Cybercrimes Act 19 of 2020. (July 2021)

Published July 2021

Jean-Pierre Murray-Kline - Sustainable and Ethical Future Business

All of us have tasks in our career we loath.

This article involved such a chore for me: studying law. It is essential that I study legislation related to technology, and because I do this I am able to offer an easy to digest summary of the most important points (and they are important because we are all subject to the law of this land) on the Cybercrimes Act 19 of 2020. (An Act that is somewhat blood related to POPI.)

The Act has three ‘themes’ covered in 9 chapters:

  • Types of crimes.
  • Penalties.
  • Responsibilities of businesses, organizations and people.

Although I have already received kick back on my opinion of this Act (which is the Act is a step in the right direction), I can appreciate that some people might feel that it may impose on their e-liberties.

With that said: ‘law’ is never written in stone. It is not a constant, not always right, and always a work in progress. I can give so many examples of how law has changed over time: what was once illegal in one year is now legal in 2021, but that would be off the point. Suffice to say, e-services have ushered in many new ways of doing things. You cannot have great advantages and no responsibilities, which is why I believe this Act is on the right path: it attempts to hold people responsible for their e-actions.


Spanner in the works.

The challenge of ‘implementation’ of the Act largely falls on the shoulders of the South African Police Service, and their knowledge (on this subject) is meagre.

SAPS are responsible for creating a 24/7 response ‘centre’ for all cybercrimes related to private and commercial matters. This is not a small task.

In addition, the cabinet minister responsible for policing needs to ensure ‘their office’ has enough trained staff and operational structures to detect, prevent and investigate cybercrimes.

Parliament expects a report each year on progress made and I am looking forward to the first report.


Objectives of the Act.

In summary: to ‘create’, ‘define’ and explain ‘e-offences’ linked to cybercrime / e-crimes. In addition, the Act explains how the powers to investigate work and how e-acts are criminalised and their severity.

In addition, it paints out the ‘dos’ and ‘don’ts’: regulation and jurisdiction of all involved and aims to iron out the process of reporting e-crimes and also dealing with foreign states. It is impossible to explain all 9 chapters in one article, but here is the elevator pitch:

Chapter 1.

  • Covers lots of definitions.

Chapter 2.

  • Explains types of cybercrimes.
  • Clarifies what an aggravated offence is, which in short is if you suspect or know some shananigans are happening, and you don’t report it, you can get into trouble.

Chapter 3.

  • Jurisdiction.

Chapter 4.

  • Powers to investigate, search, access or seize.
  • One interesting nugget from this section is the ability for investigators or SAPS to intercept real time communication, and also that SAPS can use data which is in the public domain, EG: stuff we post onto social media.

Chapter 5.

  • This section had a lot of waffle, but one point I found interesting was that in certain instances our government will support other countries governments with information / data for investigations and criminal matters.

Chapter 6.

  • All about the designated point of contact and where to report a matter.

Chapter 7.

  • Evidence.

Chapter 8.

  • Obligations to report.

Chapter 9.

  • Covers that South Africa can go into agreements with other countries, and can also amend / ‘repair’ their own laws. (Subject to due process being followed).


Important nuggets from the Act.

The Act ‘creates’ or defines ‘new’ unlawful e-shananigans related to:

  • Data,
  • E-messages,
  • Computers and other e-devices,
  • Interception of data,
  • Ransomware and e-attacks,
  • Cyber forgery and uttering,
  • Cyber extortion.

The Act empowers SAPS and its deputized / delegated ‘minions’ or officials / investigators, to enforce, investigate, search, access and seize various articles (hardware or software), such as computers, databases or even entire networks.

The Act insists (requires) that electronic communications service providers (such as ISPs but excludes broadcasters) and financial institutions report suspicious activities within 72 hours and failure to act can result in their business being fined up to R50 000 if convicted or even some jail time.

The Act makes provisions about how to deal with nasty communications or e-messages, addressing a situation for example: when one references or incites damage to property or violence, threatening a person (or persons) with damage to property or violence, or discloses an inappropriate image / video.

What I believe to be possible now is if a political party says something with intent to hinder, damage (reputational or physical) or provoke harm, using e-communications, they can be reported and prosecuted.


Types of e-shananigans.

The Act does not really define ‘cybercrime’ itself, but does explain the offences, and here they are in no order of particular severity:

  • Unlawful access to a computer system / device or computer data storage device. Access means use or engaging with the device in anyway.
  • Unlawful interception of data. Unlawful / act done without permission: interception of data, or processing of data, or unlawful act done without permission or consent. Even viewing data without permission can be argued as unlawful, so the next time you peak over to see your partner’s cell phone messages… think again.
  • Unlawful acts in respect of software or hardware tools. Unlawful use or possession of software or hardware tools or devices / gadgets. If it is not yours, don’t touch!
  • Unlawful interference with data or computer program. Unlawful interference with data / code or device/s. This includes disabling a system in any way.
  • Unlawful interference with a computer data storage medium or computer system. This includes service interruptions or even messing about with the integrity of a system. Remember to return your colleagues USB!
  • Unlawful acquisition, possession, provision, receipt, or use of password, access code, or similar data device. Even sharing a password without permission could get you into trouble. Make sure you have permission for everything and anything you do.
  • Cyber Fraud. Providing fake e-information so that one can unlawfully and with intent execute an action to defraud another, for self-interest or gain an advantage of some sort.
  • Cyber forgery and uttering. When a person defrauds by producing / curating false data or a false computer program that does or has the potential to prejudice another person or entity, or shares false / or manipulated data or an e-program.
  • Cyber extortion. Using e-services and e-devices for one’s own monetary or asset gain, or to gain an advantage of sorts over another.
  • Theft of incorporeal property. (Corporeal property is the right of ownership in material things. Incorporeal property is also referred to as intellectual or conventional property.) These offences can also be reviewed in common law.
  • Data messages that incite damage to property or violence. Malicious / nasty e-communications, such as whatsapp, sms’s, emails, etc: which incite or have intent or show a desire to damage property or incite acts of violence.
  • Disclosure of data message of an intimate image. When you share an intimate image or video (showing nibbly bits or is unflattering to the point it could defame a person’s reputation) without that persons permission or with intent to do harm, it’s a big problem.
  • Attempting, conspiring, aiding, abetting, inducing, inciting, instigating, instructing, commanding or procuring to commit an offence. If you become part of the group involved in an e-crime, you can get in trouble.


Some points on ‘ramifications’.

Of course, if you are involved with e-shananigans, you can get arrested.

Depending on the offence, a fine or imprisonment, or both may be applied. From my understanding of the Act, imprisonment can be up to 15 years. A matter can also (depending on the circumstances) be reviewed under the Criminal Procedures Act.

An electronic communications services provider can be compelled to disclose certain information, records, and perhaps in some instances even logs and copies of personal or business communications.

Your equipment, data and devices may be subjected to search and seizure. In general circumstances a warrant is needed, however, if ‘the powers that be’ believe the ‘e-crime’ is ongoing or there is a time sensitive consideration at play, a warrant might not be required at all.

A person (or their equipment) can be searched. In some instances you may have the right to deny permission, and in others you might not. Chat to a lawyer if you get into a pickle. SAPS can get into a lot of trouble themselves if they do not follow due process, for example, if they fail to audibly announce themselves and purpose before entering a premises they would be breaking the law. It’s a ‘fine line’ because if you hinder a search or even the access to e-equipment, you could be committing an offence, of course, conditions apply.


Notes on ‘responsibilities and actions’.

Always report an e-crime. No matter how trivial.

If you or your ‘group’ feel like you are victim/s of an e-attack and need protection, EG: a protection order, this can be applied for at the time the crime is being reported with SAPS via the magistrates court.

Depending on the circumstances, one could also use provisions in the Protection and Harassment Act.

When it comes to jurisdiction of e-crimes, the ‘space’ becomes blurry because the crime is often done online and there might not be a specific physical spot to pin point. To work out where the ‘bad person’ is actually sitting at the time they ‘click’ ‘send’ can be tricky, and of course each country has its own laws. Suffice to say, an e-criminal in South Africa, or in South African waters or airspace can be prosecuted regardless of if the victim/s are elsewhere in the World. If the crime is made by a South African, outside of South Africa, and against a South African or S.A. entity, you can also be prosecuted. In other instances an international court may be appointed to review a crime or help extradite the criminal.


Not detailed in the Act, but a wonderful resource to learn more or report an e-crime, visit website: http://cybercrime.org.za/

E-behaviour is something we all need to work on. If you or your business needs additional information or clarity on an e-situation, please feel free to make contact.



About Jean-Pierre Murray-Kline

He is a Business and Environmental Technologist. An entrepreneur who runs several online businesses. He is a published Author who researches, consults and facilitates strategy sessions about the most important matters affecting our generation and the changes to technology, business and the environment. Services include:

  • Digital Architect & Scenario Planning.
  • Online Marketing
  • Keynote Talks

Jean-Pierre Murray-Kline

Future Thinker. Innovator. Change Expert. Industry 4.0 & IoT Specialist. Green & Sustainable Solutions. Digital Marketing, Security, Devices & Trends. Author, Consultant, Project Manager & Scenario Planner.


Website: www.jeanpierremurraykline.co.za
Facebook: (100k Followers): https://www.facebook.com/jeanpierremurrayklineSA/
Youtube: https://www.youtube.com/channel/UCznh5iRKs5OX6sMwOgdxPvA
Twitter: https://twitter.com/PierreMurray
Linkedin: https://www.linkedin.com/in/jean-pierre-murray-kline-717b3a99/


Published July 2021

Read more articles


  • While I attempt to ensure information is accurate and up-to-date at time of publication, I will not accept liability should information be used, and found to be incorrect. If you do see an error, please let me know.
  • The links, images, videos and/ or text from this article are not necessarily under my direct management, ownership or care. Should you be the owner or manager of any content herein, and wish for the content to be removed, please let me know and it will be done.