Africa's AI Policies Are Winning the Sovereignty Argument and Losing the Democratic Governance Question

Mar 27
8 min read

A reference guide to the African AI and data policy landscape: what it gets right, where it falls short, and the question it hasn't asked yet.

In the past three years, Africa has produced one of the most ambitious bodies of AI and data governance policy on earth. The African Union's Continental AI Strategy. The Malabo Convention, now finally in force. The AfCFTA Digital Trade Protocol. A cascade of regional declarations from Windhoek to Nairobi to Kigali. Parliamentary commitments from Lusaka. A continent-wide Africa Declaration on Artificial Intelligence signed by 54 member states.

The policy stack is solid, it is dense, and in important ways it is genuinely ahead of what most of the world has managed. Africa is setting the terms on AI governance, on several dimensions at once.

And yet there is a question the entire corpus has left unasked.

The documents are unambiguous about who should control AI. They assert loudly that sovereignty matters. The missing question is: sovereignty for whom, governed how, owned by who within Africa?

Replacing external control with continental or state-level control is progress. Progress is also distinct from democratic governance. Conflating the two is how you get a continent that wins the argument about where power should sit, while leaving unresolved the question of whether citizens and communities have meaningful agency over systems that increasingly shape their lives.

That is the gap this article is about.

What the Policy Stack Gets Right

Credit is due. What this corpus has accomplished, much of the Global North has not (and the Global North should take note!). Here is what it gets right:

It frames AI as a constitutional and developmental question. The Continental AI Strategy, endorsed by the AU Executive Council in July 2024, positions AI explicitly as infrastructure for achieving Agenda 2063, Africa's long-term continental development vision. Where early US and EU policy led with innovation, this strategy starts from development outcomes and works backward to technology design. That sequencing matters.
It names the dependency risk explicitly. The Rabat Consensus on AI, adopted in 2024, warns directly that AI technologies predominantly developed outside Africa may not serve African needs, and calls for a "sovereign AI path." The Africa Declaration on AI (Kigali, April 2025), endorsed by all 54 member states, goes further: it insists that AI design and deployment should "reflect Africa's strategic priorities, shared values, and diverse cultural contexts." These are a direct challenge to the assumption that Global South nations should adopt, rather than shape, the foundational layer of AI.
It recognises the infrastructure precondition. Several documents, particularly the Cotonou Declaration and the Continental AI Strategy, acknowledge that sovereignty without compute, connectivity, and locally controlled data infrastructure is empty. The Cotonou Declaration sets concrete targets: 70% of youth with basic digital literacy by 2030, two million new digital economy jobs, regional compute and cloud capacity built as strategic infrastructure. These are measurable commitments with timelines attached.
It is building a coherent architecture, slowly. The Malabo Convention, the AU Data Policy Framework, the Continental AI Strategy, and the AfCFTA Digital Trade Protocol are intended to interlock: binding data protection principles, harmonised governance frameworks, and rules for the digital economy operating together. That coherence remains partial and contested. The intention to build a system rather than accumulate declarations is visible, and that is meaningful.
Regional declarations are doing substantive work. The Nairobi Statement on AI and Emerging Technologies in Eastern Africa (2024) calls explicitly for decolonial co-creation and human-centred digital futures, language that goes beyond most continental-level governance documents anywhere in the world. The Lusaka Declaration (July 2025), produced by the Pan-African Parliament, is notable for involving legislators rather than ministers and technocrats alone, moving the conversation fractionally closer to democratic accountability.

Where the Sovereignty Argument Has Gaps

Declarations are one thing. Without enforcement mechanisms, accountability structures, or binding conditions, they are a millipede with no bite... a lot of legs, going nowhere fast. The policy stack has several of these structural contradictions built in.

The most legally consequential document may be the most sovereignty-compromising. The AfCFTA Digital Trade Protocol, the document with the most binding force on digital governance, contains a provision (Article 24(1)) that prohibits member states from requiring source code disclosure as a condition of market access. In practice, this limits African governments' ability to audit AI systems deployed on their territory. The countries with the most to gain from auditing foreign AI systems, those with the least capacity to detect discriminatory or extractive algorithmic behaviour, have signed away a key tool for doing so.

Researchers at Research ICT Africa have documented that the protocol's negotiation was largely non-transparent, with no public access to drafts or participant lists. The analysis suggests the final text aligns more closely with the trade agendas of developed nations than with the AU's own Vision 2063 or Data Policy Framework. The AfCFTA DTP and the AU Data Policy Framework are supposed to be mutually reinforcing. The evidence suggests otherwise.

The Malabo Convention, the only binding continental data protection instrument, reaches 15 of 55 member states. It took nine years from adoption in 2014 to ratification by the required fifteen nations in 2023. Most of the continent remains without binding data protection rules enforced at the continental level. In that vacuum, foreign platforms process African data under their home jurisdictions, and governments negotiate AI partnerships without the leverage that a fully-ratified convention would provide. The Lusaka Declaration and others rightly call for ratification. Calling for it and having it are different things.

"Africa-centric" and "sovereignty" are doing a lot of lifting without architectural support. The Africa Declaration on AI and the Continental AI Strategy both use strong sovereignty language. The architecture to support that language is largely absent. There are no open-weight model requirements for publicly funded AI deployments. No technology transfer conditions on international AI partnerships. No exit rights, meaning the practical ability of a nation or community to migrate away from a foreign AI system if the partnership changes. These are the conditions that distinguish a partnership from a franchise arrangement, as we have argued in the context of Rwanda. The rhetoric is right. The architecture needs to catch up.

Implementation capacity is the hidden gap. The CIPIT analysis of the Continental AI Strategy identifies a fundamental development-governance paradox: ambitious continental frameworks coexist with severe infrastructure deficits, capacity gaps, and resource scarcity. Kenya, Rwanda, and South Africa are building meaningful AI governance structures. Somalia, Burundi, and many others are working from a much thinner base, and the policy documents provide no mechanism to prevent the gap from widening. A continental sovereignty framework that accelerates the most capable states while leaving the least resourced further behind has moved the problem rather than solved it.

The Question the Corpus Has Not Asked

Here is where the analysis MUST go further than most AI governance commentary is willing to go.

Every document in this corpus frames the sovereignty question as a question about who controls AI at the state or continental level. The contest, as these documents understand it, is between African institutions and external powers: frontier labs, foreign cloud providers, Global North regulatory frameworks. Win that contest, and sovereignty is achieved.

This framing is necessary. It is also insufficient.

Power can sit in Addis Ababa instead of Silicon Valley and citizens can still be outside the room where decisions are made. An African AI stack governed by member state governments, without meaningful participation from the communities most affected by those systems, is a different address for the same structural problem.

The entire corpus is silent on:

Cooperative or community ownership of AI systems or data infrastructure
Data trusts that give citizens collective bargaining power over how their information is used
Participatory design mechanisms that bring affected communities into system development as co-designers with real decision-making authority
Community-level governance frameworks with genuine power rather than advisory status
Accountability mechanisms that operate below the state level

The Nairobi Statement comes closest, with its call for decolonial co-creation. The CIPIT analysis of the Continental AI Strategy notes that the drafting process "did not adequately consider the perspectives of the most vulnerable," a significant admission about a document that explicitly names vulnerable populations as priority beneficiaries. The Lusaka Declaration involves parliamentarians, which is meaningful. Parliaments represent citizens in aggregate. They do not give communities agency over the specific AI systems shaping their lives.

This is the central question for AI governance in the 2020s: whether the transition to AI-enabled societies concentrates power more deeply or distributes it more broadly. Relocating the centre of control from one institution to another leaves that question open.

The Third Frame the Field Needs

Africa's AI policy community has correctly identified the first failure mode: external capture, where frontier labs and foreign frameworks shape a continent's AI future in service of external interests. The policy response, emphasising sovereignty, calling for African-led governance, building continental frameworks, is the right response to that failure mode.

The second failure mode requires equal attention: internal capture, where the mechanisms built to resist external control become new points of concentration, inaccessible to the people they are supposed to serve. This is the pattern of every previous technology transition, from telecommunications to agricultural inputs to cloud computing, when sovereignty was won at the state level without the corresponding democratic architecture.

The documents that come closest to naming this risk are the ones that treat AI as public infrastructure, as a public good. A public good requires governance structures that give people agency over it. Cooperative ownership models, public-interest technology foundations, participatory governance frameworks, open-source development with community oversight: these are design choices, and they are almost entirely absent from the African AI policy corpus.

What This Means for the Policy Stack

None of this invalidates what has been built. The Continental AI Strategy, the Africa Declaration on AI, the Nairobi and Rabat statements: these are genuine achievements of continental coordination under conditions of resource scarcity and political complexity. The field should say so clearly.

The next phase of African AI governance needs to close the gap between sovereignty and democratic governance. Practically, that means:

Conditioning AI partnerships on democratic architecture alongside technology transfer. Exit rights, open-weight requirements, and data sovereignty frameworks before training data agreements are signed protect states. Community participation requirements, data trusts, and participatory governance frameworks protect people. Both matter.

Holding the AfCFTA Digital Trade Protocol to account. Article 24(1) should be revisited in the annex negotiations still underway. African governments deserve a digital trade architecture that preserves their ability to audit AI systems deployed on their territory.
Using the Malabo Convention as a floor. Ratification momentum is building. Member states that ratify should be supported to implement in full: resourcing data protection authorities to reach rural and marginalised populations, where the stakes are highest.

Building below the state level. The next generation of African AI governance policy needs to specify what meaningful community participation looks like, with actual authority attached. Civil society, researchers, and institutions like Masakhane and AfriLabs, who are building language models and governance frameworks grounded in African contexts, belong in the room from the start.

Treating the infrastructure gap as a precondition. Electricity, connectivity, and locally controlled compute are the conditions under which any governance framework can reach the people it is supposed to protect. They belong at the centre of the policy agenda.

The Standard

In our work on Rwanda's AI partnerships, we posed a test: can a country govern, audit, and operate its own AI systems with full independence in ten years? That is the standard a genuine capacity-building partnership should meet.

The same test applies to continental governance frameworks. In ten years, will the African policy stack have produced systems that communities can govern, that distribute value rather than concentrate it, that are accountable to people rather than to institutions? Or will it have shifted control from Silicon Valley to a different set of rooms, more African in composition, equally closed to the people whose lives are shaped by what happens inside them?

The sovereignty argument is being won. That matters. The democratic governance question is the harder one, and the more important one, and it is the question Africa's AI policy community has the tools and the standing to ask next.

The window is still open.

Mission AI builds products that centre people and communities, and we have strong opinions about the infrastructure and frameworks those products have to sit inside. If you're working at the intersection of AI, sovereignty, and democratic accountability, we'd like to talk.