The wiki profiles provide an overview of a country's policy on cybercrime and electronic evidence. Every fiche includes a description of cybercrime policies/strategies, the state of cybercrime legislation, the channels of cooperation, international cooperation and case law.

For more information on a country's legislation, click on the legal profile in each country wiki.

Back Colombia

Status regarding Budapest Convention

Status regarding Budapest Convention

Status : Party Declarations and reservations : Reservations regarding Articles 14, 20 and 21. See legal profile

Cybercrime policies/strategies

Colombia does not have a cybercrime policy. However, its current Política Nacional de Confianza y Seguridad Digital (National Policy for Trust and Digital Security, Jul 2020), issued by CONPES (Consejo Nacional de Política Económica y Social), recognizes the economic impact of cybercrime, both financial and with respect to trust in infrastructures.

Moreover, the 2020 National Policy for Trust and Digital Security highlights among the five key capabilities for building digital security how cybercrime fits within the scope of its legal and cooperation frameworks:

  • legal capabilities: refers to the existence of institutions and normative and regulatory frameworks that allow the management of situations related to cybersecurity, cyber-defense and cybercrime, including the mechanisms of investigation and prosecution of crimes and the imposition of sanctions for non-compliance with the law. The objective of this capacity is to have sufficient and necessary legislation to expedite the national and international fight against all illicit activity and all irresponsible conduct that takes place in cyberspace.
  • capacity for cooperation: refers to the existence of alliances, cooperative work and exchange of information at the national and international level. Since cybersecurity and the cybercrime are transnational in nature, they require the collaboration of multiple stakeholders at the national and international levels. The objective of this capacity is to strengthen national digital security through the establishment of bilateral and multilateral agreements and international instruments and participation in international cooperation spaces on the matter. This capacity supports joining efforts to detect and respond to threats, incidents, and attacks.

The Ministry of National Defense of the Republic of Colombia has a National Cyber Security and Cyber Defense strategy whose main objectives are: (i) implement the appropriate institutions, (ii) promoting specialized training programs for civil servants; (iii) strengthening legislation and international cooperation. The institutions that are currently responsible for protecting citizens from cybercrime and cyber threats are:

  • The Emergency Security Response Team of Colombia (Colcert) in charge of the coordination of cyber security and cyber defense nationwide;
  • The Joint Cyber Command of the Armed Forces responsible for safeguarding national interests in cyberspace; and
  • The Police Cyber Center in charge of prevention and research. It provides support of the investigation and prosecution of cybercrime. For such purpose, it has a command of Virtual Immediate Response Team (CAI Virtual) that receives complaints from citizens.

The Colombian Government has actively participated in the framework of the Inter-American Strategy to Combat Cybersecurity Threats of the Organization of American States (OAS). As part of the awareness activities on cybersecurity, the Colombian government and the Inter-American Committee against Terrorism (CICTE) of the OAS conducted a mock cyber-attack in September of 2012, which aimed to strengthen the capacity of Colombia in the prevention, detection and mitigation of large-scale cyber-attack.

The Colombian Government -through representatives of the Ministry of Foreign Affairs and the Ministry of Telecommunications- participated in the Regional Workshop on Cybercrime Legislation in Mexico City from March 31 to April 2, 2014 where the representative of the Ministry of Foreign Affairs reported the latest policies and legislative developments in combating cybercrime. She made emphasis on the need for Colombia to access the Budapest Convention since it is the most optimal and feasible option to combat cybercrime and to provide for the harmonization of the legislation among the countries in the region.

In March 2021, the Ministry of Information Technologies and Communications adopted a Resolution No. 500/2021 (in ES) establishing standards for the digital security strategy.

Cybercrime legislation

State of cybercrime legislation

Colombia’s ratification of the Budapest Convention was approved by the Senate in July 2018 (Law 1928 of July 24th 2018 – ES).

Colombia does not have an independent or specific legislation to punish cybercrime. The legal framework to punish crimes committed using technology and information systems is contained primarily in Ley 599 de 2000, Código Penal Colombiano (Law 599 of 2000, Colombian Penal Code), Ley 906 de 2004, Código de Procedimiento Penal (Law 906 of 2004, Code of Criminal Procedure), and select clauses from the 1991 Constitución Política de la República de Colombia (Political Constitution of the Republic of Colombia).

Substantive law

Colombia’s legislation touches upon all the provisions of the Convention on Cybercrime (Budapest Convention), with one exception – it does not seem to define key terminology (i.e. Article 1 – Definitions)

Ley 599 de 2000 enacting the Colombian Penal Code and Ley 1273 de 2009 amending the Penal Code provide for the following offences:

  • Illegal Access (Art. 269A);
  • Illegal interception (Art. 269C);
  • Data interference (Art. 269D);
  • System Interference (Arts. 269B and 269D);
  • Misuse of devices (Arts. 269A, 269E, 269F, 269G and 269H);
  • Computer-related forgery (Arts. 286, 289 and 269D);
  • Computer-related fraud (Arts. 269F, 269G, 269I, and 269J);
  • Offences related to the infringement of copyright and related rights (Art. 270).

There also seems to be a strong focus on the protection of children in general and in cyberspace, with a number of laws drafted in this respect:

  • Ley 1273 de 2009 (in ES) amending the Penal Code (Art. 218);
  • Ley 679 de 2001 (in ES) which issues a statute to prevent and counteract exploitation, pornography and sexual tourism with minors;
  • Ley 765 de 2002 (in ES) through which the "Optional Protocol to the Convention on the Rights of the Child on the sale of children, child prostitution and the use of children in pornography" is approved;

Ley 1336 de 2009 (in ES) strengthening Law 679 of 2001 in combating exploitation, pornography and sex tourism with children and adolescents).

Procedural law

Ley 906 de 2004 (in ES) enacting the Colombian Criminal Procedural Code provides for the following procedural provisions:

  • Interception of phone communications and other similar communications, whose information may be of interest for the purposes of the investigation (Art. 235);
  • Search and seizure of computer systems and servers and physical storage media, in order to enable computer forensic experts to discover, collect, analyze and preserve the information retrieved. (Art. 236);
  • Legality of the hearings of the search and seizure, interception of communications or information retrieval left by browsing the Internet or other similar means (Art. 237);
  • Selective search in databases by the judicial police that involves access to confidential information relating to a defendant (Art. 244);
  • Powers of the Attorney General to order searches, seizures and interceptions of communications and to present the Constitutional Judge (Juez de Garantias) the evidence collected for judicial review within 36 hours, as well as securing material evidence and evidence ensuring the physical chain of custody while waiting for his Judgement. (Art. 114);
  • Procedures and methodology for conducting the chain of custody (Art. 254-266);

Using data messages, EDI, internet, e-mail, telegram, telex, telefax or similar means as material and physical evidence (Art. 275G).

Safeguards

The protection of human rights and safeguards under the legislation of Colombia are the following:

  • Due judicial process and non-retroactivity of criminal law (Art. 6, 10 of the Code of Criminal Procedure and Arts. 28, third paragraph, 29, 86 and 87 National Constitution of Colombia);
  • Right to respect of freedom and right to apply for habeas corpus in cases of illegal deprivation of liberty (Art. 2 Code of Criminal Procedure and Art. 30 of the National Constitution of Colombia);
  • Right to inviolability of the home (Art. 28 National Constitution of Colombia);
  • Right to self-defense (Arts. 8 and 290 Code of Criminal Procedure);
  • Rights of the accused parties (Art. 303 Code of Criminal Procedure);
  • Victims' rights (Art. 11 Code of Criminal Procedure);
  • Right to personal and family privacy, private life and to rectify the information of an individual collected in databases and records of public and private entities (Art. 14 Code of Criminal Procedure and Art. 15 of the National Constitution of Colombia);
  • Inviolability of correspondence and of private communication forms, and interception and seizure of records through a judicial order (Art. 15 National Constitution of Colombia);
  • The right to freedom of expression and to disseminate thoughts and opinions and to transmit and receive truthful and impartial information. (Art. 20 of the National Constitution of Colombia);

Right to request extradition (Art. 35 of the National Constitution of Colombia).

Related laws and regulations

The following laws contain related provisions with offenses committed through computer systems and Internet, as previously mentioned in the sections on substantive and procedural law:

  • Colombia’s Political Constitution
  • Ley 1928 de 2018 (Law 1928 of 2018, which approves the Convention on Cybercrime);
  • Ley 679 de 2001 (Law 679 of 2001, which issues a statute to prevent and counteract exploitation, pornography and sexual tourism with minors);
  • Ley 599 de 2000, Código Penal Colombiano (Law 599 of 2000, Columbian Penal Code);
  • Ley 1581 de 2012 (Law 1581 of 2012 by which general provisions are issued for the protection of personal data);
  • Ley 1266 de 2008 (Law 1266 of 2008, regulates, among others, the management of personal data in databases, especially those involving financial, credit, commercial, services and from third countries);
  • Ley 1273 de 2009 (Law 1273 of 2009, amending the Penal Code, creating a new legal right "for the protection of information and data" and to ensure the preservation of the systems that use information and communication technologies);
  • Ley 906 de 2004, Código de Procedimiento Penal (Law 906 of 2004, Code of Criminal Procedure);
  • Ley Estatutaria 1621 de 2013 (Statutory Law 1621 of 2013, regulates intelligence and counterintelligence activities);
  • Ley 2365 de 2024: (Law 2365 of 2024, establishes measures to prevent and combat sexual harassment in digital environments, guaranteeing a safe and respectful environment for all users);
  • Decreto 1377 de 2013: (Decree 1377 of 2013, regulates Law 1581 of 2012 and establishes the provisions for the protection of personal data in Colombia);
  • Decreto 1081 de 2015 y sus modificaciones: (Decree 1081 of 2015 and its amendments, By means of which the Unique Regulatory Decree of the Sector of the Presidency of the Republic is issued. Partially derogates Decree 1377 of 2013 and regulates Law 1581 of 2012 regarding the management of classified and reserved information);
  • Decreto 620 de 2020: (Decree 620 of 2020, establishes the general guidelines in the use and operation of digital citizen services);
  • Resolución 04558 del 13 Oct 2015 (Resolution 04588 of 13 Oct 2015 defining the functions and internal structure of the Department of Police Intelligence);

Specialised institutions

There are four agencies responsible for countering cybercrime and promoting cybersecurity nationwide. (i) The Intersectoral Commission responsible for setting the strategic vision and the management of information; (ii) the Emergency Security Response Team of Colombia (Colcert) in charge of the coordination of cyber security and cyber defense nationwide; (iii) the Joint Cyber Command of the Armed Forces responsible for safeguarding national interests in cyberspace; and (iv) the Police Cyber Center in charge of facilitating support for the investigation and prosecution of cybercrime.

The Police Cyber Center is a subordinated office of the Direction of Criminal Investigations and Interpol responsible for developing strategies, programs, projects and other activities related to specialized attention of cybercrime and cybersecurity. Its activities include identifying and deterring child pornography and it also has working groups on information crime and data, a research group on terrorism and a computer forensics laboratory that provides information on threats to computer security.

The Emergency Security Response Team of Colombia (Colcert) is responsible for the coordination of Cybersecurity and National Cyber Defense, which is framed within the activities of the Management Security and Defense Process of the National Ministry of Defense. Its main purpose is to coordinate the necessary measures for the protection of the national critical infrastructure of Colombia against cyber emergencies that threaten or compromise national security and defense actions. Its website facilitates computer security alerts, contains recommendations to submit complaints on cybercrime, as well as a section for reporting incidents on computer systems and Internet.

International cooperation

Competent authorities and channels

 
Legal framework

There are a number of laws that support international cooperation on criminal matters. As is the case with the rest of the legislation, these provisions are mostly concentrated in the codes:

  • Ley 906 de 2004, Código de Procedimiento Penal (Law 906 pf 200, Code of Criminal Procedure);
  • Ley 1312 de 2009 (Law 1312 of 2009 through which Law 906 of 2004 is amended with respect to the Principle of Opportunity) – makes modifications to extradition rules in the Código de Procedimiento Penal/ Ley 906 de 2004 (Code of Criminal Procedure);
  • Decreto 3860 de 2011 (Decree 3860 of 2011, which regulates Article 64 of Law 1453 of 2011, which modified Article 484 of Law 906 of 2004) – makes modifications to extradition rules with respect to the arrest warrant;

Colombia also has a number of bilateral treaties (at least 15 countries), on judicial cooperation on criminal matters.

Jurisprudence/case law

The Supreme Court of Justice of Colombia has issued judgements and case law related to child pornography and interception of private communications. The national judgements and case law can be consulted on the website of the Supreme Court of Justice of Colombia.

Sources and links

Reports and research

Databases and institutions

  • SUIN – JURISCOL: Columbia’s centralised system for normative information (i.e. constitution; acts; laws; decrees; presidential decrees; resolutions etc.);
  • Official Gazette: Diario Oficial;
  • US Library of Congress: Colombia;
Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe. 

* This designation is without prejudice to positions on status, and is in line with UNSC 1244 and the ICJ Opinion on the Kosovo Declaration of Independence.