Conventional legal framework intended to protect nuclear related-activities focused on the physical protection of nuclear materials. The definition of nuclear materials as contained in the Convention on the Physical Protection of Nuclear Material became inadequate because it covered only plutonium, enriched uranium, and international nuclear transportation. The multidimensional threats to nuclear facilities have become sophisticated and now include non-state actors. The potential exploitation of nuclear vulnerabilities has necessitated the development of a nuclear security regime which is able to prevent, detect and respond to theft, sabotage, unauthorised access and illegal transfer, or other malicious acts involving nuclear material as well as radioactive substances and their associated facilities. The adoption of International Convention for the Suppression of Acts of Nuclear Terrorism in 2005 has globally strengthened the legal regime governing nuclear security. However, the legal framework governing the protection of the extensive implementation of digital systems, for example instrumentation and control (I&C) systems for the monitoring, control and protection of nuclear power plants is still in its infancy, but is evolving. This paper seeks to examine the effectiveness of the existing legal framework governing cybersecurity in nuclear facilities in South Africa. [ABSTRACT FROM AUTHOR]