Lesotho stands at the threshold of a digital governance transformation. The Computer Crime and Cyber Security Bill, 2024 promises to strengthen cyber-crime prevention and enhance state capacity to respond to online threats. Yet, this legislative momentum risks being undermined by provisions that blur the line between legitimate cybersecurity enforcement and unlawful intrusion into private life.
Across the continent, the African Union Convention on Cyber Security and Personal Data Protection (the “Malabo Convention”) has emerged as a model framework for achieving equilibrium between digital security and human rights. As Africa’s courts, regulators, and civil society actors increasingly reference the Convention’s principles, Lesotho finds itself well-placed, both legally and institutionally, to lead the next wave of rights-based cyber reform in Southern Africa.
This article argues that Lesotho should not only ratify the Malabo Convention but position itself as a regional champion of cyber-rights, demonstrating that effective cybersecurity can coexist with constitutionalism, transparency, and human dignity.
The African Digital Governance Landscape
The Malabo Convention’s Vision
Adopted in 2014, the Malabo Convention is the first continental treaty to merge cybersecurity, personal-data protection, and e-commerce under a unified rights-based framework. It establishes clear obligations for States Parties to:
- enact cybercrime legislation grounded in legality and proportionality;
- establish independent data-protection authorities; and
- ensure judicial and procedural oversight of digital surveillance measures.
By integrating human rights into technical regulation, the Convention reflects a uniquely African understanding of digital sovereignty, one that values both security and freedom.
Africa’s Patchwork of Adoption
As of 2025, only a limited number of AU Member States have ratified the Malabo Convention. Countries such as Ghana, Kenya, and Mauritius have aligned domestic data-protection laws with Malabo standards, while others, including Lesotho, remain at the drafting or consultation stage. This uneven implementation has created regulatory fragmentation across SADC, complicating cross-border investigations, data transfers, and enforcement cooperation.
Lesotho’s Domestic Framework: Strengths and Gaps
The Data Protection Act 2012: A Missed Opportunity
Lesotho was among the first SADC states to enact a data-protection statute, predating even South Africa’s POPIA. However, the Data Protection Act 2012 has suffered from institutional dormancy, the Data Protection Commissioner has not been fully operationalised, and many implementing regulations remain unissued. As a result, privacy protections exist largely on paper.
The Computer Crime and Cyber Security Bill, 2024
The Bill addresses offences such as phishing, identity theft, and unlawful data interception. Yet its surveillance provision (section 66) allows the remote installation of monitoring software without adequate judicial control, an approach that risks contravening both section 11 (privacy) and section 14 (freedom of expression) of Lesotho’s Constitution, as well as Malabo’s proportionality requirement (Article 8).
The challenge, therefore, is not the absence of law, but the absence of rights-conscious implementation.
Why Lesotho Should Lead
Strategic Position within SADC
Lesotho’s geographic and legal ties to South Africa give it a unique bridge role. By harmonising its cyber-law framework with the Malabo Convention, Lesotho could facilitate cross-border data cooperation while serving as a testing ground for regionally consistent digital-rights standards. Leadership in this domain would also align with SADC’s Model Law on Data Protection (2013) and the AU’s Agenda 2063 aspirations.
A Constitutional Culture of Rights
Lesotho’s post-1993 Constitution entrenches a strong Bill of Rights and judicial independence. The High Court and Court of Appeal have developed a modest but credible body of constitutional jurisprudence on proportionality, reasonableness, and legality. This rights-conscious tradition positions the country to adopt a constitutionalised model of cybersecurity that others can emulate.
Diplomatic and Economic Incentives
A rights-based cyber framework enhances investor confidence in the ICT and fintech sectors. It also improves eligibility for international partnerships, including Smart Africa, UN E-Government Index initiatives, and OECD digital-trust programmes. For a small, land-linked economy seeking to attract digital-service investment, trust is currency and alignment with Malabo signals precisely that.
Towards a Lesotho-Malabo Roadmap
To translate aspiration into reform, Lesotho could pursue the following policy steps:
- Ratify and domesticate the Malabo Convention through a dedicated implementation Act incorporating its rights guarantees into national law.
- Operationalise the Data Protection Authority, ensuring independence and enforcement powers.
- Introduce human-rights impact assessments for all surveillance measures under the 2024 Bill.
- Adopt transparent reporting obligations on cyber-crime investigations and data interception.
Foster regional cooperation with SADC and AU structures for mutual legal assistance and capacity-building.
Comparative Lessons
Kenya demonstrates how political will and institutional independence can make data-protection enforcement credible through its Office of the Data Protection Commissioner (ODPC).
South Africa illustrates the benefits of synchronising cybersecurity (Cybercrimes Act 2020) and privacy (POPIA 2013) under coordinated oversight.
Mauritius offers a mature model of regional cooperation through its Data Protection Office and active participation in African cyber-policy fora.
Lesotho can adapt these models while maintaining its unique constitutional identity.
Leading Through Rights
The journey from Maseru to Malabo is more than a metaphor, it is a strategic pathway towards a future in which Lesotho’s digital governance is both secure and principled. True leadership in cybersecurity will not be measured by the number of arrests or prosecutions but by how faithfully the state preserves privacy, dignity, and freedom in the digital age.
By ratifying the Malabo Convention and embedding its values into national law, Lesotho can redefine itself as a regional pioneer, proving that in Africa’s technological awakening, security and human rights are not opposing forces but twin pillars of democratic resilience.