Cyber Law at South Sudan
South Sudan's cyber law landscape is still in its nascent stages, reflecting its relatively recent independence (2011) and ongoing nation-building efforts. However, significant steps have been taken, particularly with the introduction of legislation aimed at combating cybercrime.
Here's a breakdown of the current state of cyber law in South Sudan:
1. Cybercrime:
Cybercrimes and Computer Misuse Provisional Order, 2021: This is the primary piece of legislation directly addressing cybercrime in South Sudan. It was issued by the President as a Provisional Order, which is a temporary law with the force of an Act, allowed when Parliament is not in session for urgent matters (Article 86(1) of the Transitional Constitution of South Sudan 2011).
Scope: The Order aims to protect against crimes committed through computers, computer systems, the internet, or related activities. It extends jurisdiction to cover offenses committed in or outside the country against citizens and the South Sudanese state.
Offenses Covered: It criminalizes a range of activities, including:
Unauthorized access to computer systems (hacking).
Unlawful interference with data or computer systems.
Unlawful acquisition or disclosure of data.
Introduction of malicious software.
Computer-related misrepresentation and fraud.
Cyber extortion.
Identity-related crimes.
Child online protection (child pornography, child solicitation).
Transmission of deceptive electronic communication (though this and other provisions are broadly defined and have raised concerns about freedom of expression).
Spamming (also broadly defined).
Trafficking in human beings or facilitating such transactions using computers.
Offensive communication.
Judicial Oversight: The Order aims to establish judicial oversight, particularly over the use of forensic tools to collect evidence (Section 10 requires court authorization).
Specialized Unit: It provides for the establishment of a specialized public prosecution attorney unit to investigate and prosecute cybercrime offenses.
Service Provider Obligations: Section 6 imposes an obligation on service providers to store information relating to communications, including personal data and traffic data of subscribers, for a period of 180 days. They are also required to put in place technical capabilities to enable law enforcement agencies to monitor compliance.
Challenges and Concerns with the Provisional Order:
Overly Broad Definitions: Critics, including human rights organizations, have raised concerns that the Order contains overly broad and ambiguous definitions (e.g., "computer misuse," "indecent content," "pornography," "publish," "spamming," "offensive communication"). These broad definitions could potentially be used to curtail freedom of expression, media freedom, and access to information, and to target government opponents or critics.
Lack of Specificity on Penalties: Some provisions lack specificity on the fines that may be levied.
Provisional Nature: As a Provisional Order, its long-term status and parliamentary review process have been a point of discussion. There have been reports that the Cybercrimes and Computer Misuse Bill 2024 was tabled in the Transitional National Legislative Assembly (TNLA) after the original Provisional Order's time constitutionally elapsed. This indicates a move towards formalizing the legislation through parliamentary debate and enactment as a permanent law.
2. Data Protection and Privacy:
Limited Specific Legislation: As of mid-2025, South Sudan does not have a comprehensive, dedicated data protection law similar to GDPR or those found in many other countries.
Constitutional Right to Privacy: Article 22 of the Transitional Constitution of South Sudan 2011 guarantees the right to privacy. South Sudan has also ratified international instruments like the International Covenant on Civil and Political Rights (ICCPR) (Article 17) and the African Charter on Human and Peoples' Rights (Article 5), which provide for the right to privacy.
Data Retention under Cybercrime Order: While not a data protection law, Section 6 of the Cybercrimes and Computer Misuse Provisional Order, 2021, does impose an obligation on service providers to store certain communication data for 180 days. However, without a broader data protection framework, concerns remain about the security and privacy of this data, and the absence of specific rules for consent, processing, or data subject rights.
Lack of Data Protection Authority: There is currently no formally established or designated independent data protection authority.
No Commitment to Regional Instruments: South Sudan has not yet committed to leading regional instruments like the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention), which aims to harmonize data protection laws across Africa.
3. Electronic Transactions:
While South Sudan's legal system is still developing, it has inherited some legal frameworks from the pre-independence Sudan. The Electronic Transactions Act, 2007 (of Sudan, prior to South Sudan's independence) provided for the legal recognition of electronic transactions, records, and digital signatures. It's unclear to what extent this specific Act has been formally adopted or updated in South Sudan's independent legal framework.
The general principle of facilitating digital transactions is likely recognized, but a comprehensive, South Sudan-specific electronic transactions law would further enhance legal certainty for e-commerce and digital services.
Key Challenges and Developments:
Legal Framework Development: The primary challenge is the ongoing development and formalization of a comprehensive and rights-respecting cyber law framework. The transition of the Cybercrimes and Computer Misuse Provisional Order into a Bill in Parliament is a positive step towards more robust and debated legislation.
Capacity Building: There is a significant need for capacity building within law enforcement, the judiciary, and legal professionals to effectively implement and enforce cyber laws. This includes technical expertise for cybercrime investigations and understanding of digital evidence.
Balancing Security and Rights: A critical ongoing challenge is to balance national security concerns and the need to combat cybercrime with the protection of fundamental rights such as freedom of expression, privacy, and access to information. The current broad definitions in the Cybercrime Order are a key point of concern in this regard.
Infrastructure and Awareness: Limited internet access, low digital literacy, and a nascent cybersecurity market further complicate the implementation of cyber laws and public awareness.
International Cooperation: South Sudan's engagement in international cooperation on cybersecurity and data protection is minimal, which is essential for combating trans-national cybercrime and adopting best practices.
In conclusion, South Sudan has taken a significant initial step in addressing cybercrime with the 2021 Provisional Order (and its impending formalization as a Bill). However, it still has considerable work to do in establishing a comprehensive data protection framework, strengthening electronic transaction laws, and ensuring that its cyber laws are implemented in a manner that fully respects human rights and freedoms in the digital sphere.
RELATED Blog
0 comments