Cybercrimes Act now (mostly) in force

PrintPrint

The Cybercrimes Act no. 19 of 2020 has now mostly come into force, although certain sections are still excluded. The official text as signed by President Cyril Ramaphosa can be downloaded here (PDF - 92kb). 

The commencement notice simply refers to chapters and sections which does not really assist with understanding what is - and what is not - in force. In order to make this a bit clearer here is a summary of which sections are in force and the sections that are currently waiting in the wings: 

IN FORCE

  1. Chapter 1: This is just the definitions section. 
  2. Chapter 2: This is the heart of the Cybercrimes Act and has some exclusions (see below for more). 
  3. Chapter 3: This deals with jurisdiction
  4. Chapter 4: This chapter provides the police with additional search, investigation and seizure powers. Various parts of this chapter have been excluded which broadly deal with interception of communications, preserving evidence (see below for more)
  5. Chapter 7: This deals with expert evidence on technology issues by means of an affidavit. 
  6. Chapter 8 (excluding s54): This deals with the South African Police Services having sufficient capacity to detect and prevent cybercrimes and requires that the statistics be reported. Significantly the reporting obligations of Electronic Communications Service Providers (such as Vodacom or Afrihost) as contained in s54 are not in force. 
  7. Chapter 9: These are General Provisions enabling the National Executive to enter into cybercrime agreements with other countries, allowing for Regulations to be published in terms of the Cybercrime Act and repealing various laws. This now means that sections 85-88 of the Electronic Communications and Transactions Act have now been repealed and any cybercrime will now (01 December 2021) be prosecuted in terms of the Cybercrimes Act. 

NOT IN FORCE

  1. Chapter 5: This deals with mutual cybercrime assistance between South Africa and other countries
  2. Chapter 6: This creates a designated point of contact in South Africa for Cybercrimes

WHAT IS INCLUDED / EXCLUDED FROM CHAPTER 2 - CYBERCRIMES

The majority of Chapter 2 is now in force. This means that the following crimes now exist in South Africa: 

  • unlawful access, 
  • unlawful interception, 
  • possessing and using hacking tools, 
  • Cyberfraud, 
  • Cyberforgery, 
  • Cyberextortion and 
  • Malicious Communciations (threatening or inciting damage to people or property; revenge porn) 

There are some exclusions from Chapter 2 which are:

  • Orders to Protect complainants pending finalisation of criminal proceedings from the harmful effects of malicious communications
  • Forcing Electronic Communications Service Providers to furnish particulars to court
  • Orders granted in terms of the Prevention of Harassment Act during criminal proceedings in terms of the Cybercrimes Act 

OVERVIEW OF EXCLUSIONS

It seems clear that the parts of the Cybercrimes Act that have been excluded are the sections which require third parties - particularly Electronic Communications Services Providers - to assist with the Cybercrimes and where Regulations (in terms of forms / procedures) need to be developed first before those sections can be effective (eg. the form to request information from third parties, what a preservation of evidence request would look like and how to about requesting it etc.). One of the most potent tools in the arsenal of the Police - orders to preserve evidence - is not yet in force but that will hopefully change soon. That said, South Africa now has a law which will make it illegal for you to incite people to damage property or people (consider the July 2021 riots in Kwa-Zulu Natal) and to send (or forward) intitimate images of someone without their consent (revenge porn) which are welcome additions to our law. 

If you would like to attend our Cybercrimes Act workshop in partnership with Law@work please contact them at: liesel.collins@uct.ac.za or paula.allen@uct.ac.za