The newly enacted Cybercrimes Act and what it means for South Africans

cybercrimes act
26 Jul 2021

The newly enacted Cybercrimes Act (“Act”) not only creates offences but also codifies and imposes penalties on cybercrimes and defines cybercrime as including, but not limited to, acts such as: the unlawful access to a computer or device such as a USB drive or an external hard drive; the illegal interception of data; the unlawful acquisition, possession, receipt or use of a password; and forgery, fraud and extortion online.

The Act criminalises the disclosure of data messages which are harmful and the disclosure of data messages that contain intimate images and seeks to implement an integrated cybersecurity legislative framework to effectively deal with cybercrimes and address aspects pertaining to cybersecurity.

The Act creates 20 new cybercrime offences and prescribes penalties related to cybercrime. It provides overarching legal authority on how to deal with cybercrimes, by regulating how these offences must be investigated which includes searching and gaining access to, or seizing items in relation to cybercrimes.

Section 3 of the Act makes provision for offences relating to personal information (as defined in the POPI Act) including the abuse, misuse and the possession of personal information of another person or entity where there is reasonable suspicion that it was used, or may be used, to commit a cybercrime.

It provides for the establishment of a 24/7 point of contact for all cybercrime reporting, the establishment of various structures to deal with cybersecurity (which includes a cyber response committee, a cyber security centre and a national cybercrime centre).

The Act imposes an obligation on electronic communications service providers (“ECSPs”) and financial institutions, such as banks, to report cyber offences within 72 hours of becoming aware of them. They must preserve any information which may be of assistance in the investigation and they are required to work with law enforcement, where applicable, in the investigation of cybercrimes. In certain instances, this may involve the handing over of data and hardware. ECSPs and financial institutions must report cyber offences without undue delay and within 72 hours of becoming aware of them, failing which, they may be liable to a fine of up to R50,000.

The Act provides the South Africa Police Services with the authority to not only investigate, search, access and seize but to also co-operate with foreign states to investigate cybercrimes. Further, the National Director of Public Prosecutions is obligated, in terms of the Act, to compile a report on the number and results of prosecutions for cybercrimes for the National Prosecuting Authority.

The Act further affords South African courts with jurisdiction to adjudicate over any act or omission alleged to constitute an offence under the Act and affecting a person in South Africa, even in instances where such a defined cybercrime is committed outside of South Africa.

More importantly, the Act prescribes certain sentences for offenders, which entail fines ranging from R5 million to R10 million and/or imprisonment ranging from 5 to 10 years, with other more serious offences attracting imprisonment of up to 15 years and an imprisonment period not exceeding 25 years for computer related terrorist activity and related offences. The Act imposes lesser sentences for the dissemination of data messages which advocates, promotes, or incites hate, discrimination, or violence to imprisonment not exceeding 2 years, or a fine.

The courts have also been afforded with a discretion to impose any sentence that it deems appropriate under section 276 of the Criminal Procedure Act 51 of 1977 to anyone that is found guilty of cyber fraud, cyber forgery and uttering.

Individuals will need to educate themselves and be very careful when corresponding, especially over social media. Companies, especially ECSPs and financial institutions, will need to initiate training and programmes to ensure compliance with the Act.

See also:

(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)
Grant Williams

Grant Williams is a partner in our commercial group. He specialises in commercial law with an emphasis on media, telecommunications and IT. Grant’s recent experience includes assisting with the establishment... Read more about Grant Williams

Tyron Fourie

Tyron Fourie is a partner in the commercial department in Johannesburg. He acts for a range of clients including those in the IT, telecoms, consumer, banking and insurance sectors. His... Read more about Tyron Fourie

Sibulele Siyaya

Sibulele Siyaya is an Associate in our TMT department at the Bryanston office. He graduated from the University of Johannesburg with an LLB degree in 2015, a Postgraduate Diploma in... Read more about Sibulele Siyaya


Technology Law articles by

Technology Law articles on GoLegal