Ethiopia - Octopus Cybercrime Community

Back Ethiopia

Status regarding Budapest Convention

Status : NA Declarations and reservations : N/A See legal profile

Cybercrime policies/strategies

Developing an ICT “enabling legal and regulatory environment” is one of the three pillars of The National Information and Communication Technology (ICT) Policy and Strategy (Sept. 2016). In this context, the legislation has to provide for certain standards that minimize the risks associated with the spread of ICT (e.g. false information, hacking), “address socially undesirable activities” and ensure users’ trust in services and the protection of networks, data and information systems. The approach proposed for implementing these goals is to facilitate the enactment of legislation on data protection, security and freedom of access to information. Cybercrime is subsumed under cyber security (e.g. one of the objectives is “to safeguard national electronic communication networks including preventing, detecting and responding to cybercrime and misuse of ICT”). This is largely in keeping with the African Union’s Digital Transformation Strategy for Africa 2020-2030 (e.g. pages 40-43).

Legislation against cybercrime (as “computer crime”) and for data protection is also mentioned in the context of protecting and promoting electronic commerce, which is proposed as one of the principles for assisting with Ethiopia’s economic development – a key aspect of the policy’s proposed national vision. A new Digital Transformation Strategy has reportedly been finalized in October 2019. The Minister of Innovation and Technology stated that digital transformation is Ethiopia’s highest priority (2019). The E-Government Strategic Implementation Plan 2016-2020 report by KPMG notes the need for updating the existing regulations supporting ICT, and that it should be expanded to include critical eGov-related regulations such as: electronic legitimacy; cryptography; data privacy; cybercrime; data sharing; intellectual property rights; freedom of information.

Cybercrime legislation

State of cybercrime legislation

In addition to dedicated legislation to combatting “computer crime” (Computer Crime Proclamation No. 958/2016), Ethiopia has relevant provisions spread over a number of laws (called “proclamations”), such as the Criminal Code Proclamation No. 414/2004; or provisions that carry implications for cybercrime such as the National Payment System Proclamation No. 718/2011; Proclamation on the Registration of Vital Events and National Identity Card No. 760/2012; Anti-Terrorism Proclamation No. 652/2009; and the Telecom Fraud Offences Proclamation No. 761/2012 (e.g. which criminalizes voice over internet services, Freedom on the Net 2019 Report).

Ethiopia is reportedly making amendments to its computer crime law (Computer Crime Proclamation No. 958/2016) and revising its Criminal Procedure Code Proclamation No. 185/1961. The Computer Crime Proclamation No. 958/2016 was intended to provide authorities with the “legal mechanisms and procedures in order to prevent, control, investigate and prosecute computer crimes and facilitate the collection of electronic evidence”. Overall, there is broad scope to update and modernize this law and to bring it in line with international good practice in areas such as definitions, computer- and content-related offences, investigatory measures. In many instances, Proclamation 958/2016 criminalizes ordinary, everyday activities and its rules and procedures for sharing investigatory information with law enforcement authorities in other jurisdictions may need further review.

The Proclamation deals with a host of issues, ranging from illegal access to computer systems to disseminating spam and combating child pornography. However, it also creates a number of new criminal offences that are likely to impact heavily on the right to freedom of expression and other human rights, by extending the reach of criminal defamation and creating various new criminal offences, such as “inciting fear” online, all punishable by imprisonment. It also provides far-reaching investigatory powers, including surveillance by law enforcement agencies (Article 19). The law also allows for the possibility of placing the burden of proof on the accused if the court decides it (Part Four (37.2)).

On the other hand, the law seems not to criminalize, among other matters, racist and xenophobic content, intellectual property related crimes, revenge pornography and large-scale cyber-attacks through botnets (Kinfe Micheal Yilma, 2016). However, the recent Hate Speech and Disinformation Prevention and Suppression Proclamation No. /2019 (approved in Feb. 2020 by Parliament) tackles some of these issues (e.g. “Hate speech” means speech that promotes hatred, discrimination or attack against a person or an identifiable group, based on ethnicity, religion, race, gender or disability), while bringing its own gaps and controversies (e.g. hate speech and disinformation are not prohibited if they are part of “religious teaching”).

Substantive law

Computer Crime Proclamation No. 958/2016: Part Two – Computer Crimes:

Section One – Crimes against computer system and computer data,
Section Two – Computer related forgery, fraud and theft;
Section Three – Illegal content data;
Section Four – Other offences.

Procedural law

Computer Crime Proclamation No. 958/2016:

Part Three – Preventive and Investigative Measures;
Part Four – Evidentiary and Procedural Provisions;
Part Five – Institutions that follow up cases of computer crime.

Ethiopia currently does not have a fully-fledged law that governs the regulation of problematic content on the internet. Content regulation rules are scattered in various pieces of legislation, including the Computer Crime Proclamation, but further review is needed. There is, for instance, no known procedural law that governs the manner by which illegal, offensive and harmful content could be blocked, filtered or taken down. In cases where the government believes that certain content is problematic, it normally instructs the state-owned sole telecom provider – Ethio Telecom – to block access to content or block the website altogether (Kinfe Micheal Yilma, 2016).

Safeguards

Computer Crime Proclamation No. 958/2016: Part Three, 21. Principle: The prevention, investigation and evidence procedures provided in this Part and Part Four of this Proclamation shall be implemented and applied in a manner that ensure protection for human and democratic rights guaranteed under the Constitution of the Federal Democratic Republic of Ethiopia and all international agreements ratified by the country.

Freedom on the Net 2019 Report gives Ethiopia a score of 28/100, an improvement from 2018’s score of 17/100. The law formally guarantees fundamental freedoms for Ethiopian internet users, but these rights have been routinely infringed upon in practice. The Constitution of the Federal Democratic Republic of Ethiopia (1995) provides for freedom of expression, freedom of the press, and access to information, while also prohibiting censorship. The Freedom of the Mass Media and Access to Information Proclamation No. 590/2008 affirms such constitutional safeguards. Nevertheless, the same law includes problematic provisions that restrict free expression, such as complex registration processes for media outlets and high fines for defamation. The Criminal Code Proclamation No. 414/2004 penalizes defamation with a fine or up to one year in prison.

The Computer Crime Proclamation No. 958/2016 strengthened the government’s surveillance powers, enabling real-time monitoring or interception of communications when authorized by the justice minister. The law also obliges service providers to store records of all communications and metadata for at least a year.

Related laws and regulations

Computer Crime Proclamation No. 958/2016;
Telecom Fraud Offences Proclamation No. 761/2012;
Criminal Code Proclamation No. 414/2004 (partially translated in EN – e.g. Art. 665 – Art. 691 are missing);
Criminal Procedure Code Proclamation No. 185/1961 (revision process started in 2018);
Federal Attorney General Establishment Proclamation No. 943/2016;
Federal Justice and Legal Research and Training Institute Establishment Proclamation No. 1071/2018 (repeals The Justice and Legal System Research Institute Establishment Council of Ministers Regulation No. 22/1997 and the Justice Organs Professionals Training Centre Establishment Proclamation No. 364/2003);
Freedom of the Mass Media and Access to Information Proclamation No. 590/2008;
Anti-Terrorism Proclamation No. 652/2009 recently replaced by the Proclamation to provide for Prevention and Suppression Terrorism Crimes (approved January 2020);
Hate Speech and Disinformation Prevention and Suppression Proclamation No. /2019 (approved by Parliament on 13 Feb. 2020);
Constitution of the Federal Democratic Republic of Ethiopia (1995);
Civil Code Proclamation No. 165/1960 and amendments;
Prevention and suppression of Money Laundering and Financing of Terrorism Proclamation No. 780/2013;
Regulation of Mobile and Agent Banking Services Directives No. FIS /0112012 (2013);
National Payment System Proclamation No. 718/2011;
Financial Intelligence Center Establishment Regulation No. 171/2009;
Proclamation on the Registration of Vital Events and National Identity Card No. 760/2012;
Income Tax Proclamation, Proclamation No. 286/2002;
Electronic Signature Proclamation No. 1072/2018;
Revised Anti-Corruption Special Procedure and Rules of Evidence Proclamation no.434/2005;
Corruption Crimes Proclamation No. 881/2015;
Information Network Security Agency Re-establishment Council of Ministers Regulation No. 250/2011 (repeals Information Network Security Agency Establishment Council of Ministers Regulation No. 130/2006);
National Intelligence and Security Service Re-establishment Proclamation No. 804/2013;
Information Network Security Agency Re-establishment Proclamation No. 808/2013 (repeals Information Network Security Agency Re-establishment Council of Ministers Regulation No. 250/2011);
Ethiopian Federal Police Commission Establishment Proclamation No. 720/2004 (no online text);
Ethiopian Federal Police Commission Establishment Proclamation No. 720/2011 (repealed Federal Police Commission Proclamation No. 313/2003);
Federal Police Proclamation No. 207/2000;
Definition of Powers and Duties of the Executive Organs of the Federal Democratic Republic of Ethiopia Proclamation No. 916/2015 (repeals The Definition of Powers and Duties of the Executive Organs of the Federal Democratic Republic of Ethiopia Proclamation No. 691/2010);
Ethiopian Human Rights Commission Establishment Proclamation No. 210/2000;
Copyright and Neighboring Rights Protection (Amendment) Proclamation No. 872/2014 (amends Proclamation No. 410/2004);
Copyright and Neighboring Rights Protection Proclamation No. 410/2004.

Specialised institutions

Federal Justice and Legal Research and Training Institute (formerly the Justice and Legal System Research Institute) was recently built by the European Commission (2019). FJLRTI is accountable to the Prime Minister (Proclamation No. 1071/2018) and also to the Federal Attorney General’s Office (Definition of Powers and Duties of the Executive Organs of the Federal Democratic Republic of Ethiopia Proclamation No. 916/2015). The institute has a long list of powers and duties (Federal Justice and Legal Research and Training Institute Establishment Proclamation No. 1071/2018) and could have an important impact in upgrading the country’s legislation (recently – 2019, signed an MOU with The Hague Institute for Innovation of Law to collect data through its Justice Needs and Satisfaction Survey to improve access to justice in the country). FJLRTI’s main objectives are: (1) undertaking studies and researches with a view: a) to revise and propose new laws in order to strengthen and modernize the justice and legal system; ensure the prevalence of rule of law; and promote economic and social development; and b) to ensure good governance within the justice system by making justice organs modern, accessible, efficient and effective; (2) making available comprehensive information about the country’s justice system; be a centre of justice and legal information; (3) building the justice system professional competence; (4) coordinating, integrating and ensuring the effectiveness of justice system and legal education reform programmes and any other reform program carried out in the justice sector. There seems to be substantial overlap between the missions of FAGO and FJLRTI.
Federal Police Commission is under the jurisdiction of the Ministry of Federal Affairs, and was established under Proclamations No. 720/2004 (no online text) and 720/2011 has among its responsibilities to (a) prevent and investigate crimes relating to counterfeiting currencies and payment instruments; (b) investigate crimes relating to information networks and computer systems; (c) to prevent and investigate crimes of human trafficking, […] terrorism; (d) assist with national standards and police capacity building; (e) collect, analyze and disseminate national on causes of crimes. In the Federal Police Commission Proclamation No. 313/2003 (repealed by Proclamation 720/2011) the institution also had the power to conduct studies to enhance crime prevention and investigation; collect and analyse criminal data and statistics at the national level.
Ministry of Innovation and Technology (MIT) established through Proclamation No 1097/2011, is the result of merging the Ministry of Science and Technology and the Ministry of Communication and Information Technology. Its mission is sustainable development by creating an enabling environment for innovation. Among its powers, the MIT “determines standards to ensure the quality, safety and security of information technology services in coordination with the concerned bodies and monitors their implementation” as well as supporting capacity building in ICT. The following executive bodies are under MIT’s jurisdiction: Ethiopian Radiation Protection Authority; Ethiopian Space Science and Technology Institute; Ethiopian Biotechnology Institute; Institute of Technology and Innovation; Geospatial Information Institute.
Information Network Security Agency (INSA) – currently under the jurisdiction of the Ministry of Peace (established in 2018) is an autonomous federal government agency accountable to the Prime Minister (DG appointed by PM), that was established in 2006 by the Council of Ministers Regulation No. 130/2006 with the objective to defend Ethiopia’s information infrastructure from attacks. The agency’s power and functions were amended to prevent cybercrime by Council of Ministers Regulation No. 250/2011 and Proclamation No. 808/2013, and include among others to: (a) provide assistance and support to police and other organs empowered by law to prevent and investigate cybercrimes; (b) conduct digital forensic investigation without/with physical presence upon court warrant and in collaboration with the police on computers or infrastructures that are purported to be attacked or sources of attack, to prevent attacks and provide early warning to citizens; (c) draft national policies, laws, standards and strategies that enable to ensure information and computer based key infrastructures security, and oversight their enforcement upon approval; (d) take all necessary countermeasures to defend any cyber or electromagnetic attacks on information and computer based infrastructures or systems or on citizens’ psychology; (e) organize and administer a national computer emergency responding center; (f) regulate cryptographic products and their transaction; (g) serve as national “Root Certificate Authority”; (h) control the import and export of IT, information sensor and information attacking technologies; (i) provide capacity building on cybersecurity. INSA’s responsibilities are also further detailed in the Computer Crime Proclamation No. 958/2016, for e.g. under Part Three, section 23(2) which states that where requested to support the investigation process into computer crimes, INSA shall provide technical support, conduct analysis on collected information, and provide evidence if necessary.
Ethiopian Cyber Emergency Readiness and Response Team (Ethio Cer²t) mission is to create a secure, reliable and enabling Ethiopian cyber space by coordinating and building national capacity of proactive readiness and effective incident response centered on analysis. Its roles include monitoring national cyberspace, analysis, proactive readiness, incident response, coordination, capacity building and certification.

International cooperation

Competent authorities and channels

Legal Framework

Ethiopia’s Constitution: Art. 9(4): All international agreements ratified by Ethiopia are an integral part of the law of the land. Art. 51 Powers and Functions of the Federal Government (8): It shall formulate and implement foreign policy; it shall negotiate and ratify international agreements. Art. 55 Powers and Functions of the House of Peoples’ Representatives (12): It shall ratify international agreements concluded by the executive. Other provisions regarding international cooperation by relevant authorities can be found in the following documents:

Competent authorities and channels

Federal Attorney General’s Office: Federal Attorney General Establishment Proclamation No. 943/2016 – (a) ensures that international agreements to be signed/adopted by Ethiopia are in alignment with the Constitution and other Ethiopian laws, and are in the national interest; (b) without prejudice to Anti-terrorism Proclamation No. 652/2009 and the powers and duties of the Ministry of Foreign Affairs, undertakes international relations and cooperation in criminal and civil matters. The Computer Crime Proclamation No. 958/2016 details more specifically under Part Six, section 42. International Cooperation: (1) the FAG shall cooperate/enter into agreements with the competent authority of another country in matters concerning computer crime, including exchange of information, joint investigations, and extradition and other assistance in accordance with this Proclamation and agreements to which Ethiopia is a party and within the limits of its legal system; (2) the investigatory organ (i.e. public prosecutor and police) may exchange information with institutions of another country having similar mission, perform joint cooperation in other forms or sign agreement with institutions of another country, when necessary; (3) any information or evidence obtained pursuant to this Article shall apply for the purpose of prevention or investigation of computer crimes.
International Cooperation on Legal Affairs Directorate is part of the Federal Attorney General’s Office/FAGO. Definition of Powers and Duties of the Executive Organs of the Federal Democratic Republic of Ethiopia Proclamation No. 916/2015 listed among the Ministry of Justice powers (now inherited by the FAGO): (a) coordinating activities involving international cooperation with respect to criminal cases; (b) following up the implementation of international and regional human rights agreements ratified by Ethiopia; give appropriate response to issues raised and prepare national report on the implementation of the agreements in collaboration with concerned organs. The Mission of the Directorate (as described here) is to: (a) conclude agreements in criminal, civil and commercial matters with selected foreign countries and international organizations making the country international judicial legal cooperation effective and efficient as possible; (b) undertake the country obligation created through bilateral and multilateral cooperation in a way that protects Ethiopia’s interests; (c) control crimes that need international cooperation, creating efficient relations with national justice organs and international actors and contributing its respective responsibility to ensure the protection of human rights and Ethiopia’s peace and security.
Federal Police Commission: is responsible for (a) establishing relations with relevant foreign state police institutions, governmental and NGOs with respect to police affairs; (b) establishing relationships and exchanging information with international police; disseminate information on wanted criminals at the international level to regional police commissions; (c) investigating crimes committed in foreign countries against the Ethiopia’s interests, based on mutual agreements entered into between the states (Proclamation No. 720/2011).
Ministry of Foreign Affairs: Definition of Powers and Duties of the Executive Organs of the Federal Democratic Republic of Ethiopia Proclamation No. 916/2015 lists among its powers and duties to (a) negotiate and sign, upon approval by the government, in consultation with the concerned organs, treaties that Ethiopia enters into with other states and international organizations, except in so far as such power is specifically given by law to other organs; and effect all formalities of ratification of treaties; (b) ensure the enforcement of rights and obligations arising from treaties signed by the Ethiopian government except in so far as specific power has legally been delegated to other organs; (c) register and keep all authentic copies of treaties concluded between Ethiopia and other states and international organizations; (d) perform the functions of a depository of multilateral treaties when the Ethiopian government is a depository of such treaties; (e) coordinate all relations of other Government Organs with Foreign States and international organizations.
Information Network Security Agency: powers and duties: (a) to establish international collaboration when necessary to implement its mission; (b) to provide security products and services to foreign partners upon the decision of the government; (c) to collect, analyze and disseminate to the concerned authorities information on selected transboundary national security threat activities, provide support to security organs (Information Network Security Agency Re-establishment Proclamation No. 808/2013).
INTERPOL: Ethiopia is a member since 1958.

Jurisprudence/case law

Cybercrime: Some assessments (2015) suggest that law enforcement in Ethiopia might not yet be equipped for the investigation and prosecution of cybercrimes, instead relying on conventional investigative methods for fighting traditional crimes. At the time of the assessment, certain cybercrimes, such as spam and malware, had not yet been processed by the criminal justice system. A few cases, most of them relating to bank fraud, had reached the courts. These were either tried by extending the interpretations of old laws or tossed for lack of evidence.

Federal Ethics and Anti-Corruption Commission v. Michael Worku (No. 85025, 2012): the defendant was a bank clerk in Construction and Business Bank who used his privilege (access right) to create fictitious user IDs in order to transfer and withdraw 9.9 million Ethiopian Birr (more than 500,000USD) from different bank accounts. Though this was a cybercrime act, for the defendant created fake user IDs and hacked passwords, he was charged not under the computer-related provisions, but under Article 407 (1) (a) and (b) of the Criminal Code, which criminalizes abuse of power by public servants.

Federal Public Prosecutor v. Abraham Benti and Wendwesen Girma (No. 0075/05), and Federal Public Prosecutor v. Mesele Yohannes (No. 113949): the defendants committed different cybercrimes by breaking into banking networks, misusing access codes (passwords), and withdrawing funds from cash machines using stolen PIN numbers. But these perpetrators were charged with “aggravated fraudulent representation” under Article 696 of the Criminal Code. Other cybercrime-related cases were closed by the public prosecutor’s office due to lack of evidence. The reliance on vague interpretations of existing laws is not due only to the lack of appropriate laws, but also to law enforcement’s failure to enforce the existing cybercrime related provisions.

Privacy/data protection: Precedent has recently been introduced into the Ethiopian legal system by virtue of Proclamation No. 454/2005 which stipulates that decisions of the Federal Supreme Court Cassation Division bind courts of all levels in Ethiopia. In a recent case – Riyan Miftah v. Elsewdi Kebels Plc (No. 91710), the Court of Cassation ruled that no image or photograph of a person may be publicly exhibited, sold or disseminated without the consent of the person and the latter is entitled to damages for violation of the right of image.

Sources and links

News

Collecting justice data in Ethiopia (21 Aug. 2019), The Hague Institute for Innovation of Law;
Digital rights in Ethiopia: Change in government spurs hopes for cybercrime law review (17 Oct. 2019), Catherine Chapman, The Daily Swig;
Alibaba and digital economic transformation in Ethiopia (30 November 2019), Melaku Mulualem K., The Reporter Ethiopia;
Ethiopia second in Africa to join Alibaba-led EWTP (18 December 2019), Cecilia Li, Alizila;
Ethiopia Finalizes Digital Transformation Strategy (16 Oct. 2019), Kiram Tadesse, Afro 105 FM;
Ethiopia Loosens Anti-Terrorism Law Used to Subdue Opposition (3 January 2020), Samuel Gebre, Blooomberg.

Reports and research

The State of Cybercrime Governance in Ethiopia (May 2015), Halefom Hailu Abraha, Center for Global Communication Studies;
Ethiopia’s new cybercrime legislation: Some reflections (2016), Kinfe Micheal Yilma, Computer Law & Security Review, Vol. 33, Issue 2, April 2017, pp. 250-255;
Computer Crimes in Ethiopia: An Appraisal of the Legal Framework (2015), Molalign Asmare, International Journal of Social Science and Humanities Research, Vol. 3, Issue 1, pp: 92-104;
Cybercrime in Ethiopia: Lessons to be learned from International and Regional Experiences (Jan. 2018), LLM Thesis, Iyasu Teketel, Addis Ababa University, School of Graduate Studies;
The Internet and Regulatory Responses in Ethiopia: Telecoms, Cybercrimes, Privacy, E-commerce, and the New Media (Sept. 2015), Kinfe Micheal Yilma & Halefom Hailu Abraha, Mizan Law Review, Vol. 9, No.1, pp. 108-153;
Ethiopia Freedom on the Net Report (2019), Freedom House;
Ethiopia: Computer Crime Proclamation, Legal analysis (July 2016), Article 19;
Privacy and Personal Data Protection in Ethiopia (Sept. 2018), Berhan Taye and Roman Teshome, CIPESA;
The Police and Human Rights in Ethiopia (15 June 2015), Abiyou Girma Tamirat, Abyssinia Law;
Ethiopian eGovernment Strategic Implementation Plan 2020, KPMG Report.

Databases

Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.

Contribute

Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?

Share this information with us helping to keep this platform up to date.

Useful links

Cybercrime website
Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.