THE LAW ASSOCIATION OF ZAMBIA’S DISINGENUOUS CHALLENGE TO THE CYBER SECURITY ACT NO. 3 OF 2025 AND CYBER CRIMES ACT NO. 4 OF 2025- A RESPONSE TO LAZ PRESIDENT LUNGISANI ZULU

MEDIA STATEMENT- FOR IMMEDIATE RELEASE
Date: 22/04/2025
By: Dr. Larry Mweetwa

RE: THE LAW ASSOCIATION OF ZAMBIA’S DISINGENUOUS CHALLENGE TO THE CYBER SECURITY ACT NO. 3 OF 2025 AND CYBER CRIMES ACT NO. 4 OF 2025- A RESPONSE TO LAZ PRESIDENT LUNGISANI ZULU

1. Introduction
The Law Association of Zambia (LAZ), in what can only be characterized as an actio popularis masquerading as public interest litigation, has mounted a specious constitutional challenge against Zambia’s cybersecurity framework. This post hoc ergo propter hoc reasoning constitutes nothing short of suppressio veri suggestio falsi – the suppression of truth to suggest falsehood. In the wake of Zambia’s enactment of the Cyber Security Act No. 3 of 2025 and Cyber Crimes Act No. 4 of 2025, the Law Association of Zambia (LAZ) has launched a vociferous opposition under the banner of constitutionalism and civil liberties. Yet a forensic legal examination reveals an egregious case of selective activism, intellectual dishonesty, and mala fide legal posturing. The association’s silence in 2021, when functionally identical provisions were passed under the previous administration, undermines its current critique and exposes a façade of legal neutrality.

2. RES JUDICATA IN PRINCIPLE: LAZ’S GLARING INCONSISTENCY
2.1 Unveiling a Strategic Contradiction
The Law Association of Zambia (LAZ) has launched a constitutional challenge against the Cyber Security Act No. 3 of 2025 and Cyber Crimes Act No. 4 of 2025, claiming they infringe upon civil liberties. However, LAZ’s approach reveals a troubling contradiction. It participated in the drafting process of both Bills, yet now disowns those very frameworks. This reversal, occurring only after a change in government, suggests a legal position driven more by politics than principle.

2.2 Identical Provisions, Different Reactions
A close examination shows that Section 21 of the 2025 Act is nearly identical to Section 67 of the Cyber Crimes Act No. 2 of 2021. Despite this, LAZ made no objections in 2021. It now calls the same provision unconstitutional, raising serious questions about consistency and credibility.

Key Observations:
 Section 21 (2025) and Section 67 (2021) contain the same restrictions on disclosing information related to ongoing investigations.
 LAZ raised no legal challenge in 2021 despite being consulted as a stakeholder.
 Its current opposition coincides with a change in administration, suggesting political motivation.

This inconsistency violates the expectation of consistency in constitutional litigation and suggests that LAZ’s objections are not rooted in constitutional fidelity, but rather in shifting political winds.

2.3 Legal Consequences of LAZ’s Inconsistency
Abuse of Process
LAZ’s challenge could be dismissed under the principle from Henderson v. Henderson (1843), which bars parties from raising in new proceedings issues they could have addressed in earlier ones. This principle supports judicial economy and prevents litigation from being used for strategic manipulation.

Estoppel by Acquiescence
By failing to challenge the 2021 law when it had the opportunity, LAZ may now be estopped from arguing that the identical provision in the 2025 law is unconstitutional. Its sudden reversal undermines the credibility of its current position.

2.4 A Politicised Legal Position
LAZ’s legal arguments appear less grounded in principle and more in expediency. The failure to object in 2021 and the sudden challenge in 2025 demonstrate a lack of consistency and transparency. Such selective outrage tarnishes the integrity of the legal profession and casts doubt on LAZ’s role as a neutral defender of the Constitution.

Recommendations:
 The courts should treat LAZ’s challenge as an abuse of process.
 LAZ must publicly explain its silence in 2021.
 Future constitutional litigation should uphold consistent, principled legal standards, not political maneuvering.
The legal fraternity must guard against the erosion of institutional integrity caused by such disingenuous litigation. The principle of finality in legal process (doctrina finalitatis) must be respected to preserve public confidence in the rule of law.

3. The Protective Nature of Zambia’s Cyber Laws
Contrary to LAZ’s alarmist assertions, Zambia’s Cyber Security and Cyber Crimes legislative framework reflects a deliberate alignment with global legal norms and best practices in digital governance. Far from being sui generis or excessively punitive, the laws are rooted in the traditions of common law systems and inspired by analogous statutes in advanced democratic jurisdictions such as the United States, the United Kingdom, and the European Union.

The primary aim of these laws is to safeguard national security, preserve public order, and protect citizens from the growing threat of cybercrime, misinformation, data breaches, and online harassment. The legal architecture addresses the proliferation of cyber-enabled harms that undermine social cohesion, economic stability, and institutional integrity. It provides mechanisms for deterrence, accountability, and lawful surveillance while ensuring judicial oversight and procedural safeguards.

For instance, prohibitions against unauthorized access to critical infrastructure, deceptive digital communications, and online defamation are not novel legal concepts; they mirror statutory protections found in comparable democracies. Sections such as 5, 6, 19, 22, and 24 of the 2025 Acts share conceptual and structural similarity with laws like the U.S. Espionage Act, CAN-SPAM Act, and the UK’s Official Secrets and Malicious Communications Acts. These are not oppressive enactments but rather necessary legal tools in the modern information era.

In sum, Zambia’s cyber laws are designed to strike a delicate balance between freedom of expression and the need for public protection. The claim that they are draconian lacks merit when viewed through a comparative legal lens. The laws serve as a bulwark against emerging digital threats and position Zambia within the global consensus on cybersecurity, responsible data use, and protection of digital rights.

Comparative Legal Table:
Zambia Provision
U.S. Equivalent
U.K. Equivalent
Legal Rationale
Sec. 5 & 6 (Critical Data)
Espionage Act (18 U.S.C. § 793)
Official Secrets Act 1989
Protection of national security data.
Sec. 19(1)(d) (Deceptive Comms)
CAN-SPAM Act
Fraud Act 2006
Deterrence against phishing & misinformation.
Sec. 22 (Obscene Content)
CA Penal Code §653.2
Malicious Comms Act 1988
Protection against cyber harassment.
Sec. 24(1)(b) (Ethnic Incitement)
18 U.S.C. §2331
Terrorism Act 2006
Criminalization of incitement to violence.
The primary aim of these laws is to safeguard national security, preserve public order, and protect citizens from the growing threat of cybercrime, misinformation, data breaches, and online harassment. The legal architecture addresses the proliferation of cyber-enabled harms that undermine social cohesion, economic stability, and institutional integrity. It provides mechanisms for deterrence, accountability, and lawful surveillance while ensuring judicial oversight and procedural safeguards.

Key Safeguards Embedded in the 2025 Cyber Laws
1. Protection of Critical Infrastructure (Sections 5 & 6) These provisions criminalize the unauthorized access, interference, or disclosure of data related to national security systems, financial institutions, and public utilities. Their purpose is to shield the backbone of Zambia’s economy and public administration from sabotage and cyber espionage.

Comparable statutes include:
 The U.S. Computer Fraud and Abuse Act (CFAA)
 The UK’s Computer Misuse Act 1990
2. Anti-Fraud and Deceptive Communications (Section 19) This section targets the growing threat of phishing scams, deepfake technologies, and fake news campaigns by outlawing fraudulent and misleading digital communications. It is designed to curb financial cybercrime and safeguard online spaces from manipulation.

Comparable statutes include:
 The U.S. CAN-SPAM Act regulating deceptive email practices and other online communication.
 The UK’s Fraud Act 2006
3. Preventing Online Harassment (Section 22)
This provision criminalizes cyberbullying, revenge pornography, and the distribution of defamatory digital content. Contrary to LAZ’s claim of vagueness, the concept of obscenity and harassment is widely interpreted in context by courts across common law jurisdictions.
Comparable statutes include:
 U.S. state-level cyberstalking laws (e.g., California Penal Code § 653.2)
 The UK’s Malicious Communications Act 1988
4. Countering Incitement to Violence (Section 24)
This section addresses ethnic incitement and cyber-terrorism, treating digital hate speech and calls to violence as serious offences. Given the global rise of online radicalisation, this provision acts as a necessary deterrent.

Comparable statutes include:
 The U.S. Anti-Terrorism Act
 The UK’s Terrorism Act 2006
Why These Laws Are Necessary
Cyber threats are transnational and borderless, with Zambia increasingly vulnerable to ransomware attacks, financial scams, and foreign disinformation campaigns. The 2025 Acts are a timely intervention to bolster Zambia’s digital sovereignty and cyber resilience.
Importantly, the laws do not give unchecked powers to authorities. Provisions for judicial oversight, warrants, and clear thresholds for prosecution are embedded to prevent abuse—mirroring the due process standards of advanced legal systems. Moreover, these Acts reflect a broader global trend seen in frameworks such as:
 Germany’s Network Enforcement Act (NetzDG)
 Singapore’s Cybersecurity Act
 The EU’s Digital Services Act
Refuting LAZ’s Mischaracterisations
Section 22 (Obscenity): LAZ argues the law is overly subjective, but courts in the U.S. and UK have long applied a context-sensitive test for obscenity and online harassment. Judicial discretion serves as a safeguard against arbitrary application.
Section 21 (Investigation Gag Orders): LAZ claims this provision restricts transparency. However, similar rules exist under the U.S. Patriot Act and UK national security frameworks, allowing temporary confidentiality to protect investigations.
Section 24 (Ethnic Incitement): LAZ’s concern that this could be politicized ignores that incitement to violence and hate speech is criminalised in virtually all democratic jurisdictions, particularly when linked to terrorism or societal unrest.

LAZ’s portrayal of these laws as “oppressive” is both misleading and unsubstantiated. The Acts are neither aberrant nor excessive—they represent a thoughtful, measured, and internationally-aligned legislative approach. Zambia has chosen to modernize its digital governance framework in step with global democratic practices, reflecting the enduring doctrine: Salus populi suprema lex esto—the welfare of the people shall be the supreme law.
5. The Cybersecurity Agency Under the Presidency: A Global Norm
LAZ has criticized the structural positioning of Zambia’s Cybersecurity Agency under the Office of the President, describing it as an act of executive overreach and a harbinger of politicisation. However, this critique fails to consider established global administrative norms in cybersecurity governance. In fact, the placement of such agencies within the executive branch is not only common—it is strategically necessary.
In the United States, the Cybersecurity and Infrastructure Security Agency (CISA) operates under the Department of Homeland Security (DHS), which is directly accountable to the President. This structure ensures high-level policy coordination and emergency responsiveness, particularly in the event of cyber threats that intersect with national defense, critical infrastructure, and public safety.
Similarly, the United Kingdom’s National Cyber Security Centre (NCSC) is housed within the Government Communications Headquarters (GCHQ), an intelligence agency that falls under the Cabinet Office and ultimately reports to the Prime Minister. This centralization facilitates real-time intelligence integration and rapid threat response.
Zambia’s decision to place its Cybersecurity Agency under the Office of the President mirrors these models mutatis mutandis. It reflects a desire to streamline decision-making, ensure national oversight, and position cybersecurity as a top-tier policy concern. In light of increasing global cyber threats, the need for direct executive coordination is not only justified but strategically sound.
Therefore, LAZ’s argument is a non sequitur—it fails to recognize that executive control over cybersecurity is a standard, not an exception, in modern governance frameworks.

6. Conclusion: Caveat Orator, LAZ
Final Legal Assessment:
The Law Association of Zambia’s current posture is undermined by its own historical inaction. In 2021, LAZ raised no formal objections to legislation that contained virtually identical provisions to those it now denounces. Its sudden and forceful opposition in 2025 smacks of political selectivity rather than principled legal advocacy.

The cybersecurity laws enacted by Zambia are constitutionally defensible, comparatively aligned, and jurisprudentially coherent. They reflect international standards, uphold judicial safeguards, and respond to contemporary cyber threats with proportional legal tools.
Unfortunately, LAZ’s rhetorical strategy appears to prioritize political theatre over substantive legal reasoning. This diminishes its standing as a neutral guardian of constitutionalism and exposes the association to accusations of partisanship and legal inconsistency.

Recommendations:
1. LAZ must issue a mea culpa—an acknowledgment of its failure to act in 2021 when these provisions first entered Zambia’s statute books.

2. Constructive engagement is essential. LAZ should provide amicus curiae support to the courts and participate in judicial review processes grounded in precedent, comparative law, and constitutional fidelity.

3. Abandon argumentum ad passiones—emotional appeals—and adopt argumentum ad judicium, a rational, principle-based approach to constitutional discourse.

In conclusion, until LAZ realigns its advocacy with consistent legal principles and transparent institutional conduct, its objections to Zambia’s cybersecurity framework will remain legally unsound and politically suspect.

The Author is a Cybersecurity & Comparative Law Analyst, A Law Student and a Zambian Concerned Citizen. Dr. Larry L Mweetwa BPharm (ZM), MSc ClinPharm (UK), MSc PM (UK), MSc PV (UK), DBA, PhD (UK)