Cambodia: Ministries should withdraw draft cybersecurity law which would threaten human rights and expose people to increased cyber threats

The International Commission of Jurists (ICJ) and Access Now sent a joint letter and an accompanying legal analysis to Cambodia’s Ministry of Post and Telecommunications and Ministry of Justice, calling for the withdrawal or substantial amendment of its Draft Law on Cybersecurity to bring its provisions in line with international human rights standards.

The draft law, if adopted, would likely undermine the rights to privacy and freedom of expression, while also risking personal security and exposing people to increased cyber threats.

“The Draft Law would require government licenses of cybersecurity services – an excessive provision that would hamper the ability of people and businesses in Cambodia from being able to secure themselves against intrusion into their networks and safeguard their data,” said Golda Benjamin, Asia Pacific Campaigner at Access Now. “Cambodia wants this draft law to deal with malicious cyber activities but in its current form, it will only create a new problem of having a cybersecurity landscape that imposes unreasonable administrative burdens to organizations, including small and medium enterprises and civil society.”

In the legal analysis attached to the joint letter, Access Now and ICJ point out that the vaguely worded and sweeping provisions in the Draft Law may be abused to allow government cybersecurity inspectors overbroad access to private data. It fails to provide for safeguards, but instead would grant a newly created body of cybersecurity inspectors immense power to investigate, observe, monitor, prevent and respond to cybersecurity threats and incidents. The Draft Law also fails to make provision to ensure that cybersecurity inspectors are properly qualified.

“These proposed arrangements are a recipe for executive abuse, especially given that the bill fails to provide for any independent or effective oversight or remedial mechanism to serve as check on governmental conduct and safeguard against any potential overreach,” said Ian Seiderman, Legal and Policy Director at the ICJ. “If this legislation is put forward for adoption, it needs to amended to correct these deficiencies and comply with Cambodia’s international legal obligations and rule of law principles.”

Access Now and ICJ urge Cambodia to strengthen their cybersecurity landscape to deal with malicious cyber activities and ensure that any law, policy, or practice to implement this goal complies with the country’s international human rights obligations. Effective cybersecurity requires a human-centric and human rights respecting approach.


Read the joint letter here, and the joint legal analysis of the Draft Law on Cybersecurity here.


Daron Tan, ICJ Associate International Legal Adviser, e:

AdvocacyAnalysis briefsNewsOpen letters