Status regarding Budapest ConventionStatus : NA Declarations and reservations : N/A See legal profile
In 2017, the government of Kuwait issued its first National Cyber Security Strategy. It set out three main objectives: 1) promote a culture of cyber security that supports safe and proper usage of cyberspace; 2) safeguard and continuously maintain the security of national assets, including critical infrastructure, national data, communication technologies and internet in the State of Kuwait; and 3) promote the cooperation, coordination and information exchange among local and international bodies in the field of cyber security.
Within Objective Two, the government intends to “develop legislation for laws of cybercrime (…) to keep pace with technological evolution” with the collaboration of several government departments. CITRA (see below) will take the lead to “develop national capabilities in different cyber security domains such as the fight against cybercrime.” The Ministry of the Interior will lead in developing “national capabilities in the fight against cybercrime according to international standards.”
Within Objective Three, the government will seek to “develop an international police partnership for joint investigation and disruption of e-crimes,” with the Ministry of the Interior taking the lead, and also to “develop an international legal partnership to combat cybercrime.”
State of cybercrime legislation
Several Kuwaiti laws provide a basis for prosecuting cybercrime. These laws include Law No. 63 for the year 2015 Regarding Anti-Information Technology Crime, Law No. 37 for the year 2014 Regarding the Establishment of the Regulatory Authority for Telecommunications and Information Technology, Law No. 20 for the year 2014 Regarding Electronic Transactions, Law No. 9 for the year 2001 Regarding Misuse of Telecommunications and Wiretap Sets, and Law No. 16 for the year 1960 Promulgating the Penal Code.
The Kuwaiti laws mentioned above, individually or in combination, criminalise the following substantive crimes. Some are not criminalised to the extent required by the Budapest Convention:
Illegal access (Laws 63/2015, 20/2014, and 9/2001)
Illegal interception of content (Laws 63/2015, 37/2014, 20/2014, and 9/2001)
Data interference (Laws 63/2015, 37/2014, 20/2014, and 9/2001)
System interference (Laws 63/2015, 37/2014, and 20/2014)
Misuse of devices (Laws 63/2015, 37/2014, 20/2014, and 9/2001)
Computer-related forgery (Laws 63/2015, 20/2014, and 16/1960)
Computer-related fraud (Laws 63/2015, 20/2014, and 16/1960)
Offences related to child pornography (Laws 63/2015, 37/2014, 9/2001, and 16/1960)
The Kuwaiti laws mentioned above provide for the following procedural measures, but not to the extent required by the Budapest Convention:
Real-time collection of traffic data (Law 37/2014)
Interception of content data (Law 37/2014)
For more-detailed information on substantive or procedural law, see the Country Profile for Kuwait.
Kuwait is a Party to the International Covenant on Civil and Political Rights, the International Covenant on Economic, Social and Cultural Rights, the Convention on the Rights of the Child, and the Optional Protocol to the Convention on the Rights of the Child on the sale of children, child prostitution and child pornography.Law No. 63 for the year 2015 Regarding Anti-Information Technology Crime in particular has been criticized for its possible chilling of speech. The National Strategy’s Objective Three mentions “cursing and swearing” as a cybercrime.
Related laws and regulations
The Communication and Information Technology Regulatory Authority of Kuwait (CITRA) was established in 2014 and is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecommunications networks in the country. The national strategy was issued under CITRA’s auspices.
A Cyber Crimes Department affiliated to the Criminal Investigations Department of the Ministry of the Interior is responsible for investigations of cybercrime. Almost 4000 cybercrimes were recorded in 2016.
Sources and links
National Cyber Security Strategy for the State of Kuwait, 2017-2020, First Edition, 2017, https://citra.gov.kw/sites/en/LegalReferences/English%20Cyber%20Security%20Strategy.pdf
Communication and Information Technology Regulatory Authority of Kuwait, home page, https://citra.gov.kw/sites/En/Pages/Home.aspx
Hague Conference on Private International Law, https://www.hcch.net/en/states/authorities/details3/?aid=286
Global Cybersecurity Index 2017, International Telecommunication Union, https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf.
National CIRT Capacity Building, International Telecommunication Union, https://www.itu.int/en/ITU-D/Cybersecurity/Pages/Organizational-Structures.aspx
Ministry of Interior, Cyber Crime Department,
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.