Home » Blog » Digital Evidence in South African Criminal Proceedings: Admissibility Challenges Underthe Cybercrimes Act and POPIA in Light of International Criminal Law Standards

Digital Evidence in South African Criminal Proceedings: Admissibility Challenges Underthe Cybercrimes Act and POPIA in Light of International Criminal Law Standards

Authored By: Sinethemba Makoboko

University of Fort Hare

1. Introduction

Digital materials such as messages from WhatsApp, Facebook, X (formerly Twitter), and Instagram, along with audio files, metadata, and online content, now play a central role in South African criminal trials. Successful prosecutions based mainly on electronic records under the Cybercrimes Act demonstrate their growing usefulness.1 However, this type of evidence can easily be altered, copied, or falsified — for example through deepfakes — which creates significant risks during trials.

South Africa’s laws, including section 15 of ECTA, Chapter 7 of the Cybercrimes Act, and POPIA’s strict privacy rules, must balance the constitutional right to privacy (section 14) with the right to a fair trial (section 35).2 These rules must also align with South Africa’s obligations under the Rome Statute, which addresses reliable evidence and proper procedure.3

This article argues that although the law has improved, weaknesses remain in forensic support, judicial guidance on new technologies, and the balancing of privacy against effective investigation. Part 2 reviews the domestic legal framework and relevant case law; Part 3 examines practical challenges; Part 4 considers international standards; Part 5 identifies gaps; Part 6 offers recommendations; and Part 7 concludes.

2. The Existing Domestic Legal Framework and Relevant Cases

2.1 The Electronic Communications and Transactions Act 25 of 2002

Section 15 of ECTA provides that electronic messages cannot be rejected merely because they are in digital form. This gives digital evidence the same basic status as paper documents.4 The provision was introduced to address the difficulties courts faced when applying paper-based evidentiary rules to electronic information. Section 15 has helped South African courts admit digital evidence, but courts must still assess relevance and reliability using ordinary evidentiary rules. For example, in Ndlovu v Minister of Correctional Services and Another 2006 4 All SA 165 (W), the court made clear that ECTA does not render digital messages automatically admissible — the party tendering the evidence must still satisfy the general requirements for admissibility.5

This creates difficulties in urgent cyber investigations. While ECTA makes it easier to accept evidence in electronic format, the absence of detailed certification rules leaves such evidence open to challenge by the defence.

2.2 The Law of Evidence Amendment Act 45 of 1988

The Law of Evidence Amendment Act 45 of 1988 assists by allowing hearsay evidence to be admitted where the court finds it reliable and in the interests of justice.6 Section 3(1) gives courts a discretion, after considering factors including the nature of the proceedings, the nature and purpose of the evidence, its probative value, the reasons the original maker of the statement is not called, and any prejudice to the parties.7

A landmark illustration is S v Ndiki and Others [2007] 2 All SA 185 (Ck), in which Van Zyl J distinguished between computer records produced mechanically, which are treated as real evidence, and those containing human statements, which are treated as hearsay. The court emphasised the need for a case-by-case approach: machine-generated evidence carries a presumption of reliability where human input is minimal, while human-created content must satisfy the hearsay exceptions.8

This approach remains useful but faces new challenges from modern technology. Defence lawyers can question system reliability or the application of the hearsay rules, particularly in relation to AI-generated or deepfake content, making expert evidence on forensic standards — such as ISO/IEC 27037 — increasingly essential.9

2.3 The Cybercrimes Act 19 of 2020 (Search and Seizure)

The Cybercrimes Act 19 of 2020 is the most significant update to South Africa’s law on cyber offences and digital evidence. Sections 26–29 govern the search and seizure of electronic items, while Chapter 7, including section 53, allows for admissibility through affidavits confirming system reliability and data integrity.10

In an early and important case, the prosecution of Philani Gumede in the Durban Regional Court relied on WhatsApp voice notes obtained under a cyber warrant.11 Police obtained a customised warrant to examine Gumede’s phone, and the matter concluded with a guilty plea. This demonstrated the Act’s value in closing earlier evidentiary gaps, but it also highlighted practical problems: judicial warrants protect privacy but can slow down fast-moving investigations. Unlike quicker international mechanisms, such as the EU e-Evidence Regulation, South Africa’s approach may remain underused because of limited training and resources.12

2.4 Protection of Personal Information Act 4 of 2013 (POPIA)

POPIA imposes strong obligations relating to consent, purpose limitation, and data security. These obligations often conflict with the needs of investigations conducted under the Cybercrimes Act.13 Section 6(1) allows limited exceptions for bodies such as the South African Police Service (SAPS) when investigating offences, but only where other legislation provides adequate protection.14 In De Jager v Netcare Limited and Others [2025] ZAGPPHC 141, the court accepted surveillance evidence after balancing privacy against fairness, while ordering the removal of unrelated personal data from the record.15

However, the narrow scope of these exceptions often requires court approval, which can delay proceedings. Measured against international standards, such as the ICC’s evidentiary rules, this creates additional burdens, particularly in cross-border matters, and points to the need for clearer guidance balancing privacy and effective law enforcement.16

3. Practical Challenges in Admissibility and Reliability

A major difficulty is maintaining an unbroken chain of custody for digital evidence, from the moment of seizure until it is presented in court.17 Even with the powers granted under sections 26–29 of the Cybercrimes Act, investigators face difficulties in environments where data can be remotely altered or deleted.

In Mohapi Thabo and Another v The State (A41/2024) [2026] ZAGPJHC (21 May 2026), the court emphasised that cell-phone and call-data records are only reliable as real evidence if the method of their creation is properly explained through witness testimony.18 This requirement exposes a systemic vulnerability: inadvertently powering a seized device on or off, as highlighted in practical analyses of early Cybercrimes Act applications, can irretrievably compromise metadata or trigger a remote wipe, rendering the evidence inadmissible or reducing its evidentiary weight.19

Authentication is a further serious issue, given that deepfake and AI-generated content weakens trust in digital records.20 Building on the distinction drawn in Ndiki, courts continue to separate machine-produced evidence from human statements, but emerging technology makes this distinction harder to apply. Defence teams increasingly demand detailed verification of hash values and data origins. POPIA’s integrity requirements add further pressure, even where law-enforcement exemptions apply.21 Compared with jurisdictions that have clear certification systems, South African cases often involve lengthy admissibility arguments that delay justice.22

4. International Criminal Law Standards

International criminal law establishes robust standards for the admissibility of digital evidence, emphasising authenticity, integrity, reliability, and respect for fair-trial rights. The Budapest Convention on Cybercrime (2001), to which South Africa is a signatory but which it has not yet ratified, provides a foundational framework through Articles 16–21, requiring the expedited preservation of stored computer data and enabling mutual legal assistance for cross-border access.23

These provisions prioritise a rapid response in volatile digital environments while requiring procedural safeguards against arbitrary interference. At the International Criminal Court, Rule 63(2) of the Rules of Procedure and Evidence and the e-Court Protocol require metadata attachment, chain-of-custody documentation, and verification of authenticity, ensuring probative value without compromising confidentiality or accuracy.24 These standards reflect a proportionality approach that balances investigative efficacy with human-rights protection, offering a benchmark against which domestic regimes such as South Africa’s can be measured.

Supporting technical guidance includes ISO/IEC 27037:2012 on the proper handling of digital evidence.25 The EU’s e-Evidence Regulation (2023/1543) provides for expedited cross-border data orders while protecting privacy under the GDPR.26 These examples underscore the importance of trained experts and standardised procedures — areas in which many developing countries, including South Africa, still face challenges. Closer alignment would support both international cooperation and compliance with sections 14 and 35 of the Constitution.

5. Comparative Analysis and Gaps

Measured against these international benchmarks, a comparative analysis reveals that while South Africa’s Cybercrimes Act 19 of 2020 draws inspiration from the Budapest Convention, particularly in its search-and-seizure powers under sections 26–29 and its admissibility affidavits under Chapter 7, it lags behind in operational mechanisms for cross-border cooperation and rapid data preservation.27 Unlike the EU’s e-Evidence framework, which enables direct judicial orders to service providers, bypassing lengthy mutual legal assistance treaty processes, South African law relies heavily on traditional mutual-assistance channels, often resulting in delays that compromise ephemeral digital evidence.28 This exposes a structural shortfall: South Africa’s framework excels in substantive offence coverage but underperforms in harmonising admissibility standards for AI-manipulated or cloud-based evidence.

Further gaps emerge in the balancing of privacy against investigative needs, and in capacity. POPIA’s narrow exemptions under section 6(1)(c) impose heavier compliance burdens than the more flexible safeguards found in the Budapest Convention’s Second Additional Protocol or in ICC guidelines, potentially deterring the proactive use of digital evidence in fast-moving cases.29 Training and resource deficits, as noted in ISS analyses, hinder the consistent application of ECTA section 15 and the 1988 hearsay provisions, compared with the accredited forensic ecosystems found in the UK or US.30

These disparities risk South Africa falling short of international benchmarks in complex prosecutions, undermining both domestic efficacy and regional leadership in African cyber governance, and highlight the need for legislative refinement to close the implementation gap.

6. Recommendations

South Africa should ratify the Budapest Convention and its Second Additional Protocol without delay. The Cybercrimes Act should be amended to require standardised forensic imaging and improved section 53 affidavits based on ISO/IEC 27037.31 Clearer guidance from the Information Regulator on POPIA’s application would reduce delays while continuing to protect individual rights.32

Greater investment is needed in SAPS forensic laboratories accredited by SANAS, and in training police, prosecutors, and judicial officers on new technologies.33 Partnerships with private companies for data preservation, modelled on EU practice, would also help. These changes would strengthen the handling of digital evidence and position South African law as a positive example within the Global South.

7. Conclusion

The admissibility of digital evidence in South African criminal proceedings remains a dynamic interplay between progressive legislation, such as the Cybercrimes Act, and enduring practical, privacy, and capacity challenges under POPIA. While ECTA and the 1988 Amendment Act provide a foundational equivalence between digital and paper-based evidence, judicial scrutiny in cases such as Ndiki and Mohapi underscores persistent vulnerabilities in authenticity and reliability amid technological change. Measured against international standards from the Budapest Convention and the ICC’s framework, South Africa’s regime demonstrates commendable alignment in principle but reveals critical gaps in execution that risk undermining effective prosecutions.

Ultimately, addressing these issues through ratification, capacity-building, and legislative fine-tuning will be pivotal. By embracing proportionality and international best practice, South Africa can harness digital evidence as a powerful tool for justice while safeguarding constitutional values, thereby contributing meaningfully to global cybercrime governance.

Reference(S):

Legislation

  • Cybercrimes Act 19 of 2020.
  • Electronic Communications and Transactions Act 25 of 2002.
  • Law of Evidence Amendment Act 45 of 1988.
  • Protection of Personal Information Act 4 of 2013.
  • Rome Statute of the International Criminal Court (adopted 17 July 1998, entered into force 1 July 2002) 2187 UNTS 90.

EU Secondary Legislation

  • Regulation (EU) 2023/1543 on European Production and Preservation Orders for electronic evidence.

Cases

  • De Jager v Netcare Limited and Others [2025] ZAGPPHC 141.
  • Mohapi Thabo and Another v The State (A41/2024) [2026] ZAGPJHC (21 May 2026).
  • Ndlovu v Minister of Correctional Services and Another 2006 4 All SA 165 (W).
  • S v Gumede (Durban Regional Court, unreported, 2023).
  • S v Ndiki and Others [2007] 2 All SA 185 (Ck).

Journal Articles

  • Mabeka NQ, ‘Interpreting the provisions of the Cybercrimes Act’ (2023) Speculum Juris.
  • Mtuze SS ka, ‘An overview of cybercrime law in South Africa’ (2023) International Cybersecurity Law Review.

Theses

  • Swales L, ‘Presumptions and Electronic Evidence in South Africa’ (LLM Thesis, University of Cape Town 2019).

Reports and Guidelines

  • Institute for Security Studies, ‘Digital Evidence – A Step Forward for South Africa’ (11 September 2023) issafrica.org, accessed 26 May 2026.
  • ISO/IEC 27037:2012, Guidelines for identification, collection, acquisition and preservation of digital evidence.
  • Kalshoven-Gieskes Forum, Leiden Guidelines on the Use of Digitally Derived Evidence in International Criminal Courts and Tribunals (2022) leiden-guidelines.com, accessed 26 May 2026.
  • South African National Accreditation System (SANAS) guidelines.
  • UNODC, ‘Digital Evidence Admissibility’ unodc.org, accessed 26 May 2026.

Online Articles/Commentary

  • Mayet Law, ‘Deepfakes and Digital Evidence in South Africa’ (19 March 2026).

Note(S):

  1. Institute for Security Studies, ‘Digital Evidence – A Step Forward for South Africa’ (11 September 2023) issafrica.org, accessed 26 May 2026.
  2. Electronic Communications and Transactions Act 25 of 2002, s 15; Cybercrimes Act 19 of 2020, ch 7; Protection of Personal Information Act 4 of 2013.
  3. Rome Statute of the International Criminal Court (adopted 17 July 1998, entered into force 1 July 2002) 2187 UNTS 90, art 69(4).
  4. Electronic Communications and Transactions Act 25 of 2002, s 15.
  5. Ndlovu v Minister of Correctional Services and Another 2006 4 All SA 165 (W).
  6. Law of Evidence Amendment Act 45 of 1988.
  7. Law of Evidence Amendment Act 45 of 1988, s 3(1).
  8. S v Ndiki and Others [2007] 2 All SA 185 (Ck) paras 7–12.
  9. ISO/IEC 27037:2012, Guidelines for identification, collection, acquisition and preservation of digital evidence.
  10. Cybercrimes Act 19 of 2020, ss 26–29 and s 53.
  11. S v Gumede (Durban Regional Court, unreported, 2023).
  12. Regulation (EU) 2023/1543 on European Production and Preservation Orders for electronic evidence.
  13. Protection of Personal Information Act 4 of 2013.
  14. Protection of Personal Information Act 4 of 2013, s 6(1).
  15. De Jager v Netcare Limited and Others [2025] ZAGPPHC 141, paras 28–35.
  16. International Criminal Court, Rules of Procedure and Evidence, Rule 63(2).
  17. Standard Operating Procedures in the Cybercrimes Act, s 26.
  18. Mohapi Thabo and Another v The State (A41/2024) [2026] ZAGPJHC (21 May 2026).
  19. Institute for Security Studies, ‘Digital Evidence – A Step Forward for South Africa’ (11 September 2023).
  20. Mayet Law, ‘Deepfakes and Digital Evidence in South Africa’ (19 March 2026).
  21. Protection of Personal Information Act 4 of 2013, s 6(1).
  22. Mtuze SS ka, ‘An overview of cybercrime law in South Africa’ (2023) International Cybersecurity Law Review.
  23. Council of Europe, Convention on Cybercrime (Budapest Convention), ETS No. 185 (2001), arts 16–21.
  24. International Criminal Court, Rules of Procedure and Evidence, Rule 63(2).
  25. Mabeka NQ, ‘Interpreting the provisions of the Cybercrimes Act’ (2023) Speculum Juris.
  26. Regulation (EU) 2023/1543 on European Production and Preservation Orders for electronic evidence.
  27. Mabeka NQ, ‘Interpreting the provisions of the Cybercrimes Act’ (2023) Speculum Juris.
  28. Mohapi Thabo and Another v The State (A41/2024) [2026] ZAGPJHC (21 May 2026).
  29. Protection of Personal Information Act 4 of 2013, s 6(1)(c); Second Additional Protocol to the Budapest Convention (2022).
  30. Institute for Security Studies, ‘Digital Evidence – A Step Forward for South Africa’ (11 September 2023).
  31. Cybercrimes Act 19 of 2020.
  32. Protection of Personal Information Act 4 of 2013.
  33. South African National Accreditation System (SANAS) guidelines.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top