The Cybercrimes Act

Act no: 19 of 2020

Type: Rules-based

Purpose: To consolidate and modernize South Africa’s laws on cybercrime, criminalize various cyber-related offences, and establish procedures for investigation and enforcement.

The Cybercrimes Act is a criminal law that impacts all individuals and organisations. The Act impacts anyone who processes data or uses a computer.

The Act especially impacts financial institutions and electronic communications service providers (ECSPs) by creating certain reporting obligations on them. For example, financial institutions and ECSPs must report cybercrimes to the police, and store evidence about cybercrimes that someone may have committed.

• Unauthorized Access: Criminalizes unlawful access to computer systems or data, including hacking and unauthorized use of credentials. [Section 2]
• Unlawful Interception: Prohibits the interception of data transmissions without authorization. [Section 3]
• Data Interference: Criminalizes the unlawful alteration, deletion, or suppression of data. [Section 5]
• System Interference: Criminalizes actions that interfere with the functioning of computer systems, including denial-of-service attacks. [Section 6]
• Cyber Fraud and Forgery: Establishes offenses related to cyber fraud, including phishing and identity theft. [Section 8]
• Malicious Communications: Criminalizes distribution of harmful data messages, including those inciting violence or containing intimate images without consent. [Section 14]
• Obligations for Electronic Communications Service Providers: Requires service providers to report cybercrime offenses and preserve evidence upon request. [Section 54]

Conviction may result in fines, depending on the severity of the offense. [Section 19]

Conviction may result in imprisonment, depending on the severity of the offense. [Section 19]

Victims may pursue civil claims for damages resulting from cybercrime offenses.

Public disclosure of cyber incidents can damage an organization’s reputation and erode customer trust.

CyberProfiler: Your External Vulnerability Scan

Performs a safe, external scan of your public digital footprint to detect security weaknesses visible to attackers.

• Helps prevent unauthorized access and system interference by identifying and mitigating vulnerabilities. [Section 2, Section 6]

DMARC: Stop Email Spoofing and Protect Your Brand

Enforces domain-based email authentication to block spoofing, stop phishing, and boost email deliverability.

• Reduces the risk of phishing attacks and cyber fraud by ensuring email authenticity. [Section 8]

• Department of Justice: Cybercrimes Act
• Michalsons: Cybercrimes Act Summary
• Michalsons: Link to the Act in the form of a website: cybercrimesact.co.za

(Links verified and active as of May 2025)

Where appropriate, we link to Michalsons’ expertly maintained legal resources and plain-language explanations. We gratefully acknowledge their role in making South African legislation more accessible and understandable.