Cybersecurity Bill by second half of 2021

  • Multiple reasons delays implementation for years


The Cybersecurity Bill which has been in the pipeline for several years is scheduled to be finalised by the Legal Draftsman within three months, The Sunday Morning Business learns.

Speaking to us, Information and Communication Technologies Agency (ICTA) Director and Legal Advisor Jayantha Fernando stated the long-outstanding issue which was dragging through one-and-a-half years has finally been resolved.

“The good news is that the issue is sorted and currently the Ministry of Technology is in the process of presenting the cabinet memorandum to the relevant cabinet ministers,” Fernando added.

According to him, ICTA, together with the Sri Lanka Computer Emergency Readiness Team (SLCERT), has been involved in several discussions with the Ministry of Defence to handle the area of cybersecurity legislation.

Speaking to The Sunday Morning Business, ICTA Chairman Jayantha de Silva stated that the Cybersecurity Bill is currently being drafted by ICTA and SLCERT, together with the Defence Ministry, in order to enforce security on activities based online.

With reference to the Defence Ministry, this legal framework will be introduced under the National Cyber Security Strategy, which will be formulated soon to address emerging cybercrime-related issues that pose a threat to national security.

In January 2020, Defence Secretary Gen. (Retd.) Kamal Gunaratne instructed SLCERT to finalise drafting the proposed Cybersecurity Act in order to establish a comprehensive framework for the prevention and management of cybersecurity threats and incidents effectively, and also for the protection of critical information infrastructure.

“These crimes include cybercrimes such as credit card fraud, revenge, pornography, crimes against property, crimes against hacking and intellectual property theft, and crimes against the government and other organisations such as cyber-terrorism, hacking of websites, processing of unauthorised information, and hacking into sensitive financial data,” a press release by the Ministry of Defence, dated 22 January 2020, affirmed.

Meanwhile, the final draft of the Data Protection Bill, which was recently released to the public after the amendment of key provisions made in the original draft bill, is also scheduled to be presented to the Cabinet of Ministers and thereafter published as an Act in May.

Speaking to The Morning Business in March 2021, Fernando stated: “A high-level implementation task force has recently been appointed to define the roadmap for the implementation of the Data Protection Bill and to identify options for the Data Protection Act (DPA) models.”

The ICTA Director further pointed out that at this stage, it would be a formal public document and further modifications are to be made, while several changes have currently been made to the substantive provisions of the original draft bill released in December 2019, including the rearrangement of key provisions.

“Accordingly, the changes were based on the feedback of a number of stakeholders, including the Central Bank of Sri Lanka (CBSL), the Attorney General’s Department, and the Ministry of Justice,” he added.