Evidence Obligations for Mobile Network Operators: the Cybercrimes Act

This article discussed the evidence obligations of Electronic Communications Service Providers in terms of the Cybercrimes Act.

The Cybercrimes Act[1] punishes crimes that are committed through the use of computers, mobile phones and tablets i.e., crimes committed through the use of electronic communication devices.  Electronic Communication Service Providers (“ECSPs”) are defined as:

Any person who provides an electronic communications service to the public, sections of the public, the State, or the subscribers to such service, under and in accordance with an electronic communications service licence issued to that person in terms of the Electronic Communications Act, 2005”.[2]

This has implications for mobile network providers such as MTN, Vodacom, Telkom, Cell C, and Virgin Mobile, as well as internet service providers such as Rain, Mweb, Afrihost, and Vox Telecom, particularly in evidence proceedings.

Due to the nature of cybercrimes and where they are carried out, it is no doubt that in punishing such crimes, ECSPs will play a major role in providing evidence required to prove and convict cyber criminals.  The Cybercrimes Act states that a person that suffers a cyberattack such as hacking, cyber bullying, or revenge pornography can seek a protection order.  This order may compel an ECSP whose Electronic Communication Service (“ECS”) is used to host or disclose such offensive data messages, to remove or disable the data messages.[3]  Additionally, the ECSP can be called to provide certain information such as:[4]

  • the electronic communications identity number from where the data message came from;
  • the name, surname, identity number and address of the person to whom the electronic communications identity number has been assigned;
  • any information which indicates that the data message was or was not sent from the electronic communications identity number of the person;
  • any information which could help identify the person who disclosed the data message or to identify the ECSP whose service was used to host or used to disclose the data message; and
  • any information that confirms whether the service provider’s services were used to host or disclose the data message.

An ECSP that fails to provide the court with the requested information will be guilty of an offence.[5]

Furthermore, network operators need to be aware that they have a reporting obligation in terms of section 54 of the Cybercrimes Act.  This obligation simply means the network operators must report a cybercrime happening or that has happened on its electronic communications service within 72 hours of becoming aware of the crime.  An ECSP that fails to do so is guilty of an offence.

Mobile network providers fall under the definition of ECSPs as defined in the Cybercrimes Act and play an important role in furnishing evidence for cybercrimes that take place through the use of their networks or systems.  Lastly, they have a reporting obligation in terms of section 54 which requires them to report cybercrimes taking place on their electronic communications services as soon as they become aware of it.

Contact us for more good, clear, precise advice.


[1] 19 of 2022.

[2] Section 1 of the Cybercrimes Act 19 of 2020.

[3] Section 20 of the Cybercrimes Act 19 of 2020.

[4] Section 21 of the Cybercrimes Act 19 of 2020.

[5] Section 21(7) of the Cybercrimes Act 19 of 2020.

image_pdfDownload PDF
Filter By

Must Reads

Subscribe to receive our latest articles

Follow Us

Related Posts