digital sovereignty Archives – Collaboration on International ICT Policy for East and Southern Africa (CIPESA)

15Sep

Digital Access As A Tool To Defend Democracy

CIPESA September 15, 2025September 23, 2025

By Juliet Nanfuka |

The link between digital access and democracy has come to inform civic engagement, access to information and freedom of expression in Africa. With most of the continent navigating flawed or fragile democracies, digital access has become a tool of both empowerment for citizens, and a tool of control by states. This makes the International Day of Democracy a vital commemoration of what is at risk if democracy is not defended.

This year, in various African countries, through affronts to the media, clampdown on critical voices and opposition actors as well as network disruptions, states have used their position to undermine human rights and breed distrust in electoral integrity.

Since July 2024, a block to internet access remains enforced in the Equatorial Guinean island of Annobón following public protest against environmental degradation by Somagec, a Moroccan construction company. Despite the public outcries, the company’s operations on the island continue. Equatorial Guinea, is headed by Teodoro Obiang Nguema Mbasogo, Africa’s longest-serving president. His son serves as the Vice President and is accused of spending state funds on a lavish lifestyle.

In Kenya, in the wake of a May 2025 landmark ruling against network disruptions, a Telegram block was initiated. The disruption occurred close to the anniversary of the June 2024 protests against the rising cost of living in the country that resulted in the #RejectThefinanceBill outcry. The May ruling noted that disruptions to digital access are unconstitutional and amount to the violation of fundamental rights.

On September 6, 2025, the online license of the popular online discussion group, JamiiForums was suspended by the Tanzania Communications Regulatory Authority (TCRA) for three months for reportedly publishing content that violates the Electronic and Postal Communications Regulations regarding online content. In a public post, Jamii Forums noted that TCRA’s decision arose from the platform’s publication of details of share ownership in Tanzania’s largest coal mine (Ngaka), as well as reports about meetings between the President of Tanzania and controversial Zimbabwean businessman Wicknell Chivayo “without verifying the facts.” In a statement, Community to Protect Journalists (CPJ) Regional Director Angela Quintal noted that, “JamiiForums’ suspension is the latest sign of the Tanzanian government’s deepening suppression of public discourse and raises concerns about access to information ahead of the October 29 elections.”

Meanwhile, Uganda remains in the shadow of a Facebook block initiated nearly five years ago ahead of the 2021 elections. On January 11, 2021 Facebook suspended the accounts of a number of government officials and members of the ruling National Resistance Movement (NRM) party for what it described as Coordinated Inauthentic Behaviour (CIB) aimed at manipulating public debate. Twitter (now X) also suspended similar accounts. The state consequently blocked social media access and thereafter access to the entire internet and mobile money services. Although access to the internet and mobile money services was restored a few days after the January 14, 2021 election, access to Facebook remains blocked. Uganda heads to the polls in early 2026 and will see incumbent Yoweri Museveni run for re-election in a bid to extend his 40-year rule.

In the 2024 edition of the State of Internet Freedom in Africa report, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) highlighted the interplay between technology and elections and the practice of the majority of authoritarian governments to selectively limit access as a tool to exert power.

The report indicated various concerns including the intensification of digital authoritarianism amidst shrinking civic space. It noted that digital surveillance has become a defining tool of state power, moving beyond traditional intelligence agencies into everyday governance through digital ID projects, biometric databases, Closed Circuit Television (CCTV) networks, and covert spyware. All this in contexts where there are weak safeguards for personal data and insufficient regulatory oversight, leaving citizens vulnerable.

Meanwhile, misinformation and disinformation, significantly enhanced by Artificial Intelligence (AI) generated content, adds yet another threat electoral processes. It is increasingly distorting public perception and undermines informed decision-making, particularly in contexts with low digital literacy. This is in addition to the use of bots and paid influencers to amplify propaganda and “demote” opposing views, making inauthentic content appear genuine. Social media platforms are often criticised for deploying insufficient resources for content moderation in Africa, leading to slow responses and poor enforcement of policies against harmful content, including online gender-based violence.

Ultimately, more actors in the digital ecosystem including civil society organisations, the tech community, media and academia should leverage their watchdog role to document digital rights abuses; educate and raise awareness on the importance of access to information, free expression, data privacy; and promote equitable AI governance, in order to advance transparency and accountability of platforms and governments.
At the upcoming September 24-26, 2025, Forum on Internet Freedom in Africa (FIFafrica25), a series of sessions will critically examine digital democracy on the continent. The goal is to chart practical pathways for strengthening civic participation and ensuring that Africa’s digital future is inclusive, accountable, and rights-respecting.

30Jul

Digital Public Infrastructure in Africa: A Looming Crisis of Equitable Access, Digital Rights, and Sovereign Control

CIPESA July 30, 2025August 4, 2025

By Brian Byaruhanga

In June 2025, Uganda suspended its Express Penalty Scheme (EPS) for traffic offences, less than a week after its launch, citing a “lack of clarity” among government agencies. While this seemed like a routine administrative misstep, it exposed a more significant issue: the brittle foundation upon which many digital public infrastructures (DPI) in Africa are being built. DPI refers to the foundational digital systems and platforms, such as digital identity, payments, and data exchange frameworks, which form the backbone of digital societies, similar to how roads or electricity function in the physical world.

This EPS saga highlighted implementation gaps and illuminated a systemic failure to promote equitable access, public accountability, and safeguard fundamental rights in the rollout of DPI.

When the State Forgets the People

The Uganda EPS, established under section 166 of the Traffic and Road Safety Act, Cap 347, serves as a tech-driven improvement to road safety. Its goal is to reduce road accidents and fatalities by encouraging better driver behaviour and compliance with traffic laws. By allowing offenders to pay fines directly without prosecution, the system aims to resolve minor offences quickly and to ease the burden on the judicial system. Challenges faced by the manual EPS system, which the move to the automated system aimed to eliminate, include corruption (reports of deleted fines, selective enforcement, and theft of collected penalties).

At the heart of the EPS was an automated surveillance and enforcement system, which used Closed Circuit Television (CCTV) cameras and license plate recognition to issue real-time traffic fines. This system operated with almost complete opacity. A Russian company, Joint Stock Company Global Security, was reportedly entitled to 80% of fine revenues, despite making minimal investment, among other significant legal and procurement irregularities. There was a notable absence of clear contracts, publicly accessible oversight mechanisms, or effective avenues for appeal. Equally concerning, the collection and storage of extensive amounts of sensitive data lacked transparency regarding who had access to it.

Such an arrangement represented a profound breach of public trust and an infringement upon digital rights, including data privacy and access to information. It illustrated the minimal accountability under which foreign-controlled infrastructure can operate within a nation. This was a data-driven governance mechanism that lacked the corresponding data rights safeguards, subjecting Ugandans to a system they could neither comprehend nor contest.

This is Not an Isolated Incident

The situation in Uganda reflects a widespread trend across the continent. In Kenya, the 2024 Microsoft–G42 data centre agreement – announced as a partnership with the government to build a state-of-the-art green facility aimed at advancing infrastructure, research and development, innovation, and skilling in Artificial Intelligence (AI) – has raised serious concerns about data sovereignty and long-term control over critical digital infrastructure.

In Uganda, the National Digital ID system (Ndaga Muntu) became a case study in how poorly-governed DPI deepens structural exclusion and undermines equitable access to public services. A 2021 report by the Centre for Human Rights and Global Justice found that rigid registration requirements, technical failures, and a lack of recourse mechanisms denied millions of citizens access to healthcare, education, and social protection. Those most affected were the elderly, women, and rural communities. However, a 2025 High Court ruling ignored evidence and expert opinions about the ID system’s exclusion and implications for human rights.

Studies estimate that most e-government projects in Africa end in partial or total failure, often due to poor project design, lack of infrastructure, weak accountability frameworks, and insufficient citizen engagement. Many of these projects are built on imported technologies and imposed models that do not reflect the realities or governance contexts of African societies.

The clear pattern is emerging across the continent: countries are integrating complex, often foreign-managed or poorly localised digital systems into public governance without establishing strong, rights-respecting frameworks for transparency, accountability, and oversight. Instead of empowering citizens, this version of digital transformation risks deepening inequality, centralising control, and undermining public trust in government digital systems.

The State is Struggling to Keep Up

National Action Plans (NAPs) on Business and Human Rights, intended to guide ethical public–private collaboration, have failed to address the unique challenges posed by DPI. Uganda’s NAP barely touches on data governance, algorithmic harms, or surveillance technologies. While Kenya’s NAP mentions the digital economy, it lacks enforceable guardrails for foreign firms managing critical infrastructure. In their current form, these frameworks are insufficiently equipped to respond to the complexity and ethical risks embedded in modern DPI deployments.

Had the Ugandan EPS system been subject to stronger scrutiny under a digitally upgraded NAP, key questions would likely have been raised before implementation:

What redress exists for erroneous or abusive fines?
Who owns the data and where is it stored?
Are the financial terms fair, equitable, and sovereign?

But these questions came too late.

What these failures point to is not just a lack of policy, but a lack of operational mechanisms to design, test and interrogate DPI before roll out. What is needed is a practical bridge that responds to public needs and enforces human rights standards.

Regulatory Sandboxes: A Proactive Approach to DPI

DPI systems, such as Uganda’s EPS, should undergo rigorous testing before full-scale deployment. In such a space, a system’s logic, data flows, human rights implications, and resilience under stress are collectively scrutinised before any harm occurs. This is the purpose of regulatory sandboxes – platforms that offer a structured, participatory, and transparent testbed for innovations.

Thus, a regulatory sandbox could have revealed and resolved core failures of Uganda’s EPS before rollout, including the controversial revenue-sharing arrangement with a foreign contractor.

How Regulatory Sandboxes Work: Regulatory sandboxes are useful for testing DPI systems and governance frameworks such as revenue models in a transparent manner, enabling stakeholders to examine the model’s fairness and legality. This entails publicly revealing financial terms to regulators, civil society, and the general public. Secondly, before implementation, simulated impact analyses can also highlight possible public backlash or a decline in trust. Sandboxes can be used for facilitating pre-implementation audits, making vendor selection and contract terms publicly available, and conducting mock procurements to detect errors. By defining data ownership and access guidelines, creating redress channels for data abuse, and supporting inclusive policy reviews with civil society, regulatory sandboxes make data governance and accountability more clear.

This shift from reactive damage control to proactive governance is what regulatory sandboxes offer. If Uganda had employed a sandbox approach, the EPS system might have served as a model for ethical innovation rather than a cautionary tale of rushed deployment, weak oversight, and lost public trust.

Beyond specific systems like EPS or digital ID, the future of Africa’s digital transformation hinges on how digital public infrastructure is conceived, implemented, and governed. Foundational services, such as digital identity, health information platforms, financial services, surveillance mechanisms, and mobility solutions, are increasingly reliant on data and algorithmic decision-making. However, if these systems are designed and deployed without sufficient citizen participation, independent oversight, legal safeguards, and alignment with the public interest, they risk becoming tools of exclusion, exploitation, and foreign dependency.

Realising the full potential of DPIs as a tool for inclusion, digital sovereignty, and rights-based development demands urgent and deliberate efforts to embed accountability, transparency, and digital rights at every stage of their lifecycle.

Photo Credit – CCTV system in Kampala, Uganda. REUTERS/James Akena (2019)

18Jun

The opportunity for Africa to take a leadership role in the WSIS+20 review process

CIPESA June 18, 2025June 19, 2025

By Elonnai Hickok (GNI), Anriette Esterhuysen (APC), and Lillian Nalwoga (CIPESA)

Alongside the Africa School for Internet Governance (AfriSIG) and the regional Africa Internet Governance Forum (AfricaIGF) that took place in late May in Dar-es-Salaam, Tanzania, the Global Network Initiative (GNI), the Association for Progressive Communications (APC), and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) held several meetings that brought together civil society, governments, parliamentarians, and the private sector from across the continent to reflect on Africa’s role in the World Summit on the Information Society +20 (WSIS+20) Review Process . This included a session at the AfriSIG, the regional workshop “The Road to WSIS+20”, and the session “Forging connections between Internet Governance, human rights, and development through the WSIS+20 process” at the AfricaIGF. The meetings highlighted key policy priorities across countries that stakeholders would like reflected in the WSIS+20 review process, surfaced challenges in past implementation of the WSIS framework and action lines with forward-looking recommendations, and emphasized the opportunity for Africa to play a leadership role in the WSIS+20 review process going forward.

In 2025, the world faces an important moment for digital governance. The WSIS+20 review — marking two decades since the World Summit on the Information Society — will not only evaluate past progress but also shape the future of Internet governance, rights, and development as it considers how to align the Global Digital Compact (GDC) into the WSIS process and evaluates the renewal of the Internet Governance Forum (IGF). For Africa, this is a pivotal opportunity to lead, to center the continent’s priorities in global digital discourse, and to champion a people-centered, equitable information society.

Since its founding documents — the Geneva Declaration, the Plan of Action, and the Tunis Agenda — the WSIS has put forward a vision rooted in multistakeholderism, human rights, and inclusive digital development. But nearly 20 years on, that vision is under question amid accelerating technological shifts, geopolitical tensions, billions of people without meaningful connectivity, and the marginalization of voices from the Global Majority. Africa’s leadership in the WSIS+20 review process will be an essential counterbalance to these challenges.

Africa has always participated strongly in WSIS, with robust contributions from the technical community, civil society, many governments, and the WSIS prize winners who have taken high-level action lines and worked to implement them at the local community level. Recent months have seen growing momentum across the continent for the WSIS+20 review process. From Dar-es-Salaam to Cotonou, the United Nations Economic Commission for Africa (UNECA) has convened civil society, governments, parliamentarians, and the private sector to reflect on Africa’s role in the WSIS. This has been complemented by national-level dialogues driven by civil society with participation from the technical community, including in Zambia, Ghana, and South Africa. These dialogues reveal national-level priorities and the potential for Africa to shape the future of the WSIS.

Two major declarations — the Dar es Salaam Declaration and the Cotonou Declaration — highlight Africa’s vision for the WSIS. They underscore issues central to the region: bridging the digital divide, fostering AI innovation, building resilient digital public infrastructure, ensuring data governance, and using the WSIS as a catalyst for Agenda 2063 and the Sustainable Development Goals (SDGs). Crucially, both declarations reaffirm the importance of the IGF and call for its strengthening.

The global WSIS+20 Preparatory and Stocktaking Meeting held on May 30 gave us some insight into the positions that African countries will take. Statements by Uganda, South Africa, and Morocco aligned with the G77’s call for digital sovereignty and technology transfer, recognized the importance of leveraging the WSIS to achieve the 2030 Agenda, called for aligning the GDC with the WSIS, and highlighted new challenges such as AI, but stopped short of unanimously advocating for the renewal, strengthening, and making the mandate of the IGF permanent.

The geopolitical landscape only heightens the urgency of strong participation from African countries. The United States’ controversial stance during the 28th session of the Commission on Science and Technology for Development (CSTD) — particularly its resistance to language on climate, the SDGs, and diversity, equity, and inclusion — has raised alarms. While this may signal a shift in the U.S. government’s approach, it also can be seen as opening space for Africa and other actors to step into leadership roles and push for a rights-based digital future that reflects national priorities.

To do so, Africa must bring vision and coordinated diplomacy. The continent has several key regional frameworks and strategies: the African Digital Compact, the Digital Transformation Strategy for Africa, the African Union Convention on Cyber Security, and the Continental Artificial Intelligence Strategy offer policy blueprints for the continent’s digital development. The African Commission on Human and People’s Rights has also passed several important resolutions including the Resolution on Access to Data 2024 and the Declaration of Principles on Freedom of Expression 2019. There is an opportunity to actively inject these priorities and values into global processes like the WSIS+20 and the GDC.

Nationally, progress is tangible. Countries are expanding digital public infrastructure, reforming cybersecurity laws, and working to reduce connectivity gaps. At the same time, challenges persist — from Internet shutdowns and online surveillance to shrinking civic space and rising digital authoritarianism, as highlighted in Paradigm Initiative’s 2024 Londa report. These challenges underscore why a rights-respecting, multistakeholder framework is essential for Africa’s digital future.

As the WSIS+20 review process continues, it will be critical that African countries actively engage in the process, emphasizing inclusive multistakeholder participation from all stakeholders as articulated by a cross-stakeholder group in the Five-Point Plan for an Inclusive WSIS+20 Review and a further set of eight recommendations. Going forward, the UNECA and the African Union will play an essential role in not only coordinating regional positions but in ensuring this participation.

The WSIS+20 presents a timely chance for Africa to take forward the original spirit of the WSIS: a digital world built by and for the people, across sectors and borders. To seize this moment, it will be important for African governments and regional bodies to:

Participate robustly and cohesively in the WSIS+20 review process, ensuring Africa’s priorities are reflected.
Promote inclusive multistakeholder engagement, proactively engaging with and empowering civil society, academia, and the technical community to robustly participate in the WSIS+20 process and inform the position of African governments.
Advance a shared agenda rooted in human rights, sustainable development, the renewal of the IGF, the alignment of the GDC into the WSIS, and Africa-centric innovation and development.

The discussions at AfricaIGF indicated an important opportunity for Africa to shape the future of the WSIS process and ensure country-level and regional priorities are reflected in the review and implementation, that the review process is truly multistakeholder, and results in implementation that is meaningful and effective.

22May

Africa’s Digital Dilemma: Platform Regulation Vs Internet Freedom

Brian May 22, 2025May 22, 2025

By Brian Byaruhanga |

Imagine waking up to find Facebook and Instagram inaccessible on your phone – not due to a network disruption, but because the platforms pulled their services out of your country. This scenario now looms over Nigeria, as Meta, the parent company of Facebook and Instagram, may shut down its services in Nigeria over nearly USD 290 million in regulatory fines. The fines stem from allegations of anti-competitive practices, data privacy violations, and unregulated advertising content contrary to the national laws. Nigerian authorities insist the company must comply with national laws, especially those governing user data and competition.

While this standoff centres on Nigeria, it signals a deeper struggle across Africa as governments assert digital sovereignty over global tech platforms. At the same time, millions of citizens rely on these platforms for communication, activism, access to health and education, economic livelihood, and self-expression. Striking a balance between regulation and rights in Africa’s evolving digital landscape has never been more urgent.

Meta versus Nigeria: Not Just One Country’s Battle

The tension between Meta and Nigeria is not new, nor is it unique. Similar dynamics have played out elsewhere on the continent:

Uganda (2021–Present): The Ugandan government blocked Facebook after the platform removed accounts linked to state actors during the 2021 elections. The block remains in place, effectively cutting off millions from a critical social media service unless they use Virtual Private Networks (VPNs) to circumvent the blockage.
Senegal (2023): TikTok was suspended amid political unrest, with authorities citing the app’s use for spreading misinformation and hate speech.
Ethiopia (2022): Facebook and Twitter were accused of amplifying hate speech during internal conflicts, prompting pressure for tighter oversight.
South Africa (2025): In a February 2025 report, the Competition Commission found that freedom of expression, plurality and diversity of media in South Africa had been severely infringed upon by platforms including Google and Facebook.

The Double-Edged Sword of Regulation

Governments have legitimate reasons to demand transparency, data protection, and content moderation. Today, over two-thirds of African countries have legislation to protect personal data, and regulators are becoming more assertive. Nigeria’s Data Protection Commission (NDPC), created by a 2023 law, wasted little time in taking on a behemoth like Meta. Kenya also has an active Office of the Data Protection Commissioner, which has investigated and fined companies for data breaches.

South Africa’s Information Regulator has been especially bold, issuing an enforcement notice to WhatsApp to comply with privacy standards after finding that the messaging service’s privacy policy in South Africa was different to that in the European Union. These actions send a clear message that privacy is a universal right, and Africans should not have weaker safeguards.

These regulatory institutions aim to ensure that citizens’ data is not exploited and that tech companies operate responsibly. Yet, in practice, digital regulation in Africa often walks a thin line between protecting rights and suppressing them.

Laws and regulations are sometimes wielded to target opposition voices, activists, and media.
Internet shutdowns, though often justified under national security claims, tend to silence dissent and disrupt livelihoods.
When platforms are blocked or threatened with expulsion, it is the users not the companies or states who suffer most.

While governments deserve scrutiny, platforms like Meta, TikTok, and X are not blameless. They often delay to respond to harmful content that fuels violence or division. Their algorithms can amplify hate, misinformation, and sensationalism, while opaque data harvesting practices continue to exploit users. For instance, Branch, a San Francisco-based microlending app operating in Kenya and Nigeria, collects extensive personal data such as handset details, SMS logs, GPS data, call records, and contact lists in exchange for small loans, sometimes for as little as USD 2. This exploitative business model capitalises on vulnerable socio-economic conditions, effectively forcing users to trade sensitive personal data for minimal financial relief.

Many African regulators are pushing back by demanding localisation of data, adherence to national laws, and greater responsiveness, but platform threats to exit rather than comply raise concerns of digital neo-colonialism where African countries are expected to accept second-tier treatment or risk exclusion.

Beyond privacy, African regulators are increasingly addressing monopolistic behaviour and unfair practices by Big Tech as part of a broader push for digital sovereignty. Nigeria’s USD 290 million fine against Meta is not just about data protection and privacy, but also fair competition, consumer rights, and the country’s authority to govern its digital space. Countries like Nigeria, South Africa and Kenya are asserting their right to regulate digital platforms within their borders, challenging the long-standing dominance of global tech firms. The actions taken against Meta highlight the growing complexity of balancing national interests with the transnational influence of tech giants.

While Meta’s threat to exit may signal its discomfort with what it views as restrictive regulation, it also exposes the real struggle governments face in asserting control over digital infrastructure that often operates beyond state jurisdiction. Similarly, in other parts of Africa, there are inquiries and new policies targeting the market power of tech giants. For instance, South Africa’s competition authorities have looked at requiring Google and Facebook to compensate news publishers (similar to the News Media and Digital Platforms Mandatory Bargaining Code in Australia). These moves reflect a broader global concern that a few platforms have too much control over markets and need checks to ensure fairness.

The Cost of Disruption: Economic and Social Impacts

When platforms go dark, the consequences are swift:

Businesses and entrepreneurs lose access to vital marketing and sales tools.
Creators and influencers face income loss and audience disconnection.
Activists and journalists find their voices limited, especially during politically charged periods.
Citizens are excluded from conversations and accessing information that could help them make critical decisions that affect their livelihoods.
Students and educators experience setbacks in remote learning, particularly in under-resourced communities that rely on social media or messaging apps to coordinate learning.
Access to public services is disrupted, from health services to government updates and emergency communications.

A 2023 GSMA report showed that more than 50% of small businesses in Sub-Saharan Africa use social media for customer engagement. In countries such as Nigeria, Uganda, Kenya or South Africa, Facebook and Instagram are lifelines. Losing access even temporarily sets back innovation, erodes trust, and impacts livelihoods.

A Call for Continental Solutions

Africa’s digital future must not hinge on the whims of a single government or a foreign tech giant. Both states and companies should be accountable for protecting rights in digital contexts, ensuring that development and digitisation do not trample on dignity and equity. This requires:

Harmonised continental policies on data protection, content regulation, and digital trade.
Regional norm-setting mechanisms (like the African Union) to enforce accountability for both governments and corporations.
Investments in African tech platforms to offer resilient alternatives.
Public education on digital rights to empower users against abuse from both state and corporate actors.
Pan-African contextualised business and human rights frameworks to ensure that digital governance aligns with both local realities and global human rights standards. This includes the operationalisation of the UN Guiding Principles on Business and Human Rights, following the examples of countries like Kenya, South Africa and Uganda, which have developed national action plans to embed human rights in corporate practice.

The stakes are high in the confrontation between Nigeria and Meta. If mismanaged, this tension could lead to fragmentation, exclusion, and setbacks for internet freedom, with ordinary users across the continent paying the price. To avoid this, the way forward must be grounded in the multistakeholder model of internet governance which aims for governments to regulate wisely and transparently, and for tech companies to respect local laws and communities, and for civil society to be actively engaged and vigilant. This will contribute to a future where the internet is open, secure, and inclusive and where innovation and justice thrive.

Tag Archives: digital sovereignty