the Act on Computer Crimes 
• New Zealand’s main information cybersecurity obligations are contained in Information Privacy Principle 5 under the Privacy Act 2020. The Crimes Act,1961 also contains provisions relating to cybercrimes.

Europe

• Network and Information Security Directive
• France – Criminal Code
• UK – Computer Misuse Act, 2013

The Middle East

• Israel has several laws and regulations covering various aspects of cybersecurity such as:
  • the Protection of Privacy Law
  • The Protection of Privacy Regulations (Data Security) (translated version) 
• Jordan’s laws are available in Arabic only:
  • The Cybersecurity Law No. 16 of 2019
  • The Cybercrime Law No. 27 of 2015
• Saudi Arabia has the Law on the Use of Information Communications Technology in Government Agencies (in Arabic only)