Instruments & Frameworks

African Union
African Union Convention on Cyber Security and Personal Data Protection
  • Aims to create a legislative framework for cyber security and personal data protection;
  • Requires member states to develop a national cyber security policy and appropriate institutional mechanism for governance; legislation and institutions against cybercrime; ensuring monitoring and a response to incidents and alerts, national and cross-border coordination and global cooperation.
27 June 2014 | Public Initiative

League of Arab States
Convention on Combating Information Technology Offences
Enables parties to adopt a common criminal policy aimed at protecting the Arab society against information technology offences.
21 December 2010 | Public Initiative

Caribbean Community (CARICOM)
Model Legislative Texts of Cybercrime/e-Crimes and Electronic Evidence
  • Model legislation targeting the prevention and investigation of computer and network related crime
  • Non-binding
2012 | Public Initiative

Common Market for Eastern and Southern Africa (COMESA)
Cybersecurity Draft Model Bill
  • COMESA Secretariat as the Chairperson of the Tripartite Task Force (TTF) to undertake the harmonization of the cyber security policies
  • Came with adoption of the Model Cyber Security Policy and the Cyber Security Implementation Roadmap
  • Non-binding
October 2011 | Public Initiative

Model Law on Computer and Computer Related Crimes
  • Three sections: definitions, offences, and procedural law
  • Offences relate to illegal access, interfering with data, interfering with a computer system, the illegal interception of data, illegal devices and child pornography using a computer system or a computer data storage medium
2002 (submitted, under review as of July 2017) | Public Initiative

Commonwealth of Independent States
Agreement on Cooperation in Combating Offences related to Computer Information
  • Agreement to cooperate in order to ensure the effective prevention, detection, suppression, uncovering and investigation of offences relating to computer information
  • Parties to strive to ensure harmonization of their national legislation
1 June 2001 | Public Initiative

Council of Europe (open for non-member States)
Convention on Cybercrime (Budapest Convention)
  • Addresses Internet and computer network-based crimes, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security.
  • Contains a series of powers and procedures such as the search of computer networks and interception. 
  • Pursues a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international co-operation.
23 November 2001 | Public Initiative

East African Community (EAC)
Draft EAC Framework for Cyberlaws
  • States committed to enacting cyberlaws effective across the region
  • Adopted by the EAC Sectoral Council of Ministers on Transport, Communications, and Meteorology
  • Non-binding
7 May 2010 | Public Initiative

Economic Community of Central African States (ECCAS)
Declaration of Brazzaville (adoption of Model Laws in ICT and Cybersecurity)
  • Adoption of model laws on telecommunications, cyber security, and regulatory framework to govern cross-border interconnection
  • Process initiated in 2011 with workshop on harmonization of the cyber-security legal framework
  • Non-binding
24 November 2016 | Public Initiative

Economic Community of West African States (ECOWAS)
Directive C/DIR. 1/08/11 on Fighting Cyber Crime within ECOWAS
  • Indicates offences specifically related to information and communication technologies, including fraudulent access, interference, data interception, and data modification
  • Incorporates traditional offences into information and communication technology offences
19 August 2011 | Public Initiative

European Union
Directive on Security of Network and Information Systems (NIS Directive)
  • Creates a Cooperation Group, composed of representatives of Member States, the Commission, and the EU Agency for Network and Information Security (ENISA)
  • Requires member states to be appropriately equipped, e.g. via a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority,
  • Member States must adopt and publish, by 9 May 2018, the laws, regulations and administrative positions necessary to comply.
6 July 2016 | Public Initiative

Shanghai Cooperation Organisation
Agreement on Cooperation in the Field of International Information Security
Creates a legal and organizational basis for cooperation between the Parties in the field of international information security, including in:
  • Coordinating and implementing necessary joint measures in the field of ensuring international information security
  • Creating of a system of joint monitoring and response to emerging threats in this area
  • Elaborating joint measures for the development of the provisions of the international law limiting the spread and use of information weapons threatening defense capacity, national security and public safety
16 June 2009 | Public Initiative

Southern African Development Community (SADC)
Model Laws on Cyber Security; Cybercrime, Data Protection and Electronic Transactions
  • On occasion of the SADC ICT Ministers Meeting
  • Developed in conformity with the Africa Union Commission (AUC) Draft Convention on Cyber Security
  • Non-binding
November 2013 | Public Initiative