- Section 1 of Computer Misuse and Cybercrime Act No 5 of 2018: Short title
This Act may be cited as the Computer Misuse and Cybercrimes Act, 2018.
- Section 2 of Computer Misuse and Cybercrime Act No 5 of 2018: Interpretation
In this Act, unless the context otherwise requires —
"access" means gaining entry into or intent to gain entry by a person to a program or data stored in a computer system and the person either—
(a) alters, modifies or erases a program or data or any aspect related to the program or data in the...
- Section 3 of Computer Misuse and Cybercrime Act No 5 of 2018: Objects of the Act
The objects of this Act are to —
(a) protect the confidentiality, integrity and availability of computer systems, programs and data;
(b) prevent the unlawful use of computer systems;
(c) facilitate the prevention, detection, investigation, prosecution and punishment of cybercrimes;
(d) protect...
- Section 4 of Computer Misuse and Cybercrime Act No 5 of 2018: Establishment of Committee
There is established the National Computer and Cybercrimes Co-ordination Committee.
- Section 5 of Computer Misuse and Cybercrime Act No 5 of 2018: Composition of the Committee
(1) The Committee shall comprise of—
(a) the Principal Secretary responsible for matters relating to internal security or a representative designated and who shall be the chairperson;
(b) the Principal Secretary responsible for matters relating to information, communication and technology or a...
- Section 6 of Computer Misuse and Cybercrime Act No 5 of 2018: Functions of the Committee
(1) The Committee shall —
(a) advise the Government on security related aspects touching on matters relating to blockchain technology, critical infrastructure, mobile money and trust accounts;
(b) advise the National Security Council on computer and cybercrimes;
(c) co-ordinate national security...
- Section 7 of Computer Misuse and Cybercrime Act No 5 of 2018: Secretariat of the Committee
(1) There shall be a Secretariat which shall comprise of the Director and such number of public officers that, subject to the approval of the Committee, the Cabinet Secretary responsible for matters relating to internal security in consultation with the Cabinet Secretary responsible for matters...
- Section 8 of Computer Misuse and Cybercrime Act No 5 of 2018: Reports by the Committee etc
The Committee shall submit quarterly reports to the National Security Council.
- Section 9 of Computer Misuse and Cybercrime Act No 5 of 2018: Critical information infrastructure
(1) The Director shall, by notice in the Gazette, designate certain systems as critical infrastructure.
(2) The Director shall designate a system as a critical infrastructure if a disruption of the system would result in —
the interruption of a life sustaining service including the supply of...
- Section 10 of Computer Misuse and Cybercrime Act No 5 of 2018: Protection of critical information infrastructure
(1) The Committee shall within reasonable time and in consultation with the owner or a person in control of an identified critical information infrastructure, submit to the National Security Council its recommendations of entities to be gazetted as critical information infrastructures.
(2) The...
- Section 11 of Computer Misuse and Cybercrime Act No 5 of 2018: Reports on critical information infrastructure
(1) The owner or operator of a system designated as critical infrastructure shall report to the Committee any incidents likely to constitute a threat in the nature of an attack that amounts to a computer and cybercrime and the action the owner or operator intends to take to prevent the...
- Section 12 of Computer Misuse and Cybercrime Act No 5 of 2018: Information sharing agreements
(1) A private entity may enter into an information sharing agreement with a public entity on critical information infrastructure.
(2) An agreement under subsection (1) shall only be entered into for the following purposes and in line with a critical infrastructure framework—
(a) to ensure cyber...
- Section 13 of Computer Misuse and Cybercrime Act No 5 of 2018: Auditing of critical information infrastructures to ensure compliance
(1) The owner or person in control of a critical information infrastructure shall annually submit a compliance report on the critical information infrastructure to the Committee in line with a critical infrastructure framework in order to evaluate compliance.
(2) The Director, shall within a...
- Section 14 of Computer Misuse and Cybercrime Act No 5 of 2018: Unauthorised access
(1) A person who causes, whether temporarily or permanently, a computer system to perform a function, by infringing security measures, with intent to gain access, and knowing such access is unauthorised, commits an offence and is liable on conviction, to a fine not exceeding five million shillings...
- Section 15 of Computer Misuse and Cybercrime Act No 5 of 2018: Access with intent to commit further offence
(1) A person who commits an offence under section 14 with intent to commit afurther offence under any law, or to facilitate the commission of a further offence by that person or any other person, commits an offence and is liable, on conviction, to a fine not exceeding ten million shillings or to...
- Section 16 of Computer Misuse and Cybercrime Act No 5 of 2018: Unauthorised interference
(1) A person who intentionally and without authorisation does any act which causes an unauthorised interference, to a computer system, program or data, commits an offence and is liable on conviction, to a fine not exceeding ten million shillings or to imprisonment for a term not exceeding five...
- Section 17 of Computer Misuse and Cybercrime Act No 5 of 2018: Unauthorised interception
(1) A person who intentionally and without authorisation does any act which intercepts or causes to be intercepted, directly or indirectly and causes the transmission of data to or from a computer system over a telecommunication system commits an offence and is liable, on conviction, to a fine not...
- Section 18 of Computer Misuse and Cybercrime Act No 5 of 2018: Illegal devices and access codes
(1) A person who knowingly manufactures, adapts, sells, procures for use, imports, offers to supply, distributes or otherwise makes available a device, program, computer password, access code or similar data designed or adapted primarily for the purpose of committing any offence under this Part,...
- Section 19 of Computer Misuse and Cybercrime Act No 5 of 2018: Unauthorised disclosure of password or access code
(1) A person who knowingly and without authority discloses any password,access code or other means of gaining access to any program or data held in any computer system commits an offence and is liable, on conviction, to a fine not exceeding five million shillings or to imprisonment for a term not...
- Section 20 of Computer Misuse and Cybercrime Act No 5 of 2018: Enhanced penalty for offences involving protected computer system
(1) Where a person commits any of the offences specified under sections 14,15, 16 and 17 on a protected computer system, that person shall be liable, on conviction, to a fine not exceeding twenty five million shillings or imprisonment for a term not exceeding twenty years or both.
(2) For purposes...
- Section 21 of Computer Misuse and Cybercrime Act No 5 of 2018: Cyber espionage
(1) A person who unlawfully and intentionally performs or authorizes or allows another person to perform a prohibited act envisaged in this Act, in order to —
(a) gain access, as provided under section 14, to critical data, a critical database or a national critical information infrastructure;...
- Section 22 of Computer Misuse and Cybercrime Act No 5 of 2018: False publications
(1) A person who intentionally publishes false, misleading or fictitious data or misinforms with intent that the data shall be considered or acted upon as authentic, with or without any financial gain, commits an offence and shall, on conviction, be liable to a fine not exceeding five million...
- Section 23 of Computer Misuse and Cybercrime Act No 5 of 2018: Publication of false information
A person who knowingly publishes information that is false in print, broadcast, data or over a computer system, that is calculated or results in panic, chaos, or violence among citizens of the Republic, or which is likely to discredit the reputation of a person commits an offence and shall on...
- Section 24 of Computer Misuse and Cybercrime Act No 5 of 2018: Child pornography
(1) A person who, intentionally —
(a) publishes child pornography through a computer system;
(b) produces child pornography for the purpose of its publication through a computer system;
(c) downloads, distributes, transmits, disseminates, circulates, delivers, exhibits, lends for gain, exchanges,...
- Section 25 of Computer Misuse and Cybercrime Act No 5 of 2018: Computer forgery
(1) A person who intentionally inputs, alters, deletes, or suppresses computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless of whether or not the data is directly readable and intelligible commits an...
- Section 26 of Computer Misuse and Cybercrime Act No 5 of 2018: Computer fraud
(1) A person who, with fraudulent or dishonest intent—
(a) unlawfully gains;
(b) occasions unlawful loss to another person; or
(c) obtains an economic benefit for oneself or for another person, through any of the means described in subsection (2),
commits an offence and is liable, on conviction,...
- Section 27 of Computer Misuse and Cybercrime Act No 5 of 2018: Cyber harassment
(1) A person who, individually or with other persons, wilfully communicates, either directly or indirectly, with another person or anyone known to that person, commits an offence, if they know or ought to know that their conduct —
(a) is likely to cause those persons apprehension or fear of...
- Section 28 of Computer Misuse and Cybercrime Act No 5 of 2018: Cybersquatting
A person who, intentionally takes or makes use of a name, business name, trademark, domain name or other word or phrase registered, owned or in use by another person on the internet or any other computer network, without authority or right, commits an offence and is liable on conviction to a fine...
- Section 29 of Computer Misuse and Cybercrime Act No 5 of 2018: Identity theft and impersonation
A person who fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person commits an offence and is liable, on conviction, to a fine not exceeding two hundred thousand shillings or to imprisonment for a term not exceeding...
- Section 30 of Computer Misuse and Cybercrime Act No 5 of 2018: Phishing
A person who creates or operates a website or sends a message through a computer system with the intention to induce the user of a website or the recipient of the message to disclose personal information for an unlawful purpose or to gain unauthorized access to a computer system, commits an offence...