Skip to main content
SpringerLink
Log in

Looking towards Europe? Assessing the prospects of the ECOWAS Cybersecurity Strategy in promoting responsible state behavior

  • Original Paper
  • Published:
International Cybersecurity Law Review Aims and scope Submit manuscript

Abstract

In 2021, the Economic Community of West African States (ECOWAS) adopted a regional Cybersecurity Strategy with a view to promoting cybersecurity governance within the West Africa region. However, questions arise as to the prospects of the Cybersecurity Strategy in enhancing the development of norms for responsible state behavior amongst Member States of the ECOWAS. This paper discusses the prospects of the ECOWAS Cybersecurity Strategy in enhancing the development of norms for responsible State behavior amongst States in West Africa. Against the background of earlier cybersecurity governance frameworks established by the ECOWAS, the paper analyzes the Strategy and explores its prospects and limits in promoting the development of norms for responsible state behavior within the ECOWAS region. In so doing, the paper considers challenges to the development of norms for responsible State behavior within the framework of the ECOWAS Cybersecurity Strategy. In particular, the paper finds that poor implementation of Community frameworks have been a challenge in the ECOWAS and suggests that this challenge will impede the Strategy in promoting the development of norms for responsible State behavior within the region. The paper further identifies comparative examples from the European context by considering the adaptation of measures from European Union regimes to enhance the development of norms for responsible State behavior within the ECOWAS framework.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. See The Council of Europe Convention on Cybercrime, 41 I.L.M. 282 (Budapest, 23 November, 2001).

  2. See The African Union (AU) Convention on Cyber Security and Personal Data Protection, (EX.CL/846(XXV)). (Malabo, 27 June, 2014).

  3. See Directive 2013/40/EU of 12 August 2013 on Attacks against Information Systems, Official Journal of the European Union, 218/8 (14 August, 2013).

  4. See Agreement between the Governments of Member States of the Shanghai Cooperation Organization on Cooperation in the Field of international Information Security (16 June, 2009).

  5. See ECOWAS Directive C/DIR.1/08/11 on Fighting Cybercrime, adopted at the Sixty Sixth Ordinary Session of the ECOWAS Council of Ministers at Abuja, Nigeria (19 August, 2011).

  6. See Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (Brussels, 7.2.2013), and Joint Communication to the European Parliament and the Council, The European Union Cybersecurity Strategy for the Digital Decade (Brussels, 16.12.2020).

  7. See ECOWAS Directive C/DIR.1/01/2021 Relating to the Adoption of the Regional Cybersecurity and Cybercrime Strategy, adopted 85th Ordinary Session of the ECOWAS Council of Ministers (21st January, 2021), available at <https://tit.comm.ecowas.int/wp-content/uploads/2022/03/DIRECTIVE-CYBERSECURITY-STRATEGY-ENG.pdf> last accessed on 12 November, 2023.

  8. See The Council of Europe Convention on Cybercrime, 41 I.L.M. 282 (Budapest, 23 November, 2001).

  9. See Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (Brussels, 7.2.2013).

  10. See Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December, 2022 on Measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No. 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive), Official Journal of the European Union, 333/80 (27 December, 2022).

  11. See Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April, 2019 on ENISA (the European Union Agency for Cybersecurity) on Information and Communications Technology Cybersecurity Certification and repealing Regulation (EU) No. 526/2013 (Cybersecurity Act).

  12. See Uchenna Jerome Orji, “Regionalizing Data Protection Law: A Discourse on the Status and Implementation of the ECOWAS Data Protection Act”, International Data Privacy Law 7, no.3, (2017), 179–189.

  13. See Uchenna Jerome Orji, “Towards the Harmonization of E‑commerce Laws in West Africa: A Comparative Analysis of the ECOWAS Electronic Transactions Act”, International Company and Commercial Law Review 29, no. 6, (2018), 373–391.

  14. See Uchenna Jerome Orji, “Harmonizing the Regulation of Access to Submarine Cable Landing Stations in the ECOWAS: A Review of Regulation C/REG/06/06/12154”, Computer and Telecommunications Law Review 23 no. 6, (2017), 154–163.

  15. See Uchenna Jerome Orji, “An Inquiry into the Legal Status of the ECOWAS Cybercrime Directive and the Implications of its Obligations for Member States”, Computer Law & Security Review, 35, no. 6, (2019), 1–16.

  16. The Black’s Law Dictionary 9th Edition (United States, West Group, 2004), 1159–1160.

  17. See Andrijana Gavrilovic, ‘What is Responsible Behavior in Cyberspace’, Diplo (30 October, 2018), available at <https://www.diplomacy.edu/blog/webinar-%E2%80%98what-responsible-behaviour-cyberspace%E2%80%99> last accessed on 12 November, 2023.

  18. Ibid.

  19. See Uchenna Jerome Orji, “The African Union Convention on Cybersecurity: a Regional Response towards Cyber Stability”, Masaryk University Journal of Law and Technology 12 no. 2, (2018), 95.

  20. See Jody R. Westby, “Cyber War v. Cyber Stability”, A paper presented at the 42nd session of the World Federation of Scientists International Seminars on Planetary Emergencies (Italy, 19–22, August, 2009), 1.

  21. See International Security Advisory Board, Report on a Framework for International Cyber Stability (US Department of State, 2014) Appendix B.1, at 33.

  22. See Lisa Rudnick, et al, Towards Cyber Stability: A User Centered Tool for Policy Makers (Geneva: UNIDR, 2015), 7.

  23. Ibid.

  24. See Harry D. Raduege, “Fighting Weapons of Mass Disruption: Why America Needs a Cyber Triad”, in Andrew Nagorski, (ed.), Global Cyber Deterrence: Views from China, U.S., Russia, India, and Norway (New York: East West Institute, 2010), 13.

  25. See The Corfu Channel Case (United Kingdom v. Albania), Merits, [1949] ICJ Reports 4, at paragraph 22.

  26. See The Trail Smelter Arbitration Case (United States of America v. Canada), (1938) 3R.I.A.A 1905; Editorial, ‘The Trail Smelter Arbitral Decision’, American Journal of International Law 35 (1941), 684.

  27. See Article 38.5 Constitution of the ITU (2010).

  28. See Malebakeng Forere, “Is Discussion of the ‘United States of Africa’ Premature?: Analysis of ECOWAS and SADC Integration efforts”, Journal of African Law, 56, no. 1, (2012), 33.

  29. See Trudi Hartzenberg, Regional Integration in Africa (Working Paper ERSD—2011-14) (Geneva: World Trade Organization, 2011) p. 2.

  30. See Uchenna Jerome Orji, International Telecommunications Law and Policy (United Kingdom: Cambridge Scholars Publishing, 2018), 301.

  31. See Article 3, Treaty of ECOWAS (28 May, 1975) 14 ILM 1200; Revised 24 July, 1993, 35 ILM 660, (1996) [Hereafter, ECOWAS Treaty]. See also, ECOWAS Commission, ECOWAS Common Investment Market Vision (Abuja: ECOWAS Commission, 2009).

  32. For further details see <http://www.ecowas.int>.

  33. See Worlddata.info, “Economic Community of West Africa States”, available at <https:// www.worlddata.info/ trade-agreements/ecowas-west-africa.php> last accessed on 12 November, 2023.

  34. See Preamble to the ECOWAS Treaty (1996).

  35. See Article 3(2) (a) ibid.

  36. See Article 57(1) ibid.

  37. See ECOWAS Supplementary Act on the Harmonization of Policies and the Regulatory Framework for the ICT Sector (A/SA.1/07) adopted at the Thirty First Session of the Authority of ECOWAS Heads of State and Government Quagadaugou, 19 January 2007,

  38. See Article 2:1 ibid.

  39. Ibid.

  40. See Supplementary Act A/SA.1/01/10 on Personal Data Protection within ECOWAS, adopted at the 37th session of the Authority of ECOWAS Heads of State and Government, (Abuja, 16 February, 2010). [Hereafter, ECOWAS Data Protection Act].

  41. See ECOWAS Directive C/DIR.1/08/11 on Fighting Cybercrime, adopted at the Sixty Sixth Ordinary Session of the ECOWAS Council of Ministers at Abuja, Nigeria (19 August, 2011). [Hereafter, ECOWAS Directive on Cybercrime].

  42. See The AU Convention on Cyber Security and Personal Data Protection, (EX.CL/846(XXV)). (Malabo, 27 June, 2014). [Hereafter, AU Convention on Cybersecurity].

  43. See Preamble to the ECOWAS Data Protection Act.

  44. See Article 2 ibid.

  45. See Articles 23–29, ibid.

  46. See Article 30 ibid.

  47. See Article 36 ibid.

  48. See Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU Data Protection Directive 95/46), [1995] OJ L281/31. For example compare: Articles 2(a) and 2(b) of the EU Data Protection Directive to Article 1 of the ECOWAS Data Protection Act.

  49. See Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, opened for signature on 28 January 1981, in force 1 October 1985, ETS 108. For a comparative analysis of the ECOWAS Data Protection Act and EU data protection regimes, see: Uchenna Jerome Orji, “A Comparative Review of the ECOWAS Data Protection Act”, Computer Law Review International, 17, no. 4, (2016), 108–118; Uchenna Jerome Orji, “Regionalizing Data Protection Law: A Discourse on the Status and Implementation of the ECOWAS Data Protection Act”, International Data Privacy Law, 7 no. 3, (2017), 179–189.

  50. See Article 9(3), Supplementary Protocol A/SP.1/06/06 Amending the Revised ECOWAS Treaty (Abuja, 14 June, 2006).

  51. See Treaty Establishing the European Economic Community (Treaty of Rome) adopted on 25 March 1957, 298 UNTS 3, in force 1 January 1958.

  52. ECOWAS Member States such as Guinea, Guinea–Bissau, Liberia and Sierra Leone have not established data protection laws and data protection authorities.

  53. See Uchenna Jerome Orji, “Examining Missing Cybersecurity Governance Mechanisms in the African Union Convention on Cybersecurity and Personal Data Protection”, Computer Law Review International, 5 (2014), 133.

  54. See Uchenna Jerome Orji, “Regionalizing Data Protection Law: A Discourse on the Status and Implementation of the ECOWAS Data Protection Act”, International Data Privacy Law, 7, no. 3, (2017), 188.

  55. See Article 2 ECOWAS Cybercrime Directive.

  56. For a comparative analysis of the ECOWAS Cybercrime Directive and the Council of Europe Convention on Cybercrime, see: Uchenna Jerome Orji, “A Review of the ECOWAS Cybercrime Directive: Analysis of ICT Offences with the Budapest Convention”, Computer Law Review International, 20, no. 2, (2019), 40–53.

  57. See Articles 4–23 ECOWAS Cybercrime Directive.

  58. See Articles 30 and 31 ibid.

  59. See Article 33(1) ibid.

  60. See Article 35(1) ibid.

  61. See African Union and Symantec Corporation, Cybercrime & Cybersecurity Trends in Africa (Symantec Corporation and African Union, November, 2016), 53–55.

  62. Ibid, pp. 60, 61,63,66,70, and 83.

  63. See UNODC (2013) Comprehensive Study on Cybercrime (New York: United Nations, 2013), 178.

  64. See Uchenna Jerome Orji “The African Union Convention on Cybersecurity: A Regional Response Towards Cyber Stability?”, Masaryk University Journal of Law and Technology, 12 no. 2, (2018), 121.

  65. See Uchenna Jerome Orji, International Telecommunications Law and Policy (United Kingdom: Cambridge Scholars Publishing, 2018), 369.

  66. See Uchenna Jerome Orji, “An Inquiry into the Legal Status of the ECOWAS Cybercrime Directive and the Implications of its Obligations for Member States”, Computer Law & Security Review, 35, No. 6, (2019), 14–15.

  67. See ECOWAS Parliament, “ECOWAS adopts a Regional Strategy for Cybersecurity and the fight against Cybercrime”, (18 January, 2021), available at <https://parl.ecowas.int/information-and-communication-technology-ecowas-adopts-a-regional-strategy-for-cybersecurity-and-the-fight-aganist-cybercrime/>last accessed on 12 November, 2023.

  68. See ECOWAS Directive C/DIR.1/01/2021 Relating to the Adoption of the Regional Cybersecurity and Cybercrime Strategy, adopted 85th Ordinary Session of the ECOWAS Council of Ministers (21st January, 2021).

    See Section I, ECOWAS Cybersecurity Strategy (2021).

  69. See Section I, ECOWAS Cybersecurity Strategy (2021).

  70. Ibid.

  71. See Section II.A, ECOWAS Cybersecurity Strategy (2021).

  72. See Section IV: Paragraph 2.3, ECOWAS Cybersecurity Strategy (2021).

  73. See Section III, ECOWAS Cybersecurity Strategy (2021).

  74. See Section IV, ECOWAS Cybersecurity Strategy (2021).

  75. See Section IV, ECOWAS Cybersecurity Strategy (2021).

  76. Ibid.

  77. See Section V, ECOWAS Cybersecurity Strategy (2021).

  78. Ibid.

  79. See Section VI, ECOWAS Cybersecurity Strategy (2021).

  80. Ibid.

  81. Ibid.

  82. See Section III, ECOWAS Cybersecurity Strategy (2021).

  83. Ibid.

  84. See Article 24 AU Convention on Cybersecurity.

  85. See Paragraph 3, The Lome Declaration on Cybersecurity and Fight Against Cybercrime (March, 2022), available at <https://www.uneca.org/sites/default/files/SROs/West-Africa/20220223-D%C3%A9claration%20de%20 Lom%C3%A9%20sur%20 la%20cybers%C3%A9curit%C3%A9%20et%20 la%20lutte%20contre%20 la%20cybercriminalit%C3%A9-EN%20%282%29.pdf>. Last accessed on 12 November, 2023.

  86. See African Union, The Digital Transformation Strategy (2020–2030) (African Union: Addis Ababa, 2020), p. 46, available at <https://au.int/sites/default/files/documents/38507-doc-dts-english.pdf>. Last accessed on 12 November, 2023.

  87. See Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December, 2022 on Measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No. 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive), Official Journal of the European Union, 333/80 (27 December, 2022).

  88. See Article 7.1 ibid.

  89. See Section III, ECOWAS Cybersecurity Strategy (2021).

  90. See Section IV: Paragraph 2.1 ECOWAS Cybersecurity Strategy (2021).

  91. Ibid.

  92. See Section IV: Paragraph 2.2 ECOWAS Cybersecurity Strategy (2021).

  93. Ibid.

  94. See Articles 25:2 and 27:1(a) AU Convention on Cybersecurity.

  95. See Article 28:3 ibid.

  96. See Paragraph 4(c), The Lome Declaration on Cybersecurity and Fight Against Cybercrime (March, 2022); African Union, The Digital Transformation Strategy (2020–2030) (African Union: Addis Ababa, 2020), p. 46.

  97. See Article 8(1) EU Directive on Network and Information Security (2022).

  98. See Section IV: Paragraph 2.4 ECOWAS Cybersecurity Strategy (2021).

  99. See Section II. B, ibid.

  100. Ibid.

  101. Ibid.

  102. See Section IV: Paragraph 2.5, ECOWAS Cybersecurity Strategy (2021).

  103. ‘Cyber hygiene’ refers to “all the good practices that each digital player should respect in order to preserve the security of the information system that he uses or for which he acts as an administrator”. See Section II. B, ECOWAS Cybersecurity Strategy (2021).

  104. See Section IV: Paragraph 2.4, ECOWAS Cybersecurity and Cybercrime Strategy (2021).

  105. Ibid.

  106. See Article 25:4 AU Convention on Cybersecurity.

  107. See Section V: Paragraph 3.1, ECOWAS Cybersecurity Strategy (2021).

  108. See Articles 25:1 and 29:1, AU Convention on Cybersecurity.

  109. See Section V: Paragraph 3.2, ECOWAS Cybersecurity Strategy (2021).

  110. See Section IV: Paragraph 2.7, ECOWAS Cybersecurity Strategy (2021).

  111. See Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (Brussels, 7.2.2013), 8.

  112. See Section VI: Paragraph 4.2, ECOWAS Cybersecurity Strategy (2021).

  113. See Paragraph 3(a), The Lome Declaration on Cybersecurity and Fight Against Cybercrime (March, 2022); African Union, The Digital Transformation Strategy (2020–2030) (African Union: Addis Ababa, 2020), pp. 3 and 46.

  114. See Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (Brussels, 7.2.2013), 8–9.

  115. See Article 10 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April, 2019 on ENISA (the European Union Agency for Cybersecurity) on Information and Communications Technology Cybersecurity Certification and repealing Regulation (EU) No. 526/2013 (Cybersecurity Act).

  116. See Joint Communication to the European Parliament and the Council, The European Union Cybersecurity Strategy for the Digital Decade (Brussels, 16.12.2020), 4.

  117. See Article 26:2 AU Convention on Cybersecurity.

  118. See Section VI: Paragraph 4.3, ECOWAS Cybersecurity Strategy (2021).

  119. Ibid.

  120. See Section VI: Paragraph 4.1, ECOWAS Cybersecurity and Cybercrime Strategy (2021).

  121. See Paragraphs 1 and 5(a), The Lome Declaration on Cybersecurity and Fight Against Cybercrime (March, 2022); African Union, The Digital Transformation Strategy (2020–2030) (African Union: Addis Ababa, 2020), pp. 47 and 50.

  122. See Joint Communication to the European Parliament and the Council, The European Union Cybersecurity Strategy for the Digital Decade (Brussels, 16.12.2020), 19.

  123. See Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (Brussels, 7.2.2013), p. 9.

  124. See Section VI: Paragraph 4.4, ECOWAS Cybersecurity Strategy (2021).

  125. Ibid.

  126. See Article 28 AU Convention on Cybersecurity.

  127. See Section VII: Paragraph 5.1, ECOWAS Cybersecurity Strategy (2021).

  128. See Section VII: Paragraph 5.2, ECOWAS Cybersecurity Strategy (2021).

  129. See Section VII: Paragraph 5.3, ibid.

  130. Ibid.

  131. See Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (Brussels, 7.2.2013), 10.

  132. See Section VII: Paragraph 5.3, ECOWAS Cybersecurity Strategy (2021).

  133. See Regulation (EU) 2019/881 of the European Parliament and the Council of 17 April, 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No. 526/2013 (Cybersecurity Act). Official Journal of the European Union (7.6.2019).

  134. See Uchenna Jerome Orji, Cybersecurity Law and Regulation (The Netherlands Wolf Legal Publishers: 2012), 397–398.

  135. See Uchenna Jerome Orji, International Telecommunications Law and Policy (United Kingdom: Cambridge Scholars Publishing, 2018), 26, 301–347.

  136. See Section VII: Paragraph 5.2, ECOWAS Cybersecurity Strategy (2021).

  137. See Article 9(1), Supplementary Protocol A/SP.1/06/06 Amending the Revised ECOWAS Treaty (Abuja, 14 June, 2006). Emphasis added.

  138. See ECOWAS Directive C/DIR.1/01/2021 Relating to the Adoption of the Regional Cybersecurity and Cybercrime Strategy, adopted 85th Ordinary Session of the ECOWAS Council of Ministers (21st January, 2021), available at <https://tit.comm.ecowas.int/wp-content/uploads/2022/03/DIRECTIVE-CYBERSECURITY-STRATEGY-ENG.pdf> last accessed on 12 November, 2023.

  139. See Article 9(5), Supplementary Protocol A/SP.1/06/06 Amending the Revised ECOWAS Treaty (Abuja, 14 June, 2006).

  140. See Uchenna Jerome Orji, “An Inquiry into the Legal Status of the ECOWAS Cybercrime Directive and the Implications of its Obligations for Member States”, Computer Law & Security Review, 35 No. 6 (2019), 12.

  141. The right to privacy is guaranteed in the Constitutions of most ECOWAS Member States. See for e.g., Section 37 Constitution of the Federal Republic of Nigeria (1999); Section 18(2) of the Constitution of the Republic of Ghana (1992); Articles 20 and 21 Constitution of the Republic of Benin (1990); Article 41 Constitution of the Republic of Cape Verde (1992); Articles 13 and 16 Constitution of the Republic of Senegal (2001); Section 23 Constitution of the Republic of Gambia (1997); Article 16 Constitution of the Republic of Liberia (1986); and, Section 22 Constitution of Sierra Leone (1991).

  142. See Article 10(d) of the ECOWAS Supplementary Protocol A/SP.1/01/05, provides that “access to the [ECOWAS Community Court] is open to … individuals on application for violation of their human rights”.

  143. See Article 35(1) ECOWAS Cybercrime Directive.

  144. See Article 5(3) ECOWAS Treaty.

  145. See Article 77(1) ECOWAS Treaty.

  146. Sanctions that can be imposed on a Member State that fails to fulfill its obligations under ECOWAS legal instruments, include: the suspension of a non-compliant Member State’s voting rights in the activities of the ECOWAS Community; or the suspension of such Member from participating in the activities of the Community; or the suspension of new Community loans or assistance to such Member; or the suspension of ongoing Community projects or assistance programmes meant for such Member. See Article 77(2), ECOWAS Treaty (1996).

  147. See Chidebe M. Nwankwo (Jr), Legitimation of the Economic Community of West African States (ECOWAS): A Normative and Institutional Inquiry (A PhD Thesis submitted to the Brunel University of London, College of Business, Arts and Social Sciences; June, 2014), 191.

  148. Ibid.

  149. See Uchenna Jerome Orji, “An Inquiry into the Legal Status of the ECOWAS Cybercrime Directive and the Implications of its Obligations for Member States”, Computer Law & Security Review, 35 no. 6 (2019), 13–14.

  150. Article 9 (1) (d) of ECOWAS Supplementary Protocol A/SP.1/01/05 Amending the Preamble and Articles 1, 2, 9 and 30 of Protocol A/P.1/7/91 Relating to the Community Court of Justice (2005) provides that “the Court [ECOWAS Community Court] has competence to adjudicate disputes relating to … the failure by Member States to honour their obligations under the Treaty, Conventions and Protocols, Regulations, Directives, or Decisions of ECOWAS”.

  151. Article 10(a) of ECOWAS Supplementary Protocol A/SP.1/01/05 Amending the Preamble and Articles 1, 2, 9 and 30 of Protocol A/P.1/7/91 Relating to the Community Court of Justice (2005) provides that “access to the Court is open to Member States, and unless otherwise provided in a Protocol, the Executive Secretary [of the ECOWAS Commission], where action is brought for failure by a Member State to fulfill an obligation”.

  152. See for e.g., Joined Cases C‑6/90 and C‑9/90 Andrea Francovich and Danila Bonifaci v. Italy (Judgment of the Europe Court of Justice, 19 November, 1991) [1991] ECR I‑5357, [1993] 2 C.M.L.R. 66, where the European Court of Justice found the Government of Italy liable for losses and damages that were caused to its citizens as a result of its failure to transpose a Community Directive. See also, James E. Hanft, “Francovich and Bonifaci v. Italy: EEC Member State Liability for Failure to Implement Community Directives”, Fordham International Law Journal, 15, no. 4, (1991), 1237–1274.

  153. See Case C-154/09, European Commission v. Portuguese Republic, ECR [2010] I‑00127.

  154. See Uchenna Jerome Orji, International Telecommunications Law and Policy (United Kingdom: Cambridge Scholars Publishing, 2018), 277.

  155. See Case C-76/13, European Commission v. Portuguese Republic (2013/C 123/17) Official Journal of the European Union C 123/11 (27.4.2013).

  156. See UNTACD, Harmonizing Cyberlaw and Regulations: The Experience of the East Africa (UNTACD: New York/Geneva, 2012) pp.8–9; Uchenna Jerome Orji, “Regionalizing Data Protection Law: A Discourse on the Status and Implementation of the ECOWAS Data Protection Act”, International Data Privacy Law, 7, no. 3, (2017), 188.

  157. See Directive 2013/40/EU of the European Parliament and of the Council of 12 August, 2013 on Attacks Against Information Systems and Replacing Council Framework Decision 2005/222/JHA [Hereafter, EU Directive on Attacks against Information Systems, 2013].

  158. See Article 17 EU Directive on Attacks against Information Systems (2013).

  159. See European Commission, Report From the Commission to the European Parliament and the Council Assessing the Extent to Which the Member States Have Taken the Necessary Measures in Order to Comply With Directive 2013/40/EU On Attacks Against Information Systems And Replacing Council Framework Decision 2005/222/JHA, COM(2017) 474 final (European Commission: Brussels, 13 September, 2017), 5.

  160. Ibid. See also, European Commission, Report From the Commission Monitoring the Application of European Union Law—2016 Annual Report, COM (2017) 370 final (European Commission: Brussels, 1 July, 2017), 13.

  161. See Uchenna Jerome Orji, “An Inquiry into the Legal Status of the ECOWAS Cybercrime Directive and the Implications of its Obligations for Member States”, Computer Law & Security Review, 35, no 6, (2019), 15.

References

Legislations and Conventions

  1. African Union (AU) (2014) Convention on cyber security and personal data protection. Malabo, 27 June 2014 (EX.CL/846(XXV)

    Google Scholar 

  2. Agreement between the Governments of Member States of the Shanghai Cooperation Organization on Cooperation in the Field of international Information Security (16 June, 2009).

  3. Constitution of Sierra Leone (1991)

  4. Constitution of the Federal Republic of Nigeria (1999)

  5. Constitution of the ITU (2010)

  6. Constitution of the Republic of Benin (1990)

  7. Constitution of the Republic of Cape Verde (1992)

  8. Constitution of the Republic of Gambia (1997)

  9. Constitution of the Republic of Ghana (1992)

  10. Constitution of the Republic of Liberia (1986)

  11. Constitution of the Republic of Senegal (2001)

  12. Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, opened for signature on 28 January 1981, in force 1 October 1985, ETS 108.

  13. Council of Europe Convention on Cybercrime (2001) 41 I.L.M. 282. Budapest, 23.Novermber, 2001

    Google Scholar 

  14. Directive 2013/40/EU of 12 August 2013on Attacks against Information Systems, Official Journal of the European Union, 218/8 (14 August, 2013).

  15. Directive 2013/40/EU of the European Parliament and of the Council of 12 August, 2013on Attacks Against Information Systems and Replacing Council Framework Decision 2005/222/JHA.

  16. Directive 2016/1148of the European Parliament and of the Council of 6 July, 2016 concerning Measures for a High Common Level of Security of Network and Information Systems across the Union, Official Journal of the European Union (19 July 2016) L 194.

  17. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU Data Protection Directive 95/46), [1995] OJ L281/31.

  18. Directive (EU) 2022/2555of the European Parliament and of the Council of 14 December, 2022on Measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No. 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive), Official Journal of the European Union, 333/80 (27 December, 2022).

  19. ECOWAS Directive C/DIR.1/08/11 on Fighting Cybercrime, adopted at the Sixty Sixth Ordinary Session of the ECOWAS Council of Ministers at Abuja, Nigeria (19 August, 2011).

  20. ECOWAS Directive C/DIR.1/01/2021 Relating to the Adoption of the Regional Cybersecurity and Cybercrime Strategy, adopted 85th Ordinary Session of the ECOWAS Council of Ministers (21st January, 2021).

  21. ECOWAS Supplementary Act on the Harmonization of Policies and the Regulatory Framework for the ICT Sector (A/SA.1/07) adopted at the Thirty First Session of the Authority of ECOWAS Heads of State and Government Quagadaugou, 19 January 2007.

  22. ECOWAS Supplementary Protocol A/SP.1/01/05 Amending the Preamble and Articles 1,2,9 and 30 of Protocol A/P.1/7/91 Relating to the Community Court of Justice (2005).

  23. EU Directive on Attacks against Information Systems (2013).

  24. EU Directive on Network and Information Security (2016).

  25. Joint Communication to the European Parliament and the Council, The European Union Cybersecurity Strategy for the Digital Decade (Brussels, 16 Dec 2020), 4.

  26. Joint Communication to the European Parliament and the Council, The European Union Cybersecurity Strategy for the Digital Decade (Brussels, 16 Dec 2020).

  27. Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (Brussels, 7 Feb 2013), and Joint Communication to the European Parliament and the Council, The European Union Cybersecurity Strategy for the Digital Decade (Brussels, 16 Dec 2020).

  28. Regulation (EU) 2019/881 of the European Parliament and the Council of 17 April, 2019on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No. 526/2013 (Cybersecurity Act). Official Journal of the European Union (7 June 2019).

  29. Supplementary Act A/SA.1/01/10 on Personal Data Protection within ECOWAS, adopted at the 37th session of the Authority of ECOWAS Heads of State and Government, (Abuja, 16 February, 2010).

  30. Supplementary Protocol A/SP.1/06/06 Amending the Revised ECOWAS Treaty (Abuja, 14 June, 2006).

  31. The Council of Europe Convention on Cybercrime (2001) 41 I.L.M. 282. Budapest, 2023

    Google Scholar 

  32. Treaty Establishing the European Economic Community (Treaty of Rome) adopted on 25 March 1957, 298 UNTS 3.

  33. Treaty of ECOWAS (28 May, 1975) 14 ILM 1200; Revised 24 July, 1993, 35 ILM 660, (1996).

Case Law

  1. Case C-154/09, European Commission v. Portuguese Republic, ECR [2010] I‑00127,

  2. Case C-76/13, European Commission v. Portuguese Republic (2013/C 123/17) Official Journal of the European Union C 123/11 (27 Apr 2013).

  3. Joined Cases C‑6/90 and C‑9/90 Andrea Francovich and Danila Bonifaci v. Italy (Judgment of the Europe Court of Justice, 19 November, 1991) [1991] ECR I‑5357, [1993] 2 C.M.L.R. 66.

  4. The Corfu Channel Case (United Kingdom v. Albania), Merits, [1949] ICJ Reports 4.

  5. The Trail Smelter Arbitration Case (United States of America v. Canada), (1938) 3R.I.A.A 1905.

Books, Journals, Papers and Reports

  1. African Union and Symantec Corporation Cybercrime & Cybersecurity Trends in Africa (Symantec Corporation and African Union, November, 2016)

  2. Gavrilovic A What is Responsible Behavior in Cyberspace’, Diplo. https://www.diplomacy.edu/blog/webinar-what-responsible-behaviour-cyberspace/ (Created 30 Oct 2018) Accessed 6 Jan. 2024

  3. United States, West Group (2004) Black’s law dictionary, 9th edn.

    Google Scholar 

  4. Chidebe M. Nwankwo (Jr), Legitimation of the Economic Community of West African States (ECOWAS): A Normative and Institutional Inquiry (A PhD Thesis submitted to the Brunel University of London, College of Business, Arts and Social Sciences; June, 2014).

  5. ECOWAS Commission (2009) ECOWAS Common Investment Market Vision. ECOWAS Commission, Abuja

    Google Scholar 

  6. Parliament ECOWAS ECOWAS adopts a Regional Strategy for Cybersecurity and the fight against Cybercrime. https://parl.ecowas.int/information-and-communication-technology-ecowas-adopts-a-regional-strategy-for-cybersecurity-and-the-fight-aganist-cybercrime/ (Created 18 Jan 2021). Accessed 12 Dec 2022

  7. (2021) ECOWAS Regional Cybersecurity and Cybercrime Strategy. https://www.ocwarc.eu/wp-content/uploads/2021/02/ECOWAS-Regional-Cybersecurity-Cybercrime-Strategy-EN.pdf. Accessed 12 Dec 2022

  8. Editorial, ‘The Trail Smelter Arbitral Decision’, American Journal of International Law 35 (1941).

  9. European Commission (2017) Report From the Commission Monitoring the Application of European Union Law—2016 Annual Report. 1 July 2017 European Commission, Brussels, p 370

    Google Scholar 

  10. European Commission, Report From the Commission to the European Parliament and the Council Assessing the Extent to Which the Member States Have Taken the Necessary Measures in Order to Comply With Directive 2013/40/EU On Attacks Against Information Systems And Replacing Council Framework Decision 2005/222/JHA, COM(2017) 474 final (European Commission: Brussels, 13 September, 2017).

  11. Raduege HD (2010) Fighting weapons of mass disruption: why america needs a cyber triad. In: Nagorski A (ed) Global cyber deterrence: views from China, U.S., Russia, India, and Norway. East West Institute, New York

    Google Scholar 

  12. International Security Advisory Board Report on a framework for international Cyber stability (US department of state, 2014) (Appendix B.1.)

  13. Hanft JE (1991) Francovich and Bonifaci v. Italy: EEC member state liability for failure to implement community directives. Fordham Int Law J 15(4)

  14. Westby JR (2009) Cyber war v. Cyber stability. A paper presented at the 42nd session of the World Federation of Scientists International Seminars on Planetary Emergencies, 19–22, August

    Google Scholar 

  15. Rudnick L et al (2015) Towards cyber stability: a user centered tool for policy makers. UNIDR, Geneva

    Google Scholar 

  16. Malebakeng F (2012) Is discussion of the ‘United States of africa’ premature?: analysis of ECOWAS and SADC integration efforts. J Afr law 56(1)

  17. Hartzenberg T (2011) Regional Integration in Africa. Working Paper ERSD—2011-14. World Trade Organization, Geneva

    Google Scholar 

  18. Orji UJ (2016) A comparative review of the ECOWAS data protection act. Comput Law Rev Int 17(4)

  19. Orji UJ (2019) A review of the ECOWAS cybercrime directive: analysis of ICT offences with the budapest convention. Comput Law Rev Int 20(2)

  20. Orji UJ (2019) An inquiry into the legal status of the ECOWAS cybercrime directive and the implications of its obligations for member states. Comput Law Secur Rev 35(6)

  21. Orji UJ (2014) Examining missing cybersecurity governance mechanisms in the African union convention on cybersecurity and personal data protection. Comput Law Rev Int 5:

  22. Orji UJ (2017) Harmonizing the regulation of access to submarine cable landing stations in the ECOWAS: a review of regulation C/REG/06/06/12154. Comput Telecommun Law Rev 23(6)

  23. Orji UJ (2017) Regionalizing data protection law: a discourse on the status and implementation of the ECOWAS data protection act. Int Data Priv Law 7(3)

  24. Orji UJ (2018) The African union convention on Cybersecurity: a regional response towards Cyber stability? Masaryk Univ J Law Technol 12(2)

  25. Orji UJ (2018) Towards the harmonization of E‑commerce laws in West Africa: a comparative analysis of the ECOWAS electronic transactions act. Int Co Commer Law Rev 29(6)

  26. Orji UJ (2012) Cybersecurity law and regulation. Wolf Legal Publishers

    Google Scholar 

  27. Orji UJ (2018) International telecommunications law and policy. Cambridge Scholars Publishing

    Google Scholar 

  28. UNODC (2013) Comprehensive study on cybercrime. United Nations, New York

    Google Scholar 

  29. UNTACD (2012) Harmonizing cyberlaw and regulations: the experience of the east africa. UNTACD, New York, Geneva

    Google Scholar 

  30. Worlddata.info Economic community of West Africa states. https:// www.worlddata.info/ trade-agreements/ecowas-west-africa.php

Download references

Author information

Authors and Affiliations

  1. School of Law, American University of Nigeria, Yola, Nigeria

    Uchenna Jerome Orji

Authors
  1. Uchenna Jerome Orji
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Uchenna Jerome Orji.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Orji, U.J. Looking towards Europe? Assessing the prospects of the ECOWAS Cybersecurity Strategy in promoting responsible state behavior. Int. Cybersecur. Law Rev. 5, 143–168 (2024). https://doi.org/10.1365/s43439-023-00109-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1365/s43439-023-00109-7

Keywords

Search

Navigation