UPDATE ON THE CYBERCRIMES ACT NO. 19 OF 2020

VDMA previously reported on the Cybercrimes Act No. 19 of 2020 (“Cybercrimes Act”) on 22 June 2021 which at that stage, was to come into effect on a date to be proclaimed in the Government Gazette.  In broad terms, the Cybercrimes Act aims to align South Africa’s cybersecurity laws with the rest of the world and the objectives of the act include, amongst other things, to criminalise the unlawful access, use and disclosure of data which may potentially be harmful by creating various new criminal offences, each with different penalties depending on the severity of the offence.

The Cybercrimes Act describes cybercrimes as, amongst other things, unlawful access and/or interference to data or computer programs. As from 1 December 2021, by proclamation in the Government Gazette, the following sections of the Cybercrimes Act have now officially come into effect and accordingly will be enforceable:

  • Chapter 1 – which sets out the definitions and interpretation of the Cybercrimes Act;
  • Chapter 2 – which relates to, amongst other things,
    • cybercrimes;
    • malicious communications;
    • instructing or inducing another person to commit an offence;
    • competent verdicts; and
    • sentencing,
  • Chapter 3 – which relates to the jurisdiction of the South African courts in relation to cybercrimes;
  • Chapter 4 – which relates to the power of the South African Police Service to instruct any fit and proper person, who is not a member of the South African Police Service, to access a computer data storage medium and/or a computer system and seize a computer data storage medium and/or any part of a computer system;
  • Chapter 7 – which relates to the evidence of cybercrimes;
  • Chapter 8 – which relates to reporting obligations and capacity building of electronic communications service providers and financial institutions; and
  • Chapter 9 – which contains the general provisions of the Cybercrimes Act.

It is also important to take note that not all of the provisions in the aforementioned chapters will come into effect as the following exclusions will apply with the commencement of the aforementioned chapters:

  • Chapter 2 – Part VI;
  • Chapter 4 – sections 38(1)(d), (e) and (f), 40(3) and (4), 41, 42, 43 and 44;
  • Chapter 8 – section 54; and
  • Chapter 9 – sections 11B, 11C, 11D and 56A(3)(c), (d) and (e) of the Criminal Law (Sexual Offences and Related Matters) Amendment Act No. 32 of 2007, in the Schedule of laws repealed or amended in terms of section 58.

Now that the Cybercrimes Act has officially commenced, it is imperative that businesses and individuals educate themselves on the Cybercrimes Act and ensure that adequate policies and procedures are in place to prevent them from falling foul of the provisions of the Cybercrimes Act. The penalties which apply should a business or individual fail to comply with the Cybercrimes Act are severe and include, amongst other things, fines ranging from R5 000 000 (five million Rand) to R10 000 000 (ten million Rand) and/or imprisonment ranging from 5 (five) to 10 (ten) years depending on the offence committed.

VDMA’s team of experts are available to assist you and your business with conducting Cybercrimes training and/or assisting with any other Cybercrimes Act compliance needs you may have.

Published 12 January 2022