Reforming data regulation to advance AI governance in Africa

As artificial intelligence (AI) development accelerates globally and concerns regarding its use grow, the need for AI governance has reached an unprecedented level of urgency. With only seven African nations (Benin, Egypt, Ghana, Mauritius, Rwanda, Senegal, and Tunisia) having drafted national AI strategies and none implementing formal AI regulation, substantial efforts are required to advance AI regulatory frameworks on the African continent.¹ It is also crucial to recognize that data plays a fundamental role in AI development and warrants regulation. Approximately 36 out of 54 African countries have established formal data protection regulations, offering a potential foundation upon which robust AI legislation can be constructed.² To bolster AI governance initiatives, African nations should consider data governance as a viable pathway toward regulating AI, facilitating its responsible utilization and development as this transformative technology continues to evolve.

Data protection regulation, such as the European Union’s General Data Protection Regulation (GDPR), has laid a strong foundation for the EU to develop and draft the EU AI Act, which is expected to be fully implemented by 2026.³ However, the advent of large language models and the increasing utilization of data workers have changed prevalent narratives around the production and use of data. Given these new complexities, existing data governance initiatives within Africa must be revamped to comprehensively cover aspects such as data quality, privacy, responsible data sharing, compliance, transparency, and labor protections for data workers. Additionally, African countries have context-specific challenges that differ significantly from those within the West, highlighting a need to understand how to develop culturally aligned and feasible governance solutions.⁴ By balancing lessons from the recent ratification of the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) and advancing research on regional and country-specific needs, African nations can work toward data policies that serve the needs of African governments, companies, and consumers.⁵

Current development priorities such as refining social services, tackling insecurity, planning for climate change, building infrastructure, and fighting corruption understandably take greater precedence over regulating AI. Nevertheless, African governments must first work toward reinforcing data regulation along with building the human capital necessary to sustain AI ecosystems.⁶ African governments must also harness the capabilities of their digital ministries to support the development of data and AI legislation. As of 2023, nearly every African country has a digital ministry, which provides a sufficient base to refine existing data protections and eventually implement AI legislation. However, governments should not be the only actors shaping data and AI regulation. As demonstrated by the United States’ recently issued Executive Order on AI and the United Kingdom’s AI Safety Summit, cross-sector collaboration efforts from advocacy groups, academia, policymakers, and tech companies have been influential in advancing these countries’ progress toward AI legislation.⁷ Within African countries, local stakeholders should be offered opportunities to shape data and AI regulation by serving on advisory bodies and expert groups like those initiated by the United Nations and OECD. Such participation will help open realizable pathways for enhanced data stewardship and oversight of AI systems—dual priorities amid the rise of emerging technologies within Africa.