The Cybercrimes Act came into operation in December 2021. The Act is a criminal law which aims to reduce and prevent cybercrime in South Africa. It also helps law enforcement to enforce the law and protect the people of South Africa from criminals. The Act creates many new offences too. Some offences are related to data, messages, computers, and networks.
The Cybercrimes Act came into operation in December 2021. The Act is a criminal law which aims to reduce and prevent cybercrime in South Africa.
It also helps law enforcement to enforce the law and protect the people of South Africa from criminals.
The Act creates many new offences too. Some offences are related to data, messages, computers, and networks.
- create offences which have a bearing on cybercrime;
- criminalise the disclosure of data messages which are harmful and to provide for interim protection orders;
- further regulate jurisdiction in respect of cybercrimes;
- regulate the powers to investigate cybercrimes;
- further regulate aspects relating to mutual assistance in respect of the investigation of cybercrimes;
- provide for the establishment of a designated Point of Contact; to further provide for the proof of certain facts by affidavit;
- impose obligations to report cybercrimes;
- provide for capacity building; and
- provide that the Executive may enter into agreements with foreign States to promote measures aimed at the detection, prevention, collaboration, and investigation of cybercrimes.
The Act especially impacts financial institutions and electronic communications service providers (ECSPs) by creating certain reporting obligations on them. For example, financial institutions and ECSPs must report cybercrimes to the police, and store evidence about cybercrimes that someone may have committed.
These are some of the cybercrimes that someone can commit:
- hacking (see section 2),
- unlawful interception of data (see section 3),
- ransomware (see section 8),
- cyber forgery and uttering (see section 9), or
- cyber extortion (see section 10), and
- malicious communications (see Chapter 2, Part II).
There are compliance obligations on financial institutions and ECSPs if they have a cyber-attack. For example, financial institutions and ECSPs must:
- report cybercrimes to the police within 72 hours, and
- preserve any information that relates to the cybercrime.
If they do not comply with the above two conditions, they may be liable on conviction to a fine of R50 000. (See Section 54)
- Link to the Act in the form of a website: https://cybercrimesact.co.za/
- The impact of the Cybercrimes Act on Financial Institutions: Michalsons Blog
- The impact of the Cybercrimes Act on Electronic Communications Service Providers: Michalsons Blog