https://zimbabwe.misa.org Cybersecurity and Cybercrime Laws in the SADC Region the Commissioner 5 or by the Director-General6 , in writing, may, upon confirmation by the court and as soon as reasonably practicable to do so, order for the preservation of data that has been stored or processed by means of a computer or computer system or any other information and communication technology, where there are reasonable grounds to believe that such data is vulnerable to loss or modification”. matters connected with or incidental to the foregoing”. In general, the proposed law provides a legal framework for the criminalisation of computer and network related offences. As far as search, access and seizure are concerned, the Act outlines that, “Where a police officer, or any person authorised by the Commissioner or by the Director-General, in writing, has reasonable grounds to believe that stored data or information would be relevant for the purposes of an investigation or the prosecution of an offence, he or she may apply to a judicial officer for the issue of an order to enter any premises to access, search and seize such data or information”. It also provides for real-time collection of content and traffic data. However, this may be done by when a police officer has been granted permission by a judicial officer to compel a service provider, “within its technical capabilities, to— (i) effect such collection and recording referred to in paragraph (a), or (ii) assist the person making the application to effect such collection and recording”. Lesotho Like Zimbabwe, Lesotho has also gazetted the Computer Crime and Cyber Bill in 2020. The objectives of the Bill is “to criminalise offences against computers and network related crime; to provide for investigation and collection of evidence for computer and network related crime; to provide for the admission of electronic evidence for such offences, and to provide for Building on the SADC and Commonwealth Model Laws on cybercrime, the draft Bill defines key terms such as computer system, access provider, hinder, critical infrastructure, interception, internet service provider, racist and xenophobic material, traffic data, seize and so forth. The Bill defines “computer system” or “information system” as “a device or a group of inter-connected or related devices, one or more of which, pursuant to a program, performs automatic processing of data or any other function”. Part two of the Bill deals with criminal law provisions. Most of the offences outlined in this section puts intention at the centre of the commission of the offence. For example, it stipulates that, any “person who intentionally, without lawful excuse or justification or in excess of a lawful excuse or justification...” It criminalises offences such as illegally accessing and remaining logged into a computer system without lawful excuse or justification, obstructing, interrupting or interfering with the lawful use of computer data and disclosing details of a cybercrime investigation, data espionage, harassment, and interception and system interference. However, some of these offences are already addressed in the Penal Code and the Communications Act (section 44). Like the AU, European Union and SADC Model Laws, the draft Bill provides procedures to determine jurisdiction over criminal offences. In sections 25, the Bill enumerates that “the courts in the Kingdom of Lesotho shall have jurisdiction to try any offence under this Act or any regulations made under it where an act or 5Commissioner of Police appointed by the President in terms of section 112 of the Constitution 6Director-General of the Directorate on Corruption and Economic Crime appointed by the President in terms of section 4 of the Corruption and Economic Crime Act. 23