Zimbabwe Recording Laws: One-Party Consent, ICA Surveillance, and Penalties (2026)

Zimbabwe sits at a complex intersection of law and practice when it comes to recording. The statutory baseline, drawn from the Interception of Communications Act 2007 and common law, permits a participant in a conversation to record it without notifying the other party. Yet the same country deploys broad state surveillance powers routed through ministerial discretion rather than judicial oversight, has enacted a so-called "Patriot Act" that criminalizes advocacy perceived as hostile to national sovereignty, and arrests journalists who record or report on government wrongdoing. Understanding Zimbabwe's recording laws requires separating the statutory consent rule from the practical risks of exercising it.

Jurisdiction scope: This article addresses the law of Zimbabwe under the Interception of Communications Act [Chapter 11:20], the Cyber and Data Protection Act 2021 [Chapter 12:07], the Criminal Law (Codification and Reform) Act [Chapter 9:23] as amended, and the Constitution of Zimbabwe Amendment (No. 20) Act 2013. It does not address the recording laws of neighboring countries. For a global comparison, see world recording laws.

Quick Answer: One-Party Consent With a State-Surveillance Overlay

Zimbabwe applies a one-party consent rule for private recording. A person who is a party to a telephone call, in-person conversation, or electronic communication may record that exchange without informing or obtaining the agreement of the other participants. This baseline derives from Zimbabwe's Roman-Dutch common law tradition and is confirmed by the structure of the Interception of Communications Act, which targets third-party interception rather than participant recording.

Section 10 of the Cyber and Data Protection Act [Chapter 12:07] reinforces this position for evidentiary purposes: for non-sensitive personal data, one party's consent is sufficient to produce a recording as evidence in court.

The one-party rule does not mean recording is risk-free. Three layers of law impose meaningful restrictions:

• Third-party interception (secretly monitoring a conversation you are not part of) is a serious criminal offense under the ICA, carrying up to five years imprisonment.
• Data processing obligations apply once you possess a recording of an identifiable person. The Cyber and Data Protection Act 2021 governs what you may do with that recording, requires consent for sharing images, and imposes licensing requirements on any organization that processes recordings systematically.
• Content-based criminal liability attaches to recordings used to harass, defame, incite violence, or challenge the government's conception of national sovereignty. The Patriot Act 2023 and the Criminal Law Codification Act create offenses that can apply to the content of what is recorded and distributed, independent of how the recording was obtained.

Constitutional Foundation: Section 57 of the 2013 Constitution

The backbone of Zimbabwe's privacy framework is Section 57 of the Constitution of Zimbabwe Amendment (No. 20) Act of 2013. This provision establishes a broad right to privacy for every person within the country's borders.

Section 57 declares that every person has the right to privacy, specifically including:

• The right not to have their home, premises, or property entered without permission.
• The right not to have their person, home, premises, or property searched.
• The right not to have their possessions seized.
• The right not to have the privacy of their communications infringed.
• The right not to have their health condition disclosed.

Subsection (d), protecting the privacy of communications, is the provision most directly relevant to recording law. The phrase covers telephone calls, electronic messages, face-to-face conversations, and any other exchange between individuals. Courts interpret this provision to protect against unauthorized third-party surveillance and interception, not against a participant's own record of a conversation in which they took part.

Constitutional Limits on Restriction

Because Section 57 sits within the Declaration of Rights (Chapter 4 of the Constitution), it carries the highest legal authority in Zimbabwe's hierarchy of laws. The right to privacy of communications is not absolute. Section 86 of the Constitution permits limitations only when they are fair, reasonable, necessary, and justifiable in an open and democratic society based on dignity, equality, and freedom. Any statute that restricts this right must clear that threshold or face challenge in the Constitutional Court.

The Interception of Communications Act (Chapter 11:20)

The Interception of Communications Act, which commenced on August 3, 2007, is the primary statute governing the interception and monitoring of communications in Zimbabwe. Its scope covers telephone calls, postal communications, and internet-based communications.

What the Act Prohibits

Section 3 of the Act makes it a criminal offense for any person to intentionally intercept, attempt to intercept, or authorize another person to intercept any communication in the course of its occurrence or transmission. The prohibition covers all forms of communication: voice calls, text messages, emails, faxes, and internet traffic.

The critical word is "intercept." Under the Act's structure, interception means monitoring or recording a communication by someone who is not a party to it. A person who is participating in the conversation is not intercepting it in the legal sense when they make a contemporaneous record. This is the structural basis of Zimbabwe's one-party consent rule: the ICA targets wiretapping and third-party surveillance, not the act of a participant who records their own conversation.

Penalties for Unauthorized Interception

Anyone convicted of unauthorized interception under Section 3 faces a fine not exceeding Level 14 on Zimbabwe's standard scale of fines, which under Statutory Instrument 14A of 2023 amounts to approximately USD $5,000. The court may also impose imprisonment of up to five years, or both penalties together.

For telecommunications service providers who fail to provide required assistance with lawful interception warrants, the Act provides a Level 12 fine or up to three years in prison, or both.

Who Can Authorize Lawful Interception

The Act creates a pathway for lawful interception by government agencies, but routes it through the executive branch rather than the judiciary. Applications for an interception warrant must come from one of four designated officials:

• The Chief of Defence Intelligence (or their nominee)
• The Director-General of the President's department responsible for national security (or their nominee)
• The Commissioner of the Zimbabwe Republic Police (or their nominee)
• The Commissioner-General of the Zimbabwe Revenue Authority (or their nominee)

These applications go to the Minister of Transport and Communications (or whichever minister the President assigns to administer the Act). The Minister alone decides whether to issue the warrant. No court reviews the application before it is granted. No independent body audits whether warrants are used properly after the fact.

Grounds for Issuing a Warrant

The Minister may issue an interception warrant when there are reasonable grounds to believe that:

• Gathering information about an actual threat to national security or a compelling national economic interest is necessary.
• Gathering information about a potential threat to public safety or national security is necessary.

The application must identify the person whose communications will be intercepted (if known) and the telecommunications service provider that will carry out the interception.

The Judicial Oversight Gap

This is where Zimbabwe's framework draws its heaviest criticism. In most democracies, an independent judge reviews surveillance requests and decides whether they meet legal thresholds. Zimbabwe's Act places that decision in the hands of a government minister.

The Harvard Law School International Human Rights Clinic, MISA Zimbabwe, Reporters Without Borders, and the Global Network Initiative have all flagged this structure as falling short of international human rights standards. The Oxford Academic journal Statute Law Review published an analysis in 2024 noting that the Act does not provide adequate safeguards for journalists and lawyers and that its broad ministerial powers undermine the separation of powers.

The Cyber and Data Protection Act 2021 (Chapter 12:07)

Zimbabwe's Cyber and Data Protection Act, enacted in 2021 and in force from March 11, 2022, adds a second layer of regulation covering what happens with recordings once made. Where the ICA governs the act of interception, the CDPA governs the processing, storage, and distribution of personal data, including audio and video recordings.

Consent and the One-Party Evidence Rule

The CDPA defines consent as any specific, unequivocal, freely given, and informed expression of will by which a data subject accepts that their personal data may be processed. For sensitive data (genetic, biometric, or health data), explicit written consent is mandatory.

Section 10 of the CDPA addresses electronic evidence: for non-sensitive personal data, including an audio recording of an ordinary conversation, one party's consent is sufficient to produce the recording as evidence in court. This statutory provision confirms the one-party consent baseline and clarifies that recordings obtained by a participant are admissible without the consent of every party to the conversation.

Section 163A: Unlawful Acquisition of Computer Data

Section 163A creates the offense of unlawful acquisition of data, covering anyone who intentionally and without authorization:

• Intercepts by technical or any other means any private transmission of computer data to, from, or within a computer network, device, database, or information system
• Overcomes or circumvents any protective security measure intended to prevent access to data
• Acquires data from a computer system without authorization

The penalty is a fine not exceeding Level 14 or imprisonment for up to five years, or both. Unlawful possession of data known to have been acquired unlawfully carries the same penalty.

Section 164A: Recording and Sharing Images Without Consent

Section 164A makes it a criminal offense to record or distribute images or recordings of a person without their consent. This provision applies to posting someone's picture or video online without their agreement, as well as to distributing recordings through messaging platforms.

This section extends beyond intimate content. It covers any image or recording shared without the depicted person's consent, giving Zimbabwean citizens a direct statutory tool to challenge unauthorized distribution of recordings even where the initial capture may have been lawful.

Section 164B: Cyber-Bullying and Harassment

Section 164B criminalizes using a computer or information system to generate and send data messages, or to post material on any electronic medium accessible to others, with intent to coerce, intimidate, harass, threaten, bully, cause substantial emotional distress, or degrade or humiliate another person. The penalty is a fine not exceeding Level 10 or imprisonment for up to ten years, or both.

This provision is relevant to recording because distributing a recording specifically to harass or humiliate the recorded person can constitute an offense under Section 164B regardless of whether the recording itself was lawfully obtained.

Section 165: Upskirting and Intimate Recording

Section 165 addresses recording images or video beneath another person's clothing depicting their genitalia or buttocks, whether covered by underwear or not, without their consent. The offense requires proof that the recording was made without consent or with recklessness as to lack of consent. The penalty is a fine not exceeding Level 10 or imprisonment for up to five years, or both.

Data Controller Licensing Requirements

Statutory Instrument 155 of 2024 (Cyber and Data Protection Licensing Regulations), which took effect in September 2024, requires all entities processing personal data of 50 or more individuals to obtain a data controller license from POTRAZ. The compliance deadline was March 12, 2025.

Any organization that records customers, employees, or members of the public, whether through phone call recording systems, CCTV, meeting recording platforms, or any other means, must hold this license. The license fee ranges from USD $50 to USD $2,000 depending on the scale of data processing operations.

Data controllers were also required to appoint a Data Protection Officer with qualifications in law, data science, information security, or a related field, certified by the Harare Institute of Technology, by December 12, 2024. An entity that fails to appoint a DPO commits an offense punishable by a Level 7 fine or up to two years imprisonment, or both.

Any data controller that continues to process data without a license after March 12, 2025 faces a fine of up to Level 11 (approximately USD $1,000) or imprisonment for up to seven years, or both.

Data Breach Reporting

When a data breach involving recordings or other personal data occurs, SI 155 requires the data controller to report the incident to POTRAZ within 24 hours. If the breach poses a high risk to the rights and freedoms of the affected individuals, those individuals must be notified within 72 hours.

POTRAZ: Dual Regulator for Telecoms and Data Protection

The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) serves simultaneously as the national telecommunications regulator and the national data protection authority under the Cyber and Data Protection Act.

Telecommunications Oversight

POTRAZ oversees the licensing of telecommunications operators, the allocation of radio spectrum, and compliance with national regulations. Lawful interception obligations are included in the conditions attached to telecommunications licenses: service providers are contractually required to facilitate government surveillance when presented with valid warrants under the ICA.

Data Protection Authority

Under the Cyber and Data Protection Act, POTRAZ registers and licenses data controllers, certifies Data Protection Officers, investigates complaints about data misuse, and imposes fines and sanctions for non-compliance. In August 2025, POTRAZ published its first list of licensed data controllers, marking the initial phase of active enforcement following the March 2025 licensing deadline.

Independence Concerns

Human rights organizations have raised questions about whether POTRAZ can function as an effective data protection authority given its dual role. The same body that licenses telecommunications companies and facilitates government interception of communications is also responsible for protecting citizens' data privacy rights. MISA Zimbabwe and other civil society groups argue this creates a structural conflict of interest that undermines data protection enforcement.

The Criminal Law Codification and Reform Act (Chapter 9:23)

The Criminal Law (Codification and Reform) Act [Chapter 9:23] is Zimbabwe's comprehensive criminal code, enacted in 2004 and amended multiple times since. Several of its provisions directly affect recording.

Section 164: Inciting Violence via Computer

Section 164 of the Criminal Law Code criminalizes the act of transmitting, via computer or information system, data messages with intent to incite others to commit acts of violence against any person or cause damage to property. The penalty is a fine not exceeding Level 10 or imprisonment for up to five years, or both.

Journalist Blessed Mhlanga was charged under this provision in February 2025 following an interview with a war veteran who called for President Mnangagwa's resignation. The charges illustrate how a provision about inciting violence can be applied to journalism involving recordings of political speech.

Voyeurism and Image-Based Offenses

The Criminal Law Code also contains provisions against voyeurism and non-consensual intimate recording, which overlap with Section 165 of the Cyber and Data Protection Act. The Code addresses the recording of persons in private situations without their knowledge, particularly in contexts where the recording is made for prurient purposes.

The Patriot Act 2023 and Its Chilling Effect on Recording

The Criminal Law (Codification and Reform) Amendment Act, Act 10 of 2023, signed into law by President Mnangagwa on July 14, 2023, introduced a new offense of "wilfully injuring the sovereignty and national interest of Zimbabwe." This law, widely referred to as the "Patriot Act," does not prohibit recording directly but creates significant legal exposure for anyone who records and distributes content that authorities classify as injurious to national interest.

What the Act Criminalizes

The Act targets citizens and permanent residents of Zimbabwe who participate in meetings to plan or consider:

• Armed intervention in Zimbabwe or the subversion or overthrow of its government
• The implementation or enlargement of sanctions or trade boycotts against Zimbabwe

The language is broad and, according to critics including Amnesty International, Human Rights Watch, and Veritas Zimbabwe, is deliberately vague enough to encompass ordinary journalism, human rights reporting, and civil society advocacy.

Penalties

The penalties are severe. Participation in meetings connected to armed intervention carries the death penalty or life imprisonment. Participation in meetings connected to sanctions advocacy carries a fine of up to USD $12,000 and/or up to 10 years imprisonment. Aggravated offenses can result in citizenship termination, cancellation of permanent residence, voting disqualification for 5 to 15 years, and prohibition from holding public office.

High Court Challenge

The High Court of Zimbabwe, in a ruling by Justice Rodgers Manyangadze, struck down Section 22A(3) of the Act as unconstitutional. The court found the provision's language too vague and far-reaching, raising constitutional concerns over freedom of assembly, association, and expression, as well as the right to a fair trial and citizenship rights. The ruling is significant but does not eliminate the Act's remaining provisions or the chilling effect its existence generates.

Implications for Recording

Journalists and activists who record proceedings of meetings, protests, or discussions touching on international sanctions or political opposition risk being characterized as participants in activity harmful to national sovereignty. Even where the content of a recording is protected speech, distributing a recording of politically sensitive material in Zimbabwe now carries the risk of prosecution under the Patriot Act's surviving provisions. The case brought by journalists Valentine Maponga and Paidamoyo Muzulu, who challenged the Act as threatening legitimate international journalism, underscores the direct connection between this law and recording activity.

Recording Police and Government Officials

Recording police officers, government officials, or security forces in Zimbabwe carries very high legal and personal risk. No statute expressly prohibits recording a law enforcement officer in a public space, but the practical environment makes such recording dangerous.

Legal Exposure

Several provisions create paths to prosecution for those who record official conduct:

• Section 164 of the Criminal Law Code (inciting violence) has been applied to recordings and interviews about government officials, as in the Mhlanga case.
• The Patriot Act creates ambiguity about whether recording meetings that discuss government accountability could be characterized as harmful to national interest.
• The Broadcasting Services Amendment Act 2025 (No. 2 of 2025, gazetted May 23, 2025) extended broadcast regulation to internet-based platforms including podcasts and social media live streams. Distributing recordings through regulated platforms without a Broadcasting Authority of Zimbabwe license creates additional legal exposure.

Documented Arrests and Detentions

RSF ranked Zimbabwe 106th out of 180 countries in its 2025 World Press Freedom Index (score 52.10, improved from 116th in 2024), noting that "extremely harsh laws" including the amended penal code and the Cyber Security and Data Protection Act continue to restrict journalism. RSF and Human Rights Watch document the following recent cases:

• Blessed Mhlanga (arrested February 24, 2025): A journalist for the YouTube outlet Heart and Soul TV was detained for nearly three months and charged with inciting violence under Section 164 of the Criminal Law Code. The charges arose from an interview in which a political figure called for the President's resignation. HRW described the charges as baseless.
• Faith Zaba (arrested July 1, 2025): The editor of the Zimbabwe Independent was arrested on allegations of insulting or undermining the authority of the President under the Criminal Law Code.

Freedom House's Freedom on the Net 2025 report documents an ongoing crackdown in which "several activists and journalists were arrested and detained for their online content."

Watch out: Pointing a camera at a police officer in Zimbabwe, whether during a protest, a traffic stop, or a public event, does not carry the legal protection it might in some other jurisdictions. Authorities have routinely confiscated recording equipment, deleted footage, and arrested journalists for recording official conduct. If you must document official misconduct, consult a Zimbabwean media lawyer before distributing any recording.

Recording Phone Calls in Zimbabwe

Under Zimbabwe's one-party consent rule, a participant in a telephone call may record that call without notifying the other party. The Interception of Communications Act's prohibition targets third-party interception (someone who is not a party to the call secretly monitoring it), not participant recording.

Personal Calls

You may record a personal telephone call you are participating in without informing the other party. The recording is lawfully obtained under the ICA's structure and, under Section 10 of the Cyber and Data Protection Act, is admissible in court for non-sensitive purposes.

What you do with the recording is subject to separate rules. Sharing the recording publicly, distributing it to harm or harass the other party, or posting it online without the recorded person's consent may trigger Section 164A (distribution without consent) or Section 164B (cyber-bullying) of the CDPA.

Business Calls

Organizations that systematically record customer service calls, sales conversations, or internal calls are processing personal data and must comply with the CDPA's licensing and consent requirements. This means holding a POTRAZ data controller license (if processing 50 or more people's data), appointing a DPO, and informing callers that their calls are recorded.

The common practice of playing an automated message such as "this call may be recorded for quality and training purposes" at the start of a call satisfies the notice requirement, but the caller must have a genuine opportunity to decline if they do not consent to being recorded.

VoIP and Messaging Apps

The ICA and CDPA do not distinguish between traditional telephone networks and internet-based communication platforms. Recording a WhatsApp call, a Zoom meeting, or a Microsoft Teams session as a participant in that meeting is lawful under the one-party consent rule. Organizations that record internet-based meetings systematically must still comply with CDPA data processing requirements.

Recording In-Person Conversations

A participant in a face-to-face conversation may record that conversation under Zimbabwe's one-party consent rule. You do not need to obtain the consent of every person present before activating a recording device.

Private Settings

Where the conversation takes place in a private setting, whether a home, office, or restaurant, constitutional and statutory protections are at their strongest. A third party who covertly places a recording device to capture conversations they are not participating in commits an offense under the ICA and potentially under Section 163A of the CDPA.

Meetings and Group Conversations

As a participant in a group meeting or multi-person conversation, you may record it. Other participants who are not recording are not "intercepting" the meeting by merely being present. The one-party rule applies: your status as a participant is sufficient to make the recording lawful at the point of capture.

Recording in Public Places

Zimbabwe's approach to recording in public spaces is less clearly defined than its rules for private communications.

CCTV and Public Surveillance

There is no comprehensive statute specifically regulating the installation and use of CCTV cameras in public spaces. Businesses, government buildings, and private property owners install cameras without a standardized framework governing how footage is captured, stored, or deleted.

The CDPA applies to CCTV operators who capture identifiable individuals: they must hold a data controller license (if processing 50 or more individuals), comply with data processing principles, and implement appropriate security measures. In practice, POTRAZ's enforcement of these requirements for CCTV operators has been limited since the licensing regime only became fully operational in 2025.

Photography and Journalism in Public

There is no blanket prohibition on photographing or filming in open public spaces. However, government authorities have historically used various legal provisions to restrict media recording near government buildings, during protests, and at political events. The Broadcasting Services Amendment Act 2025 now subjects internet-distributed recordings, including social media posts and podcasts, to the Broadcasting Authority of Zimbabwe's regulatory oversight, adding a further layer of risk for content creators who distribute recordings online.

Workplace Recording Rules

Workplace recording in Zimbabwe involves the constitutional right to privacy, the ICA, the CDPA, and general employment law principles.

Employer Obligations

An employer who wishes to monitor or record employee communications, whether through CCTV cameras, call recording systems, or email monitoring, must comply with the CDPA's consent and transparency requirements. Employees must be informed about what is being recorded, why, how recordings will be stored, and how long they will be retained.

Since September 2024, employers who process employee data through recording systems must hold a POTRAZ data controller license and must have appointed a certified Data Protection Officer.

Employee Rights

Employees retain their constitutional right to privacy even in the workplace. An employer cannot install hidden audio recording devices in break rooms, bathrooms, or other areas where employees have a reasonable expectation of privacy. Video surveillance in common work areas is generally permissible with appropriate signage and notice, but audio recording of conversations requires explicit consent where the employees are not party to the conversations being recorded.

An employee who is a participant in a workplace conversation may record it under the one-party consent rule without the employer's knowledge or permission. Such a recording may be used as evidence in labor disputes, subject to admissibility requirements.

Evidence in Labor Disputes

Under the Civil Evidence Act (Chapter 8:01), electronic evidence including audio and video recordings is admissible in Zimbabwean courts and labor tribunals. The recording must be properly authenticated, and the party submitting it must establish that it was obtained lawfully. A participant's recording of a workplace conversation is lawfully obtained under the one-party consent rule and is generally admissible.

Deepfake and AI-Generated Content

Zimbabwe has no legislation specifically addressing deepfakes or AI-generated synthetic audio and video. The existing legal framework applies to the extent that it captures the conduct at issue.

Applicable Provisions

Section 164A of the CDPA (recording or distributing images without consent) applies to any image or recording, including AI-generated images or videos that falsely depict an identifiable person. A deepfake video presenting a real person saying or doing something they did not say or do, distributed without their consent, falls within the scope of Section 164A.

Section 164B (cyber-bullying and harassment) applies where a deepfake is created and distributed with intent to degrade, humiliate, harass, or threaten a specific person.

General defamation law under the Criminal Law Code also applies: publishing a false statement of fact about a person, including through a synthetic recording, that harms their reputation can constitute criminal defamation.

Legislative Gap

Zimbabwe's digital-content regulation has not yet addressed synthetic media explicitly. The Broadcasting Services Amendment Act 2025, while extending regulatory oversight to internet-based broadcasting, does not specifically address AI-generated content. Individuals and organizations operating in the AI-content space in Zimbabwe currently face legal uncertainty and should monitor POTRAZ guidance for regulatory developments.

Cross-Border Recording and Data Transfer

Recording Across National Borders

Where a recording involves participants in different countries, the laws of each participant's jurisdiction may apply. A call between a person in Zimbabwe and a person in the United States could implicate both Zimbabwe's one-party consent rule under the ICA/CDPA and the US federal one-party consent standard under the Wiretap Act (18 U.S.C. § 2511). In practice, Zimbabwe's one-party consent framework aligns with the US federal baseline, reducing the risk of conflict in the most common scenario.

Where a call involves a participant in a jurisdiction that requires all-party consent, such as Germany or Switzerland, the stricter rule applies if the call is made or received in that jurisdiction.

Cross-Border Data Transfer Rules

Section 29 of the Cyber and Data Protection Act governs the transfer of personal data (including recordings) outside Zimbabwe. Cross-border transfers are permitted only when:

• The data subject has consented specifically to the transfer and the consent names the destination country.
• The transfer is necessary for the performance of a contract with the data subject.
• Public interest requires the transfer.
• The destination country provides an adequate level of data protection.

Organizations that store Zimbabwean recordings on cloud servers located outside Zimbabwe must notify POTRAZ before initiating the transfer and ensure the destination meets the adequate-protection standard. Failure to comply with Section 29 is a data processing violation subject to POTRAZ enforcement action.

Cloud Storage and Remote Processing

Many businesses use cloud services hosted in the United States, Europe, or South Africa to store call recordings and video conference records. Under the CDPA, routing Zimbabwean residents' recordings through servers outside the country constitutes a cross-border data transfer requiring notification to POTRAZ. Any data processing agreement with a foreign cloud provider should include provisions addressing Zimbabwean legal requirements.

Penalties at a Glance

Business Compliance Checklist

Organizations operating in Zimbabwe that record any form of communication should take the following steps.

Obtain a data controller license. Since March 12, 2025, any entity processing the personal data of 50 or more individuals, including through call recordings, CCTV footage, or meeting recordings, must hold a POTRAZ license. Operating without one is a criminal offense carrying up to seven years imprisonment.

Appoint a Data Protection Officer. The DPO must hold relevant qualifications in law, data science, or information security, and must complete certification training at the Harare Institute of Technology. Failure to appoint a DPO after December 12, 2024 carries a separate criminal offense.

Implement notice procedures for recordings. As a participant in a conversation, you may record it under the one-party rule. If your organization systematically records calls or meetings involving others, those persons must receive clear notice of what is being recorded, why, and how the recordings will be used, even though all-party consent is not legally required for the act of recording.

Comply with cross-border data transfer requirements. If recordings are stored on cloud servers outside Zimbabwe, notify POTRAZ before initiating the transfer and verify that the destination jurisdiction provides adequate data protection.

Restrict distribution of recordings. The act of recording may be lawful under one-party consent; distributing that recording without the recorded person's consent can trigger Section 164A of the CDPA. Implement internal policies on what recordings may be shared and with whom.

Obtain a Broadcasting Authority license if distributing recordings online. The Broadcasting Services Amendment Act 2025 (No. 2 of 2025, gazetted May 23, 2025) brings internet-based broadcasting, including podcasts and social media live streams containing recordings, within the regulatory scope of the Broadcasting Authority of Zimbabwe. Organizations that regularly distribute recorded content through internet platforms should assess whether a license is required.

Define retention and deletion policies. Establish written policies specifying how long recordings are kept and ensure systematic deletion at the end of each retention period.

Report data breaches promptly. Any breach involving recordings must be reported to POTRAZ within 24 hours. Where the breach poses a high risk to individuals, those individuals must be notified within 72 hours.

Train staff on criminal exposure. Employees who handle recordings should understand the distinction between lawful participant recording (permitted under one-party consent), unlawful third-party interception (prohibited under ICA), and unlawful distribution of recordings (potentially prohibited under Section 164A and 164B of the CDPA).

Disclaimer: This article presents general legal information about Zimbabwe's recording laws as of May 2026. It is not legal advice and does not address your specific situation. Zimbabwe's legal environment is subject to ongoing legislative changes and enforcement practices that may not be reflected here. Consult a lawyer licensed to practice in Zimbabwe for advice on your specific circumstances.