Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: CIPESA

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  CIPESA
20Jun

Building Digital Security and Verification Capacity Among Refugees

Author CIPESA Posted on

By Brian Byaruhanga |

In May 2026, CIPESA joined the World Organisation Against Torture (OMCT) and partners to conduct a three-day workshop on digital security and Open-Source Intelligence (OSINT) for Congolese human rights defenders and journalists  in exile in Uganda. 

The workshop addressed the various threats this community continues to navigate daily including account compromise, phishing-borne malware, surveillance by state and non-state actors, device confiscation, and exposure to coordinated disinformation operating across both home-country and diaspora information spaces.

The 23 participants were drawn from women’s rights organisations, community documentation initiatives, justice and accountability groups, and broader human rights defender (HRD) support structures. A pre-workshop participant assessment found that one in three respondents had received no prior digital security training, highlighting a significant gap between the threats faced and necessary skills and knowledge to mitigate them.

The findings underscored the need to begin with foundational digital security practices before moving on to more advanced verification and documentation techniques.

Reported incidents within the cohort included hacked accounts, phishing attempts, confiscation of phones by security agents, surveillance of digital communications, and impersonation. One respondent described documentation work conducted in close proximity to alleged perpetrators of human rights violations, with no possibility of relocating, and elevated personal risk attached to ordinary data collection. These conditions, common across conflict-affected zones as is the case in the Democratic Republic of Congo (DRC), shape the technical and ethical constraints under which any digital security training must be designed.

CIPESA’s contribution builds on the organisation’s broader work supporting at-risk communities across the region, including through the Level-Up programme, which has provided digital security support to HRD organisations in Kenya, Ethiopia, Tanzania, South Sudan, and Uganda.

It also draws on CIPESA’s wider efforts to strengthen the capacity of civil society actors to advance digital rights in Africa. Across these engagements, a consistent key insight is that defenders rarely need more tools than they already have. More often, they need a clearer  understanding of how those tools work, where the vulnerabilities lie, and which everyday habits can expose them to risks.

The workshop therefore began with the fundamentals of digital security: how information travels online, where vulnerabilities emerge, how accounts are compromised, and why stronger authentication practices matter. Participants explored common attack pathways and practical measures for reducing exposure in their day-to-day work. The tools and exercises were selected for compatibility with the devices and operating systems that participants already relied on.

Foundations of digital safety

Participants installed secure communication tools like Tor and Orbot on their devices, worked through phishing recognition exercises based on scenarios familiar to the cohort, and tested safer-browsing configurations. The goal was not to introduce defenders to a long list of tools but to build working familiarity with a few, including practices of opening, inspecting, and configuring in ways they could transfer the acquired skills and knowledge onto their communities’ and colleagues’ devices.

Building on these foundations, the workshop moved onto OSINT and verification techniques that help defenders assess contested information and strengthen the credibility of human rights documentation. Participants practised reverse image searching against cases of recycled imagery presented as fresh evidence; used ExifTool to extract and read image metadata; and verified short-form video using the InVID-WeVerify verification plugin, parsing keyframes and tracing material across platforms.

Secure OSINT Documentation

Effective documentation and digital security are increasingly interconnected skills. The session on secure documentation walked participants through eyeWitness to Atrocities, the camera application developed by the International Bar Association that embeds metadata to support evidentiary chain of custody. In 2018, footage captured with eyeWitness was admitted as evidence before a military tribunal in Bukavu town, which subsequently convicted two armed group commanders of murder and torture, constituting crimes against humanity. It was the first time eyeWitness footage had been used in court proceedings in the DRC. The session also demonstrated structured data collection and management using Uwazi and  KoBoToolbox, both open-source platforms widely adopted for field research and human rights documentation.

These tools strengthened participants’ capacity to document and verify human rights abuses while also helping them to understand how their digital footprints can be exploited by adversaries. They also helped participants assess potentially misleading or manipulated content without inadvertently amplifying false information.

Outcomes

The training was grounded in the recognition that participants understand their own operating environments better than external facilitators ever can. The sessions were designed to strengthen existing knowledge and support locally informed security practices.

According to pre- and post-workshop evaluations, participant capacity increased from a composite score of 2.27 to 3.69 on a five-point scale. The results reflected a shift from limited familiarity with core concepts to practical competence in applying digital security and verification tools within their own documentation and advocacy work.

To extend the impact of the workshop beyond the participants in the room, CIPESA adopted a Training of Trainers (ToT) approach. Participants were encouraged to cascade the knowledge, tools, and practices acquired during the training within their organisations and communities. The approach supports the development of locally embedded digital security capacity and reduces reliance on external technical support.

Beyond the training

CIPESA’s work with refugee and exiled defender communities will continue, in collaboration with OMCT and other partners with adjacent mandates. The next phase will build on this foundation through sequenced follow-up modules, applied casework on documented matters, and ongoing technical support for the organisations represented in the cohort.

The aim is not simply to transfer skills during a workshop, but to strengthen the long-term resilience of organisations and networks engaged in human rights documentation, advocacy, and accountability work in increasingly complex digital environments.

11Jun

Protecting Children Online in Africa Must Move from Policy to Practice

Author CIPESA Posted on

By Patricia Ainembabazi |

Child online safety has returned to the forefront of digital governance discussions across Africa and globally. New regulatory initiatives from the United Nations, the African Union, and industry coalitions reflect growing concern about the risks children face in increasingly digital societies. Yet, while policy commitments are multiplying, implementation continues to lag.

The challenge is particularly acute in Africa, where internet access is expanding rapidly while child protection systems struggle to keep pace. As more children go online, they are increasingly exposed to cyberbullying, online grooming, sexual exploitation, harmful content, privacy violations, and emerging Artificial Intelligence (AI)-enabled risks such as disinformation and misinformation.

Just last month, the United Nations Human Rights Office called for stronger regulation and government oversight, publishing 10 key points to make platforms safer for children, urging technology companies to embed child safety into their product design and address the growing risk posed by AI. This reflects a broader shift in global digital policy. The Global Digital Compact has committed states to strengthen legal and policy frameworks for children’s rights in digital spaces and to prioritise national online child safety policies and standards by 2030.

At the continental level, the African Union Child Online Safety and Empowerment Policy of 2024 sets out principles on children’s safety and privacy, and participation to guide member states in developing national strategies, while the Global System for Mobile Communications Association (GSMA), UNICEF, and partners recently launched the Africa Taskforce on Child Online Protection to strengthen coordination among governments, mobile operators, technology companies, regulators, law enforcement, civil society, and young people.

Some African countries are already taking steps to strengthen child protection online. Rwanda is considering restrictions on social media access for children under 16, while Zimbabwe recently approved a National Child Online Protection Policy for 2026–2030 aimed at addressing online sexual exploitation, cyberbullying, grooming, harmful content, sextortion, and privacy violations.

These developments reflect a broader global shift in approaches to child online safety. Australia has legislated to restrict social media access for children under 16, while the United Kingdom recently concluded a national consultation examining age-based protections and enforcement mechanisms. Across several countries, governments, regulators, and civil society organisations are increasingly calling on technology companies to strengthen safeguards and take greater responsibility for protecting children online.

A broader strategy would expand efforts to ensure that while policies and frameworks on child protection are being developed, children are involved. This would help them understand the several platforms available for use, associated risks, pressures, and opportunities for digital life. The Africa Taskforce on Child Online Protection recognises this mode of participation and has now included youth representatives by integrating their voices for a child-centered digital future in Africa. Replicating this approach at the national level, through wide youth consultations, school-based dialogues, child-friendly policy forums, and participatory design of reporting and safety tools, will foster a healthy digital environment for the young.

It is against this backdrop that the Digital Rights Alliance Africa (DRAA) report, “Child Protection and Safety Online in Africa: The Law, Privacy, Challenges and Solutions, provides crucial, ground-level evidence across 10 countries – Algeria, Botswana, Egypt, Ghana, Kenya, Nigeria, Rwanda, South Africa, Tanzania, and Uganda. It highlights the gaps in child safety and protection online despite technological advancement and expansion.

The report highlights several recommendations that could help foster child safety and protection online, which are directed to different stakeholders, including the government, civil society organisations, international organisations, development partners, the technology sector, media, academia, parents, and the general community, and among others include;

  1. Parliaments should enact specific national laws that protect children’s privacy and safety in digital spaces, with clear safeguards tailored to children’s particular vulnerabilities, such as cyberbullying, grooming, online sexual exploitation, image-based abuse, harmful content, misuse of children’s data, profiling, and age-inappropriate design.
  2. Governments should invest in the implementation of national strategies that set out the roles of government agencies, the judiciary, data protection authorities, law enforcement actors, educators, parents, and the private sector in protecting children in the digital age.
  3. Platforms and telecom companies should design child-friendly products and services, minimise the collection and retention of children’s data, introduce age verification and parental controls, publish transparency reports, and submit protection measures to independent audits.
  4. The media should monitor, document, and report objectively, and expose all cases of online child abuse and demand accountability from the responsible parties.
  5. Civil society organisations should engage in advocacy, awareness raising, legal reform, evidence-based research, and documentation of issues affecting child safety online in order to demand and push for accountability of all the relevant stakeholders.
  6. All stakeholders must ensure that children are meaningfully included in innovation and programming, and that children and young people are actively engaged as participants in discussions, collaborations, and co-design of digital solutions.

Ultimately, for children to stay online, measures must go beyond mere policy expressions and aspirations as reiterated in the Global Digital Compact’s 2030. Laws and frameworks specific to child protection and safety online should be developed and stringently implemented. Moreover, digital service providers must be held accountable, and other stakeholders, including parents, schools, and communities, should join efforts to ensure that children are empowered to safely utilise digital technologies.

CIPESA and partners continue to advocate for rights-respecting policies that advance children’s protection, participation, access, and safe use of digital technologies, while calling on technology companies to embed these principles in platform design, governance, and accountability systems.

10Jun

Overview of CIPESA Policy Submissions to International Bodies and Governments

Author CIPESA Posted on

By CIPESA Writer |

Africa’s digital rights landscape is evolving rapidly, shaped by new legislation, emerging technologies, and recurring threats to civic space. CIPESA has remained actively engaged in documenting these developments, including through the annual State of Internet Freedom in Africa reports and through broader programming.

Over the last few months, we have made submissions to various international bodies and national governments, filed legal interventions, and provided expert commentary to advance internet freedom, digital inclusion, and democratic governance.

Below is an overview of our key submissions and commentaries in recent months.

Engaging Global Bodies on Technology Governance

Submission on How the WHO Digital Health Strategy Should Govern Data, Artificial Intelligence (AI) and Digital Public Infrastructure (DPI): In March 2026, CIPESA submitted recommendations to the World Health Organization (WHO) Regional Office for Africa on the development of the Global Digital Health Strategy for 2028–2033, urging that the strategy be anchored on human rights, equity, and accountability. CIPESA warned that most AI systems used in African healthcare are trained on non-African datasets, increasing risks of inaccurate diagnoses and exclusions, and called for mandatory “explainability” standards, equity impact assessments, and domestic investment in digital health infrastructure.

Recommendations to the OHCHR: Also in March, CIPESA submitted to the UN Human Rights Council under Resolution 58/23 on the risks digital technologies pose to human rights defenders in Africa. The submission examined legal and policy developments, tech-facilitated attacks including against women HRDs, AI-related risks, and challenges facing civil society and companies, while recommending stronger corporate measures to identify, assess, and prevent harm to HRDs. CIPESA submitted comments and recommendations on due diligence and improved responses to digital technology-related risks faced by human rights defenders.

Engaging National Governments on Digital Legislation Commentary on Zimbabwe National AI Strategy: The Southern African state recently adopted its National AI Strategy 2026–2030 (AI strategy)  to guide its digital technology and transformation. The strategy aims to accelerate development, enhance industrialisation, and improve service delivery in sectors such as health, finance, agriculture, education and public administration. The strategy also emphasises building local data infrastructure as opposed to relying on foreign data storage infrastructure while promoting an AI governance approach grounded in Ubuntu, human rights, accountability, transparency and inclusivity. However, an important question is whether Zimbabwe’s approach offers useful lessons for other African countries developing national AI strategies. Find our commentary here.

Submission on the Uganda AI and Emerging Technologies Strategy: In March 2026, CIPESA submitted recommendations to Uganda’s National AI and Emerging Technologies Strategy Taskforce, welcoming the country’s ambition to harness AI for development while cautioning that innovation must be matched with legal, institutional, and ethical safeguards. Find a commentary here.

CIPESA called for a rights-by-design approach including mandatory Human Rights Impact Assessments for high-risk AI systems, algorithmic transparency, local data representation, and meaningful civil society participation in shaping Uganda’s AI strategy.

Outpaced by Its Own Ambition: Can Kenya Bridge Its AI Regulation Gap? This commentary highlighted the raw paradox at the heart of Kenya’s AI, noting that the country is simultaneously sprinting ahead in AI adoption while grappling with a shrinking space for the very digital voices that AI empowers. A key remains between ambition and readiness as the country ranks 93rd in the 2025 Government AI Readiness Index, due to persistent weaknesses in infrastructure, implementation, and institutional capacity. Find a commentary here.

Submission to the White Paper on ICT Tax Reduction in Uganda: A year ago, CIPESA submitted a position paper to the National Task Team on Enhancement of Government Revenue from the ICT Sector at the Uganda Ministry of ICT and National Guidance. The paper benchmarked Uganda’s ICT sector tax policies, licensing fees, and regulatory regimes against those of Kenya, Rwanda, and Tanzania. Since then various developments have emerged which inform the ICT tax regime in Uganda including the April 2026 passing of the Value Added Tax (Amendment) Bill, 2026, which rejected the controversial government proposal to impose an 18 percent tax on imported software after lawmakers warned it would undermine the country’s digital transformation agenda.

Engaging the African Commission on Human and Peoples’ Rights (ACHPR)

ACHPR Resolution 630 on Monitoring Technology Companies: In March 2025, the ACHPR adopted Resolution 630, a timely step toward holding technology companies accountable for information integrity in Africa. CIPESA welcomed the move, contributed recommendations across key regional forums, and looks forward to strengthening the newly developed guidelines through the review process.

Prioritising Human Rights Defenders: CIPESA reviewed the Draft Declaration on the Promotion and Protection of Human Rights Defenders in Africa, which seeks to help restore civic space for the effective protection of human rights. In its submission to the Special Rapporteur on Human Rights Defenders and Focal Point on Reprisals in Africa, CIPESA highlighted the draft’s strengths, weaknesses, and gaps, and offered practical recommendations to align it with continental and global standards, particularly the 1998 UN Declaration on Human Rights Defenders. Find the submission here

Supporting the Ratification of the AU Disability Protocol: CIPESA has consistently called upon African Union member states to ratify the Protocol to the African Charter on Human and Peoples’ Rights on the Rights of Persons with Disabilities in Africa. Our submission to the ACHPR Working Group on the Rights of Older Persons and People with Disabilities in Africa (April 2022) argued that ratification is a matter of utmost priority and that without it, the digital rights of persons with disabilities across the continent remain inadequately protected.

Contributing to the Universal Periodic Review (UPR)

Joint Stakeholder Submission on Tanzania’s Digital Rights Record: Ahead of Tanzania’s fourth cycle UPR before the UN Human Rights Council set to take place in November 2026, CIPESA, alongside the Pan African Lawyers Union (PALU) and JamiiAfrica, submitted a joint stakeholder report documenting the state of digital rights in the country.

While acknowledging positive developments including the enactment of the Personal Data Protection Act, 2022, and reforms to the Media Services Act, the submission highlighted persistent concerns: the use of vague laws to suppress online expression, the blocking of platforms including Clubhouse, X, and JamiiForums, a nationwide internet shutdown during the 2025 general elections, and the escalating threat of Technology-Facilitated Gender-Based Violence (TFGBV) against women journalists and activists.

The submission called on Tanzania to repeal or amend vague and overly broad laws, comply with international human rights standards on internet access, establish judicial oversight over surveillance, and invest in digital rights literacy.

Rwanda’s fourth cycle UPR review: Rwanda had its UPR review in January 2026 where following the November 2025 pre-session in Geneva, several permanent missions expressed eagerness to advance strong recommendations for Rwanda, and CIPESA’s evidence and recommendations were expected to inform their engagement during the formal review.

A joint submission by CIPESA and the Association for Progressive Communications (APC) noted that digital technologies have expanded the avenues through which women are targeted, often enabling harm that is faster, more pervasive, and harder to remedy.

Rwanda’s UPR presented a timely opportunity to adopt meaningful, future-focused reforms that uphold human rights, ensure accountability, and create a digital environment where all citizens, especially women, can participate safely, freely, and equally.

Since the review, the Rwandan government has noted they would undertake national consultations with relevant stakeholders to assess the recommendations and determine its position.

Liberia’s fourth cycle UPR review: CIPESA, in collaboration with the West Africa ICT Action Network (WAICTANET), submitted a joint stakeholder submission for Liberia’s consideration during the 50th session of the UPR. The joint submission observed that, although Liberia has taken preliminary steps towards aligning its domestic legal and policy framework with applicable regional and international human rights standards, substantial legal, institutional, and enforcement gaps persist. It called for the Government to adopt comprehensive data protection and cybersecurity legislation; safeguard the right to freedom of expression online; ensure accountability for violations against journalists, human rights defenders, and online actors; strengthen transparency and effective access to information; and implement targeted measures to bridge the digital divide.

Malawi’s fourth cycle UPR review: A joint submission was made by CIPESA alongside the The Centre for Human Rights and Rehabilitation (CHRR), the International Press Institute (IPI), the University of Birmingham, and Small Media, on digital rights in Malawi. The submission recommended law reform, full implementation of the Access to Information Act, affordable and inclusive internet access, independent oversight for digital rights violations, operationalisation of the Data Protection Act, protection of encryption, and safeguards against unlawful spyware use.

Looking Ahead

Across these engagements with the ACHPR, the Universal Periodic Review of the UN Human Rights Council, the WHO, and national governments in Uganda, Kenya, Tanzania, and Zambia, CIPESA’s work reflects a consistent commitment to promoting inclusive and effective use of ICT in Africa for improved governance and livelihoods.As the digital governance landscape continues to shift, our submissions serve as a continued resource for policymakers, civil society, the media and other entities committed to advancing internet freedom in Africa.

Peter G. Mwesige, Ph.D., giving opening remarks
08Jun

Stakeholders Call for Digital Transformation That Bridges Business and Digital Rights in Uganda

Author CIPESA Posted on

By Doreen Namuyanja |

Uganda is embracing the opportunities offered by Artificial Intelligence (AI) and Digital Public Infrastructure (DPI) as drivers of national development. Both promise efficiency, improved service delivery, financial inclusion, and economic growth. However, as the country advances its digital transformation interests, questions linger on the adequacy of safeguards for citizens especially where business and rights intersect.

These questions were at the centre of a  High-Level Multi-Stakeholder Dialogue on Business and Digital Rights convened by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA)  on May 7, 2026, under the Advancing Respect for Human Rights by Businesses in Uganda (ARBHR) project, supported by Enabel and the European Union (EU). The dialogue brought together 81 individuals representing government officials, civil society actors, private sector representatives, researchers, and digital innovators to reflect on the growing recognition that digital transformation is not simply a technical process, but also a governance and human rights issue that demands transparency and accountability.

The discussions at the dialogue revealed a tension between innovation and human rights. Systems such as digital identity (ID), payment platforms, and data-sharing frameworks   centralise enormous amounts of personal data and are reshaping power relationships between citizens, the government, and corporations.

Participants noted that in the absence of strong governance frameworks, these systems can enable exclusion, surveillance, and misuse of personal information. Further,  concerns were raised about fragmented systems across government agencies, weak interoperability, and limited public awareness regarding how personal data is collected, stored, and shared.

Meanwhile, as emerging technologies such AI take hold in the country,  the Uganda National AI Landscape Assessment positions  AI as a key digital technology driver to drive economic growth.

However, the Assessment documents the absence of a dedicated AI policy and regulatory framework, a shortage of AI skills, and insufficient collaboration between academia and the technology sector. Similarly, like its counterpart governments across Africa, Uganda is increasingly investing in DPI systems including digital ID and payment systems,  as well as data exchange frameworks. DPI is being positioned as a key pillar of digital transformation strategies across Africa. However, DPI  systems remain heavily reliant on public data and algorithmic decision-making. Thus, if   designed and deployed without sufficient citizen participation, independent oversight, legal safeguards, and alignment with the public interest, they risk becoming tools of exclusion, exploitation, and foreign dependency.

Various efforts related to the adoption of emerging technologies are underway.  Ambrose Ruyooka, the Assistant Commissioner at the Ministry of ICT and National Guidance, Uganda noted that the Ministry is taking a cautious approach to regulation by prioritising standards, policy guidance, and institutional learning before introducing binding laws. This includes efforts to domesticate the UNESCO Recommendations on the Ethics of AI and a Readiness Assessment process. The dialogue also came on the heels of the Ministry’s call for stakeholder input to the National AI and Emerging Technologies Strategy – signaling a growing policy focus on responsible digital transformation.

Further he stressed that in the midst of AI, stakeholders should not be “passive consumers” of the digital economy but actively “participate in shaping it” while pointing out that participation requires local technical capacity to “build, operate and audit” systems such as AI and DPI systems independently.While government efforts are laying the foundation for AI governance, businesses also have an obligation to innovate responsibly and adopt robust human rights due diligence processes to support regulatory compliance and foster trust and sustainability.

At a broader level, the dialogue demonstrated how digital rights are increasingly intertwined with economic rights and social justice. As a result, corporate responsibility can no longer be limited to traditional labour or environmental concerns. Companies are now expected to consider how their digital operations affect privacy, equality, freedom of expression, and access to information.

This shift is especially significant for Uganda’s small and medium enterprises (SMEs), many of which are digitising rapidly but often lack the resources and expertise needed to manage cybersecurity and data effectively.

Presentations from implementing partners, including the Private Sector Foundation Uganda (PSFU), Evidence and Methods Lab (EML), Wakiso District Human Rights Committee (WDHRC), Boundless Minds, and Girls for Climate Action (G4CA), highlighted both the scale of the challenge and the potential for practical intervention. Partner interventions on digital rights and cybersecurity are strengthening awareness and practices among entities – both rural and urban.

The European Union’s (EU) Commitment to Human Rights in Business

Laurianne Comard, Programme Officer at the EU Delegation to Uganda,  noted that the EU and its member states are currently among Uganda’s largest investors in the private sector, with over 1.4 billion euros deployed to foster sustainable economic growth and high-value exports. Specifically, she stated that the EU supports Uganda’s National Action Plan (NAP) on Business and Human Rights with over 20 billion Uganda Shillings, with a specific focus on strengthening human rights practices in business operations, particularly around labour standards and women’s rights.

Course-Correcting on Inclusion

Participants also noted that public participation in digital governance remains limited. Several civil society actors argued that consultations around national AI strategy have not been broad enough, particularly for rural communities, labour unions, youth groups and persons with disabilities. Frameworks developed without broad public engagement risk lacking legitimacy and failing to address the lived realities of those most affected.

The dialogue also reflected on the NAP on Business and Human Rights and the consultative processes underpinning its evaluation and development of NAP II. Lydia Nabiryo, Assistant Commissioner at the Ministry of Gender, Labour and Social Development, acknowledged that the government is actively working to broaden participation in the NAP’s revision.

Her remarks were a candid recognition that the first NAP, while a significant milestone, left representational gaps, and that those gaps are now being deliberately addressed. She noted, “If you have noticed this time round, we are having a more inclusive dialogue with stakeholders that were not necessarily represented in the first NAP. So, not only is the government evaluating, but we’re also course correcting.”   

Participation should not only be limited to policy processes. Shane Ssenyonga, an innovator, pointed out the need for collaborative spaces that support entrepreneurs and businesses to build scalable solutions that are responsive to social, cultural, and economic realities.

Recommendations for Action

The dialogue called for stronger human rights safeguards and access to remedy within digital transformation strategies and business operations. The strategies should be in harmony with existing digital laws and policies and strengthen oversight and enforcement by relevant institutions. For businesses, adoption of forward looking internal policies and risk management practices was emphasised to ensure trusted deployments and reduce barriers to uptake. Advocacy, documentation, and digital literacy interventions remain critical to public education and compliance monitoring.

12May

 How the WHO Digital Health Strategy Should Govern Data, AI and Digital Public Infrastructure

Author CIPESA Posted on

By Raylenne Kambua |

As the World Health Organization (WHO) develops the Global Digital Health Strategy for 2028–2033, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has submitted recommendations urging that the strategy be anchored on human rights, equity, and accountability, alongside technological innovation. 

Across Africa, Artificial Intelligence (AI), telemedicine, disease surveillance systems, and automated diagnostic systems are transforming healthcare delivery. However, CIPESA pointed out in the submission to the WHO Regional Office for Africa that technological innovation without proper governance can worsen exclusion, undermine privacy protections, and reinforce inequalities in healthcare delivery.

The submission comes at a time when key global and regional digital health governance frameworks are being reshaped. Last year, the World Health Assembly extended the Global Strategy on Digital Health 2020–2025, and simultaneously mandated a successor framework to be completed in 2027. 

Furthermore, global initiatives such as the World Summit on the Information Society (WSIS) and the Global Digital Compact emphasise that digital transformation must integrate the Sustainable Development Goals and ensure inclusive development.

At the continental level, the Africa Centres for Disease Control and Prevention (Africa CDC) has rolled out the Africa CDC Digital Transformation Strategy which alongside the  African Union (AU) Data Policy Framework advances interoperability, transparency, privacy, and the ethical deployment of digital systems in the health sector. However, CIPESA notes that despite these commitments, implementation gaps remain significant, particularly regarding health data governance, accountability, and protection against algorithmic harm.

CIPESA’s work on health data governance in Uganda, patient data privacy in Ghana, Rwanda, and Uganda, and analysis of Kenya’s Digital Health Act, point to the same reality. The rules governing who controls health data, who is included in digital health systems, and who is held accountable when data is mishandled are still weak across most of the continent.

“As countries embrace AI, digital public infrastructure, and data-driven healthcare systems, the real test will be whether these technologies strengthen confidence in public health systems or deepen concerns about exclusion, surveillance, and the misuse of personal data,” said CIPESA Executive Director Dr. Wairagala Wakabi.

He added: “Trustworthy digital health systems require transparent digital infrastructure, accountable AI systems, and strong data protection safeguards. Africa has the chance to shape a digital health governance model that is innovative, inclusive, and based on the public interest and human dignity.”

CIPESA’s Core Positions and Recommendations

Digital health offers significant potential to enhance Universal Health Coverage and strengthen health systems across Africa. However, without governance anchored in rights, equity, inclusion, and accountability, this promise will remain unfulfilled. It is against this backdrop that CIPESA submitted the following recommendations:

1. Digital Public Infrastructure (DPI)

Digital health infrastructure should be open, interoperable, transparent, and rights-respecting, with safeguards to prevent exclusion and misuse of shared systems.

    2. Health Data Governance

    Most African countries lack specific laws that govern health data. Countries should therefore establish clear legal frameworks governing health data, including informed and meaningful patient consent, limits on data sharing, independent oversight mechanisms, and enforceable accountability structures.

    3. Artificial Intelligence (AI)

    CIPESA warns that most AI systems used in healthcare are trained on non-African datasets, which increases the risk of inaccurate diagnoses and exclusion. The submission recommends that AI tools and systems should be tested and validated in Africa, and include mandatory “explainability” standards so that health professionals understand how the AI reaches conclusions, and safeguards against bias in clinical decision-making tools.

    4. Interoperability

    Many digital health tools are isolated across countries and institutions, meaning they can not share data with each other. In this light, CIPESA recommends the adoption of national interoperability standards, including the WHO SMART Guidelines, to ensure secure and efficient health data exchange. Also, all digital health vendors should adhere to interoperability standards and the utilisation of shared infrastructure.

    5. Equity and Inclusion

    The digital divide continues to expand in most African countries and limits access to digital health services. CIPESA recommends conducting “equity impact assessments” before launching new systems, continued availability of offline options, and supporting digital literacy initiatives.

    6. Stronger Governance

    CIPESA holds that technology fails without clear leadership and coordination between health and technology departments. Therefore, creating clear governance structures for accountability and embracing a multi-stakeholder approach in decision-making processes are vital for resilient health systems. Other recommendations are the publication of institutional AI and digital health use policies and mandatory human rights impact assessments for high-risk systems.

    7. Sustainable Financing

    Many digital health initiatives rely on short-term donor funding, resulting in countries being dependent and unable to scale such programmes. Additionally, gaps in workforce capacity constrain implementation. CIPESA urges governments to invest in domestic financing of digital health systems and training of health and technical personnel.

    In conclusion, CIPESA’s submission emphasises that while digital technologies offer significant opportunities to strengthen health systems and improve service delivery, without strong safeguards, digital health risks reproducing and scaling existing inequalities in new, technologically mediated forms. A rights-based, inclusive, and accountable approach is therefore essential to ensure that Africa’s digital health future is not only innovative, but also equitable and just.

    Read the full submission here.

    1 2 3 14