Back Sri Lanka

    Status regarding Budapest Convention

Status regarding Budapest Convention

Status : Party See legal profile

Cybercrime policies/strategies

The government has taken many policy initiatives to address the threats against its Critical National Infrastructure, its financial sectors and its citizens. Among them, it established Sri Lanka CERT-CC in 2006, which has acted as the National Centre for Cyber Security to mitigate cyber threats and incidents at a national level. CERT-CC supported the e-Government Policy in 2009 and continues to work in partnership with many public and private sectors.

In 2016, CERT-CC took the lead on the creation of the national Cyber security strategy. In it, ten key strategic areas have been identified:

  • Critical Infrastructure Protection
  • Legislative framework
  • Research and Development
  • Human Resource and capacity building
  • Awareness and education
  • Governance
  • Public-Private, Local-International partnership
  • Information sharing
  • Privacy, free flow and freedom of online information
  • Cyber security Technology Framework (CTF)

Currently no national cybercrime strategy exists for Sri Lanka, but sector-based initiatives exist, such as the cybercrime training strategy of the Sri Lanka Judges’ Institute (SLJI).

Under the SLJI supervision and coordination, a national judicial training program on cybercrime has been completed in 2019, which provided basic knowledge on cybercrime and electronic evidence to the whole judicial system of Sri Lanka (High Court, District Judges and Magistrates). A total of more than 200 judges were trained by a pool of national trainer justices from the Supreme Court and the Court of Appeal, trained as trainers under the GLACY+ framework.

With regard to regional policy developments, Sri Lanka took a leading role in the South-South collaboration effort by facilitating initial discussions between the CoE and governmental representatives of Fiji, Ethiopia, Nepal and Papua New Guinea.

Specialised institutions

The Cyber Crime Unit (“CCU”) in the Sri Lanka Police is one of the units positioned within the Criminal Investigation Department (“CID”). The CCU conducts investigations into pure cyber-crime (e.g. Hacking and Malware) and cyber enabled crime, either with the allegation reported to them directly to their unit or referred from the district police officers elsewhere within the Sri Lanka Police. Victims of cybercrime may also make a criminal allegation using the e-report form available from the Sri Lanka Police public website.

The CCU can count on a fully operational digital forensics lab and on the competencies of a number of police officers that have been certified professional digital forensics analysts.

The protection of children is undertaken by two agencies in Sri Lanka. The first agency is the Child Protection Agency, under the National Child Protection Authority (NCPA). The second one is the Children and Women Bureau under the Sri Lanka Police.

The centralised unit for investigating economic crime or financial crimes is the Financial Crimes Investigation Division. It carries out investigations into serious financial fraud, misuse of state assets or funds, cases that require intellectual skills and complex in nature.

The School of Computing in the University of Colombo supports the Sri Lanka Police by undertaking part of the digital forensic examination work needed. They set up a Digital Forensic Centre in 2011. They have been playing a key role in assisting the Sri Lanka Police and the Criminal Investigation Department since 2003 in a variety of crime investigations.

There is no specialised prosecution department for dealing with cybercrime. Any case may be allocated to any State Prosecutor and there is no special training program in cybercrime available for State Prosecutors. Electronic evidence is covered by the Evidence Ordinance, which along with the Code of Criminal Procedure Act, also cover expert evidence (please see Section 3 above).

Computer Crime Act prosecutions are always held in the High Court before a Judge and are not heard before a jury.

Jurisprudence/case law

Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe. 


  Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?

  Share this information with us helping to keep this platform up to date.

Useful links