President Salva Kiir on Feb. 18, 2026, signed the Cybercrime and Computer Misuse Act into law, a comprehensive legislative framework designed to address the growing challenges of digital security and electronic misconduct.
Chapter I of the Act, which covers the preliminary provisions, sets the foundation for the law’s application and defines the technical scope of the offences it addresses.
Here is Radio Tamazuj’s explainer on the initial provisions of the Cybercrime and Computer Misuse Act 2026:
Title and commencement
The legislation is officially cited as the Cybercrime and Computer Misuse Act, 2026. According to the commencement clause, the Act came into force on the date it was signed by the president, making it immediately enforceable across the Republic of South Sudan.
Purpose and objects
The preliminary sections outline the primary goals of the legislation, which include:
• Protection of critical infrastructure: Ensuring the security of essential systems such as banking, telecommunications and government databases.
• Standardisation of offences: Providing clear legal definitions for crimes such as hacking, identity theft and cyberstalking.
• International cooperation: Facilitating the extradition of offenders and cooperation with international law enforcement agencies to combat cross-border cybercrime.
Confidentiality and privacy
The Act introduces strict confidentiality requirements for those handling sensitive data during investigations:
• Non-disclosure obligations: Investigatory units and service providers are mandated to maintain confidentiality regarding the execution of orders and any related information.
• Protection of informants: The law emphasises safeguarding the identity of confidential sources of information related to cybercrime enforcement.
Repeals and savings
The Act includes provisions addressing previous legislation and ongoing matters:
• Repeal: The Act repeals any previous laws or provisions inconsistent with its framework on cybercrime and computer misuse.
• Savings: Actions taken, investigations commenced, or regulations made under repealed laws remain valid as if undertaken under the new Act, provided they do not conflict with its provisions.
Key definitions
The law provides specific legal definitions for technical terms to ensure clarity in judicial proceedings. Some of the primary definitions included in the early sections of the Act are:
• Access: Defined as the “whole or partial” entry into a computer system or network by any means, including through intercepted electromagnetic emissions.
• Computer system: A broad definition covering any device or group of interconnected devices performing logic, arithmetic or storage functions, including personal computers, servers, mobile phones and industrial control systems.
• Computer data: Any representation of facts, information or concepts in a form suitable for processing in a computer system.
• Cybersecurity: The state of being protected against unauthorised use of electronic data, or the measures taken to achieve this.
• Electronic communication: Any transfer of signs, signals, writing, images, sounds or data transmitted in whole or in part by wire, radio or other electromagnetic systems.
• Service provider: Any public or private entity that enables users to communicate via a computer system, or that processes or stores computer data on behalf of such services.
• Website: A collection of related web pages, including multimedia content, typically identified by a common domain name and published on at least one web server.
• Cybercrime: Acts involving a computer or network, where the computer may be used in committing a crime or may be the target.
• Cyber terrorism: Intentionally accessing a computer system or network to carry out an act of terrorism.
• Cyber espionage: Using a computer or computer system to conduct espionage activities.
• Cyber extortion: Engaging in acts of cyber extortion.
• Cyberbullying: Individually or jointly committing acts of cyberbullying.
• Cyberspace: The complex environment resulting from interactions between people, software and services on the internet.
• Cybersecurity incident: An event that negatively affects the confidentiality, integrity or availability of a computer system or data.
• Digital forensic expert: A person with specialised knowledge and skills to perform forensic analysis on digital devices.
• Forensics: The application of scientific methods and techniques to investigate and establish facts in criminal or civil proceedings.
• Webpage: A specific page of a website.
• Cybersecurity service provider: An entity that provides services related to the protection of computer systems and data.