Digital Fraud Rate Is Falling In The Country, But Criminals Are Getting Smarter

Rwanda has achieved a notable reduction in its suspected digital fraud rate, dropping from 2.7% in 2024 to 1.6% in 2025, positioning it among Africa's lowest. This positive trend, however, is juxtaposed with the growing sophistication of cybercriminals, presenting a complex challenge for the nation's legal and regulatory frameworks. This article examines Rwanda's robust legislative and institutional responses, including the Cybercrime Law, Data Protection Law, and payment system regulations, while highlighting the ongoing need for enhanced enforcement capabilities, digital forensic infrastructure, and adaptive legal strategies to counter increasingly intelligent and evolving digital threats.

Rwanda has emerged as a beacon of digital progress in Africa, consistently striving for a knowledge-based economy. A recent report indicates a significant decline in the country's suspected digital fraud rate, falling from 2.7% in 2024 to a commendable 1.6% in 2025. This achievement places Rwanda among the nations with the lowest digital fraud attempt rates on the continent, reflecting concerted efforts in cybersecurity and digital transaction security.

However, this positive statistic is accompanied by a critical observation: while the volume of fraudulent attempts may be decreasing, the perpetrators are becoming increasingly sophisticated. This paradox presents a unique challenge for legal professionals and policymakers. It necessitates a deeper examination of whether existing legal frameworks and enforcement mechanisms are adequately equipped to combat advanced forms of digital fraud, which often leverage cutting-edge technologies and intricate schemes. The article will explore Rwanda's current legal landscape, analyze its efficacy against evolving cyber threats, and discuss the implications for practitioners navigating this dynamic environment.

Rwanda's commitment to a secure digital ecosystem is underpinned by a comprehensive legal and institutional framework. The primary legislation addressing cybercrime is Law N° 60/2018 of 22/8/2018 on Prevention and Punishment of Cybercrimes (the "Cybercrime Law"), which aims to penalize various forms of cyber offenses, including unauthorized access and data interference. Complementing this, the Law N° 058/2021 of 13/10/2021 Relating to the Protection of Personal Data and Privacy (the "Data Protection Law") came into force on October 15, 2021, with a two-year transition period for compliance, ending in October 2023. This law establishes principles for lawful data processing, data subject rights, and obligations for data controllers and processors, with the National Cyber Security Authority (NCSA) designated as the supervisory authority.

In the realm of digital financial transactions, the National Bank of Rwanda (NBR) plays a crucial oversight role, deriving its mandate from Law N° 061/2021 of 14/10/2021 governing the payment system. The NBR supervises and regulates payment systems to ensure their soundness, safety, and efficiency. Furthermore, the Financial Intelligence Centre (FIC), established by Law N° 74/2019 of 29/01/2020 and governed by Law N° 045/2021 of 18/08/2021, serves as Rwanda's Financial Intelligence Unit, tasked with combating money laundering and terrorist financing, which often intersect with digital fraud. These foundational laws, alongside the broader Law N° 24/2016 of 18/06/2016 governing Information and Communication Technologies (the "ICT Law"), form the bedrock of Rwanda's digital legal infrastructure.

The observed decline in digital fraud rates, despite the increasing sophistication of criminals, suggests a dual dynamic at play. On one hand, Rwanda's proactive legislative measures and institutional strengthening, such as the establishment of the NCSA and FIC, have likely deterred opportunistic, less sophisticated fraud attempts. The NCSA, in particular, is responsible for coordinating and implementing national ICT security policy and preventing cyber-attacks. The National Cybersecurity Strategic Plan 2024-2029 further aims to enhance trust and confidence in ICT facilities and ensure national security.

However, the assertion that criminals are getting "smarter" points to a persistent challenge in prosecuting and preventing advanced forms of digital fraud. Sophisticated schemes often involve cross-border elements, advanced social engineering, and the exploitation of emerging technologies like artificial intelligence or virtual assets. While the Cybercrime Law addresses various offenses, its implementation faces hurdles such as limited technical expertise among law enforcement and judiciary personnel, inadequate digital forensic infrastructure, and jurisdictional complexities. These gaps can hinder the effective investigation and prosecution of highly intricate digital fraud cases, where digital evidence is paramount but challenging to collect and analyze.

The recent adoption of a draft law regulating virtual assets by the Rwandan Parliament in May 2026 is a crucial development in this context. Previously, cryptocurrencies were largely unregulated, with the National Bank of Rwanda warning against their use as legal tender. The new framework, which designates the Capital Market Authority (CMA) in coordination with the NBR as the regulatory authority, aims to prevent money laundering and terrorism financing through digital assets, protect consumers, and address risks associated with volatility. This move is vital as sophisticated criminals increasingly leverage virtual assets for illicit financial activities. The NBR has also established a regulatory sandbox (Regulation No 41/2022 of 13/04/2022) to foster FinTech innovation while managing risks, which could also serve as a testing ground for new anti-fraud technologies.

Despite these advancements, concerns remain regarding certain aspects of the legal framework. For instance, the Cybercrime Law has faced criticism for vague definitions and potential misuse, particularly concerning restrictions on disinformation and freedom of speech. The Data Protection Law, while comprehensive, includes strict data localization requirements and lacks a public-interest exception for media, which could impact data flows and investigative journalism. Addressing these nuances will be critical to ensuring that the legal framework remains robust without stifling innovation or fundamental rights.

Rwanda's success in reducing its overall digital fraud rate is a testament to its strategic investments in digital infrastructure and a responsive legal framework. However, the evolving landscape of cybercrime, characterized by increasingly sophisticated perpetrators, demands continuous vigilance and adaptation. Legal practitioners in Rwanda must therefore remain acutely aware of the dynamic interplay between technological advancements and legal provisions.

For attorneys, this necessitates a deep understanding of the Cybercrime Law, the Data Protection Law, and the new regulations governing virtual assets. Advising clients on compliance, particularly for financial institutions and digital service providers, will require meticulous attention to evolving fraud typologies and the legal obligations for data security, transaction monitoring, and breach notification. Furthermore, practitioners should advocate for ongoing legal reforms that enhance digital forensic capabilities, clarify jurisdictional complexities in cross-border cases, and ensure a balanced approach to cybersecurity that protects both national interests and individual rights. The journey to a fully secure digital economy is continuous, requiring collaborative efforts from legal professionals, regulators, and technology experts to stay ahead of the curve.