CIPESA Leads Critical Dialogue on Aligning National Data Policies with African Union Frameworks

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) recently convened a series of impactful presentations and discussions focused on harmonizing national data governance with key African Union (AU) frameworks. The sessions, which brought together policymakers, legal experts, ICT professionals, and civil society actors, provided a comprehensive overview of regional instruments and their implications for national policy-making in the digital age.

At the heart of the discussions were major AU frameworks shaping Africa’s digital future: the AU Convention on Cybersecurity and Personal Data Protection (commonly known as the Malabo Convention), the AU Data Policy Framework, the African Continental Free Trade Area (AfCFTA), the Digital Transformation Strategy for Africa (2020–2030), and Agenda 2063—Africa’s blueprint for inclusive and sustainable development.

Participants examined how these continental initiatives aim to foster secure, inclusive, and interoperable digital environments across member states. The Malabo Convention, for instance, sets out essential principles for data protection and cybersecurity, establishing obligations for data controllers and enforcers across Africa. Similarly, the AU Data Policy Framework encourages states to adopt common standards for data access, portability, and sovereignty, all crucial in a digitally integrated Africa.

As countries strive to participate meaningfully in the AfCFTA, data governance has become central. Efficient cross-border data flows and aligned legal frameworks are essential to unlocking the full benefits of free trade across digital platforms, e-commerce, and digital public services.

CIPESA facilitated an in-depth summary of what the AU frameworks collectively offer: a foundational guide for developing or updating national data policies. This includes guidance on drafting modern data protection laws, building strong data infrastructure, and ensuring that digital trade policies support human rights, innovation, and economic growth.

A significant part of the dialogue focused on analysing existing national instruments such as the Data Management Policy and the Data Protection Act of 2011. While the Act marked an important step in regulating personal data, experts highlighted gaps in enforcement mechanisms, emerging data governance challenges, and the need for better alignment with more recent continental frameworks.

Legal analysts noted that the 2011 Act does not fully reflect the principles of transparency, consent, and cross-border cooperation outlined in the Malabo Convention or the AU Data Policy Framework. There is also limited clarity on roles between data controllers, processors, and protection authorities, which makes monitoring and compliance difficult.

CIPESA further facilitated stakeholder engagements to explore options for aligning national legislative frameworks with evolving continental policies. Among the suggested strategies were:

• Updating national laws to comply with AU standards on data protection and digital rights
• Establishing independent data protection authorities with clear mandates and resources
• Developing interoperability standards for cross-border data sharing
• Strengthening regional cooperation on cybercrime and digital trade facilitation
• Promoting stakeholder participation in national digital policy development

Speaking during the event, Mr. Thapeli Tjabane, Director of ICT, emphasized the need for coherence between local policy instruments and AU-wide initiatives. “Developing a data policy means being mindful of both the bill and the Act that speak to data management,” he said. “It must also reflect the importance of inter-country and cross-border collaboration to unlock the full potential that AfCFTA provides, along with a number of African Union strategies.”

Mr. Tjabane noted that Africa’s digital future rests on the continent’s ability to create enabling policy environments that allow for secure data exchange, digital innovation, and equitable growth. He urged policymakers to treat data governance not just as a technical issue but as a development imperative.

As the continent moves forward with implementing Agenda 2063 and the Digital Transformation Strategy for Africa, experts say that initiatives like CIPESA’s workshops are vital in building the policy capacity needed to manage data responsibly while fostering digital inclusion and economic competitiveness.

The discussions closed with a shared commitment to collaborate across sectors in updating laws and strengthening regional policy alignment—recognizing that secure, trusted, and inclusive data governance is key to building the Africa we want.