African Union Legal Instrument
P a g e | 30
Section II: Criminal Provisions
Article 29: Offences specific to Information and Communication Technologies
1.
Attacks on computer systems
State Parties shall take the necessary legislative and/or regulatory measures to make it
a criminal offence to:
a)
Gain or attempt to gain unauthorized access to part or all of a computer
system or exceed authorized access;
b)
Gain or attempt to gain unauthorized access to part or all of a computer
system or exceed authorized access with intent to commit another offence
or facilitate the commission of such an offence;
c)
Remain or attempt to remain fraudulently in part or all of a computer system;
d)
Hinder, distort or attempt to hinder or distort the functioning of a computer
system;
e)
Enter or attempt to enter data fraudulently in a computer system;
f)
Damage or attempt to damage, delete or attempt to delete, deteriorate or
attempt to deteriorate, alter or attempt to alter, change or attempt to change
computer data fraudulently.
State Parties further undertake to:
g)
Adopt regulations compelling vendors of information and communication
technology products to have vulnerability and safety guarantee assessments
carried out on their products by independent experts and researchers, and
disclose any vulnerabilities detected and the solutions recommended to
correct them to consumers;
h)
Take the necessary legislative and/or regulatory measures to make it a
criminal offence to unlawfully produce, sell, import, possess, disseminate,
offer, cede or make available computer equipment, program, or any device
or data designed or specially adapted to commit offences, or unlawfully
generate or produce a password, an access code or similar computerized
data allowing access to part or all of a computer system.