Four Laws, One Oversight Gap
On July 1, 2026, MISA Zimbabwe published a rights-based analysis of four laws reshaping Zimbabwe's digital ecosystem: the Cyber and Data Protection Act (2021), the amended Broadcasting Services Act, the Postal and Telecommunications Amendment Bill 2025, and the National AI Strategy 2026–2030. The analysis is broadly supportive of Zimbabwe's digital modernisation agenda. The AI Strategy's grounding in Ubuntu principles and the Broadcasting Act's shift toward co-regulation are treated as genuine steps forward. That makes the authors' alarm over one particular provision — Section 93L of the Postal and Telecommunications Amendment Bill — all the more striking.
Section 93L permits private companies and their employees to detain communications on mere suspicion, with only retrospective authorisation from the Prosecutor-General. No prior judicial warrant is required. MISA finds this arrangement in direct tension with Section 57 of Zimbabwe's 2013 Constitution, which guarantees every person the right to privacy, explicitly including the right not to have "the privacy of their communications infringed." Any limitation on that right must, under Section 86(2), be "fair, reasonable, necessary and justifiable in a democratic society" — a threshold that retrospective executive sign-off does not meet.
The Strongest Case for the Bill
It would be wrong to dismiss the Bill as a surveillance vehicle dressed up in modernisation language. The legislation has real merit. It expands definitions of regulated services to include digital platforms, mandates infrastructure sharing to promote competition, and broadens the Universal Service Fund (USF) to extend connectivity to underserved communities. Zimbabwe's POTRAZ data for Q4 2025 shows 13.25 million active internet subscriptions and a penetration rate of 84.55%, up from 82.87% the previous quarter — connectivity that the Bill's infrastructure provisions aim to sustain and extend. Legislators can reasonably argue that private operators, who already manage network infrastructure, need rapid-response authority to contain malicious traffic or cybersecurity threats without waiting for a court.
That argument has some merit for narrow, time-critical technical interventions. The problem is that Section 93L does not confine itself to that scope. The threshold is "mere suspicion" — a standard far below the "reasonable grounds" required even under Zimbabwe's existing Interception of Communications Act (ICA) [Chapter 11:20]. And the authorisation comes after the fact, from the Prosecutor-General, not a court.
A Pattern, Not an Exception
Section 93L does not stand alone. It slots into a surveillance architecture that was already structurally weak before this Bill arrived. A 2024 Oxford Academic analysis of the ICA found that Section 5 of that Act vests warrant-issuance authority in the Minister of Transport and Communications rather than an independent judicial authority — a separation-of-powers problem the 2013 Constitution was supposed to resolve. The ICA has remained unamended since 2007. Scholars writing in the Statute Law Review found that the Act provides no specific safeguards when surveillance targets journalists or lawyers, no mandatory notification procedures, and no data protection protocols for intercepted communications.
The Cyber and Data Protection Act (2021) added another layer: it established a Cyber Monitoring Centre as the sole facility through which authorised interceptions may occur. That centre sits under the Office of the President. The Global Network Initiative's country profile for Zimbabwe confirms that there is no judicial oversight of government surveillance at the time of warrant application under the ICA framework. The new Bill's Section 93L would expand this executive-controlled model to private-sector actors, on a lower evidentiary threshold, without any independent oversight at the point of interception.
Who Gets Detained
When communications infrastructure is this exposed, the people most at risk are not abstract — they are journalists, political opposition figures, civil society activists, and the sources who speak to them. Zimbabwe's press freedom record provides context. The Broadcasting Services Amendment, while nominally co-regulatory, still gives the Broadcasting Authority of Zimbabwe (BAZ) powers that critics say can be directed at critical voices. Layering warrantless private-sector interception onto that environment creates a chilling effect across the entire digital public square, not just in state-run channels.
Zimbabwe is also among 39 African Union member states that have not ratified the Malabo Convention — the AU Convention on Cyber Security and Personal Data Protection — despite being a signatory. The Convention, which entered into force in June 2023 after its 15th ratification, requires that privacy intrusions be lawful, necessary, and proportionate, with independent oversight. Non-ratification leaves Zimbabwe without that external accountability anchor even as domestic law stacks interception authority across multiple institutions.
What Proportionate Regulation Looks Like
The USF diversion embedded in the same Bill is a related concern: directing 10% of Universal Service Fund revenue to the Ministry for government infrastructure initiatives reduces resources available for public connectivity programmes — trading a public good for an executive budget line. Both problems — the surveillance gap and the fund diversion — reflect a broader pattern of consolidating digital governance authority in the executive branch without adequate checks.
None of this requires abandoning the Bill. MISA's analysis explicitly endorses the AI Strategy and the co-regulatory broadcasting framework as templates for how reform can be done with rights-based principles intact. The fix for Section 93L is straightforward in legal drafting terms: replace retrospective Prosecutor-General authorisation with a prior judicial warrant requirement, confine the scope to defined cybersecurity threats with proportionality criteria, and add mandatory logging and periodic parliamentary review. Zimbabwe's AI Strategy itself calls for ethical, inclusive governance — that standard should apply to the telecom law sitting in the same legislative package.
Modernising digital infrastructure is an unambiguous public good. Doing so while embedding warrantless interception powers that bypass the Constitution's own privacy guarantees is not a necessary trade-off. It is an avoidable one.