Senators have approved a comprehensive Cybercrime Act designed to modernize the country’s digital and cybersecurity legal framework, boost enforcement against internet fraud and align national law with regional and international standards.
The bill was passed with amendments during a regular Senate sitting. In its report, the joint committee on Post and Telecommunications, Judiciary and Claims and Petition said its review was informed by public hearings and benchmarking against regional and global frameworks, including standards from ECOWAS, the African Union and other West African best practices.
The committee said proposed revisions are intended to enhance oversight, accountability, international cooperation, data protection and enforcement.
Key institutional and administrative changes
- The legislation strengthens the Liberia National Cyber Security Council (LNCC) by adding the Financial Intelligence Agency (FIA) as a permanent voting member. The revised council composition names the Ministry of Posts as chair and the Ministry of Justice as co chair, with membership to include Finance, Defense, the Central Bank of Liberia, the Liberia Revenue Authority, the National Security Agency, the Liberia Telecommunications Authority, the Liberia Computer Emergency Response Team (LCERT), two private sector representatives and one civil society member.
- The committee also recommended that LCERT be funded through the national budget, with its allocation presented under the annual budget of the Ministry of Posts and Telecommunications for legislative approval.
- International cooperation and technical standards
- A new provision calls for Liberia to accede to and implement international instruments such as the Budapest Convention on Cybercrime and the African Union Malabo Convention, promoting cross border cooperation on cybercrime investigations and prosecutions.
- LCERT will be empowered to publish mandatory technical cybersecurity standards, including Advanced Encryption Standard (AES 256), Transport Layer Security (TLS 1.2 or higher), and compliance with ISO/IEC 27001 or NIST frameworks, along with requirements for regular security audits and penetration testing.
Sectoral compliance and enforcement
The act requires sector specific cybersecurity measures for financial institutions, telecommunications providers and healthcare facilities, and mandates collaboration between LCERT and relevant regulators to enforce those standards.
The bill tightens rules on digital evidence: courts must authorize access through warrants, and evidence must maintain chain of custody, authenticity and integrity. The Ministry of Justice and LCERT are tasked with issuing forensic procedures.
Institutions will be required to report data breaches to LCERT within 72 hours and to promptly notify affected individuals. Penalties will apply for failures to report.
A whistleblower protection clause shields individuals who report cybercrimes in good faith from liability and retaliation and makes retaliation against whistleblowers a criminal offense.
Powers and offenses
The act defines a range of cyber offenses — including unauthorized access, data interference, identity theft and distribution of harmful digital content — and grants procedural powers for search, seizure, data preservation and interception of electronic communications, subject to court warrants.
Senators and committee members said the amended Cybercrime Act of 2025 will give Liberia a legally sound, internationally aligned framework to address emerging digital threats, secure national systems and protect citizens’ rights in cyberspace.
The legislation aims to provide a unified legal, regulatory and institutional basis for preventing, detecting, prosecuting and punishing cybercrimes while safeguarding critical information infrastructure and privacy.
