Promoting Effective and Inclusive ICT Policy in Africa

Blog

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog
19May

Zambia’s Cybersecurity and Cybercrimes Laws Raise Alarms for Digital Rights

Author CIPESA Posted on

By Edrine Wanyma |

In April 2025, the Zambian Parliament enacted two laws – the Cyber Security Act, 2025, and the Cyber Crimes Act, 2025 – which pose significant threats to digital rights and civil liberties in the country.

Despite significant concerns raised by civil society and digital rights advocates, including the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Bloggers of Zambia, the two laws were passed with minimal revisions, leaving intact several provisions that undermine fundamental freedoms, including the right to privacy, freedom of expression, access to information, assembly and association.

Last December, CIPESA and Bloggers of Zambia submitted to the parliament a detailed analysis highlighting critical human rights concerns with the two proposed laws. The concerns include the overly broad surveillance powers and the weak oversight mechanisms that provide latitude for wantonly interfering with individuals’ rights.

Broadly Worded and Vague Definitions

The laws are riddled with broadly worded and vague definitions. Terms such as “law enforcement officer,” “critical information,” “critical information infrastructure,” “internet connection record,” and “call-related information” are so vague that they risk being interpreted to serve the interests of those in power. There is also a high risk they could be weaponised to target government opponents, critics, journalists and online activists.

For instance, the expansive definition of “critical information” refers to computer data that relates to a broad range of areas, including public safety, public health, economic stability, national security, international stability and the sustainability and restoration of critical cyberspace, providing authorities with a carte blanche to monitor and control information flow.

Similarly, the definition of “law enforcement officer” extends beyond traditional roles to include officers from the Anti-Corruption Commission, Drug Enforcement Commission and even individuals designated by the President. This expansion raises concerns about accountability, particularly as these officers can apply for communication interception orders ex parte (without notifying the target), thereby denying affected parties the right to contest such actions. This dangerously expands the scope of surveillance without meaningful judicial oversight or accountability.

Oversight and Accountability Concerns

Section 4 of the Cyber Security Act establishes the Zambia Cyber Security Agency under the general direction of the President. This arrangement can undermine the agency’s independence and increase the risk of political interference in its operations. The agency’s mandate, which includes regulating service providers, coordinating cybersecurity responses, and auditing information systems, requires robust oversight mechanisms, which are glaringly absent in the law. 

Similarly, the establishment of the Central Monitoring and Coordination Centre under section 21 (Part V) of the Cyber Security Act, with powers to lawfully intercept communications, raises red flags. Section 21 grants this body sweeping authority without creating adequate checks and balances. The lack of robust judicial oversight and transparency mechanisms raises alarms about privacy violations, which would contravene Zambia’s constitution and international human rights instruments.

Risk of Abuse and Shrinking Civic Space

The two new laws are an addition to a catalogue of restrictive laws, regulations and policies that control the enjoyment of civil liberties in online spaces. For instance, in 2021, the government ordered restrictions on social media platforms such as WhatsApp, Facebook, Twitter, and Instagram during the general elections. With general elections due in August 2026, the passage of these laws fuels fears of heightened controls, intensified censorship, surveillance, and clampdowns on civic actors.

Section 39 of the Cyber Security Act requires electronic communications service providers to install systems that can facilitate real-time interception of communications. These provisions can enable real-time surveillance of individuals’ private communication. Such provisions can be misused by the government, unscrupulous individuals and other unauthorised persons to snoop on individuals’  private communications, particularly since the laws do not provide for adequate oversight over surveillance.

Section 22 of the Cyber Crimes Act criminalises vague offences such as the use of digital platforms for harassment or humiliation, terms that are open to subjective interpretation and could be used to suppress legitimate speech, including criticism of public officials. It also reintroduces aspects of defamation which have attracted wide calls for decriminalisation, including by the African Commission on Human and Peoples’ Rights. In 2022, Zambia had shown progress when plans to decriminalise defamation were revealed. Defamation has been widely employed to arrest and prosecute government critics  and opponents in the country.

The enactment of these laws highlights a disturbing trend across Africa, where cyber laws are increasingly being used to curtail democratic participation rather than protect citizens from cyber threats. The overreach seen in Zambia’s laws mirrors similar patterns in other countries, where digital regulation is co-opted for political control.

The history of elections in Africa has further shown the elevation of controls over the civic space, including online spaces, to curtail speech, engagements and participation for civil society organisations (CSOs), human rights defenders (HRDs), journalists, bloggers and other online activists including through enhanced surveillance. The developments in Zambia raise fears of similar occurrences of high-handed control.

Zambia’s parliament should get back on the drafting table and ensure that the two new laws are aligned with regional and international human rights standards, including the African Charter on Human and Peoples’ Rights, the African Union Convention on Cybercrime and Personal Data Protection, and the Declaration of Principles on Freedom of Expression and Access to Information in Africa.

  • Overbroad criminal provisions should be expunged from the laws or narrowed.
  • Oversight mechanisms should be strengthened to ensure independence and accountability in surveillance activities.
  • All responsible parties, including enforcement and judicial officials, should be trained and their capacities built to ensure application of the laws within the acceptable human rights standards including legality and proportionality.
  • Zambia should ensure compliance with data protection and privacy standards in implementation of the laws to avoid overlaps and wanton infringements.

As Zambia prepares for its 2026 general elections, it is vital that cybersecurity and cybercrime measures do not become tools for political repression. Instead, they should serve to protect users, enhance trust in digital systems, and uphold the rights and freedoms guaranteed to all.

19May

CIPESA Submissions to White Paper on ICT Tax Reduction – Uganda

Author CIPESA Posted on

Policy Brief | 

The Information and Communication Technology (ICT) sector is not a standalone sector. Beyond broadcast and [tele]communications, it is increasingly integrating and digitalising critical parts of the economy, including manufacturing, finance, health, and transport. In Uganda, the ICT sector has been recognised as vital for enabling and boosting revenue generation and collection.

In this position statement, we showcase revenue-generation practices in Uganda’s ICT sector and benchmark them against East African jurisdictions, namely Kenya, Rwanda, and Tanzania, while occasionally drawing lessons from other markets.

By reviewing Uganda’s ICT sector tax policies, licensing fees, and regulatory regimes, this position statement demonstrates that although Uganda has registered considerable growth in the sector and made important steps toward revenue generation, the short-term gains have perhaps come at the expense of a more sustainable growth of the nascent digital economy.

In particular, the taxes on digital devices and connectivity infrastructure, combined with gaps in leveraging technology to support the domestic tax revenue mobilisation strategy, might be causing more harm than good. Although countries in the region face similar challenges – especially on the persistence of informality and tax complexities introduced by international technology data transfers and exchanges – Uganda’s ICT sector could learn from successes from elsewhere and undertake a comprehensive review of digital devices taxes and telecommunications license regimes, and also conduct tax impact assessments of emerging technologies such as Artificial Intelligence (AI).

We make a series of recommendations to the National Task Team on Enhancement of Government Revenue from the ICT Sector—Ministry of ICT in Uganda. We also stress that by carefully reviewing the country’s current ICT tax policies and drawing lessons from regional practices and tax frameworks, Uganda can substantially improve its capture of tax revenues from the digital economy. 

By facilitating wider access to devices such as smartphones as well as implementing a tax system based on significant economic presence and simplified tax collection mechanisms, Uganda could better harness the potential of its digital economy while ensuring that mobile network operators and digital platforms contribute fairly to the country’s total tax revenue. 

A key plank in this agenda should be a reduction in taxes on smartphones, tablets and entry-level laptops and a contemporaneous incentivisation regime to turn Uganda into a regional manufacturing hub for high-quality but affordable products in eastern and central Africa.

Find the full position paper here.

16May

CIPESA Welcomes ACHPR Resolution on Monitoring Technology Companies

Author CIPESA Posted on

By Patricia Ainembabazi |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) welcomes the African Commission on Human and Peoples’ Rights (ACHPR) Resolution on Developing Guidelines to Assist States Monitor Technology Companies in Respect of Their Duty to Maintain Information Integrity Through Independent Fact-Checking. Adopted on March 11, 2025, during its 82nd Ordinary Session, ACHPR/Res.630 (LXXXII) 2025 responds to growing concerns about the role of technology companies in undermining information integrity across Africa.

The Resolution mandates the ACHPR Special Rapporteur on Freedom of Expression and Access to Information to develop guidelines to assist States, civil society, and regulatory bodies in holding technology companies accountable. It marks a significant advancement in aligning digital governance practices with the African Charter on Human and Peoples’ Rights and international human rights standards.

The ACHPR Resolution comes on the heels of worrying trends with regards to platform accountability and content moderation in Africa. These include social media threatening social cohesion and elections integrity, a reduction of human fact-checkers, overreliance on automated systems, and insufficient coverage of African languages. While the use of platforms is governed by standards and policies, the Commission cautions that they are not substitutes for corporate responsibility or independent fact-checking mechanisms. The Resolution calls for neutrality to overcome the weaponisation of certain social networks, particularly during elections and conflict situations.

Key Highlights of Resolution 630

Affirmation of Human Rights Standards: The Resolution reaffirms Articles 2 and 9 of the African Charter, emphasising the right to freedom of expression and access to information both offline and online. It also aligns with Principle 5 of the Declaration of Principles on Freedom of Expression and Access to Information in Africa, which calls for equivalent online protections.

Call for Human Rights Impact Assessments (HRIAs): Digital companies operating in Africa are urged to conduct transparent HRIAs, particularly when contemplating policy changes or during high-risk events such as elections and public health crises, in line with the UN Guiding Principles on Business and Human Rights.

Demand for Data Transparency: The ACHPR stresses that African researchers, regulators, and civil society should have equitable access to platform data to facilitate independent assessments of systemic risks to information integrity.

Development of Monitoring Guidelines: The Resolution instructs the Special Rapporteur to collaborate with civil society, regulators, and technology companies to create Guidelines that enable effective monitoring of platforms, including assessing the role and effectiveness of independent fact-checking initiatives.

Initial Recommendations from CIPESA

CIPESA views Resolution 630 as a timely intervention for platform accountability and a significant opportunity to strengthen digital rights in Africa. To ensure the effective implementation of ACHPR Resolution 630, we recommend:

  • A multi-pronged approach that begins with active engagement by civil society organisations to facilitate meaningful participation in the Special Rapporteur’s consultations to shape practical, contextually grounded, and enforceable Guidelines that reflect African realities and priorities.
  • Policy advocacy for national adaptation, encouraging African States to formally integrate the forthcoming Guidelines into their national digital governance laws and regulations, thereby ensuring their applicability and enforcement beyond soft commitments.
  • Support for the creation and sustenance of independent monitoring initiatives by the private sector and other players, including civil society-led observatories that can track, assess, and publicly report on the performance of technology companies in adhering to the Guidelines, thus fostering greater transparency, accountability, and respect for digital rights throughout the continent.

The adoption of ACHPR Resolution 630 signals a critical shift toward building an African digital ecosystem rooted in human rights, transparency, and accountability. The forthcoming Guidelines, if well-designed and widely adopted, could set a new global benchmark for regulating technology companies’ role in safeguarding information integrity.

CIPESA remains committed to contributing to this process and advancing an open, inclusive, and rights-respecting internet in Africa.

14May

CIPESA Joins Six Civil Society Organisations in Landmark Case Challenging Internet Shutdowns in Kenya

Author CIPESA Posted on

Press Release |

Nairobi, Kenya – In a significant step toward safeguarding digital rights and constitutional freedoms, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and six other organisations have filed a landmark public interest case before the High Court of Kenya to challenge the arbitrary and unlawful disruptions of internet access in the country.

The petitioners – Bloggers Association of Kenya (BAKE), Katiba Institute, Kenya Union of Journalists (KUJ), Law Society of Kenya (LSK), Paradigm Initiative (PIN), the International Commission of Jurists – Kenya Section (ICJ Kenya), and CIPESA, seek judicial redress following recurring internet disruptions during critical national moments, including the 2024 #RejectFinanceBill protests and the 2024 Kenya Certificate of Secondary Education (KCSE) examinations.

Following the filing of the case, High Court Justice Bahati Mwamuye issued interim orders prohibiting any interference with internet access until the case is heard and determined. The legal challenge targets the Communications Authority of Kenya (CA), the Attorney General, the Cabinet Secretary for Information, Communications and the Digital Economy, and service providers Safaricom and Airtel Kenya.

The petition relies on technical evidence from Cloudflare, the Open Observatory of Network Interference (OONI), and the Internet Outage Detection and Analysis (IODA), which confirms instances of intentional internet throttling and platform blocking, such as the disruption of Telegram.

“These unlawful internet shutdowns directly violate rights enshrined in the Kenyan Constitution, including freedom of expression (Article 33), media freedom (Article 34), access to information (Article 35), and economic and social rights (Article 43),” said Eric Mukoya, Executive Director of ICJ Kenya.

Speaking on behalf of CIPESA, Patricia Ainembabazi, Policy and Advocacy Officer, stated:

“This is a trend-setting moment for Kenya as a country to uphold the rule of law and adhere to the African Commission on Human and Peoples’ Rights Resolution 580, which speaks directly to freedoms of expression and deters internet shutdowns. With the recent positive ECOWAS Court judgments in Guinea, Togo and Nigeria, we hope that East Africa will do better.”

The case marks a pivotal moment in the defence of the digital civic space in Kenya. The petitioners argue that any restriction to internet access must be subject to strict legal scrutiny under Article 24 of the Constitution, which requires any limitation to be lawful, necessary, and proportionate.

“The outcome of this case will have far-reaching implications for millions of Kenyans who rely on unimpeded connectivity for livelihoods, education, and civic engagement,” said Kennedy Kachwanya, Chairperson of BAKE. “We call upon civil society, media partners, and the international community to amplify this crucial fight for digital rights as a cornerstone of Kenya’s democratic future.”

This collective legal action is part of a growing continental movement to resist digital repression and promote rights-respecting governance in Africa’s digital age.

Signed,

1. Bloggers Association of Kenya (BAKE)

2. Collaboration on International ICT Policy for East and Southern Africa (CIPESA)

3. Katiba Institute

4. Kenya Union of Journalists (KUJ)

5. Law Society of Kenya (LSK)

6. Paradigm Initiative (PIN)

7. The International Commission of Jurists, Kenya Section (ICJ Kenya)

Resources:

Petition by ICJ Kenya, BAKE & others against CA, AG & others on Internet Shutdowns in Kenya is here.

Internet Shutdown Case Court Orders, Download PDF here.

09May

Consultations Launched for African Guidelines on Ensuring Information Integrity on Tech Platforms

Author CIPESA Posted on

DRIF 2025 |

Media Monitoring Africa (MMA) and UNESCO have officially launched regional consultations to develop the African guidelines for monitoring technology companies’ roles in ensuring information integrity on their platforms. This initiative stems from the adoption of the resolution on developing Guidelines to assist States monitor technology companies in respect of their duty to maintain information integrity through independent fact checking – ACHPR/Res.630 (LXXXII) 2025 by the African Commission on Human and Peoples’ Rights (ACHPR). The launch featured a high-level panel discussion held at the Digital Rights and Inclusion Forum (DRIF) 2025, an annual multi-stakeholder convening hosted by Paradigm Initiative (PIN), which this year was held at the Mulungushi International Conference Centre in Lusaka, Zambia. 

Resolution 630, adopted at the ACHPR 82nd Ordinary Session held in March 2025, mandates the development of Africa-centered, rights-respecting guidelines that would hold digital platforms accountable for the role that they play in the spread of misinformation, disinformation, hate speech, and other online harms.

Following the launch, MMA will lead a multi-stakeholder consultative process across various African countries to ensure the development of guidelines that are inclusive and reflect the continent’s unique online contexts. The resolution specifically notes concerns about recent regressions by technology companies concerning information integrity, the need for content moderation systems that fully cover African languages, adequate Artificial Intelligence (AI) training for these languages, and comprehensive African access to platform data for independent risk assessments. “Africa must not be a passive recipient of global governance frameworks.

These consultations offer us an opportunity to develop robust, localized standards that reflect our unique policy realities and amplify the voices of our people,” said Prof. Guy Berger, former UNESCO Senior Director and media policy expert.

These consultations aim to position and consolidate Africa’s role in shaping its digital future, moving beyond passive recipients of global governance frameworks. They provide an opportunity for meaningful localization of global principles in ways that resonates with African policy needs. 

“This is a pivotal moment for the African tech policy arena especially as it navigates a digital ecosystem marked by linguistic and cultural diversity, low internet penetration, low digital literacy, and varying levels of regulatory maturity. We commend the Commission’s efforts to safeguard online expression, promote information integrity, and uphold the accountability of tech companies operating across the continent and look forward to broad-based consultations that are transparent, participatory, and anchored in human rights standards,” said Juliet Nanfuka, Research and Communications Officer at the Collaboration on International ICT Policy for East and Southern Africa (CIPESA).

The process will focus on how best to monitor and hold big tech accountable while safeguarding democratic discourse, promoting freedom of expression, digital rights, and human dignity as enshrined in the African Charter and related declarations. “This is not just about monitoring platforms but about safeguarding democratic discourse and ensuring African citizens have a voice in shaping our digital future,” said Noor Ahmad, Communications Manager at MMA.

The ACHPR Special Rapporteur on Freedom of Expression and Access to Information in Africa Commissioner Hon. Ourveena Geereesha Topsy-Sonoo, who is mandated to develop these guidelines in collaboration with other stakeholders, participated in consultation on the resolution at the Global World Press Freedom Day Conference on 06 May 2025 in Brussels, Belgium. Consultations have commenced through a public forum (available here) and will continue till November 2025.

 “This resolution 630 is a landmark step towards developing an Africa-led framework for digital platforms accountability and reminds us that everyone, everywhere, in Africa, deserves access to trustworthy and reliable information online. We are glad that this resolution calls on all digital platforms – not just traditional media – to put the public interest first, listen to diverse voices, and protect fundamental human rights so that digital spaces truly serve and empower people in the digital age. Through these regional consultations, we are laying the foundation for a participatory and rights-based approach to platform governance which reflects the realities and languages of the diverse communities in Africa.” said John Okande, Programme Officer, UNESCO.

MMA will conduct similar engagements at other upcoming continental conferences, with final guidelines presented to the African Commission in 2026 for an official launch at the Global World Press Freedom Day Celebrations in 2026. 

This article was first posted on the UNESCO website.

1 16 17 18 19 20 189