African Union Legal Instrument
CHAPTER III –
PROMOTING
CYBERCRIME
P a g e | 26
CYBER
SECURITY
AND
Section I:
Cyber Security Measures to be taken at National Level
Article 24:
National cyber security framework
1.
COMBATING
National policy
Each State Party shall undertake to develop, in collaboration with stakeholders, a
national cyber security policy which recognizes the importance of Critical Information
Infrastructure (CII) for the nation identifies the risks facing the nation in using the allhazards approach and outlines how the objectives of such policy are to be achieved.
2.
National strategy
State Parties shall adopt the strategies they deem appropriate and adequate to
implement the national cyber security policy, particularly in the area of legislative reform
and development, sensitization and capacity-building, public-private partnership, and
international cooperation, among other things. Such strategies shall define
organizational structures, set objectives and timeframes for successful implementation
of the cyber security policy and lay the foundation for effective management of cyber
security incidents and international cooperation.
Article 25:
1.
Legal measures
Legislation against cybercrime
Each State Party shall adopt such legislative and/or regulatory measures as it deems
effective by considering as substantive criminal offences acts which affect the
confidentiality, integrity, availability and survival of information and communication
technology systems, the data they process and the underlying network infrastructure, as
well as effective procedural measures to pursue and prosecute offenders. State Parties
shall take into consideration the choice of language that is used in international best
practices.
2.
National Regulatory Authorities
Each State Party shall adopt such legislative and/or regulatory measures as it deems
necessary to confer specific responsibility on institutions, either newly established or
pre-existing, as well as on the designated officials of the said institutions, with a view to
conferring on them a statutory authority and legal capacity to act in all aspects of cyber
security application, including but not limited to response to cyber security incidents, and
coordination and cooperation in the field of restorative justice, forensic investigations,
prosecution, etc.