Court nullifies 10 provisions of Computer Misuse Law over rights violations

Uganda's Constitutional Court has delivered a landmark ruling that invalidates 10 provisions of the Computer Misuse and Cybercrimes Act, citing fundamental violations of constitutional rights and inadequate public participation in the legislative process. This decision represents a significant shift in East Africa's regulatory environment for digital businesses and has immediate implications for European investors assessing market entry and operational risks in Uganda's growing technology sector. The court's determination that public consultation was insufficient during the Act's passage underscores a broader principle gaining traction across African jurisdictions: that digital legislation affecting fundamental freedoms requires transparent, inclusive democratic processes. This judgment aligns Uganda with emerging global standards on digital rights while simultaneously creating a period of regulatory uncertainty that investors must carefully navigate. The struck-down provisions reportedly included several restrictive clauses that had created operational challenges for technology companies, telecommunications providers, and digital service platforms. These restrictions had imposed vague liability frameworks and surveillance-enabling mechanisms that exceeded reasonable data security and cybercrime prevention requirements. European investors operating under GDPR and similar stringent data protection regimes had already flagged these provisions as incompatible with their compliance obligations, creating a friction point in market entry strategies. For the broader East African technology ecosystem, Uganda's