South African Law on Cybercrime

View the Full text of legislation and regulations affecting the internet in South Africa

View the Council of Europe’s Convention on Cybercrime (used as a guideline for developing SA’s national legislation)
More on CoE Cybercrime projects and framework for international cooperation

View the Definitions of Cybercrime

View the Electronic Communications and Transactions (ECT) Amendment Bill, 2012 [PDF 5.47MB] – Published October 2012

View the Cybercrimes and Cybersecurity Bill 2015 [PDF 839KB] – Draft Published for Comment, August 2015

Below is the sections of the Electronic Communications and Transactions (ECT) Act 25 of 2002, relevant to the criminal offences:

CHAPTER XIII

CYBER CRIME

Definition

85.
In this Chapter, unless the context indicates otherwise—
“access” includes the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data.

Unauthorised access to, interception of or interference with data

86.
(1) Subject to the Interception and Monitoring Prohibition Act, 1992 (Act No. 127 of 1992), a person who intentionally accesses or intercepts any data without authority or permission to do so, is guilty of an offence.
(2) A person who intentionally and without authority to do so, interferes with data in a way which causes such data to be modified, destroyed or otherwise rendered ineffective, is guilty of an offence.
(3) A person who unlawfully produces, sells, offers to sell, procures for use, designs, adapts for use, distributes or possesses any device, including a computer program or a component, which is designed primarily to overcome security measures for the protection of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the intent to unlawfully utilise such item to contravene this section, is guilty of an offence.
(4) A person who utilises any device or computer program mentioned in subsection (3) in order to unlawfully overcome security measures designed to protect such data or access thereto, is guilty of an offence.
(5) A person who commits any act described in this section with the intent to interfere with access to an information system so as to constitute a denial, including a partial denial, of service to legitimate users is guilty of an offence.

Computer-related extortion, fraud and forgery

87.
(1) A person who performs or threatens to perform any of the acts described in section 86, for the purpose of obtaining any unlawful proprietary advantage by undertaking to cease or desist from such action, or by undertaking to restore any damage caused as a result of those actions, is guilty of an offence.
(2) A person who performs any of the acts described in section 86 for the purpose of obtaining any unlawful advantage by causing fake data to be produced with the intent that it be considered or acted upon as if it were authentic, is guilty of an offence.

Attempt, and aiding and abetting

88.
(1) A person who attempts to commit any of the offences referred to in sections 86 and 87 is guilty of an offence and is liable on conviction to the penalties set out in section 89(1) or (2), as the case may be.
(2) Any person who aids and abets someone to commit any of the offences referred to in sections 86 and 87 is guilty of an offence and is liable on conviction to the penalties set out in section 89(1) or (2), as the case may be.

Penalties

89.
(1) A person convicted of an offence referred to in sections 37(3), 40(2), 58(2), 80(5), 82(2) or 86(1), (2) or (3) is liable to a fine or imprisonment for a period not exceeding 12 months.
(2) A person convicted of an offence referred to in section 86(4) or (5) or section 87 is liable to a fine or imprisonment for a period not exceeding five years.

CHAPTER VII

CONSUMER PROTECTION

Unsolicited goods, services or communications

45.(1) Any person who sends unsolicited commercial communications to consumers, must provide the consumer
(a) with the option to cancel his or her subscription to the mailing list of that person; and
(b) with the identifying particulars of the source from which that person obtained the consumer’s personal information, on request of the consumer.
(2) No agreement is concluded where a consumer has failed to respond to an unsolicited communication.
(3) Any person who fails to comply with or contravenes subsection (1) is guilty of an offence and liable, on conviction, to the penalties prescribed in section 89(1).
(4) Any person who sends unsolicited commercial communications to a person who has advised the sender that such communications are unwelcome, is guilty of an offence and liable, on conviction, to the penalties prescribed in section 89(1).