What does this cover?

On 28 August the South African Department of Justice and Constitutional Development (DoJ) released the draft Cybercrimes and Cybersecurity Bill (the Bill) for public consultation. The Bill incorporates 20 new cyber offences and imposes cybersecurity obligations on 'electronic communications service providers' (ECSPs). The term ECSPs has been defined widely and includes institutions not traditionally regarded as ECPSs such as banks, pension funds, collective schemes, credit rating agencies and insurers,. 

The intention of the Bill is to address the various inadequacies which exist in dealing with cybercrime and cybersecurity in the country. Among other things, the Bill:

  • establishes obligations for electronic communications service providers;  
  • creates offences and prescribes penalties related to cybercrime; and  
  • regulates jurisdiction, investigatory powers, evidence and international cooperation and deals with the establishment of necessary bodies and structures.  

The announcement on the South African Government website can be found here.

The Bill and a Discussion Document, explaining the proposed amendments, are available for here.

What action could be taken to manage risks that may arise from this development?

Companies should consider the impact of the Bill and whether it will be able to meet the proposed obligations and may wish to consider responding to the consultation which is currently open until 30 November 2015.