Guidelines for a model law on computer-enabled and computer-related crimes in African Union member States

Abstract

Cybersecurity legislation covers the regulation, maintenance and promotion of cybersecurity activities, critical national infrastructure and computer-related services. The guidelines are designed to assist African Union member States in drafting, reforming and modernizing their cybersecurity laws to consider the particular features and needs of promoting cybersecurity in the region. The guidelines are for use by African States and African policymakers and legislators who wish to understand the valuable components of a model cybersecurity law. The guidelines are aimed at linking best practices regarding substantive offenses, powers and mutual legal assistance, such as those enunciated in regional and international cybersecurity treaties, with specific examples of standards, principles and measures that define the various elements that need to be included in cybersecurity legislation. The guidelines contain a discussion of standard cybersecurity measures, including those aimed at recognizing offenses, and provide definitions of the types of acts than can be criminalized under a model cybersecurity law. States, lawmakers and regulators are encouraged to provide guidance for creating cybersecurity programs that are flexible, scalable, practical and consistent with global best practices. Ultimately, the guidelines provide recommendations on standards for cybersecurity laws and regulations in African jurisdictions. They also provide guidance on law enforcement activities that can be undertaken to ensure cybersecurity while prioritizing respect for human rights in accordance with international and regional human rights standards.