Cybercrimes Act South Africa

The Cybercrimes Act South Africa identifies and criminalises offences relating to cybercrime, imposes certain cybercrime reporting obligations, and supports the detection, prevention, mitigation and investigation of cybercrimes. From a cybersecurity perspective, this makes external risk visibility, email domain trust, incident readiness and governance-friendly evidence important parts of reducing cybercrime exposure.

Act no: 19 of 2020

Type: Rules-based

Purpose: To consolidate and modernize South Africa’s laws on cybercrime, criminalize various cyber-related offences, and establish procedures for investigation and enforcement.

The Cybercrimes Act is a criminal law that impacts all individuals and organisations. The Act impacts anyone who processes data or uses a computer.

The Act especially impacts financial institutions and electronic communications service providers (ECSPs) by creating certain reporting obligations on them. For example, financial institutions and ECSPs may have specific reporting and evidence-preservation obligations when certain cybercrimes are suspected or reported.

• Unauthorized Access: Criminalizes unlawful access to computer systems or data, including hacking and unauthorized use of credentials. [Section 2]
• Unlawful Interception: Prohibits the interception of data transmissions without authorization. [Section 3]
• Data Interference: Criminalizes the unlawful alteration, deletion, or suppression of data. [Section 5]
• System Interference: Criminalizes actions that interfere with the functioning of computer systems, including denial-of-service attacks. [Section 6]
• Cyber Fraud and Forgery: Establishes offenses related to cyber fraud, including phishing and identity theft. [Section 8]
• Malicious Communications: Criminalizes distribution of harmful data messages, including those inciting violence or containing intimate images without consent. [Section 14]
• Obligations for Electronic Communications Service Providers: Requires service providers to report cybercrime offenses and preserve evidence upon request. [Section 54]

Conviction may result in fines, depending on the severity of the offense. [Section 19]

Conviction may result in imprisonment, depending on the severity of the offense. [Section 19]

Victims may pursue civil claims for damages resulting from cybercrime offenses.

Public disclosure of cyber incidents can damage an organization’s reputation and erode customer trust.

CyberProfiler: External Vulnerability Scan

Provides a safe, non-invasive external vulnerability scan of your public digital footprint, highlighting security weaknesses that may be visible to attackers.

• Helps prevent unauthorized access and system interference by identifying and mitigating vulnerabilities. [Section 2, Section 6]

Managed DMARC Protection

Supports DMARC implementation and monitoring to help reduce domain spoofing risk, improve outbound email trust, and move safely towards enforcement.

• Reduces the risk of phishing attacks and cyber fraud by ensuring email authenticity. [Section 8]

• Government Gazette
• Michalsons: Cybercrimes Act Summary
• Michalsons: Link to the Act in the form of a website: cybercrimesact.co.za

(Links verified and active as of May 2026)

Where appropriate, we link to Michalsons’ expertly maintained legal resources and plain-language explanations. We gratefully acknowledge their role in making South African legislation more accessible and understandable.