Status regarding Budapest Convention
Status : NA Declarations and reservations : N/A See legal profileCybercrime policies/strategies
Cameroon has not adopted a cybercrime strategy so far. In May 2016, the government launched the Strategic Plan for a Digital Cameroon by 2020 (in French) that aimed to increase national economic growth by reinforcing the digital economy in all its dimensions: development of electronic communication infrastructure and data processing, development of activities that would derive from the expansion of the digital sector, and transformation of existing sectors through the integration of the use of ICTs.
Cybercrime legislation
State of cybercrime legislation
Cameroon adopted a specific cybercrime and cybersecurity legislation, the Law N° 2010/012 of 21 December 2010 on cybersecurity and cybercrime. It includes criminal substantive rules, procedural rules as well as provisions on international cooperation. By Law N°. 2022/002 of April 27 2022 (available in English and French), the President of the Republic of Cameroon was authorised to proceed with Cameroon's accession to the Budapest Convention on Cybercrime. Decree N°. 2022/169 of May 23 2022 (available in English and French) then proclaimed accession to the Budapest Convention. This proclamation is without prejudice to the completion of the necessary procedures for accession set out under Article 37 of the Budapest Convention.
Cameroon has no specific data protection or privacy law. However, the Constitution of the Republic of Cameroon amended by the Law N° 96-06 of 18 January 1996 guarantees privacy of communications in its preamble. Moreover, the country is preparing a privacy bill that will contain provisions on collection, processing, transmitting, storage, and use of data.
Substantive law
The main legislative text regarding substantive law is Law N° 2010/012 of 21 December 2010 on cybersecurity and cybercrime in Cameroon.
Cybercrime offences and penalties are provided for in sections 60 to 89 of the Law. It includes the criminalisation of unlawful interception (section. 65 §1), illegal access (section 65 §2), system interference (sections 66 §1 and 67), misuse of device (e.g. section 66 §2, section 86 §1), data interference (sections71 and 72, 86 §2), computer-related fraud (section. 73 §1). Offences related to child pornography are also criminalised (sections 76, 80, 81), as well as grooming (sections 83).
Procedural law
Specific procedural measures are established mainly by Sections 52 to 59 of the Law N° 2010/012 of 21 December 2010. These provisions identify the law enforcement and judicial authorities having competence to investigate and prosecute cybercrime offences. It includes provisions on search and seizure of computer data (article 53 and following), as well as on the use of electronic communications for the hearing of any person in criminal proceedings (art. 59). Judicial police officers may intercept and record electronic data (art. 49), although no details are given on the type of data concerned.
The general framework on procedural measures in criminal matters is established by the Criminal Procedure Code of 2005 according to the Law N° 2005/007 of 27 July 2005 establishing the Criminal Procedure Code.
Safeguards
The Constitution of the Republic of Cameroon amended by the Law N° 96-06 of 18 January 1996 establishes a number of safeguards. The preamble affirms “Affirm our attachment to the fundamental freedoms enshrined in the Universal Declaration of Human Rights, the Charter of the United Nations and The African Charter on Human and Peoples' Rights, and all duly ratified international conventions relating thereto”, including “the home is inviolate. No search may be conducted except by virtue of the law”, “the privacy of all correspondence is inviolate. No interference may be allowed except by virtue of decisions emanating from the Judicial Power”, “no person may be prosecuted, arrested or detained except in the cases and according to the manner determined by law” and “the freedom of communication, of expression, of the press, […] shall be guaranteed under the conditions fixed by law”.
Section 1 of the Law N°2010/012 on Cybersecurity and Cybercrime states that it seeks to “protect basic human rights, in particular the right to human dignity, honour and respect of privacy, as well as the legitimate interests of corporate bodies”. In addition, Sections 41-48 cover ‘Protection of privacy’.
In addition, the general legal framework established by the Criminal Procedure Code of 2005, which was enacted by the Law N° 2005/007 of 27 July 2005, provides cross-cutting safeguards.
Related laws and regulations
Legislative texts:
Law No 2000/011 of 19 December 2000 on Copyright and Neighbouring Rights (French version);
Law N° 2010/013 of 21 December 2010 on electronic communications in Cameroon and its amendment of April 2015 (the latter, in French only);
Law N° 2010/021 of 21 December 2010 on electronic commerce in Cameroon;
Law No 2011/012 of 06 May 2011 on Consumer protection in Cameroon (in French only);
Law No 2003/004 of 21 April 2003 on Banking Secrecy (in French only);
Decrees (in French only):
Decree n ° 2013/0398/pm of 27 February 2013 on the setting-up of a universal service and the development of electronic communications;
Decree n° 2013/0399/pm of 27 February 2013 on the modalities of the protection of consumers of services of electronic communications;
Decree n° 2013/0400/pm of 27 February 2013 on the modalities of declaration and authorisation, as well as the conditions to get of certification in view of the provision, export, import or use of means and services of cryptography;
Decree n° 2013/0401/pm of 27 February 2013 on the repartition of performance bonus regarding penalties ordered against telecom operators;
Decree n°2012/180 of 10 April 2012 on the organisation and functioning of the National Agency for Information and Communication Technologies (ANTIC);
Decree n°2012/1643/pm of 14 June 2012 on the conditions and modalities of security audit of electronic communications and information systems’ networks;
Decree n°2012/1640/pm of 14 June 2012 on the conditions of access to electronic communications networks open to the public and the sharing of infrastructures;
Decree n°2012/1638/pm of 14 June 2012 on the establishment and/or exploitation of networks and the provision of electronic communication services subject to an approval regime;
Decree n°/2012-1639/pm of 14 June 2012 on the conditions of declarations, as well as of exploitation, of networks and infrastructures subject to the declaration regime;
Decree n° 2012/203 of 20 April 2012 on the organisation and functioning of the telecom regulation agency;
Decree n° 2012/309 of 26 June 2012 on the modalities of management the special funds for electronic security activities.
More information and resources can be found on the ANTIC website, available in French and English (partially).
As a member state of the Central African Economic and Monetary Community ('CEMAC'), Cameroon applies the following legislation that contain provisions related to data protection:
Regulation No. 21/08-UEAC-13-CM-18 of 19 December 2008 on the Harmonisation of Regulations and Regulatory Policies on Electronic Communications in CEMAC Member States; (in French only);
Directive No. 07/08-UEAC-133-CM-18 of 19 December 19 2008 on the Legal Framework for the Protection of Users of Electronic Communications Networks and Services within CEMAC (in French only);
Directive No. 09/08-UEAC-133-CM-18 of 19 December 2008 Harmonising the Legal Frameworks of Electronic Communications in the CEMAC Member States (in French only);
Regulation No. 03/16-CEMAC-UMAC-CMAC-CM of 21 December 2016 on Systems, Means and Incidents of Payment (in French only);
Directive 02/19-UEAC-639-CM-18 of 08 April 2019 Harmonising the Protection of Consumers within CEMAC (in French only);
Regulation No 01/20/CEMAC/UMAC/COBAC of 03 July 2020 on the Protection of Consumers of Banking Products and Services in CEMAC (in French only).
Specialised institutions
Cameroon maintains a division, which is specially tasked to investigate cybercrimes within the Ministry of Posts and Telecommunications. In addition, a Networks and Information Systems Security Department includes among its responsibilities “popularizing protective measures for the populations against cybernetic criminal acts” and “centralizing statistical data in the domain of cybersecurity and cybercrime”.
In a generalised context of expansion of new information technologies, the Delegate General for National Security, by Service Note No. 47/DGSN/SG/ DPJ of 23 March 2018, created the Special Unit for the Fight against Cybercrime (USLUCC) within the Judicial Police Directorate. This Unit was made operational as soon as it was created. Its staff is made up of highly qualified and experienced police officers.
The main actor on ICT issues is the National Agency for Information and Communication Technologies (ANTIC). The national Computer Incident Response Team (CIRT) was established in 2012 within the ANTIC. Its response actions entail gathering and analysing digital evidence which allows for the identification and geolocalisation of cybercriminals within the framework of cybercrime investigations. Response activities also involve processing incidents recorded as well as collaborating with other CIRTs and international cybersecurity organisations such as INTERPOL and AfricaCERT.
Telecom activities are regulated since 1998 by the Telecommunications Regulatory Authority (Agence de Régulation des Télécommunications).
The National Cyber Expertise Centre opened in July 2015 to carry out research and train experts – 25 per batch - to develop cyber security protection measures, fight cyber criminality and thwart cyber terrorist threats.
International cooperation
Competent authorities and channels
Legal Framework
International cooperation in the fight against cybercrime is governed by Articles 90 to 94 of the Law n°2010/012 of 21 December 2010.
Cameroon is a Party to several international conventions on international cooperation, including the Economic Community of Central African States (ECCAS) Agreement on judicial cooperation (adopted on 28 January 2004), as well as several bilateral agreements (e.g. with France, adopted on 21 February 1974). Cameroon is also a Party to the United Nations Convention against Transnational Organized Crime (ratified on 6 February 2006), which encompasses provisions on international cooperation.
Extradition is regulated in the Criminal Procedural Code (Articles 635-675).
Competent authorities and channels
Unless provided otherwise by an international convention to which Cameroon is a Party, authorities and channels specified by art. 91 to 94 of the Law n°2010/012 apply:
- Outgoing requests for legal assistance are to be sent by the competent judicial authority to the Ministry of Foreign Affairs (‘Ministère chargé des Relations Extérieures’), who will transmit them to foreign authorities.
- Incoming requests for legal assistance are to be dealt with through diplomatic channels. They should be reviewed, in principle, by the foreign Government beforehand. Execution of the request is subject to art. 92-93 of the Law 2010/12 as well as general provisions of the Criminal Procedure Code.
- In case of emergency, the request may be directly transmitted to the competent authorities for their execution. Urgent incoming requests are directly dealt with by the Public Prosecutor and/or the investigatory judge, depending on the situation.
Cameroon’s CIRT participates to the activities of Africa CERT, an African forum of computer incident response teams.
The Delegate-General for National Security is the contact point for the INTERPOL network.
Jurisprudence/case law
Sources and links
Institutions:
- National Agency for Information and Communication Technologies (ANTIC) and thematic page on cybercriminality
- Website of the Government;
- Ministry of Justice;
- Ministry of Posts and Communications (MINPOSTEL);
- Police of Cameroon;
- Telecom Regulation Authority of Cameroon.
- Computer Incident Response Team (CIRT), Cameroon
Reports and Research:
- Understanding Cybercrimes as Practice in Cameroon, Ntoko Ntonga Rene, Yaounde University II; University of Yaounde II Soa, 20 March, 2021
- The Legal and Institutional Framework for the Enforcement of Cybersecurity Regulations in Cameroon, Ntoko Ntonga Rene, Yaounde University II; University of Yaounde II Soa, 5 May, 2021
- Gefona, Cybersecurity in Cameroonian Enterprises: What We Learnt, Tomslin Samme-Nlar, 22 May 2021
- Village de justice, Protection des données personnelles au Cameroun : approches de réglementation nationale et d’intégration internationale, Laurent-Fabrice Zingue, 3 June 2020
- Hervé Martial Tchabo Sontang, ’’Le droit à la vie privée à l’ère des TIC au Cameroun”, La Revue des droits de l’homme [Online], 17 | 2020, 13 January 2020
- Vicaire Bepyassi Ouafo, ’’Le droit des technologies de l’information dans la Communauté économique et monétaire de l’Afrique centrale”, Les Cahiers de droit [Online], Volume 60, Issue 3, Septembre 2019, p. 653–697
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.