Online safety & content laws in eSwatini (2026)

In force from 4 March 2022, the Act criminalises hacking, data interference, cyberbullying, child sexual exploitation material, and cyberterrorism. It empowers ESCCOM as the national cybersecurity agency and establishes a National Cybersecurity Advisory Council. Civil society has flagged broad provisions as capable of being used to silence activists and journalists.

Also in force from 4 March 2022, the Act governs collection, processing and disclosure of personal data. ESCCOM enforces compliance and may impose administrative fines of up to E5 million (approx. USD 268,000) for breaches by data controllers.

Regulates electronic transactions, e-government services, and electronic communications. Establishes legal equivalence for electronic documents and signatures. The Act was gazetted in March 2022; as of mid-2022 it had not yet been formally brought into operational force by commencement notice, though ESCCOM lists it as part of the current legislative suite.

Established under the Swaziland Communications Commission Act No. 10 of 2013 and operational since 31 July 2013, ESCCOM oversees telecommunications, broadcasting, postal services, spectrum management, internet regulation, and — since 2022 — national cybersecurity coordination including the National Computer Incident Response Team (szCIRT).

In June–October 2021, the government directed ESCCOM to instruct ISPs and mobile operators (including MTN) to cut access to Facebook, Twitter, WhatsApp, Instagram, and WeChat during pro-democracy protests. Civil-society organisations and the ICJ characterised the shutdowns as illegal; dozens of protesters were killed during the blackouts. No comprehensive legal prohibition on such shutdowns has since been enacted.

Published by ESCCOM, the strategy sets five goals: securing critical information infrastructure, strengthening governance and legislative frameworks, building national capacity, fostering a safe information society, and deepening regional/international cooperation. It does not introduce platform-liability or age-verification obligations equivalent to the EU DSA or UK Online Safety Act.