Article 32 — Unauthorised Access to State Digital Systems
A person commits an offence who, without authorisation or in excess of authorised access, gains access to any Kaharagian digital system, register, platform, or database.
A person commits an offence who, without authorisation, obtains, copies, or extracts data from a State digital system.
A person commits an offence who, without authorisation, does any of the following in relation to authentication credentials for State digital systems, including passwords, tokens, and cryptographic keys:
Obtains such credentials.
Uses such credentials.
Distributes or makes available such credentials to another person.
A person commits an offence who provides false credentials or bypasses security measures for the purpose of gaining access to a State digital system.
Unauthorised access is classified as a serious offence.
Unauthorised access is classified as a grave offence where any of the following aggravating circumstances is present:
Sensitive personal data or State security information is accessed, within the meaning of the Data Protection Code.
The access is used to commit or facilitate another offence under this Code.
The access causes disruption to the operation of State services.
The sanctions applicable to unauthorised access are:
A fine of $5,000 to $50,000 in accordance with Article 12, or a fine of $50,000 to $500,000 where the offence is classified as grave.
Public censure.
Exclusion from State digital systems for a period determined by the competent authority.
Forfeiture of the instrumentalities used in the commission of the offence.
The prescription period for offences under this Article is governed by Article 14.