Promoting Effective and Inclusive ICT Policy in Africa

Category Archives: Blog

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  Blog
12Aug

CIPESA Submits Report on the State of Digital Rights in Liberia to the Universal Periodic Review

Author CIPESA Posted on

By Edrine Wanyama |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the West Africa ICT Action Network (WAICTANET) have submitted to the United Nations Human Rights Council a report that shines a light on Liberia’s human rights record in the digital domain. The report documents developments in Liberia’s digital civic space and offers key information to countries and other stakeholders involved in scrutinising Liberia’s performance under the Universal Periodic Review (UPR) mechanism.

The UPR process offers all United Nations (UN) member states the opportunity to declare what actions they have taken to improve the human rights situation in their countries and to fulfil their human rights obligations. The report notes that while Liberia has taken some steps to promote the realisation of digital rights, it maintains regressive laws, such as the 1978 Penal Code, and there have been instances of curtailment of rights.

According to Patricia Ainembabazi, Policy and Advocacy Officer at CIPESA, this report is essential for tracking the progress made by Liberia in protecting and promoting human rights in online spaces in accordance with domestic, regional and international obligations. She added: “The report forms the basis for identifying opportunities and shaping the human rights situation to enable the realisation of civil liberties in online spaces. Liberia should take these observations seriously and undertake the necessary reforms.”

The report notes that since Liberia was last reviewed in 2020, it has made some progressive steps towards recognising the importance of online spaces and enacted the Kamara Abdullah Kamara Act on Press Freedom which, among others, decriminalises defamation. It has also taken strides to enhance child protection online and to promote gender equality.

Nevertheless, evidence over the years shows a clear onslaught on the digital civic space, with targeted actions against journalists, human rights defenders (HRDs) and activists. These actors often face intimidation and threats, arrests, detention and lengthy prison sentences that are often enabled by laws that are overly broad and ambiguous. In other cases, there have been violent attacks and unresolved deaths of journalists under suspicious situations including assault. These actions have cast a chill on freedom of expression and led to self-censorship by journalists and HRDs and online activists.

Liberia does not have a specific law on data protection, although a validation of the draft law was conducted in late 2024. Since Liberia does not have a data protection authority, individuals’ data remains vulnerable to misuse by unscrupulous individuals, yet there are limited avenues for legal redress for aggrieved parties.

Furthermore, data protection standards in the country fall short of regional and international data protection standards such as those prescribed by the African Union Convention on Cyber Security and Personal Data Protection – which Liberia is yet to ratify.

Meanwhile, Liberia continues to grapple with high levels of digital exclusion due to poverty, digital illiteracy and the concentration of digital access in urban centres.

The report calls upon the Liberian government to:

  1. Repeal all restrictive laws and provisions that criminalise speech and undermine freedom of expression, including section 11.11 of the Penal Law, which penalises individuals for publicly accusing the President of misconduct, even if the accusation is true; section 11.12 on sedition that broadly criminalises acts deemed as incitement against the government; and section 11.14 on criminal malevolence that targets statements which could harm the reputation of public officials. These provisions deter investigative journalism and public accountability.
  2. Expedite the enactment of a specific law on data protection to safeguard and protect personal data. Additionally, ratify and domesticate the Malabo Convention on Cyber Security and Personal Data Protection to show commitment to cyber security and personal data protection.
  3. Amend the Freedom of Information Act to strengthen enforcement and ensure greater accessibility to public information. The law should include clear, enforceable penalties for public officials who unjustifiably deny access to information, and establish mechanisms for timely, proactive disclosure by government bodies.
  4. Codify legal safeguards for internet freedom by explicitly protecting online expression within the provisions of the Telecommunications Act 2007, and fast-track the enactment of the Cybercrime Act.
  5. Empower the Independent National Commission on Human Rights (INCHR), by among others, increasing human and financial resources to enhance and facilitate its role in promoting and protecting human rights.
  6. Enhance the capacity of judicial officers and law enforcement officers on online freedoms.
  7. Implement strict protocols preventing the arbitrary arrest or harassment of journalists for their work, and train security forces in this regard.
  8. Comprehensively investigate and prosecute all cases of abuse and killing of journalists to ensure that justice is served.
  9. Enact a specific law on the protection of children’s privacy, protection against online violence, exploitation, sex predation, grooming and abuse, and pornography to ensure children’s safety online.

See full report here

06Aug

Making AI More Participatory and Inclusive for the Benefit of All Africans

Author CIPESA Posted on

Joint Statement |

Artificial Intelligence (AI) is reshaping our societies; we must ensure ethical, inclusive, and rights-based approaches rooted in the lived realities of our communities, guide its development and application in Africa. 

The Global AI Summit on Africa 2025 held in April in Kigali is one of the important movements and platforms, bringing together civil society organizations, african leaders, parliamentarians, youth actors, researchers, and private sector leaders, to champion principles that uphold human dignity, safeguard marginalized voices, and foster responsible innovation. We applaud the inspiring conversations around AI’s transformative potential for the continent, driven at the Summit. However, such a conversation should not end there. To move from inspiration to impact, we must recognize that some critical voices need to be involved in decision-making spaces.

In collaboration with Niyel, Mozilla, Pollicy, ACM Nigeria, Innovation for Policy Foundation, MISA, and the Namibia University, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) contributed to the development of this call, addressed to african leaders, organisers, and co-chairs of the Global AI Summit 2025 to emphasise the need for more inclusive and participatory approaches.

Through this statement, we are calling for clear commitments and tangible actions around three priorities:

  • Decent AI Jobs for Africa’s people
  • Meaningful public participation in AI governance
  • Resources and support for inclusive, participatory AI development

We invite you to join the call for action and become a signatory to a collective statement that pushes for global collaboration, transparency, and oversight in AI governance. Your voice matters in shaping a future where AI serves humanity, not the other way around. 25 signatories are on board. Whether you’re advocating for gender justice, digital inclusion, or ethical tech, this is your moment to co-create solutions that reflect shared values and lived realities.

Sign the call. Share it widely. Mobilize your networks. Together, we can build an AI ecosystem rooted in equity, accountability, and collective knowledge.

To sign the statement, fill out this form and click here to download the statement.

04Aug

Lesotho Charts a Progressive Path on Data Governance

Author CIPESA Posted on

Patricia Ainembabazi |

From July 28-31, Lesotho’s highland capital of Maseru buzzed with the energy of a data governance sprint. Government officials, academics, civil society, and the private sector assembled for an intensive workshop convened by the African Union Development Agency-NEPAD and AU-GIZ with support from the Lesotho Ministry of Information, Communications, Science, Technology and Innovation (MICSTI), the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the Kenya ICT Action Network (KICTANet). 

The gathering drew over 60 participants with a shared proposition: get everyone on the same page about what good data governance should look like in Lesotho and how to achieve it. The workshop charted a pathway for Lesotho to domesticate the African Union Data Policy Framework (AUDPF), which was adopted by the African Union in 2022. The framework provides guidance to Member States on building harmonised, rights-respecting data governance policies that support digital transformation, innovation, and secure cross-border data flows. 

Lesotho’s efforts to domesticate this framework come at a crucial time, as the country seeks to modernise its digital policy environment and position itself within the continent’s increasingly data-driven economy. These efforts, including the workshop, demonstrate Lesotho’s political will to align with continental digitalisation and data governance blueprints such as the AUDPF and to build an inclusive digital future.

Lesotho’s Minister for Information, Communications, Science, Technology and Innovation,  Nthati Moorosi, stated that the various workshop sessions aimed to “instill more understanding on data governance for clear domestication of the [AUDPF] policy framework.” Sessions saw participants introduced to key concepts such as data as a public good, the importance of ethics and accountability, and the need for harmonised cross-border data policies. Case studies from across Africa helped illustrate how sound data governance could unlock value in sectors such as agriculture, health, and education.  

CIPESA led practical sessions during which participants examined Lesotho’s Data Protection Act and the draft Data Management Policy (2025) in relation to key African instruments, including the AUDPF, the Malabo Convention, the African Continental Free Trade Area (AfCFTA), and the Digital Transformation Strategy for Africa. Participants noted areas of alignment between the national and continental frameworks but also identified gaps in the national data governance framework

As such, effort went into mapping out where Lesotho is already aligned with the AUDPF and which specific areas need to be prioritised in revising the country’s legal and policy framework. Recommendations from this mapping exercise included establishing an independent Data Protection Commission, clarifying categories of personal and sensitive data, improving inter-agency coordination, and investing in digital literacy and data privacy skills across the public and private sectors. 

The workshop was complemented by a strategic stakeholder survey to assess perceptions on Lesotho’s data governance framework. The survey revealed a minimal understanding of the country’s data governance frameworks. Over half of the respondents stated that existing policies were outdated and unable to address current challenges such as cross-border data flows, cloud computing, and evolving digital privacy threats. Respondents identified digital trade, innovation, health research, and public trust as key benefits of robust data governance. Responses further emphasised the importance of inclusive policymaking, public awareness on data governance campaigns in both English and Sesotho, alongside targeted support for rural and marginalised communities. 

By the conclusion of the meeting, participants had agreed on a national data governance strengthening roadmap. With contributions coming from the broad spectrum of participants, who included Princess Senate Mohato Seeiso, through to Principal Secretary Kanono Leronti Ramashamole of the MICSTI, who noted that “data is no longer a by-product of administration but a strategic national asset”, the meeting reinforced the value multistakeholderism holds in digital governance. 

Undeniably, no single institution can carry the policymaking load by itself. The real story from Maseru is the multistakeholder collaboration, with the MICSTI anchoring at home, the AUDA-NEPAD and AU-GIZ bringing continental scaffolding, civic and technical communities translating frameworks into practice, and a steady emphasis that data governance has to work for everyone. Ultimately, this process could enable Lesotho to not just catch up with the AUDPF, but to help show what a people-centred, innovation-friendly data ecosystem looks like in the region. 

As regional leaders in digital rights and digital governance, CIPESA is committed to providing continued support to Lesotho as it works to reform its policies and institutionalise stronger data governance mechanisms. Our involvement helps to ensure that national efforts are grounded in best practices and aligned with continental and global standards, such as those set by the African Union.

04Aug

Meet the Next Generation of Journalists Covering Africa’s Digital Public Infrastructure

Author CIPESA Posted on

DPI Fellowship |

 The Collaboration on International ICT Policy for East and Southern Africa (CIPESA), in partnership with Co-Develop, is pleased to announce the inaugural cohort of Fellows selected for  the Digital Public Infrastructure (DPI) Journalism Fellowship for Eastern Africa following an open call in April 2025. 

This six-month regional fellowship aims to cultivate a new generation of journalists with the knowledge and skills to investigate and report on DPI and Digital Public Goods (DPGs). Fellows will participate in specialised training sessions, receive mentorship, and receive financial support to develop and produce impactful stories in diverse formats and languages. The stories will interrogate the development and deployment of DPI and DPGs with a focus on their implications for governance, inclusion, equity, and citizens’ everyday lives.

The fellowship brings together 20 journalists from nine countries (Burundi, DR Congo, Ethiopia, Kenya, Rwanda, Somalia, South Sudan, Tanzania, and Uganda) who work across online, broadcast, and print platforms.

The call in April attracted 214 applications, which were assessed through a rigorous selection process to identify fellows who demonstrated a strong interest and capacity to report on emerging digital public infrastructure issues with clarity, depth, and integrity. 

“This fellowship is about more than capacity building. It is about empowering African journalists to shape the public narrative around digital transformation in ways that reflect citizens’ rights, challenges, and aspirations,” said Dr. Wairagala Wakabi, CIPESA’s Executive Director. “We are thrilled to support these pioneering journalists as they lead the charge in demystifying digital infrastructure and holding power to account.”

The launch of this fellowship is significant as the digital transformation agenda of many African countries is evolving. Yet, media coverage of DPI and DPGs remains limited. The fellowship aims to close that gap by building the capacity of the media to cover DPI and DPI in ways that create awareness and informed public discourse on digital governance.

The fellowship is inspired by a similar Co-Develop-funded initiative implemented by the Media Foundation for West Africa (MFWA), which supported fellows to produce over 100 impactful stories that spurred public debate and influenced policy.

At Co-Develop, we believe that sustainable digital public infrastructure requires more than innovation and technology, it demands informed ecosystems. By supporting journalists across nine East African countries, this fellowship helps create a critical layer of engagement and accountability around Digital Public Infrastructure. We’re proud to invest in a future where DPI is not only built, but deeply understood, safeguarded, and shaped by those it serves.
– Desire Kachenje, Senior Investment Principal, Co-Develop

Follow the Fellows’ Stories
Stay engaged with the work of the DPI Journalism Fellows throughout 2025 using the hashtags #DPIJournalism #DPIFellows2025. Follow their stories and insights via CIPESA and Co-Develop’s online platforms, and join the conversation on how digital public infrastructure is shaping the future of governance and inclusion in Africa.

Read more about the DPI Journalism Fellows 2025 here.

Digital Public Infrastructure in Africa: A Looming Crisis of Equitable Access, Digital Rights, and Sovereign Control
30Jul

Digital Public Infrastructure in Africa: A Looming Crisis of Equitable Access, Digital Rights, and Sovereign Control

Author CIPESA Posted on
Digital Public Infrastructure in Africa: A Looming Crisis of Equitable Access, Digital Rights, and Sovereign Control
CCTV system in Kampala, Uganda. REUTERS/James Akrena (2019)

By Brian Byaruhanga

In June 2025, Uganda suspended its Express Penalty Scheme (EPS) for traffic offences, less than a week after its launch, citing a “lack of clarity” among government agencies. While this seemed like a routine administrative misstep, it exposed a more significant issue: the brittle foundation upon which many digital public infrastructures (DPI) in Africa are being built. DPI refers to the foundational digital systems and platforms, such as digital identity, payments, and data exchange frameworks, which form the backbone of digital societies, similar to how roads or electricity function in the physical world

This EPS saga highlighted implementation gaps and illuminated a systemic failure to promote equitable access, public accountability, and safeguard fundamental rights in the rollout of DPI.

When the State Forgets the People

The Uganda EPS, established under section 166 of the Traffic and Road Safety Act, Cap 347, serves as a tech-driven improvement to road safety. Its  goal is to reduce road accidents and fatalities by encouraging better driver behaviour and compliance with traffic laws. By allowing offenders to pay fines directly without prosecution, the system aims to resolve minor offences quickly and to ease the burden on the judicial system. Challenges faced by the manual EPS system, which the move to the automated system aimed to eliminate, include corruption (reports of deleted fines, selective enforcement, and theft of collected penalties). 

At the heart of the EPS was an automated surveillance and enforcement system, which used Closed Circuit Television (CCTV) cameras and license plate recognition to issue real-time traffic fines. This system operated with almost complete opacity. A Russian company, Joint Stock Company Global Security, was reportedly entitled to 80% of fine revenues, despite making minimal investment, among other significant legal and procurement irregularities. There was a notable absence of clear contracts, publicly accessible oversight mechanisms, or effective avenues for appeal. Equally concerning, the collection and storage of extensive amounts of sensitive data lacked transparency regarding who had access to it.

Such an arrangement represented a profound breach of public trust and an infringement upon digital rights, including data privacy and access to information. It illustrated the minimal accountability under which foreign-controlled infrastructure can operate within a nation. This was a data-driven governance mechanism that lacked the corresponding data rights safeguards, subjecting Ugandans to a system they could neither comprehend nor contest.

This is Not an Isolated Incident

The situation in Uganda reflects a widespread trend across the continent. In Kenya, the 2024 Microsoft–G42 data centre agreement – announced as a partnership with the government to build a state-of-the-art green facility aimed at advancing infrastructure, research and development, innovation, and skilling in Artificial Intelligence (AI) –  has raised serious concerns about data sovereignty and long-term control over critical digital infrastructure. 

In Uganda, the National Digital ID system (Ndaga Muntu) became a case study in how poorly-governed DPI deepens structural exclusion and undermines equitable  access to public services. A 2021 report by the Centre for Human Rights and Global Justice found that rigid registration requirements, technical failures, and a lack of recourse mechanisms denied millions of citizens access to healthcare, education, and social protection. Those most affected were the elderly, women, and rural communities. However, a 2025 High Court ruling ignored evidence and expert opinions about the ID system’s exclusion and implications for human rights. 

Studies estimate that most e-government projects in Africa end in partial or total failure, often due to poor project design, lack of infrastructure, weak accountability frameworks, and insufficient citizen engagement. Many of these projects are built on imported technologies and imposed models that do not reflect the realities or governance contexts of African societies.

The clear pattern is emerging across the continent: countries  are integrating complex, often foreign-managed or poorly localised digital systems into public governance without establishing strong, rights-respecting frameworks for transparency, accountability, and oversight. Instead of empowering citizens, this version of digital transformation risks deepening inequality, centralising control, and undermining public trust in government digital systems.

The State is Struggling to Keep Up

National Action Plans (NAPs) on Business and Human Rights, intended to guide ethical public–private collaboration, have failed to address the unique challenges posed by DPI. Uganda’s NAP barely touches on data governance, algorithmic harms, or surveillance technologies. While Kenya’s NAP mentions the digital economy, it lacks enforceable guardrails for foreign firms managing critical infrastructure. In their current form, these frameworks are insufficiently equipped to respond to the complexity and ethical risks embedded in modern DPI deployments.

Had the Ugandan EPS system been subject to stronger scrutiny under a digitally upgraded NAP, key questions would likely have been raised before implementation:

  • What redress exists for erroneous or abusive fines?
  • Who owns the data and where is it stored?
  • Are the financial terms fair, equitable, and sovereign?

But these questions came too late.

What these failures point to is not just a lack of policy, but a lack of operational mechanisms to design, test and interrogate DPI before roll out. What is needed is a practical bridge that responds to public needs and enforces human rights standards.

Regulatory Sandboxes: A Proactive Approach to DPI

DPI systems, such as Uganda’s EPS, should undergo rigorous testing before full-scale deployment. In such a space, a system’s logic, data flows, human rights implications, and resilience under stress are collectively scrutinised before any harm occurs. This is the purpose of regulatory sandboxes – platforms that offer a structured, participatory, and transparent testbed for innovations. 

Thus, a regulatory sandbox could have revealed and resolved core failures of Uganda’s EPS before rollout, including the controversial revenue-sharing arrangement with a foreign contractor.

How Regulatory Sandboxes Work: Regulatory sandboxes are useful for testing DPI systems and governance frameworks such as revenue models in a transparent manner, enabling stakeholders to examine the model’s fairness and legality. This entails publicly revealing financial terms to regulators, civil society, and the general public. Secondly, before implementation, simulated impact analyses can also highlight possible public backlash or a decline in trust. Sandboxes can be used for facilitating pre-implementation audits, making vendor selection and contract terms publicly available, and conducting mock procurements to detect errors.  By defining data ownership and access guidelines, creating redress channels for data abuse, and supporting inclusive policy reviews with civil society, regulatory sandboxes make data governance and accountability more clear.

This shift from reactive damage control to proactive governance is what regulatory sandboxes offer. If Uganda had employed a sandbox approach, the EPS system might have served as a model for ethical innovation rather than a cautionary tale of rushed deployment, weak oversight, and lost public trust.

Beyond specific systems like EPS or digital ID, the future of Africa’s digital transformation hinges on how digital public infrastructure is conceived, implemented, and governed. Foundational services, such as digital identity, health information platforms, financial services, surveillance mechanisms, and mobility solutions, are increasingly reliant on data and algorithmic decision-making. However, if these systems are designed and deployed without sufficient citizen participation, independent oversight, legal safeguards, and alignment with the public interest, they risk becoming tools of exclusion, exploitation, and foreign dependency. 

Realising the full potential of DPIs as a tool for inclusion, digital sovereignty, and rights-based development demands urgent and deliberate efforts to embed accountability, transparency, and digital rights at every stage of their lifecycle.

Photo Credit – CCTV system in Kampala, Uganda. REUTERS/James Akena (2019)

1 5 6 7 8 9 94