African Union Legal Instrument
3.
P a g e | 27
Rights of citizens
In adopting legal measures in the area of cyber security and establishing the framework
for implementation thereof, each State Party shall ensure that the measures so adopted
will not infringe on the rights of citizens guaranteed under the national constitution and
internal laws, and protected by international conventions, particularly the African Charter
on Human and Peoples‟ Rights, and other basic rights such as freedom of expression,
the right to privacy and the right to a fair hearing, among others.
4.
Protection of critical infrastructure
Each State Party shall adopt such legislative and/or regulatory measures as they deem
necessary to identify the sectors regarded as sensitive for their national security and
well-being of the economy, as well as the information and communication technologies
systems designed to function in these sectors as elements of critical information
infrastructure; and, in this regard, proposing more severe sanctions for criminal activities
on ICT systems in these sectors, as well as measures to improve vigilance, security and
management.
Article 26: National cyber security system
1.
Culture of Cyber Security
a)
Each State Party undertakes to promote the culture of cyber security among
all stakeholders, namely, governments, enterprises and the civil society,
which develop, own, manage, operationalize and use information systems
and networks. The culture of cyber security should lay emphasis on security
in the development of information systems and networks, and on the
adoption of new ways of thinking and behaving when using information
systems as well as during communication or transactions across networks.
b)
As part of the promotion of the culture of cyber security, State Parties may
adopt the following measures: establish a cyber-security plan for the
systems run by their governments; elaborate and implement programmes
and initiatives for sensitization on security for systems and networks users;
encourage the development of a cyber-security culture in enterprises; foster
the involvement of the civil society; launch a comprehensive and detailed
national sensitization programme for Internet users, small business, schools
and children.