Skip to main content

PLEASE NOTE: For everyone’s safety, Fasken recommends anyone on-site at our Canadian offices be familiar with the COVID-19 recommendations in place which may include one or more of the following: social distancing, hand sanitizing, wearing a mask in common areas and proof of full vaccination. These measures apply to lawyers, staff, clients, service providers and other visitors.


Red Flag Series: Commencement of Certain Provisions of the Cybercrimes Act

Reading Time 4 minute read


Just like that, the COVID-19 pandemic turned the world on its head, creating a reign of fear, uncertainty and loss.  But, in the midst of this crisis and like the speed of light the world has also been propelled and transformed into a digital revolutionary paradigm, like no other. Whether it was a means to prevent the spread of the virus, ensure continuity of business, education or just advance some semblance to everyday normal life, information and communication technology have been at the forefront at the start of the pandemic. Bringing along with it a “wave” of sophisticated technologies, digital-savvy models, connectivity and maintaining communication, building capabilities of workforce of the future, cultural and behavioural changes in doing business and much more. In this wake, however, and at the other end of the spectrum the threat against cybersecurity, galvanized. Whilst, cybercrimes are not a new phenomena or for that matter a phenomena of the COVID-19 pandemic it has certainly proven to be a symptom thereof. Coupled with revolutionary digital sophistication are sophisticated cybercrimes. South Africa too became and is the target and victim of high-profile cyberattacks and cybercrimes.

With this onset, the need to combat and deter cybercrimes became ever-pressing and as such  South Africa laid down the law on cybercrimes. On 26 May 2021, the Cybercrimes Act 19 of 2020 (“the Cybercrimes Act”) was signed into law. Principally, the Cybercrimes Act provides for offences and penalties which have a bearing on cybercrimes, this was unpacked in an earlier article.

Advocate Doctor Mashabane, Director General of the Department of Justice and Constitutional Development, describes South Africa’s Cybercrimes Act as “a groundbreaking and decisive step in the country’s cyber governance and policy space and together with the Promotion of Personal Information (POPI) Act 2020, forms a key part of South Africa’s armoury in the fight against cybercrime”. We cannot agree more!

Although, the Cybercrimes Act was not in force because its commencement is yet to be proclaimed, the signing of the Presidential Minute marked the 1st of December 2021 as the commencement of certain provisions of the Cybercrimes Act. 

The following provisions of the Cybercrimes Act have come into operation:

  1. Chapter 1 which stipulates the definitions and interpretation of the provisions of the Cybercrimes Act;
  2. Chapter 2 (excluding Part VI) sets out the types of acts that are considered to be offences according to the Cybercrimes Act including the unlawful interception of data, cyber fraud and the disclosure of data messages which incite damage to property or violence;
  3. Chapter 3 makes provision for the jurisdiction of South African courts to deal with cybercrimes within and beyond the borders of South Africa, having regard to the transnational nature of cybercrimes;
  4. Chapter 4 (excluding sections 38(1)(d), (e) and (f), 40(3) and (4), 41, 42, 43 and 44) regulates the powers of police officials to search, access, seize certain articles and investigate cybercrimes;
  5. Chapter 7 provides the proof of certain facts by way of an affidavit.
  6. Chapter 8 (excluding section 54) sets out the obligation of the National Director of Public Prosecutions to keep statistics of prosecutions and the capacity to detect, prevent and investigate cybercrimes; and lastly
  7. Chapter 9 (excluding sections 11B, 11C, 11D and section 56A(3)(c)-(e) of the Criminal law (Sexual Offences and Related Matter) Amendment Act 32 of 2007, in the Schedule of laws repealed or amended in terms of section 58) provides general provisions.

Minister of Justice and Correctional Services, Ronald Lamola (“Minister Lamola”) pointed out that the sections put into operation are aimed to ensure that:

  • The South African Police Services (“SAPS”) is adequately capacitated and trained to deal with cybercrimes;
  • Verifiable statistics of the extent of cybercrime in South Africa is available;
  • The effectiveness and capacity of the SAPS to investigate cybercrimes can be evaluated; and
  • The capacity of the National Prosecuting Authority to prosecute cybercrimes can be evaluated.

Sections of the Cybercrimes Act that could not come into operation include amongst others protection orders against harmful disclosure of pornography and malicious communications, certain requirements for preserving evidence of cybercrimes or malicious communication and the establishment of a functional Point of Contact within SAPS to coordinate cybercrime investigations in South Africa and to facilitate international cooperation. Once the regulations to the Cybercrimes Act are finalized these sections will be put into operation.

With the commencement of only certain sections of the Cybercrimes Act, the questions that are looming - Is it enough? Is it effective?

The fact is that we all remain susceptible to cyber breaches and attacks but we each have a role to play in the fight against cybercrimes. And, while South Africa may have to play catch up, given the new and innovative ways in which crimes are committed in this digital revolutionary space, our legislative framework is not in a state of paralysis or inertia. The partial commencement of the Cybercrimes Act is therefore welcomed!

In fact, with cybercrimes on the rise globally, this is a progressive step to ensure that South African laws are up to international standards in an effort to combat cybercrimes.

The Cybercrimes Act can be accessed here.

This article was prepared by partners Rakhee Bhoora and Jesicca Rajpal, as well as candidate attorney Barr-Mary Tyzack.



    Receive email updates from our team