Mauritius: The CyberSecurity and CyberCrime Act, 2021
The Cybersecurity and Cybercrime Act of 2021 is a law passed by the Mauritius government to address cyber threats and offences in the country. The law criminalizes various cyber activities, including hacking, phishing, cyberbullying, and cyber espionage. It also provides for penalties, including fines and imprisonment, for offences such as unauthorized access and data theft.
The law establishes the Cybercrime Division as the lead agency responsible for investigating and prosecuting cybercrime in the country. The division works closely with other law enforcement agencies and international partners to develop and implement effective strategies for combatting cybercrime.
The law has been praised for its comprehensive approach to cybersecurity and for its emphasis on international cooperation in the fight against cybercrime. However, some critics have raised concerns about the potential for the law to be used to infringe on civil liberties and privacy rights. The law has been amended several times since it was first introduced to address some of these concerns and to keep up with technological developments and changes in the cyber threat landscape.
Section
PART I – PRELIMINARY
1 – Short title
2 – Interpretation
PART II – THE NATIONAL CYBERSECURITY COMMITTEE
3 – Establishment of National Cybersecurity Committee
4 – Functions of Committee
5 – Meetings of Committee
6 – Reports by Committee
PART III – OFFENCES
7 – Unauthorised access to computer data
8 – Unauthorised interception of computer service
9 – Unauthorised interference
10 – Access with intent to commit offences
11 – Unauthorised modification of computer data
12 – Unauthorised disclosure of password
13 – Unlawful possession of devices and computer data
14 – Electronic fraud
15 – Computer-related forgery
16 – Misuse of fake profile
17 – Cyberbullying
18 – Cyber extortion
19 – Revenge pornography
20 – Cyberterrorism
21 – Infringement of copyright and related rights
22 – Increased penalty for offences involving critical information infrastructure
23 – Failure to moderate undesirable content
24 – Disclosure of details of an investigation
25 – Obstruction of investigation
PART IV – INVESTIGATION PROCEDURES
26 – Expedited preservation and partial disclosure of traffic data
27 – Production order
28 – Powers of access, search and seizure for purpose of investigation
29 – Real-time collection of traffic data
30 – Interception of content data
31 – Deletion order
32 – Limited use of disclosed computer data and information
PART V – CRITICAL INFORMATION INFRASTRUCTURE PROTECTION
33 – Critical information infrastructure
34 – Protection of critical information infrastructure
35 – Reports on critical information infrastructure
36 – Information sharing agreement
37 – Auditing of critical information infrastructure to ensure compliance
PART VI – COMPUTER EMERGENCY RESPONSE TEAM OF
MAURITIUS (CERT-MU)
38 – Setting up of CERT-MU
39 – Functions of CERT-MU
PART VII – INTERNATIONAL COOPERATION
40 – General principles relating to international cooperation
41 – Spontaneous information
42 – Expedited preservation of stored computer data
43 – Expedited disclosure of preserved traffic data
44 – Mutual assistance regarding accessing of stored computer data
45 – Transborder access to stored computer data with consent or where publicly available
46 – Mutual assistance in real-time collection of traffic data
47 – Mutual assistance regarding interception of content data
48 – 24/7 point of contact
PART VIII – GENERAL PROVISIONS
49 – Prosecution
50 – Jurisdiction
51 – Regulations
52 – Extradition
53 – Forfeiture
54 – Repeal
55 – Savings and transitional provisions
56 – Commencement
