Zambia’s recently enacted cyber legislation has triggered serious concerns among civil society and digital rights advocates, who warn that the new laws could enable widespread surveillance and undermine constitutional freedoms under the pretext of national security.
In April 2025, the Zambian Parliament passed the Cyber Security Act and the Cyber Crimes Act, despite repeated warnings from groups such as the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Bloggers of Zambia. These organisations had submitted detailed recommendations highlighting human rights concerns, but lawmakers pushed ahead with minimal amendments.
According to CIPESA, the laws contain broadly worded and ambiguous definitions that threaten privacy, freedom of expression, access to information, and the right to assemble and associate. Critics say these vague provisions may be used to target journalists, opposition voices, and civil society actors.
One key concern is the expansive definition of terms like “critical information” and “law enforcement officer.” Under the new laws, critical information includes data linked to public safety, economic stability, and national security—categories so wide they could justify sweeping monitoring powers. Meanwhile, the definition of “law enforcement officer” extends beyond police to include members of the Anti-Corruption Commission, Drug Enforcement Commission, and even presidential appointees. These officials can now obtain communication interception orders without the knowledge or consent of the target, raising serious concerns about unchecked surveillance.
The Cyber Security Act also establishes the Zambia Cyber Security Agency under presidential oversight, a structure which analysts warn could undermine the agency’s independence. The agency will be tasked with regulating service providers, managing cybersecurity threats, and auditing systems—functions that demand impartiality and robust oversight, which the law fails to guarantee.
CIPESA warns that Zambia’s new laws follow a troubling trend across Africa, where cyber legislation is increasingly being deployed not to enhance cybersecurity but to restrict democratic freedoms. The organisation calls for urgent reforms to align the laws with international standards, including the African Charter on Human and Peoples’ Rights and the African Union Convention on Cybercrime and Personal Data Protection.
Specifically, CIPESA recommends:
- Narrowing overbroad criminal provisions
- Strengthening oversight and accountability mechanisms
- Ensuring judicial and enforcement bodies receive human rights training
- Upholding data protection and privacy in implementation
As Zambia approaches the 2026 elections, CIPESA stresses that digital security measures must protect, not punish, citizens. Cyber laws, it says, should foster trust and safeguard freedoms—not become tools for repression.