What the AU says

28 Aug, 2016 - 00:08 0 Views

The Sunday Mail

The following are excerpts of the African Union Convention on Cyber Security and Personal Data Protection adopted in Malabo, Equatorial Guinea in 2014.

* * *

Article 27: National cyber security monitoring structures

1. Cyber security governance

(a) Each State party shall adopt the necessary measures to establish an appropriate institutional mechanism responsible for cyber security governance;

(b) The measures adopted as per paragraph 1 of this Article shall establish strong leadership and commitment in the different aspects of cyber security institutions and relevant professional bodies of the State Party. To this end, State parties shall take the necessary measures to:

(i) Establish clear accountability in matters of cyber security at all levels of Government by defining the roles and responsibilities in precise terms;

(ii) Express a clear, public and transparent commitment to cyber security;

(iii) Encourage the private sector and solicit its commitment and participation in Government-led initiatives to promote cyber security.

(c) Cyber security governance should be established within a national framework that can respond to the perceived challenges and to all issues relating to information security at national level in as many areas of cyber security as possible.

2. Institutional framework

Each State party shall adopt such measures as it deems necessary in order to establish appropriate institutions to combat cyber-crime, ensure monitoring and a response to incidents and alerts, national and cross-border co-ordination of cyber security problems, as well as global co-operation.

Article 28: International co-operation

1. Harmonisation

State parties shall ensure that the legislative measures and/or regulations adopted to fight against cyber-crime will strengthen the possibility of regional harmonisation of these measures and respect the principle of double criminal liability.

2. Mutual legal assistance

State parties that do not have agreements on mutual assistance in cyber-crime shall undertake to encourage the signing of agreements on mutual legal assistance in conformity with the principle of double criminal liability, while promoting the exchange of information as well as the efficient sharing of data between the organisations of State Parties on a bilateral and multilateral basis.

3. Exchange of information

State parties shall encourage the establishment of institutions that exchange information on cyber threats and vulnerability assessment such as the Computer Emergency Response Team or the Computer Security Incident Response Teams.

4. Means of co-operation

State Parties shall make use of existing means for international co-operation with a view to responding to cyber threats, improving cyber security and stimulating dialogue between stakeholders.

These means may be international, inter-governmental or regional, or based on private and public partnerships.

Article 29: Offences specific to Information and Communication Technologies

1. Attacks on computer systems

State parties shall take the necessary legislative and/or regulatory measures to make it a criminal offence to:

(a) Gain or attempt to gain unauthorised access to part or all of a computer system or exceed authorised access;

(b) Gain or attempt to gain unauthorised access to part or all of a computer system or exceed authorised access with intent to commit another offence or facilitate the commission of such an offence;

(c) Remain or attempt to remain fraudulently in part or all of a computer system;

(d) Hinder, distort or attempt to hinder or distort the functioning of a computer system;

(e) Enter or attempt to enter data fraudulently in a computer system;

(f) Damage or attempt to damage, delete or attempt to delete, deteriorate or attempt to deteriorate, alter or attempt to alter, change or attempt to change computer data fraudulently.

State Parties further undertake to:

(g) Adopt regulations compelling vendors of information and communication technology products to have vulnerability and safety guarantee assessments carried out on their products by independent experts and researchers, and disclose any vulnerabilities detected and the solutions recommended to correct them to consumers;

(h) Take the necessary legislative and/or regulatory measures to make it a criminal offence to unlawfully produce, sell, import, possess, disseminate, offer, cede or make available computer equipment, programme, or any device or data designed or specially adapted to commit offences, or unlawfully generate or produce a password, an access code or similar computerised data allowing access to part or all of a computer system.

Share This:

Survey


We value your opinion! Take a moment to complete our survey

This will close in 20 seconds