The new cyber laws are not that bad! Mulambo Haimbe tells USA Government
Lusaka, Zambia – 17/04/2025
The Government of the Republic of Zambia has taken note of the recent public advisory issued by the United States Embassy in Lusaka regarding Zambia’s Cyber Security Act No. 3 of 2025.
While we appreciate the Embassy’s commitment to informing its citizens, we find it necessary to clarify misinterpretations presented in the advisory and to affirm Zambia’s continued commitment to rule of law, respect for privacy rights, and upholding of good governance principles.
The Cyber Security Act is intended to enhance the country’s cybersecurity framework in order to safeguard citizens, institutions, and the economy from growing cyber threats. It repeals and replaces the Cyber Security and Cyber Crimes Act No. 2 of 2021 and aligns with international best practices, including the Budapest Convention and the African Union’s Malabo Convention. Specifically, the objectives of the Cyber Security Act include:
(a) protecting critical information infrastructure essential to national security, economic stability, and public safety;
(b) establishing a coordinated framework for lawful interception under judicial oversight; and
(c) promoting data protection, cyber resilience, and lawful use of digital technologies.
Contrary to the advisory, the Act does not mandate anyone to proactively intercept any electronic communications and transmit such communication to the government. Section 37 of the Act explicitly prohibits random monitoring. Lawful interception under Section 29 can only be effected upon obtaining an ex parte order from a High Court judge similar to provisions of the United States’ Electronic Communications Privacy Act of 1986.
Further, any emergency interceptions under Section 30 must be followed by written judicial justification within 48 hours, and improper use of intercepted data carries serious criminal penalties.
The Act incorporates robust safeguards to protect individual rights:
(a) Privileged communications such as attorney-client and journalist sources, retain legal protection under Section 36;
(b) The use or disclosure of intercepted data outside legal authority is punishable by up to 10 years’ imprisonment under Section 34;
(c) Geolocation tracking without consent is prohibited under Section 31.
These provisions reflect Zambia’s adherence to due process, proportionality, and necessity in digital governance.
Zambia’s requirement for electronic service providers to maintain lawful interception capabilities under Sections 39–40 of the Act is standard practice globally, including in the United States under laws such as section 103 of the Communications Assistance for Law Enforcement Act of 1994. These capabilities are strictly regulated, activated only upon judicial authorization, and are necessary to counter threats such as terrorism, money laundering, and cyber-enabled fraud.
Zambia continues to uphold its international obligations and actively cooperates on transnational cybercrime under mutual legal assistance frameworks. We welcome partnerships and constructive dialogue with all diplomatic missions, including the U.S., on cybersecurity, digital rights, and capacity building.
The Government remains committed to promoting a safe, open, and democratic digital environment that supports innovation while safeguarding national security and civil liberties. We encourage all residents and visitors to read the law in full context and to engage constructively with our institutions for clarification.
For any further concerns and clarifications, the Ministry of Foreign Affairs and International Cooperation remains open for engagement.
Issued by:
Ministry of Foreign Affairs and International Cooperation
Republic of Zambia to
The new cyber laws are not that bad! Mulambo Haimbe tells USA Government
