Cybercrimes Act 19 of 2020

South Africa's Cybercrimes Act 19 of 2020, which came into force on December 1, 2021, is South Africa's first comprehensive cybercrime legislation. The Act criminalizes a wide range of cyber offenses including unlawful access to computer systems, interception of data, interference with data and computer programs, ransomware attacks, and cyber fraud. The Act also establishes obligations for electronic communications service providers (ECSPs) and financial institutions to report cybercrime to the South African Police Service (SAPS) within 72 hours of becoming aware of the crime. The Act empowers law enforcement to investigate cybercrime, including powers to search and seize electronic devices and to require service providers to preserve and produce electronic evidence. The Act creates offenses for possession and distribution of malicious software and for providing assistance to cybercriminals. Penalties range from fines to imprisonment of up to 15 years for serious offenses. The Act works alongside the Protection of Personal Information Act (POPIA) and the Electronic Communications and Transactions Act (ECTA) to form South Africa's digital legal framework.