Status regarding Budapest ConventionStatus : NA Declarations and reservations : N/A See legal profile
In 2014, Uganda established a National Information and Communications Technology Policy. One of the proposed updates concerns the Legal and Regulatory Framework (4.5.2), and the policy priority to review the existing legislation on cyber-crime and other forms of Information Security.
Based on the policy recommendations of 2014, Uganda established a Task Force with the objective of updating existing legislation on cybercrime and harmonising it with the international standards. The Task Force is in charge of the ratification process of the Budapest Convention on Cybercrime by the Republic of Uganda. The Task Force consists of:
- Ministry of Security;
- Ministry of Foreign Affairs;
- Ministry of Justice and Constitutional Affairs;
- Ministry of Internal Affairs;
- Ministry of Information Communication Technology and National Guidance;
- National Information Technology Authority;
- Office of the Director of Public Prosecution;
- Interpol National Central Bureau;
- Uganda Law Reform Commission;
- Uganda Registration Services Bureau;
- Uganda Human Rights Commission.
As announced in August 2021, Uganda’s Ministry of ICT and National Guidance is in the process of finalising the development of a National Cybersecurity Strategy (draft). The strategy’s main objectives are to:
- reinforce cyber security capacity through enhanced private public partnership
- reinforce citizens’ trust in the use of ICT services
- enhance international cooperation on cybersecurity
- promote a culture of cyber security across all levels of society
State of cybercrime legislation
The general legal framework regarding cybercrime and electronic evidence is set out in the Computer Misuse Act 2011 (“CMA”). In addition, other legislations such as the Copyright and Neighboring Rights Act 2006, Regulation of Interception of Communications Act 2010 and Penal Code Act of Uganda also provide for laws related to cybercrime and electronic evidence. The Electronic Signatures Act 2011 makes provision for and regulates the use of electronic signatures, whereas the Electronic Transactions Act 2011 provides a legal and regulatory framework to enable and facilitate electronic communications transactions and to provide legal recognition to electronic records.
The Computer Misuse Act (2011) is the primary cybercrime legislation in Uganda. It sets out rules to prevent unlawful access to, abuse or misuse of computers. Part IV of the CMA provides for computer misuse offences, including:
- Unauthorised access;
- Unauthorised use or interception of computer service;
- Unauthorised obstruction of use of computer;
- Unauthorised disclosure of information;
- Electronic fraud;
- Child pornography;
- Cyber harassment.
The Copyright and Neighboring Rights Act 2006 makes it an offence to infringe a copyright by reproduction through electronic means.
The Penal Code Act (1950, as amended in 2014) establishes the general rules of criminal responsibility and definitions of criminal offences and maximum penalties but does not mention cybercrimes specifically.
Parts III and V of the Computer Misuse Act (2011) covers investigation and procedure related provisions, including:
- Preservation order;
- Disclosure of preservation order;
- Production order;
- Search and seizure.
- The Criminal Procedural Act (1950) defines general procedures to be followed in criminal cases.
- The Police Act (1996) sets out the general structure, organisation, and powers and duties of the police force.
- The Regulation of Interception of Communications Act (2010) ensures the lawful interception and monitoring of certain communications transmitted through a telecommunication, postal or any other related service or system in Uganda.
- Constitution of the Republic of Uganda (1995, as last amended in 2018): section 27, chapter IV, guarantees the right to privacy of person, home and other property, including correspondence and communication.
- Data Privacy & Protection Act (2019) protects the privacy of the individual by regulating the collection and processing of personal information and provides for the rights of the persons whose data is collected and the obligations of data collectors, data processors and data controllers.
In addition, Uganda has ratified a number of international human rights instruments:
- International Covenant on Civil and Political Rights (ICCPR): was ratified by Uganda in 1995. Art. 17 guarantees the right to privacy, while Art. 19 para. 2 protects the freedom of expression.
- The African Charter on Human and People’s Rights (ACHPR, 1981) was ratified by Uganda in 1986. The freedom of expression is protected by Art. 9 of the Charter.
Related laws and regulations
- The Anti-Terrorism Act (2002) contains provisions authorising interception of the correspondence and the surveillance of suspected persons for obtaining information related to terrorist acts;
- The Copyright and Neighbouring Rights Act (2006) provides protection of literary, scientific and artistic intellectual works, including on the internet. Infringements of copyright by means of publication or distribution on the internet are defined as criminal offences;
- The National Information Technology Authority Act (2009) established the National Information Technology Authority of Uganda (NITA-U) as an autonomous body and as an agency of government, and set out its objectives, functions, composition, etc;
- The Electronic Transactions Act (2011) & Regulations (2013) , as well as the Electronic Signatures Act (2011) & Regulations (2013) ensure the regulatory framework for the use, security, facilitation and regulation of electronic communication and transactions and the use of electronic signatures;
- The Uganda Communications Act (2013) regulates the country’s communications services, enacted the establishment of the Ugandan Communications Commission (UCC) and defined its roles and responsibilities;
- The Anti-Pornography Act (2014) criminalizes all forms of pornography including pornographic presentations through information technology;
- The E-Government Regulations (2015) makes it mandatory for government agencies to create and maintain websites, while letting them choose if they want to deliver services electronically. The regulations also establish the rules to preserve the security of information and protection of personal data for e-government services;
- The Data Privacy & Protection Act (2019) protects the privacy of the individual by regulating the collection and processing of personal information and provides for the rights of the persons whose data is collected and the obligations of data collectors, data processors and data controllers.
- Ministry of ICT and National Guidance (MoICT) was established in June 2006 with a mandate of providing strategic and technical leadership for the ICT sector. It runs the National ICT Initiatives Support Program (NIISP) whose aim is to facilitate the creation of an ICT Innovation ecosystem and marketplace for Ugandan innovative digital products.
- National Information Technology Authority of Uganda (NITA-U), placed under the supervision of MoICT, is in charge with ensuring an integrated national IT infrastructure as well as providing e-government services in MDAs, regulation of IT environment in public and private sector, capacity building and awareness creation, information security and development of information technology enabled services/business, process outsourcing (ITES/BPO) industry.
- Uganda Police Force (UPF). It has a Directorate of Information & Communication Technology who developed among others a Cybercrime Awareness Campaign in 2021.
- Computer Emergency Response Team/Coordination Center (CERT.UG/CC) is the national CERT for Uganda, established in 2014, and is managed by the NITA-U. Among other roles, the CERT-UG/CC ensures the protection of Uganda’s Critical Information Infrastructure and facilitates communication with local and international experts in solving security incidents.
- Uganda Computer Emergency Response Team (UgCERT) is a national Computer Emergency Response Team for Uganda, operating under the Uganda Communications Commission. It provides information and assistance in implementing effective measures against cyber incidents.
- Uganda Communications Commission (UCC) is responsible for ensuring a regulatory environment for the ICT sector, including consumer protection.
- Ministry of Justice and Constitutional Affairs (MoJCA)
- Justice law & order sector (JLOS) is composed of 18 institutions with interconnected mandates of administering justice and maintaining law and order, as well as the promotion and protection of human rights.
- Judiciary is comprised of the Supreme Court, Court of Appeal, High Court, and Subordinate courts including Qadhis.
- Office of the Director of Public Prosecutions provides legal advice relating to the investigation and prosecution of criminal cases. It has a department on Information & Communication Technology.
- Uganda Human Rights Commission was established under the 1995 Constitution of the Republic of Uganda to monitor the human rights situation in the country.
- Parliamentary Committee on Information, Communication Technology and National Guidance – oversees the work of Ministry of ICT and National Guidance and covers policy matters under the Ministry.
- Uganda Institute of Information and Communications Technology (UICT) provides training and create public awareness on ICT related topics.
- Uganda Law Reform Commission (ULRC) was established by Article 248 of the Constitution of the Republic of Uganda (1995) and has the mission to reform and update the laws in line with the social, cultural and economic needs and values of the people of Uganda.
Competent authorities and channels
Ugandan legislation does not contain general provisions on mutual assistance in matters of cybercrime and electronic evidence, nor are there any specialised international cooperation powers such as mutual assistance regarding accessing of stored computer data, trans-border access to stored computer data with consent or where publicly available, mutual assistance regarding the real-time collection of traffic data or mutual assistance regarding interception of content data.
The National Information Technology Authority of Uganda has established working relationships with the Government of UK, Egypt, Cameroon, South Korea. In 2017, Uganda signed a Memorandum of Understanding with Malawi to cooperate among other on cybersecurity and electronic government areas.
Uganda v. Nsubuga & 3 Ors (HCT-00-ACSC-0084-2012)  UGHCCRD 13 (3 April 2013): the computer system of the Uganda Revenue Authority was compromised causing important losses. Several persons were prosecuted and convicted for, amongst other things, the unauthorised use and interception of computer services, electronic fraud, unauthorised access to data and producing, selling or procuring, designing and being in possession of devices, computers, and computer programs designed to overcome security measures for protection of data. The Court considered life imprisonment, but sentenced each of the persons to, cumulatively, 20 years of imprisonment and a fine.
Uganda v. Ssentongo & 4 Ors (Criminal Session Case 123 of 2012)  UGHCACD 1 (14 February 2017): a case of conspiracy to steal money from the MTN mobile money system causing significant losses. Several persons were prosecuted and charged for, amongst other things, electronic fraud and the unauthorised disclosure of access codes. One of the accused was convicted for electronic fraud, but acquitted of the unauthorised disclosure of access codes as no loss occurred.
In Kalungi vs. Uganda (Corruption Division HCT-00-AC-CN-0041-2015)  UGHCACD 2 (28 April 2016): the High Court of Uganda confirmed that a compact disc can be considered as electronic evidence and can be admissible in court proceedings. Based on the evidence, the Court affirmed the conviction of the accused persons.
Sources and links
Institutional websites and databases:
- Uganda Legal Information Institute (ULII) is a project of the Judiciary of Uganda, publishing legal information for free online access.
- UNIDIR – Uganda cybersecurity (country profile)
News, Reports and Research:
- BarefootLaw, Cyber laws of Uganda, January 2019
- UK Government, African Cyber Experts Fellowship: lessons learnt report 2020, 8 March 2021
- Serianu, Africa Cybersecurity Report, Uganda 2019/2020, Local Perspective on Data Protection and Privacy Laws
- Privacy International, One Year On, what has Uganda’s Data Protection Law Changed?, 3 March 2020
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.