Legal updates and opinions
News / News
Cybercrimes Act: South Africa Finally Joins The Big Boy Table
1. President Cyril Ramaphosa has just signed the Cybercrimes Bill, which seeks to bring South Africa’s cybersecurity laws in line with the rest of the world, into law. This Bill which is now an Act of Parliament creates offences for and criminalises, amongst others, the disclosure of data messages which are harmful. Examples of such data messages include:
1.1 those which incite violence or damage to property;
1.2 those which threaten persons with violence or damage to property; and
1.3 those which contain an intimate image.
Not every crime is a cybercrime – The dichotomy of cyber-enabled crimes and cybercrimes.
2. Other offences include cyber fraud, forgery, extortion and theft of incorporeal property. The unlawful and intentional access of a computer system or computer data storage medium is also considered an offence along with the unlawful interception of, or interference with data.
3. This creates a broad ambit for the application of the Cybercrimes Act which defines “data” as electronic representations of information in any form. It is interesting to note that the Act does not define “cybercrime” but rather creates a number of offences such as those canvassed above.
4. There is no doubt that the Cybercrimes Act will be of particular importance to electronic communications service providers and financial institutes as it imposes obligations upon them to assist in the investigation of cybercrimes, for example by furnishing a court with certain particulars which may involve the handing over of data or even hardware on application. There is also a reporting duty on electronic communications service providers and financial institutions to report, without undue delay and where feasible, cyber offences within 72 hours of becoming aware of them. A failure to do so may lead to the imposition of a fine not exceeding R50 000.
5. A person who is convicted of an offence under the Cybercrimes Act is liable to a fine or to imprisonment for a period of up to fifteen years or to both a fine and such imprisonment as may be ordered in terms of the offence.
6. It is further interesting to note the impact this Act will have on businesses, especially considering its overlap with the Protection of Personal Information Act 4 of 2013 (POPIA), amongst other regulatory codes and pieces of legislation. POPIA, which deals with personal information, aims to give effect to the right to privacy by protecting persons against the unlawful processing of personal information. One of the conditions for lawful processing in terms of POPIA is security safeguards which prescribes that the integrity and confidentiality of personal information must be secured by a person in control of that information. This is prescribed by POPIA in order to prevent loss, damage or unauthorised access to or destruction of personal information. POPIA also creates a reporting duty on persons responsible for processing personal information whereby they must report any unlawful access to personal information (data breach) to the Information Regulator within a reasonable period of time.
7. In light of the above, companies should be cognisant of their practices especially in dealing with data or information. The value of data as an asset, the oil of the new economy, cannot be understated. To quote the CEO of Apple, Tim Cook:
“We shouldn’t ask our customers to make a trade-off between privacy and security. We need to offer them the best of both. Ultimately, protecting someone else’s data protects all of us.”
Read more on the major cyber security risks to your business here.
by Ahmore Burger-Smidt, Director and Head of Data Privacy Practice and member of Competition Law Practice; and Nyiko Mathebula, Candidate Attorney.
Latest News
Constitutional subsidiarity: An important clarification
by Dakalo Singo, Director and Head of Pro Bono Constitutional subsidiarity is an important principle of South African law. While [...]
Franchisors Beware! The Competition Commission may come knocking soon
by Paul Coetser, Director and Head of Competition and Kwanele Diniso, Associate The franchising industry has long been a bone [...]
Mind the Conduct: A Guide to COFI – Part 6: COFI – What Really Changes?
by Hilah Laskov, Director Introduction In this article series, we take a deep dive into the South African Conduct of [...]
Remuneration governance under the amended Companies Act: A closer look at some of the key questions
by Kevin Trudgeon, Director and Helena Stoop, Senior Knowledge Lawyer 1. Introduction On 22 May 2026, a proclamation by President [...]
Does the Public Procurement Act provide for an effective dispute resolution mechanism?
by Sarah Moerane, Director and Koketso Rapoo, Senior Associate The National Treasury published the draft General Public Procurement Regulations and [...]
The shift in the evaluation criteria in South African public procurement
By Sarah Moerane, Director and Amogelang Magano, Senior Associate South Africa is in the midst of what could prove to [...]
