Zuberi Okeke
- African governments are rolling out new AI policies even though the continent has produced very few globally recognised AI products
- Most “AI rules” on the books today are actually extensions of data protection and consumer laws
- Experts say unclear rules and early compliance burdens could slow down young startups that are still experimenting
Africa’s AI policy push what are governments actually regulating
Across the continent, policymakers are racing to write the rules for artificial intelligence. By 2025, South Africa, Nigeria, Kenya, Rwanda and others all have some form of national AI strategy or policy paper on the table. Yet the continent is still struggling to ship AI products that matter globally.
That tension sits at the heart of recent reporting by TechCulture Africa, which tracks how governments are moving faster on rules than on real deployments. South Africa finalised its National Policy Framework on Artificial Intelligence in August 2024. Nigeria announced its National Artificial Intelligence Strategy in 2023. Kenya followed with a National AI Strategy in March 2025, framed as a 2025–2030 roadmap for AI in public services and the wider economy.
On paper, it looks like an AI gold rush. On the ground, there are still very few homegrown tools comparable to the products coming out of the United States, Europe or China.
Why African countries are regulating AI now
One reason is political pressure from the top of the continental system. In 2024, the African Union adopted its Continental Artificial Intelligence Strategy. The document calls on member states to build “unified, ethical and inclusive” governance frameworks, and to move together on rules that protect citizens while promoting development.
National governments have treated that as a green light. A 2025 analysis by Ogunyemi Solicitors notes that countries like Nigeria, Kenya and South Africa are reacting to two forces at once. First, the global shift toward AI rules in places such as the EU. Second, public concern about privacy, bias and job losses, even though most people have only interacted with AI through chatbots or social media feeds.
So far, though, African countries are not writing heavy, standalone AI laws. Instead, they are leaning on existing data and consumer rules. The Legal500 review of AI regulation in Africa points out that Kenya’s Data Protection Act of 2019 and South Africa’s Protection of Personal Information Act, known as POPIA, are still doing the bulk of the work.
What these AI policies actually regulate
When you read the national documents closely, a pattern emerges. They are less about cutting edge models and more about how data and automated decisions should be managed.
South Africa’s framework for example talks about transparency in algorithmic decisions, public safety and ethical standards in sectors like healthcare, manufacturing and public administration. It rests on nine strategic pillars that include talent development, digital infrastructure and fairness in automated systems.
Nigeria’s National Artificial Intelligence Strategy positions AI as a growth engine for agriculture, finance and healthcare. TechCulture Africa’s reporting shows that Abuja is pairing that ambition with high level ethical commitments. The strategy speaks about preventing misuse and aligning deployment with national development plans.
Kenya’s National AI Strategy 2025–2030 is even more explicit. It focuses on “ethical, inclusive and innovation driven” adoption, with big sections on public services, data governance and digital identity. The document openly states that Kenya currently relies on existing laws like the Data Protection Act 2019 and the Computer Misuse and Cybercrimes Act 2018. AI is added as a new use case to an old rulebook.
Rwanda’s National AI Policy follows a similar path, mandating fairness and transparency in applications such as smart city systems. It also carves out funding for training regulators, a sign that governments know their own capacity is still thin. TechCulture Africa notes that this focus on upskilling regulators appears in several national strategies, not just Rwanda’s.
The reality most rules are about data not AI
Strip away the glossy language and the core is data. According to Legal500, South Africa enforces most AI related obligations through POPIA, the Consumer Protection Act and the Electronic Communications and Transactions Act. None of these laws were written for machine learning, but they now shape how companies deploy automated systems that touch personal data.
Ogunyemi Solicitors describes Kenya’s model as “innovation first, hard law later.” Regulators encourage experimentation, while relying on data protection and sector rules to step in if things go wrong. That means there is a lot of room for interpretation. Banks, hospitals and startups must decide internally how far existing provisions on consent, profiling and automated decisions should apply to new tools.
This is why many legal analysts argue that Africa is regulating the fuel of AI, not the engines themselves. Personal data, consumer rights and digital contracts are covered. The inner workings of large models, risk tiers or model registration systems are largely left untouched for now.
Recommended Tech
The TechBull recommends that readers who handle sensitive personal information look beyond national rules and protect themselves directly. Identity theft and online fraud are rising across markets that are rapidly digitising. Tools like Aura’s all in one security and identity protection service, available through this Aura link, can help individuals and small teams monitor breaches, secure accounts and reduce the risk that weak data practices will turn into real world harm.
Impact on startups and innovation
The gap between ambitious strategies and thin product pipelines worries some practitioners. Interviews compiled in TechCulture Africa’s analysis suggest that early regulation might slow down founders who are still figuring out basic product market fit. Compliance with data mapping, impact assessments and cross border transfer rules demands lawyers and auditors. Many African startups do not have that capacity in house.
Legal500 also flags another problem. Because there is no single AI statute in most countries, businesses must guess how different laws will be read together. That uncertainty itself becomes a risk. Companies might stay away from more advanced AI uses in health or credit scoring because no one wants to be the first test case in court.
At the same time, the lack of serious local products is not just about rules. As we explored in this opinion piece on why Africa lags behind in AI innovations, gaps in compute, capital and procurement also hold builders back.
For founders trying to move despite the headwinds, low code automation platforms can help. Workflow tools such as Make.com allow teams to plug third party models into real services and governance pilots without spending months on custom engineering. That is particularly useful where regulators want to see practical prototypes rather than slide decks.
Recommended Tech
The TechBull suggests that startups experimenting with compliant AI workflows look at Make.com’s visual automation platform. It lets small teams stitch together APIs, monitoring tools and audit trails in a few clicks, which can cut the cost of building governance friendly pilots in markets with evolving rules.
Get the latest tech updates and insights directly in your inbox.
Where African AI policy goes next
The African Union’s Continental AI Strategy calls for harmonisation across member states, but turning that into reality will take time. The AU has set out a five year implementation plan starting in 2025 that focuses on building skills, infrastructure and shared legal principles.
Ogunyemi Solicitors argues that the next phase needs a better balance between protection and experimentation. Governments are being urged to issue clearer guidance, test regulatory sandboxes and avoid rules that would scare off exactly the kind of investment African startups are chasing. Readers who want to understand how to pull that capital in can look at our piece on how African startups could attract more AI investments.
Legal500’s researchers make a similar point. They call for sector specific AI rules in areas like health, finance and public services, built on top of existing data and consumer laws. The goal is not to copy Europe’s approach word for word, but to give African businesses a clearer path to compliance and innovation at the same time.
There are also signals of what could come next. Kenya’s CyberWeek Africa 2025, where cybersecurity and AI share the stage, shows how digital policy is becoming more integrated. Our coverage of CyberWeek explores how ministries are starting to treat AI as part of broader economic planning, not just a niche tech issue.
Partnerships with global firms are another piece of the puzzle. Deals like the Nvidia and Cassava collaboration hint at a future where African data and energy resources support large scale training and hosting, while local rules try to keep that power aligned with public interest.
For now, one thing is clear. Africa’s governments are no longer waiting for blockbuster AI products before they act. They are building rulebooks around data, ethics and development goals first, and trusting that the products will come later.
