On the afternoon of Wednesday 6th September, the RAN team attended a brief training to be sensitized on the Ugandan Cyber Laws. The training was facilitated by the National Information and Technology Authority- Uganda (NITA-U)- an active partner of the Makerere School of Public Health- ResilientAfrica Network (RAN), and was held in the EA RILab Board room.

Mr. Baker Birikujja who works with the Directorate of Regulation and Legal Services, NITA-U delivered the session. He begun by recognising RAN’s work in supporting innovations for resilience and shared that it was because of the networks’ projects and work in the IT and Technology space that the Authority felt it ‘important to sensitize the RAN team on the Cyber Laws in Uganda.’ Mr Birikujja went on to introduce the team to NITA-U and its mandate in coordinating and regulating Information Technology services in Uganda.


Following his brief overview and introduction to NITA-U, its objectives and functions, Mr. Birikujja shared that ‘in 2011 three Cyber Laws were passed, namely: The Electronic Transactions Act 2011, The Electronic Signatures Act , 2011 and the Computer Misuse Act 2011.’ He went on to offer more detail on each of these acts. With regards to the Electronic Transactions Act, Mr. Birikujja shared that although transactions online may differ in nature from physical transactions, ‘the Electronic Transaction Act doesn’t waive the fundamental requirements set forth in the substantive law governing transactions.’ Online users therefore have a right to the following information, among others:

  • Description of goods and services to be offered
  • Manner of payment and full price inclusive of taxes
  • Physical address and telephone contact of trader
  • Participants must satisfy the rights of a contract

The Act however, still doesn’t apply to:

  • The Drafting of a will
  • Powers of attorney
  • Documents that create or transfer an interest in property
  • Negotiable instruments e.g. cheques

Under the ‘Electronic Signatures Act’, the RAN team was told about the different types of electronic signatures including a Printed Name, Email Addresses, Scanned Signatures, Digital signatures, which Mr. Birikujja likened to the pin numbers used for ATM. The third and final act under the 2011 Cyber Laws was the ‘Computer Misuse Act’. Under which, Mr. Birikujja informed the team that ‘Computers include all devices that can process, store and communicate data’. He therefore shared that this act also covered the use of mobile phones. The act offers protection against the two forms of cyber-crime: cyber-dependent and cyber-enabled crimes. The act therefore includes crimes like: electronic fraud, piracy and theft of software, malicious and offensive communications related and cyber-enabled crimes like: child sexual offenses, cyber stalking and harassment and disclosing private images without consent.

At the end of his presentation, Mr. Birikujja opened the discussion out to the RAN team who posed several questions.

One member asked whether NITA-U had a ‘manual for IT Certifications’.

One member enquired about where security officials in the country get authority to track phones when stolen, especially when one reports a lost phone, if there’s an act that prohibits phone interception. To this, Mr. Birikujja highlighted the difference between phone tracking and phone interception.

One member asked whether NITA-U collaborates with the Bank in Uganda to screen online payments, as these usually only require the entering of your card details. ‘If your card is stolen, then the thief can spend all your money on various online transactions because they don’t require your card pin.’ To this Mr. Barikujja agreed that the Authority would ask BoU to look into the matter further.

One member shared their concerns that ‘a lot of the laws under the Computer Misuse Act’ were not ‘enforceable.’ ‘ “Rumour mongering” or gossip ‘is accepted as the norm in everyday social life. How do you differentiate between this and “fake news” for example.’ To this Mr. Birikujja mentioned that he had not shared the details of the different offenses under the Computer Misuse Act, which clearly highlight when one of these actions is considered to a crime. ‘Under the law harassment for example, is defined as ‘any person who wilfully and repeatedly uses an electronic platform to disturb the peace of someone with no legitimate purpose.’ These definitions help distinguish normal social behaviours from what is considered to be a criminal offense.

We would like to thank NITA-U once again for its active collaboration with RAN and for approaching us to be beneficiaries of this training. We know the information shared will prove useful to our innovators and to our network at large.