Octopus Cybercrime Community

The general legal framework regarding cybercrime and electronic evidence is set out in the Computer Misuse Act 2011 (“CMA”). In addition, other legislations such as the Copyright and Neighboring Rights Act 2006, Regulation of Interception of Communications Act 2010 and Penal Code Act of Uganda also provide for laws related to cybercrime and electronic evidence. The Electronic Signatures Act 2011 makes provision for and regulates the use of electronic signatures, whereas the Electronic Transactions Act 2011 provides a legal and regulatory framework to enable and facilitate electronic communications transactions and to provide legal recognition to electronic records.

The Computer Misuse Act (2011) is the primary cybercrime legislation in Uganda. It sets out rules to prevent unlawful access to, abuse or misuse of computers. Part IV of the CMA provides for computer misuse offences, including:

• Unauthorised access;
• Unauthorised use or interception of computer service;
• Unauthorised obstruction of use of computer;
• Unauthorised disclosure of information;
• Electronic fraud;
• Child pornography;
• Cyber harassment.

The Copyright and Neighboring Rights Act 2006 makes it an offence to infringe a copyright by reproduction through electronic means.

The Penal Code Act (1950, as amended in 2014) establishes the general rules of criminal responsibility and definitions of criminal offences and maximum penalties but does not mention cybercrimes specifically.

Parts III and V of the Computer Misuse Act (2011) covers investigation and procedure related provisions, including:

• Preservation order;
• Disclosure of preservation order;
• Production order;
• Search and seizure.

In addition:

• The Criminal Procedural Act (1950) defines general procedures to be followed in criminal cases.
• The Police Act (1996) sets out the general structure, organisation, and powers and duties of the police force.
• The Regulation of Interception of Communications Act (2010) ensures the lawful interception and monitoring of certain communications transmitted through a telecommunication, postal or any other related service or system in Uganda.

• Constitution of the Republic of Uganda (1995, as last amended in 2018): section 27, chapter IV, guarantees the right to privacy of person, home and other property, including correspondence and communication.
• Data Privacy & Protection Act (2019) protects the privacy of the individual by regulating the collection and processing of personal information and provides for the rights of the persons whose data is collected and the obligations of data collectors, data processors and data controllers.

In addition, Uganda has ratified a number of international human rights instruments:

• International Covenant on Civil and Political Rights (ICCPR): was ratified by Uganda in 1995. Art. 17 guarantees the right to privacy, while Art. 19 para. 2 protects the freedom of expression.
• The African Charter on Human and People’s Rights (ACHPR, 1981) was ratified by Uganda in 1986. The freedom of expression is protected by Art. 9 of the Charter.

• The Anti-Terrorism Act (2002) contains provisions authorising interception of the correspondence and the surveillance of suspected persons for obtaining information related to terrorist acts;
• The Copyright and Neighbouring Rights Act (2006) provides protection of literary, scientific and artistic intellectual works, including on the internet. Infringements of copyright by means of publication or distribution on the internet are defined as criminal offences;
• The National Information Technology Authority Act (2009) established the National Information Technology Authority of Uganda (NITA-U) as an autonomous body and as an agency of government, and set out its objectives, functions, composition, etc;
• The Electronic Transactions Act (2011) & Regulations (2013) , as well as the Electronic Signatures Act (2011) & Regulations (2013) ensure the regulatory framework for the use, security, facilitation and regulation of electronic communication and transactions and the use of electronic signatures;
• The Uganda Communications Act (2013) regulates the country’s communications services, enacted the establishment of the Ugandan Communications Commission (UCC) and defined its roles and responsibilities;
• The Anti-Pornography Act (2014) criminalizes all forms of pornography including pornographic presentations through information technology;
• The E-Government Regulations (2015) makes it mandatory for government agencies to create and maintain websites, while letting them choose if they want to deliver services electronically. The regulations also establish the rules to preserve the security of information and protection of personal data for e-government services;
• The Data Privacy & Protection Act (2019) protects the privacy of the individual by regulating the collection and processing of personal information and provides for the rights of the persons whose data is collected and the obligations of data collectors, data processors and data controllers.

Legal framework

Ugandan legislation does not contain general provisions on mutual assistance in matters of cybercrime and electronic evidence, nor are there any specialised international cooperation powers such as mutual assistance regarding accessing of stored computer data, trans-border access to stored computer data with consent or where publicly available, mutual assistance regarding the real-time collection of traffic data or mutual assistance regarding interception of content data.

The National Information Technology Authority of Uganda has established working relationships with the Government of UK, Egypt, Cameroon, South Korea. In 2017, Uganda signed a Memorandum of Understanding with Malawi to cooperate among other on cybersecurity and electronic government areas.