Cybercrime law includes laws related to computer crimes, internet crimes, information crimes, communications crimes, and technology crimes. While the internet and the digital economy represent a significant opportunity, they’re also an enabler for criminal activity. Cybercrime laws are laws that create the offences and penalties for cybercrimes.
Cybercrime describes:
- crimes directed at computers, data or information communications technologies (ICTs), and
- crimes committed by people using computers or ICT.
Cybercrime is a global problem, which requires a coordinated international response. We help organisations comply with the regulatory requirements that come out of cyber laws.
Actions you can take
Join the programme
Take practical steps to align your compliance with the Act by joining our programme
Attend a workshop
Understand how the Act impacts your organisation by booking a workshop on the Cybercrimes Act.
Assess your risk
Determine the impact of cybercrimes on your organisation by taking a cybercrimes impact assessment.
Read the Act
Get familiar with the Act by reading it online.
Get a legal opinion
Know how the law applies to you by getting our legal opinion of the law.
Brief your board
Brief your board on cybercrime risks and the legal implications for your organisation.
International cybercrime conventions
- African Union Convention on Cyberspace Security and Personal Data Protection
- Council of Europe Convention on Cybercrime (also known as the Budapest Convention on Cybercrime)
Model cybercrime law
- CW Model Law –Â Model Law on Computer and Computer-related Crime
- SADC Model Law – Â SADC Model Law on Computer Crime and Cybercrime
- HIPCAR – Harmonization of ICT Policies, Legislation and Regulatory Procedures in the Caribbeans (Cybercrime/e-Crimes)
- ITU – International Telecommunications Union Cybercrime Legislation Resources – ITU Toolkit for Cybercrime Legislation
Some specific cybercrime law
Africa
- Botswana –Â Chapter 08:06 (Cybercrime and Computer- related Crimes)Â
- South Africa
- Cybercrimes Act 2021 – South Africa (South Africa signed the Budapest Convention in 2001)
- National Cybersecurity Policy Framework (‘NCPF’)
- Tanzania –Â Cybercrimes Act, 2015Â
The Americas
- The United States of AmericaÂ
- Cybersecurity Information Sharing Act (CISA)Â
- United States CodeÂ
- Framework for Improving Critical Infrastructure Cybersecurity Version 1.1Â
- Brazil’s Internet Act stipulates that connection and application providers must comply with certain security standards when storing personal data and private communications.Â
Canada
- The Personal Information Protection and Electronic Documents Act, SC 2000 c 5 (‘PIPEDA‘) is a privacy statute, but establishes two central cybersecurity obligations for private sector organisations in Canada. The PIPEDA requires organisations toÂ
- notify the regulator and affected individuals of certain cybersecurity incidents, and
- adopt appropriate security safeguards.
- Criminal Code of CanadaÂ
Asia-Pacific
- AustraliaÂ
- Privacy Principles (‘APPs‘) under the Privacy Act 1988 contain information security obligations.
- Criminal Code Act 1995 Australia
- Cybercrime Act 2001 Australia
- Brunei Darussalam has the Computer Misuse Act, 2007Â
- China has two main laws governing cybercrimes:Â
- the Cybersecurity Law 2016, andÂ
- the Data Security Law of the People’s Republic of China which came into effect in September 2021.
- India has two laws that recognise the importance of cybersecurity:Â
- The Information Technology Act, 2000, andÂ
- specific rules, like the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
- Japan’s Basic Act on Cybersecurity is the central law governing cybersecurity.Â
- Malaysia has the Computer Crimes ActÂ
- Philippines has the Cybercrime Prevention Act of 2012Â
- Thailand has the Act on Computer CrimesÂ
- New Zealand’s main information cybersecurity obligations are contained in Information Privacy Principle 5 under the Privacy Act 2020. The Crimes Act,1961 also contains provisions relating to cybercrimes.
Europe
- Network and Information Security Directive
- France – Criminal Code
- UK – Computer Misuse Act, 2013
The Middle East
- Israel has several laws and regulations covering various aspects of cybersecurity such as:
- the Protection of Privacy Law
- The Protection of Privacy Regulations (Data Security) (translated version)Â
- Jordan’s laws are available in Arabic only:
- The Cybersecurity Law No. 16 of 2019
- The Cybercrime Law No. 27 of 2015
- Saudi Arabia has the Law on the Use of Information Communications Technology in Government Agencies (in Arabic only)Â