Skip links

Fighting Cybercrime in Uganda

Most of us have received fake SMS’s of mobile money deposits along with those phone calls of a certain someone saying they have accidentally sent mobile money and would kindly want to have it back.

Some have fallen prey to these cons and ended up sending their own mobile money to these fraudsters. Sanyu happens to be one them. She sent money to a person who claimed to have made a mistake, who even spoke like he knew her personally.


With the increased use of computers, new types of crimes have also evolved that target computer or involve the use of computers to commit other crimes. Cybercrimes can have a direct impact on peoples’ lives where data is lost, money is stolen or a person’s privacy is infringed upon.

With these kinds of risks, Uganda surely has a firm legal framework in place to fight cybercrime?


The 1950 Penal Code Act, the 1950 Criminal Procedure Act and the 1996 Police Act provide for general rules on criminal law and general powers and duties of the police which can also be used in the fight against cybercrime.

In addition, a more specific statutory law to address cybercrime was introduced with the 2011 Computer Misuse Act.

The 2011 Computer Misuse Act was enacted by the Parliament with the aim to, amongst other things, prevent unlawful access, abuse or misuse of computers. It provides for definitions of cybercrimes, related penalties and some procedural measures that law enforcement authorities can use in their fight against cybercrimes.


The 2011 Computer Misuse Act defines a number of cybercrimes, which could be grouped into four different categories. In all cases, what a computer is, is defined broadly, which may therefore include individual computers or devices (e.g. mobile phones) or entire computer networks.

Firstly, crimes that target computer systems could be distinguished, including obtaining unauthorised access to a computer, the unauthorised interference with computer data, the production or use of a device or programme to overcome security measures or to commit any other cybercrime, the interception of computer services or the unauthorised disclosure of access codes or information.

Secondly, electronic fraud is defined as a criminal offence, i.e. where money was stolen and where part of the process involved communication through a computer network.

Thirdly, the production or distribution of child pornography is defined as criminal offences as they usually involve the use of computers. Fourthly, the Act is also used to define the offences of cyber harassment, cyberstalking and offensive communication.

The 2011 Computer Misuse Act introduces penalties for these offences, ranging from a fine of UGX 480,000 and/or a maximum imprisonment of 1 year for the use of offensive communication to a fine of UGX 4.8 million and 10 years of imprisonment for most of the other offences. In a number of cases, where protected computers were involved (e.g. relating to the defence of Uganda or a computer system of the police), cybercriminals may be punishable by a maximum imprisonment for life.


In view of the specific nature of cybercrimes, the 2011 Computer Misuse Act was also used to introduce a number of procedural measures to allow the authorities to better fight cybercrime.

Police officers may order for the preservation of computer data where they expect that the data is relevant for an investigation but may be vulnerable to loss or deletion. Under these circumstances, including a court order, officers may order the disclosure of that preserved computer data or the production of computer data, for instance from a provider of computer services. Law enforcement officers are also entitled to search and seize computers and computer data.


The 2011 Computer Misuse Act has a broad territorial scope as it allows for offences to be prosecuted where they are related to Uganda in a number of different ways. Criminals can be prosecuted for cybercrimes when they were in Uganda or where the computer that was used for or affected by the crime was in Uganda. Offences under the Act can be prosecuted irrespective of the nationality of the perpetrator or whether the person is inside or outside Uganda.


It appears Sanyu has indeed become the victim of an act of electronic fraud, as she was tricked into sending an amount of mobile money to the criminal’s mobile money account.

The 2011 Computer Misuse Act defines electronic fraud as “deliberately performing deception with the intent of securing an unfair or unlawful gain where (…) the action is performed through a computer network (…)” (Article 19 of the Act). On the basis of this provision the Police of Uganda could start a criminal investigation.

As part of the investigation, the police could order Sanyu’s mobile money service provider and the suspect’s mobile network operator to produce subscriber information on the basis of which the identity of the suspect could be retrieved.

Following an arrest, the suspect could be prosecuted for electronic fraud, for which the person could be convicted with a penalty of a maximum of 4.8 million UGX and 10 years of imprisonment. The court may order for compensation to be paid to Sanyu.

However, these steps can only be triggered following an official report from Sanyu to the police. Therefore, Sanyu should go to her local police station and file an official report.

Have you ever become a victim of cybercrime? Or do you know anyone who has experienced what Sanyu went through? How did you deal with the problem?

Please contact us and share your experience with us!