Rwanda: Law No. 60/2018 on Prevention and Punishment of Cyber Crimes including cybersecurity regulation entered into force

On 25 September 2018, the Law No. 60/2018 on Prevention and Punishment of Cyber Crimes enters into force following its publication in the Official Gazette. The law aims to address and penalise various forms of cybercrime, including unauthorised access to computer systems, data interception, and the dissemination of harmful or illegal content online. It outlines the obligations of service providers to prevent and address cybercrimes. This includes informing clients about cybercrime trends, establishing and maintaining reporting procedures for cybercrime incidents, preserving relevant information such as the origin, destination, route, time, date, size, duration, and type of services, and complying with lawful directives from investigative bodies. Additionally, service providers must preserve data for up to 30 days (extendable if necessary), and disclose electronic traffic data or log data as directed by the prosecution authority. Non-compliance can result in penalties, including fines ranging from RWF 1 million to RWF 3 million and legal actions. Finally, the law outlines obligations regarding the protection of critical information infrastructure, requiring service providers to follow guidelines on safeguarding, managing, and securing critical data and infrastructure, including ensuring data integrity and setting up disaster recovery plans.