Cybersecurity is of rising significance on the African continent, whether in response to opportunities in the digital economy or rising incidents of cybercrime.

The African Union Convention on Cyber Security and Personal Data Protection (AUCC/ Convention) was drafted in 2011 to establish a credible framework for cybersecurity in Africa through organization of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating of cybercrime. Working documents prefacing the AUCC note that the objective of such a Convention was to address the cybercrime related legislative challenges on the African Continent in a compatible and harmonised manner. As such, the Convention promotes, in the main, for African states to establish policy, strategic, institutional and legal frameworks for cybersecurity in the context of a credible digital environment. The AUCC encompasses in cybersecurity, three main areas: (1) electronic transactions, (2) personal data protection, (3) cybersecurity and cybercrime. The Convention will enter into force thirty (30) days after the 15th instrument of ratification or accession is deposited. The current status is five (5) ratifications out of fifty-five (55) AU member States (Ghana, Guinea, Mauritius, Namibia and Senegal), while fourteen (14) more Member States have signed the Convention.

The 2019 NEPAD Cybersecurity Policy and Regulation Assessment Report (“the Report”) analysed the policy and regulation in ten (10) African Union member states - Benin, Chad, Republic of Congo, Democratic Republic of Congo, Guinea, Kenya, Mauritania, Morocco, Senegal and Tunisia. This Executive Brief provides an overview of the Report and the study constituting the Report.

At the national level, the Report recommended African Union member states to consider: (i) drafting or reviewing of outdated legislative and regulatory frameworks; (ii) implementing institutional frameworks provided for in legislative and regulatory frameworks; and (iii) balancing interests in cybersecurity and human rights. At the continental level the Report recommended: (i) harmonising definitions of cybersecurity; (ii) gathering baseline and annual statistics; (iii) promoting dialogues with national and regional stakeholders on the significance of the Convention and concerns pertaining to the ratification of the Convention; (iv) comparing the AUCC with global models and conventions and moving towards compatibility with these models and conventions; (v) promoting cybersecurity in the context of cyber stability; and (vi) broadening co-operation with African Union member states.