Regulatory Crackdown Across Africa

A wave of enforcement actions targeting data privacy and emerging AI applications is sweeping across the African digital economy.

According to a recent report by stablecoin infrastructure provider Yellow Card, 45 countries now have data protection laws in place, while 16 have rolled out national AI strategies. This marks a significant shift from policy adoption to active enforcement as 39 data protection authorities become fully operational across the continent.

Enforcement Actions Mount

Key developments include:

• Uganda secured its first criminal data conviction in July 2025, sentencing a digital lender director for unauthorized use of personal data
• Nigeria’s Data Protection Commission fined MultiChoice USD 500,000 for “patently intrusive” privacy violations and is pursuing a settlement with Meta over data breaches
• Kenya’s Office of the Data Protection Commissioner has issued fines to firms in banking, energy, and telecommunications sectors
• Tanzania imposed a fine on a company that used a newborn’s photo on Instagram without consent

AI Governance Emerges as Next Frontier

With 16 countries having adopted national AI strategies, regulators are now focusing on algorithmic transparency and ethical use. Nigeria, Angola, Morocco, and Namibia are among those advancing toward binding legislation.

Angola’s draft AI law proposes particularly stringent penalties, including fines up to USD 1.6 million and prison sentences of up to 12 years for intentional misuse.

Thelma Okorie, Yellow Card’s group data protection and privacy counsel, noted that these developments create both challenges and opportunities: “The ability to innovate and modernize payment rails is deeply tied to navigating complex regulatory landscapes.” She emphasized that financial institutions utilizing stablecoins must adhere to the strictest data protection frameworks.