Back Ethiopia

    Status regarding Budapest Convention

Status regarding Budapest Convention

Status : NA Declarations and reservations : N/A See legal profile

Cybercrime policies/strategies

Developing an ICT “enabling legal and regulatory environment” is one of the three pillars of The National Information and Communication Technology (ICT) Policy and Strategy (Sept. 2016). In this context, the legislation has to provide for certain standards that minimize the risks associated with the spread of ICT (e.g. false information, hacking), “address socially undesirable activities” and ensure users’ trust in services and the protection of networks, data and information systems. The approach proposed for implementing these goals is to facilitate the enactment of legislation on data protection, security and freedom of access to information. Cybercrime is subsumed under cyber security (e.g. one of the objectives is “to safeguard national electronic communication networks including preventing, detecting and responding to cybercrime and misuse of ICT”). This is largely in keeping with the African Union’s Digital Transformation Strategy for Africa 2020-2030 (e.g. pages 40-43).


Legislation against cybercrime (as “computer crime”) and for data protection is also mentioned in the context of protecting and promoting electronic commerce, which is proposed as one of the principles for assisting with Ethiopia’s economic development – a key aspect of the policy’s proposed national vision. A new Digital Transformation Strategy has reportedly been finalized in October 2019. The Minister of Innovation and Technology stated that digital transformation is Ethiopia’s highest priority (2019). The E-Government Strategic Implementation Plan 2016-2020 report by KPMG notes the need for updating the existing regulations supporting ICT, and that it should be expanded to include critical eGov-related regulations such as: electronic legitimacy; cryptography; data privacy; cybercrime; data sharing; intellectual property rights; freedom of information.

Specialised institutions

  • Federal Justice and Legal Research and Training Institute (formerly the Justice and Legal System Research Institute) was recently built by the European Commission (2019). FJLRTI is accountable to the Prime Minister (Proclamation No. 1071/2018) and also to the Federal Attorney General’s Office (Definition of Powers and Duties of the Executive Organs of the Federal Democratic Republic of Ethiopia Proclamation No. 916/2015). The institute has a long list of powers and duties (Federal Justice and Legal Research and Training Institute Establishment Proclamation No. 1071/2018) and could have an important impact in upgrading the country’s legislation (recently – 2019, signed an MOU with The Hague Institute for Innovation of Law to collect data through its Justice Needs and Satisfaction Survey to improve access to justice in the country). FJLRTI’s main objectives are: (1) undertaking studies and researches with a view: a) to revise and propose new laws in order to strengthen and modernize the justice and legal system; ensure the prevalence of rule of law; and promote economic and social development; and b) to ensure good governance within the justice system by making justice organs modern, accessible, efficient and effective; (2) making available comprehensive information about the country’s justice system; be a centre of justice and legal information; (3) building the justice system professional competence; (4) coordinating, integrating and ensuring the effectiveness of justice system and legal education reform programmes and any other reform program carried out in the justice sector. There seems to be substantial overlap between the missions of FAGO and FJLRTI.
  • Federal Police Commission is under the jurisdiction of the Ministry of Federal Affairs, and was established under Proclamations No. 720/2004 (no online text) and 720/2011 has among its responsibilities to (a) prevent and investigate crimes relating to counterfeiting currencies and payment instruments; (b) investigate crimes relating to information networks and computer systems; (c) to prevent and investigate crimes of human trafficking, […] terrorism; (d) assist with national standards and police capacity building; (e) collect, analyze and disseminate national on causes of crimes. In the Federal Police Commission Proclamation No. 313/2003 (repealed by Proclamation 720/2011) the institution also had the power to conduct studies to enhance crime prevention and investigation; collect and analyse criminal data and statistics at the national level.
  • Ministry of Innovation and Technology (MIT) established through Proclamation No 1097/2011, is the result of merging the Ministry of Science and Technology and the Ministry of Communication and Information Technology. Its mission is sustainable development by creating an enabling environment for innovation. Among its powers, the MIT “determines standards to ensure the quality, safety and security of information technology services in coordination with the concerned bodies and monitors their implementation” as well as supporting capacity building in ICT. The following executive bodies are under MIT’s jurisdiction: Ethiopian Radiation Protection Authority; Ethiopian Space Science and Technology Institute; Ethiopian Biotechnology Institute; Institute of Technology and Innovation; Geospatial Information Institute.
  • Information Network Security Agency (INSA) – currently under the jurisdiction of the Ministry of Peace (established in 2018) is an autonomous federal government agency accountable to the Prime Minister (DG appointed by PM), that was established in 2006 by the Council of Ministers Regulation No. 130/2006 with the objective to defend Ethiopia’s information infrastructure from attacks. The agency’s power and functions were amended to prevent cybercrime by Council of Ministers Regulation No. 250/2011 and Proclamation No. 808/2013, and include among others to: (a) provide assistance and support to police and other organs empowered by law to prevent and investigate cybercrimes; (b) conduct digital forensic investigation without/with physical presence upon court warrant and in collaboration with the police on computers or infrastructures that are purported to be attacked or sources of attack, to prevent attacks and provide early warning to citizens; (c) draft national policies, laws, standards and strategies that enable to ensure information and computer based key infrastructures security, and oversight their enforcement upon approval; (d) take all necessary countermeasures to defend any cyber or electromagnetic attacks on information and computer based infrastructures or systems or on citizens’ psychology; (e) organize and administer a national computer emergency responding center; (f) regulate cryptographic products and their transaction; (g) serve as national “Root Certificate Authority”; (h) control the import and export of IT, information sensor and information attacking technologies; (i) provide capacity building on cybersecurity. INSA’s responsibilities are also further detailed in the Computer Crime Proclamation No. 958/2016, for e.g. under Part Three, section 23(2) which states that where requested to support the investigation process into computer crimes, INSA shall provide technical support, conduct analysis on collected information, and provide evidence if necessary.
  • Ethiopian Cyber Emergency Readiness and Response Team (Ethio Cer2t) mission is to create a secure, reliable and enabling Ethiopian cyber space by coordinating and building national capacity of proactive readiness and effective incident response centered on analysis. Its roles include monitoring national cyberspace, analysis, proactive readiness, incident response, coordination, capacity building and certification.

Jurisprudence/case law

Cybercrime: Some assessments (2015) suggest that law enforcement in Ethiopia might not yet be equipped for the investigation and prosecution of cybercrimes, instead relying on conventional investigative methods for fighting traditional crimes. At the time of the assessment, certain cybercrimes, such as spam and malware, had not yet been processed by the criminal justice system. A few cases, most of them relating to bank fraud, had reached the courts. These were either tried by extending the interpretations of old laws or tossed for lack of evidence.


Federal Ethics and Anti-Corruption Commission v. Michael Worku (No. 85025, 2012): the defendant was a bank clerk in Construction and Business Bank who used his privilege (access right) to create fictitious user IDs in order to transfer and withdraw 9.9 million Ethiopian Birr (more than 500,000USD) from different bank accounts. Though this was a cybercrime act, for the defendant created fake user IDs and hacked passwords, he was charged not under the computer-related provisions, but under Article 407 (1) (a) and (b) of the Criminal Code, which criminalizes abuse of power by public servants.


Federal Public Prosecutor v. Abraham Benti and Wendwesen Girma (No. 0075/05), and Federal Public Prosecutor v. Mesele Yohannes (No. 113949): the defendants committed different cybercrimes by breaking into banking networks, misusing access codes (passwords), and withdrawing funds from cash machines using stolen PIN numbers. But these perpetrators were charged with “aggravated fraudulent representation” under Article 696 of the Criminal Code. Other cybercrime-related cases were closed by the public prosecutor’s office due to lack of evidence. The reliance on vague interpretations of existing laws is not due only to the lack of appropriate laws, but also to law enforcement’s failure to enforce the existing cybercrime related provisions.


Privacy/data protection: Precedent has recently been introduced into the Ethiopian legal system by virtue of Proclamation No. 454/2005 which stipulates that decisions of the Federal Supreme Court Cassation Division bind courts of all levels in Ethiopia. In a recent case – Riyan Miftah v. Elsewdi Kebels Plc (No. 91710), the Court of Cassation ruled that no image or photograph of a person may be publicly exhibited, sold or disseminated without the consent of the person and the latter is entitled to damages for violation of the right of image.

Sources and links


Reports and research


Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe. 


  Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?

  Share this information with us helping to keep this platform up to date.

Useful links