We have a lot of legislation setting out cybercrime in theory, but enforcing the sanctions on online behaviour is more difficult than the enforcement of “traditional” laws. After many years of legal uncertainty on cybercrime and technology related offences, the Electronic Communications and Transactions Act[1] (ECTA) was passed in 2002. Other legislation that helps in the prosecution of cybercrime is the Regulation of Interception of Communications and Provision of Communication-Related Information Act[2], the Copyright Act[3], and many more.

In February 2017, the new Cybercrimes and Cybersecurity Bill was submitted to Parliament and it takes important steps towards enabling South Africa to cooperate internationally on prosecution of cybercrime.

Jurisdictional issues

Jurisdiction determines which court has the authority to hear a matter and to determine sentence for a crime. Whether or not a particular court will have jurisdiction over a matter depends on the seriousness of the crime and the geographic area where it was committed. For cybercrime, the most problematic issue is determining the geographic area where the crime was committed because perpetrators are often not in the same city, region or even country as the victim.

South African Legislation

Section 90 of ECTA deals with jurisdiction relating to cybercrime in South Africa.  Our courts have jurisdiction on cybercrime if the crime, or any part of the crime (including the preparation), was committed in the country or if the crime was committed by a South African citizen, a permanent resident, or someone carrying on business here. Our courts will also have jurisdiction if the crime was committed on board any ship or aircraft registered in the country or on a voyage or flight to or from the country.

There is still an on-going legal debate on whether these provisions are in line with international laws and what effect it will have on the prosecution of cybercrime. South Africa is a party to the Council of Europe’s Convention on Cybercrime and ECTA complies with the general provisions of the Convention. The problem is that neither ECTA nor the Criminal Procedure Act[4] comply with all the practical requirements set out in the Convention.

Cybercrimes and Cybersecurity Bill

In terms of Clause 23 of Chapter 4 of the Bill, South African courts will have the jurisdiction as set out in ECTA but will also have jurisdiction over cybercrime that originates in foreign countries but has an “effect in the Republic” and the perpetrator is found here.

South African courts will also have jurisdiction if the crime was committed outside the country but the perpetrator is a South African citizen, ordinarily resident here or was arrested in the territory of the RSA, or in its territorial waters.

This broadens South Africa’s jurisdiction to prosecute cybercrime immensely, but to give proper effect to the above, countries must be able to cooperate on investigating and extraditing individuals charged with cybercrime (delivering them to the foreign country). This will not be as easy in practice as it is in theory.


Cross border crimes, such as cybercrime, affect many jurisdictions. Jurisdictional issues often slow down or completely block the enforcement of cybercrime laws. More and more countries are recognising the harm of cybercrime and are working together to sanction it. The Cybercrimes and Cybersecurity Bill takes definite action towards readying South Africa to cooperate with other countries on cybercrime and is a positive step in curbing the current jurisdictional issues.


[1] 25 of 2002, as amended

[2] 70 of 2002, as amendedCybercrime & Insurance

[3] 98 of 1978, as amended

[4] 51 of 1977, as amended