The Cyber Security and Cyber Crimes Act, 2021 | Zambia

National Regulations

The Cyber Security and Cyber Crimes Act, 2021 is a legislative framework enacted in Zambia to regulate cyber security services, protect critical information infrastructure, and combat cyber crimes. It establishes mechanisms for managing cyber threats, including the formation of the Zambia Computer Incidence Response Team (ZCIRT) and the National Cyber Security Advisory Council. The Act also outlines provisions for protecting personal data, intercepting communications, and managing electronic evidence in legal proceedings.

Key Articles:

  1. Part II: Regulation of Cyber Security Services
    • Defines the roles of the cyber security regulator and the responsibilities of the ZCIRT for managing cyber incidents and coordinating with international partners.
  2. Part V: Protection of Critical Information Infrastructure
    • Covers the registration, auditing, and protection measures for critical information systems, emphasising the need for data localization and mandatory reporting of security incidents.
  3. Part VI: Interception of Communication
    • Details the conditions under which communications may be intercepted by law enforcement, including provisions for lawful interception to prevent harm or during emergencies, and penalties for unauthorized interception.
  4. Part IX: Cyber Crimes
    • Lists specific offences such as unauthorised access, cyber extortion, identity theft, and cyberterrorism, along with associated penalties. It also includes regulations on child pornography and hate speech conducted through electronic systems.
  5. Part X: Electronic Evidence
    • Establishes the admissibility and evidentiary value of electronic data in legal proceedings, ensuring that digital evidence is recognised in court cases.

The Act plays a crucial role in enhancing cyber resilience and provides a legal basis for addressing challenges related to digital security and cybercrime in Zambia.