Advanced search
Publication Cover
Policy Design and Practice Volume 6, 2023 - Issue 2: Special Issue on Governing Cyber Crises: Policy Lessons from a Comparative Analysis; Guest Editors: François Delerue and Monica Kaminska
Submit an article Journal homepage
4,144
Views
0
CrossRef citations to date
0
Altmetric
Research Articles

Cyber governance in Africa: at the crossroads of politics, sovereignty and cooperation

Nnenna Ifeanyi-AjufoSchool of Law, University of Bradford, Bradford, EnglandCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0001-9400-9169
ORCID Icon
Pages 146-159 | Received 04 May 2022, Accepted 01 Mar 2023, Published online: 19 May 2023

Abstract

Africa has recently focused on an ambition to achieve digital transformation through the pursuit of various flagship initiatives which are aimed at achieving its ‘Agenda 2063’ objectives. Digital transformation will be better achieved through appropriate cyber governance policies and mechanisms, and the success of Africa’s Digital Transformation Strategy 2020-2030 hinges on diverse factors. According to the Strategy, African governments have a fundamental responsibility to create an enabling environment, with policies and regulations that promote digital transformation across foundation pillars, which include cybersecurity. The Strategy also stipulates the need to reinforce the region’s human and institutional capacity to secure the cyberspace by building trust and confidence in the use of cyber technologies. The aim of the paper is to examine Africa’s cyber governance agenda in relation to peace and security. While there are political dimensions to determining the thresholds of such discourses in Africa, the uncertainties of governance mechanisms, political underpinnings and limitations in digital capacity may mean that international standards of cyber governance have merely been theoretical in the African context. The paper examines Africa’s extant policies and political strategies for cyber governance, and the region’s interaction with international cyber governance processes. The paper further discusses the prospects and challenges to cyber governance in the region, and the approaches to leveraging international cooperation in promoting cyber stability in the region.

1. Cyber governance in Africa

Africa recently began exploring an agenda on digital transformation. Following endorsement by the 2019 Sharm El Sheikh Declaration,Footnote1 in February 2020, the African Union Commission (AUC) adopted the Digital Transformation Strategy for AfricaFootnote2, which was followed by the European Union Digital RoadmapFootnote3 the same year. The European Union highlighted digital transformation as one of its pillars of engagement and cooperation with Africa, set its focus on boosting the Continent’s digital transformation, and strengthening the international rules-based order and the multilateral system (European Union Commission Citation2020).

In recent years, cyber governance has come to the forefront of diplomatic and political agendas of important bilateral and multilateral meetings (Potter Citation2002). The discourse continues to thrive both in formal and informal consultations with regional and international diplomatic initiatives. The promotion of security and stability in the cyber environment can be enhanced by adopting appropriate policies,Footnote4 and building cooperative measures which can contribute to appropriate cyber governance.Footnote5 For effective cyber governance, cooperation is imperative because in the context of a borderless cyberspace, collaborative approaches engender shared responsibility amongst states (Mueller Citation2020) The seventh key action in the United Nations Roadmap for Digital Cooperation is promoting trust and security in the digital environment.Footnote6 To promote trust and security in the digital environment, there is a need for cooperation (Meyer Citation2020). The recently released 2021 Group of Governmental Experts (GGE) ReportFootnote7 reaffirms that “…an open, secure, stable, accessible and peaceful ICT environment is essential for all and requires effective cooperation among States to reduce risks to international peace and security.”Footnote8 The UN Open Ended Working Group’s (OEWG) final reportFootnote9 which further confirmed the results of the reports of the GGE,Footnote10 urges states to cooperate with other states on the implementation of responsible state behavior in cyberspace.

The discussion about governance and cooperation in Africa for security and stability in cyberspace has been largely unexplored (Microsoft Citation2021). Africa’s preparedness for cyber governance bares so many questions in relation to the effectiveness of African governance mechanisms to ensure cyber resilience in the region (Schlehahn Citation2020) There are also concerns about the preparedness of African states for regulation of the cyberspace through appropriate policies to meet international standards. The disparities in digital capacities and political structures are also a seeming challenge for the implementation of principles of responsible state behavior in cyberspace by African states. There are also concerns regarding African leaders stance and approach toward digital sovereignty and the reality that digital cooperation could imply digital dependence in the face of differing digital capacities.Footnote11 Digital transformation offers Africa tremendous opportunities, however, effective, and efficient digital transformation in Africa can only happen in a trusted, secure and resilient cyber space, hence, it is important to examine cyber governance and the agenda on digital transformation in Africa in relation to peace and security.

2. Centering cybersecurity in digital transformation

The African Digital Transformation StrategyFootnote12 has highlighted the need for a greater capacity to detect and mitigate cyber-attacks in the region. According to the Strategy, the creation of an enabling environment with policies and regulations that promote digital transformation across foundation pillars which includes cyber security is a responsibility for African governments.Footnote13 The Strategy also states unequivocally that “collaborative ICT regulatory measures and tools are the new frontier for regulators and policy makers as they work towards maximizing the opportunities afforded by digital transformation across industries”.Footnote14

In 2014, the African Union Commission adopted the African Union Convention on Cyber Security and Personal Data Protection (hereinafter the Malabo Convention) Footnote15 to provide fundamental principles and guidelines to ensure cyber security, effective protection of personal data and creation of a safe digital environment (Ball Citation2017). The Malabo Convention is an important regional legislation which provides a framework for ensuring cybersecurity in Africa through regulating electronic transactions, protecting personal data and policing cybercrime. The AUC considers the Malabo Convention as a strategy to create a uniform system of cyber governance, ensure unified regulatory approaches between the African Union Member States and promote cyber resilience in the region. The Convention encourages AU member states to recognize the need to protect ICT infrastructure, tackle cybercrime and encourage free flow of information through a unified regulatory framework on cybersecurity.

Since the adoption of the Malabo Convention, the AUC has focused on building capacity through organizing cyber governance capacity building initiatives in collaboration with key partners, Regional Economic Communities (RECs) and member states, to promote a cybersecurity culture, build trust and confidence in the use of ICTs and provide guidance on cybersecurity policy-making. The AUC in cooperation with the Internet Society developed the guidelines on security of internet infrastructure in AfricaFootnote16 and guidelines for personal data protection for Africa’.Footnote17 In 2018, the Executive Council of the African Union endorsed ‘The AU Declaration on Internet Governance and Development of the Digital Economy’Footnote18 and adopted cybersecurity as a flagship project of the African Union Agenda 2063.Footnote19 In close collaboration with the European Union, the AUC launched the ‘Policy and Regulation Initiative for Digital Africa (PRIDA)’ with a critical mandate of building capacity of African Internet stakeholder groups in all 55 African Union (AU) Member States on internet governance and cybersecurity matters.Footnote20

3. A Crossroads of Politics, sovereignty and cooperation

As societies are increasingly digitalized, cyber governance, especially in relation to security, continues to emerge as a policy priority of many governments around the world however, African countries continue to exhibit weak cyber maturity levels (International Telecommunications Union Citation2021a). The AU member states have diverging interests, and the ineffectiveness of governance mechanisms and lack of capacity in policies, strategies and infrastructure has been a challenge for Africa in addressing cyber governance. In understanding thresholds of stability in cyber governance, politics is certainly a defining factor in Africa (Kerttunen & Tikk Citation2019) Regional organizations like the African Union are rooted in their respective historical, cultural and political contexts, which further impact their ideologies and capacities in matters such as cyber governance (Pawlak, Tikk, Kerttunen Citation2020). The creation of legal frameworks and diplomatic relations have political underpinnings, including in conversations about digital sovereignty which resonates with the historical context of Africa in terms of colonization. In these contexts, there are various challenges to how strategies for cyber governance in Africa are addressed toward promoting and ensuring peace, security and stability in cyberspace.

3.1. Challenges with laws and policies

Compared to regions such as Europe, Africa lacks a united and cooperative cyber governance agenda. African member States views on cyber governance are not homogenous, with no shared norms and principles (Clifford Citation2022) Some African governments are keen to prioritize cyber governance and secure critical infrastructure,Footnote21 however, many other governments still regard cyber governance as a non-priority (Nicholas Citation2018). The reluctance of African States to ratify regional and international conventions is unarguably proof of this. Since 2014, the Malabo convention is yet to enter into force per Article 36 of the Convention by reason of inadequate ratification from the required fifteen (15) African States.Footnote22 The importance of the Malabo Convention to direct cyber governance in the region depends on its adoption by African states. The entry into force of the Malabo Convention will be a major step toward achieving an African regional legal framework and developing shared cyber governance norms and principles.

There is limited participation from African states in global cyber governance processes. The significance and influence of any international or regional agreement or treaty in any country is only to the extent which that instrument has been domesticated and implemented into national law and strategies (Finnemore and Sikkink Citation1998). The Council of Europe Convention on Cybercrime (the Budapest Convention)Footnote23 was drafted to focus on harmonizing laws and increasing international cooperation promote cybersecurity across borders entered into force since 2001. Only an insignificant number of African countries have ratified the Convention, notwithstanding the efforts of the Council of Europe in promoting cooperation with African states through the AUC.

Africa is made up of sub-regions with well-structured sub-regional organizations which have executive, legislative and judicial independence. These include the Economic Community of West African States (ECOWAS), The East African Community (EAC), the Southern African Development Community (SADC), The Central African Community (ECCAS/CEEAC). While this may be a positive development which reflects wider sub-regional integration and cooperation taking place in Africa, for cyber governance, these sub-regional organizations are engaging in independent strategies and owe no explicit or enforceable obligation to the AUC for their decisions in adopting or prioritizing any cyber governance strategy. Every sub-regional organization is independent. At sub-regional level, SADC adopted the SADC Model Law on Cybercrime in 2012 to guide and facilitate the harmonization of domestic laws on cybercrime and the ECOWAS adopted the Economic Community of West African States (ECOWAS) Directive on Fighting Cybercrime Within ECOWAS, 2011, including other independent cyber governance strategies being undertaken by the ECOWAS.

The problem of lack of capacity, expertise and skills ripples into the cyber-legislation process. Many African states still have no cybersecurity legislation or cybersecurity strategy. Research shows that only seventeen (17) out of the fifty-four (54) African countries have a national cybersecurity strategy and only three (3) of those countries possess the minimum essential criteria for an adequate cybersecurity strategy (Ajijiola and Allen Citation2022). According to the International Telecommunications Union (ITU) only twenty-nine (29) out of fifty-four (54) African countries have promulgated a cybersecurity legislation (International Telecommunications Union Citation2021b).

Cyber-legislation literacy is a challenge for African law makers. Where African countries have laws, there is a need for capacity to implement them. While some states are drafting cyber-legislations, the capacity for effective cyber-legislating and the capacity for implementing such laws is still in question for the region. Such gaps for parliamentarians and policymakers would mean unrealistic cyber governance strategies. An example is Nigeria Cybercrime Law which the Economic Community of West African States (ECOWAS) Court subsequently ruled should be abolished or revised due to provisions that could potentially infringe citizens human rights and restrict cyberspace users’ rights to free expression and privacy.Footnote24 There is also minimal understanding of cyber governance realities, therefore such contradictions in legal texts is common. The obvious transplanting of Western cyber governance legislation which often ignore cultural realities and domestic capabilities is common in African jurisdictions.

3.2. Ideologies on digital sovereignty

Digital sovereignty is increasingly a recurring debate in international cyber governance discourses (Schmitt Citation2017). It is particularly interpreted as a huge concern for African governments (Delport Citation2021). The borderless nature of the internet presents challenges for many African states who are accustomed to controlling all activities in their territory and as such, there is a constant resurgence of the digital sovereignty narrative in the region. It is a regular occurrence for African governments to restrict internet access for citizens,Footnote25 obviously with a misunderstanding of the cyber governance agenda (Lewis Citation2017). The UN Norms of Responsible State Behavior in Cyberspace calls for states to respect the Human Rights Council and United Nations General Assembly resolutions to promote and protect the enjoyment of human rights on the internet.Footnote26 United Nations experts and high-level officials, including the United Nations Secretary-General, have also formally affirmed that “blanket Internet shutdowns and generic blocking and filtering of services are considered by United Nations human rights mechanisms to be in violation of international human rights law.”Footnote27 However, African States understanding of human rights and security coupled with the rampant political instability in the region often collide with the reality and expectations of international human rights frameworks (Calandro Citation2021). The poise toward controlling the internet is always regarded as a cybersecurity-national security measure and a reinstatement of digital sovereignty by such African states (Ifeanyi-Ajufo Citation2021).

Overall, such challenges mean that norms related to responsible behavior of states in cyberspaceFootnote28 are largely theoretical in an African context. While African States are not alone in the attempts at controlling or restricting the internet, however, beyond politicization, African states’ under-resourced institutions which often lack the skills, capacities and financial resources to implement effective cyber governance measures may mean that following such approaches will rather be counterproductive. Considering the region’s weakness in cyber governance, it is more beneficial for African States to invest in cooperation, and pursue an international cooperative agenda aimed at enhancing cyber governance.

3.3. Digital cooperation strategies

The need to bridge institutional gaps in digital cooperation structures presents political challenges (The United Nations Citation2021). African states have continued to explore how an agenda of digital cooperation may place Africa strategically to govern cyberspace effectively (Calandro Citation2021), however, colonialism remains a sensitive issue for Africa and is often at the center stage of interpretations to Western intervention (Said Citation1993; Said Citation1978; Hardt and Negri Citation2000; Dunch Citation2002). Therefore, digital cooperation and its relationship to cyber governance must also be considered in terms of spheres of influence. There are concerns in Africa that diverse external initiatives are aimed toward digital imperialism rather than digital cooperation. A continuous attempt to emphasize digital sovereignty by African governments can be viewed as a subtle resistance to any disguise of digital dominance in the region and African states have begun challenging existing cooperation strategies and are increasingly insisting that digital cooperation should rather take place on Africa’s terms (Teevan Citation2001). There are no clear international strategies on how to ensure digital equality. For cooperation to thrive, digital equality rather than only capacity building should be at the fore of the discourse. A measure of equal standards in terms of digital capacity and infrastructure should be a core agenda for digital cooperation, rather than merely focusing on capacity building based on charity. There is also a need to consider that digital technologies are not primarily built in Africa which may imply that the idea of the design mechanism for emerging technologies are laced with foreign interests.

China and Russia have been key cooperation players in Africa (Bowmans Citation2020). China and Russia are also regarded as key partners for enhancing cybersecurity in many African states (Handler Citation2021). China has been a key player in the provision of ICT Infrastructure for African states, including having a presence in the premises of the African Union Headquarters. China’s interest in Africa’s cybersecurity landscape cannot be detached from the reality that China designs and produces digital products and services that are mostly used in Africa (Solomon Citation2021). It has also been opined that in recent years, Russia’s influence on governance in AfricaFootnote29 has exceeded that of any other external actor through pursuing cooperation on different trajectories such as extending military and security influence, including cyber influence.Footnote30 Russia seems poised toward creating its own sovereign internet,Footnote31 and as cooperation approaches tend to mirror domestic governance approaches, it is logical to argue that Russian and Chinese approaches to cyber governance is having a profound effect in the shaping of the African cyber governance agenda (Klinwachter, Citation2022).

3.4. Challenges with cyber diplomacy

It will be futile to separate the cyber diplomacy agenda from the general diplomacy agenda in Africa. There are political underpinnings to how African nations tend to vote in diplomatic processes, and how they support other states in international diplomatic processes. There are usually compromises and levels of reciprocity in the diplomatic approaches of African governments, for example while only about five (5) African countries have ratified the Council of Europe’s Budapest Convention, thirty-two (32) African countries voted in favor of the December 2018 Russia-backed resolution that required the UN Secretary-General to collect countries’ views about cybercrime. Over thirty (30) African countries also voted in favor of the December 2019, Russia motivated UN General Assembly ResolutionFootnote32 aimed to create a new cybercrime treaty.

Africa is more disadvantaged in terms of cyber diplomacy and its involvement at the various cyber governance diplomatic processes. African countries have been largely absent from the evolving UN processes on cyber norms development. For example, while it was said that members of the UN Group of Governmental Experts (GGE) processes are selected based on an equitable geographical distribution, in reality, Africa is not always given consideration at such processes in the same way as other regions. Since 2004, only nine African nations held membership in the UN GGE (Calandro Citation2021). The GGE and the OEWG have advanced immensely in terms of the discussions on cyber governance but the discussions have not adequately considered and reflected the interests of Africa. African realities and domestic capabilities have not been considered at the forefront of the processes in the same manner as those of other regions (Schmitt and Vihul Citation2017). The UN Security Council’s analysis at the first debate on emerging technologies further reinstates the fact that digital inequalities means that in reality, there are few countries which are setting the digital agenda for the rest of the world (Roberts Citation2021). Again, as Africa lacks trained cyber diplomats, it becomes equally difficult to promote African interests in cyber diplomatic processes (African Union Citation2018).

3.5. Africa’s digital capacity

International cyber governance standards often collide with the realities of developing states, particularly the African region which are at the end of the digital divide, and lack the capacity, skills and infrastructure to effectively ensure cyber governance at international standards (Calandro Citation2021). According to Castells, Africa’s ICT infrastructure is meager compared to current world standards and in comparison, there are more telephone lines in Manhattan or in Tokyo than the whole of sub-Saharan Africa (Castells Citation2001). In his words, the differentiation between the ICT-haves and have-nots “adds a fundamental cleavage to existing sources of inequality and social exclusion in a complex interaction that appears to increase the gap between the promise of the information age and its bleak reality for many people around the world” (Castells Citation2001). Hence, it is literally impossible for regions like Africa to participate effectively in international cyber governance discourses. There are other infrastructure challenges in the region. Besides being the least digitalized region of the world, many Africa countries also lack minimum infrastructure such as electricity required to advance the benefits of digital technologies thus making non-sense of international cyber governance efforts in the context of Africa. Coupled with the lack of access to basic infrastructure and incessant political conflicts, the African digital transformation agenda has been unclear, further making the digital capacity debate difficult to conceptualize.

4. Enhancing cyber governance in Africa through cooperation

In examining the existing legal and political strategies for cyber governance in Africa, it is important to consider how cooperation can be leveraged to strengthen cyber governance in Africa. Cooperation as a strategy encourages states toward building strategic partnerships and engaging multilaterally. This must be considered in the implementation of African Union’s Digital Transformation Strategy (Ayodele Citation2021). Cooperation will increasingly be a prerequisite to realization of cyber stability. To promote trust and security in the digital environment, there is a need to focus on stability in cyberspace through compliance to the Norms of Responsible State Behavior,Footnote33 including cooperative measures which can contribute to preventing cyber instability.Footnote34 The norms emphasize on international cooperation.Footnote35 There have been diverse efforts at ensuring cyber governance through cooperation. For the African region, there have been more transparent cooperation efforts by the European Union and the Council of Europe.Footnote36 These efforts toward inter-regional cooperation have included enhancing cyber policy development and building cyber capacity.Footnote37 Europe already began the implementation of a comprehensive strategy with Africa which will support the continent in designing and implementing its own solutions to local challenges in the Political Guidelines for the European Commission 2019–2024.Footnote38

With the nature of cyberspace, multilateralism is an imperative for cyber governance. It is impossible for any African State to ensure cyber stability and curb cyber threats without cooperation. Cyber-activities go beyond national borders and Africa can ensure cooperation through encouraging appropriate cyber governance policies. According to Calandro, “preserving cyber stability is a collaborative effort, and state actors in African countries need to devise cooperative mechanisms to observe and implement norms and include them in their national cyber policy or strategies” (Calandro, Citation2021).

While the Malabo Convention will assist African states in developing guidelines, and serve as a model legislation that member states may adopt for cyber security legislation, it also has its challenges (Zahid Citation2016). The anatomy of the Malabo convention – merging cybersecurity and data protection will be a setback particularly because the data protection provisions of the Convention are not directly worded in terms of cyber security. In the European Union General Data Protection Regulations (GDPR) for example, these matters are kept separate. Overall, most of the Malabo Convention’s definitions are less comprehensive than those found in similar instruments such as the Budapest Convention. The idea that the Malabo and Budapest Conventions are competing, and therefore proffer differing interests may also be a challenge. It is important that model laws and conventions such as the Budapest Conventions are understood by African States as complementary to the Malabo Convention and not a replacement for the Malabo Convention. The scope of the Malabo Convention is much broader than that of the Budapest Convention, which is a positive attribute of the Convention, considering that it regulates cyber security, data security, and security of electronic transactions.

To ensure effective cyber governance, policies must direct a multi-stakeholder engagement of all relevant actors working toward the achievement of effective cyber governance. The Malabo Convention underscores this in Article 26.Footnote39 Importantly, the Malabo Convention is poised at the protection of human rights. The Convention contains data protection provisions covering control of personal data. The Convention also requires governments to uphold the African Charter on Human and Peoples’ Rights,Footnote40 along with other basic rights such as freedom of expression, the right to privacy, and the right to a fair hearing, among others. The Convention enjoins state parties to enact cybersecurity laws that consider their constitutions and international conventions in relation to human rights. This largely complements the provisions of the Budapest Convention.

There is a need for a reinforced obligation to accord priority to cyber governance in Africa. In developing and designing an agenda for digital cooperation with the AUC and AU Member States, other regional organizations, states and stakeholders would need to reconsider existing digital cooperation strategies (Ifeanyi-Ajufo Citation2022). Going forward, Africa’s reality must be strategically considered on the diverse agenda for digital cooperation. Capacity gaps may not necessarily be similar across regions, so attempts to build cyber capacity in Africa must be approached purposefully, and transfers of capacity and expertise must be strategized to ensure that digital cooperation does not translate into digital dependence (Teevan Citation2001).

5. Conclusion

As conversations about digital transformation continue to grow in relevance in the region, Africa must create its own cyber governance agenda. Africa needs a clear framework on cyber governance and a unified approach may serve a right purpose. The ratification of the Malabo Convention by African member states could be a panacea for a united continent with shared norms, standards and principles, providing a prior basis for a common approach to cyber governance across the region. The AUC and the AU Member States should facilitate necessary resources to ensure the ratification of the Malabo Convention and urge AU Member states to take stock of the provisions of the Malabo Convention to promote cyber governance in the region.

The importance of cooperation in the sphere of cyber governance will also be essentially reflected in acceding to the Budapest Convention. This will be particularly important for international cooperation. By ratifying the Budapest Convention, African countries would be furthering better opportunities to receive international support, and legal and technical assistance for promoting cyber resilience in the region and advancing an African agenda on cyber governance (Mbuvi Citation2011).

Beyond ratification of those instruments, African states must value strategic international and regional partnerships and the adoption of global best practices. Regional organizations have a key role to play in formulating policies and delivering outcomes for cyber governance (Nicholas Citation2018). As Africa pursues digital transformation, the AUC must continue to create dialogues to reflect on the opportunities and challenges for ensuring cybersecurity in Africa. As states continue to pursue the introduction of global cyber governance principles and standards (Xinmin Citation2016) they must also pursue a multilateral agenda that realistically affirms cyber norms as global rules (Smith Citation2017) and which would hold all regions, including Africa, committed and accountable to standards that demand appropriate cyber governance for peace and stability in cyberspace. In the words of the African Union Digital Transformation Strategy, “as Member States of the African Union increase access to broadband connectivity, they are becoming more interconnected and vulnerable …. It becomes critical to reinforce our human and institutional capacity to secure our cyberspace by building trust and confidence in the use of cyber technologies.”Footnote41

Disclosure statement

No potential conflict of interest was reported by the author(s).

Notes

1 African Union Specialized Technical Committee on Communication and Information Technologies (STC-CICT) Third Ordinary Session, 22–26 October 2019, Sharm El Sheikh, Egypt 37590-2019_sharm_el_sheikh_declaration_-_stc-cict-3_oct_2019_ver2410-10pm-1rev-2.pdf (au.int)

2 The African Union Digital Transformation Strategy for Africa (2020–2030).

3 Communication-shaping-europes-digital-future-feb2020_en_4.pdf (europa.eu)

4 The UN Group of Governmental Experts (GGE) agreed Norms of Responsible State Behaviour in Cyberspace by consensus in 2010, 2013, and 2015. The UN Norms of Responsible State Behaviour in Cyberspace.

5 See Norm 4 of the 11 Non- Binding Norms of Responsible State Behaviour in Cyberspace of the UN GGE.

6 United Nations General Assembly. Report of the Secretary-General Roadmap for Digital Cooperation A/74/81 June 2020. Roadmap_for_Digital_Cooperation_EN.pdf (un.org).

7 2021 Report of the Group of Governmental Experts on Advancing Responsible State behaviour in Cyberspace in the Context of International Security. final-report-2019-2021-gge-1-advance-copy.pdf (un-arm.org).

8 Ibid see Note 5 on Report.

9 The United Nations Open-ended Working Group (OEWG) on developments in the field of information and telecommunications in the context of international security, established pursuant to General Assembly Resolution 73/27. Final Substantive Report. UNGA A/AC.290/2021/CRP.2 10 March 2021

10 The 2010, 2013 and 2015 consensus reports of the United Nations Groups of Governmental Experts (GGEs) on existing and emerging threats, norms, rules and principles of responsible State behaviour, international law, confidence-building and international cooperation and capacity-building, which together represents a cumulative and evolving framework for the responsible behaviour of States in their use of ICTs.

11 For example, there are also many instances where the African Union Malabo Convention appears to put national sovereignty and discretion over international law, for example, under Chapter 3 on Promoting cyber security and fighting cybercrime.

12 The African Union Digital Transformation Strategy for Africa (2020–2030).

13 The African Union Digital Transformation Strategy for Africa (2020–2030). p. 7

14 The African Union Digital Transformation Strategy for Africa (2020–2030). p. 7. Italics mine for emphasis.

15 The African Union Convention on Cybersecurity and Personal Data Protection, 2014. The Convention was adopted during the 23rd Ordinary Session of the Summit of the African Union which concluded in Malabo, Equatorial Guinea on 27 June 2014.

16 Internet Infrastructure Security Guidelines for Africa. A joint initiative of the Internet Society and the Commission of the African Union. May 30, 2017 AfricanInternetInfrastructureSecurityGuidelines_May2017.pdf (internetsociety.org).

17 Personal Data Protection Guidelines for Africa. A joint initiative of the Internet Society and the Commission of the African Union. Personal Data Protection Guidelines for Africa - Internet Society

18 African Union Declaration on Internet Governance and Development of Africa’s Digital Economy Assembly/AU/Decl.3(XXX)

19 See Agenda 2063: The Africa We Want. Agenda 2063: The Africa We Want. | African Union (au.int) “Agenda 2063 is the strategic framework for delivering on Africa’s goal for inclusive and sustainable development and is a concrete manifestation of the pan-African drive for unity, self-determination, freedom, progress and collective prosperity pursued under Pan-Africanism and African Renaissance.” As an affirmation of their commitment to support Africa’s new path for attaining inclusive and sustainable economic growth and development African heads of state and government signed the 50th Anniversary Solemn Declaration during the Golden Jubilee celebrations of the formation of the OAU /AU in May 2013. The Agenda 2063 is the concrete manifestation of how the continent intends to achieve this vision within a 50-year period from 2013 to 2063.

20 The “Policy and Regulation Initiative for Digital Africa” (PRIDA) is a joint initiative of the African Union (AU), the European Union (EU) and the International Telecommunication Union (ITU). It is supported by the EU-funded Pan African Programme. See Policy and Regulation Initiative for Digital Africa (PRIDA) (itu.int)

21 For example, Ghana is one African country which has made immense efforts in policing cybercrime. Ghana’s efforts in recent years to combat cybercrime has culminated in initiatives such as the National Cyber Security Center (NCSC) - established in 2018 - and the Cybersecurity Act 2020 which have substantially enhanced cybersecurity development in the country. Ghana has further ratified both the Malabo and Budapest Conventions signalling the country’s strong statement of intent when it comes to cybersecurity.

22 See Article 36 African Union Convention on Cybersecurity and Personal Data Protection, 2014

23 Convention on Cybercrime, 2001. Budapest 23/11/2001

24 The Nigerian Cybercrime (Prohibition and Prevention) Act 2015. In 2020, the ECOWAS Court ruled that Nigeria’s adoption of Section 24 of the Cybercrime (Prohibition and Prevention) Act 2015 is in violation of the right to freedom of expression.

25 In June 2021, the Nigerian Government banned Twitter use in the country and threatened to prosecute any Nigerian found violating the ban. The Ethiopian Government has become notorious for internet shutdowns and has been described as one of the worst in the world for internet shutdowns. Tanzania, Zambia, Uganda, Zimbabwe, Togo, Burundi, Chad, Mali and Guinea have also restricted access to the internet or social media applications at various times, especially during elections. Reports show that in one year, at least 10 African countries blocked or banned internet access or restricted cyber activities in diverse measures.

26 See Norms 5 of the United Nations Norms of Responsible State Behaviour in Cyberspace. (“States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression”).

27 ‘Joint Declaration on Freedom of Expression and Responses to Conflict Situations’ Joint declaration by the United Nations (UN) Special Rapporteur on Freedom of Opinion and Expression, the Organization for Security and Co-operation in Europe (OSCE) Representative on Freedom of the Media, the Organization of American States (OAS) Special Rapporteur on Freedom of Expression and the African Commission on Human and Peoples’ Rights (ACHPR) Special Rapporteur on Freedom of Expression and Access to Information, presented at the UNESCO World Press Freedom Day event, May 4 2015. Joint Declaration on Freedom of Expression and Responses to Conflict Situations | OSCE

28 G7 Declaration on Responsible States Behavior in Cyberspace, Lucca, 11 April 2017. https://www.mofa.go.jp/files/000246367.pdf

29 Africa Centre for Strategic Studies ‘Russia in Africa’ September 24, 2021. Russia | Topic in Focus – Africa Center for Strategic Studies

30 The Geopolitical and Potential Cyber Influence of Russia in Africa October 31, 2019 The geopolitical and potential cyber influence of Russia in Africa (lab52.io)

31 WIRED ‘Russia Inches Towards Its Splinternet Dreams. April 1, 2022 Russia Inches Toward Its Splinternet Dream | WIRED

32 United Nations General Assembly Resolution A/74/401 ‘Countering the use of information and communications technologies for criminal purposes’ 25 November 2019.

33 The UN Group of Governmental Experts (GGE) agreed norms of responsible state behaviour in cyberspace by consensus in 2010, 2013, and 2015. The UN Norms of Responsible State Behaviour in Cyberspace.

34 See Norm 4 of the 11 Non- Binding Norms of Responsible State Behaviour in Cyberspace of the UN GGE.

35 See Norms 1 &4 of the United Nations Norms of Responsible State Behaviour in Cyberspace

36 African Union Commission April 12, 2018 ‘African Union Commission and Council of Europe Join Forces on Cybersecurity’ African Union Commission and Council of Europe Join Forces on Cybersecurity | African Union (au.int)

37 The Africa-EU Partnership ‘Policy and Regulation Initiative for Digital Africa (PRIDA)’ Policy and Regulation Initiative for Digital Africa (PRIDA) | The Africa-EU Partnership (africa-eu-partnership.org)

38 European Union Political guidelines for the next Commission (2019-2024) - “A Union that strives for more: My agenda for Europe” 16 July 2019 Political guidelines for the next Commission (2019-2024) - “A Union that strives for more: My agenda for Europe” | European Commission (europa.eu).

39 See Article 26 (1-4) of The African Union Convention on Cybersecurity and Personal Data Protection, 2014.

40 African Charter on Human and Peoples' Rights, 1981.

41 The African Union Digital Transformation Strategy for Africa (2020–2030), 44–45

References

  • African Union. 2018. “Cyber Security and Cybercrime Policies for African Diplomats Cyber Security and Cybercrime Policies for African Diplomats.” African Union.
  • Ajijiola, A., and N. Allen. 2022. “African Lessons in Cyber Strategy.” African Lessons in Cyber Strategy – Africa Center for Strategic Studies.
  • Ayodele, O. 2021. “The Digital Transformation of Diplomacy: Implications for the African Union and Continental Diplomacy.” South African Journal of International Affairs 28 (3): 379–401. doi:10.1080/10220461.2021.1968944.
  • Ball, K. 2017. “African Union Convention on Cyber Security and Personal Data Protection.” International Legal Materials 56 (1): 164–192. doi:10.1017/ilm.2016.3.
  • Ball, K. 2017. “African Union Convention on Cyber Security and Personal Data Protection.” International Legal Materials, 56 (1): 164–192.
  • Bowmans 2020. “Russia and China in Africa: Development Allies or Geopolitical Opportunists?” www.bowmanslaw.com
  • Calandro, E. 2021. “Partnering with Africa on Cyber Diplomacy” EU Cyber Direct.
  • Castells, M. 2001. The Internet Galaxy: Reflections on the Internet. New York: Business, and Society Oxford University Press.
  • Clifford, C. 2022. “Russia’s efforts to promote cyber norms that serve its interests gain traction in Africa.” www.africaportal.org
  • Delport, J. 2021. “The State of Cybersecurity in Africa.” The State of Cybersecurity in Africa - IT News Africa - Up to date technology news, IT news, Digital news, Telecom news, Mobile news, Gadgets news, Analysis and Reports.
  • Dunch, R. 2002. “Beyond Cultural Imperialism: Cultural Theory, Christian Missions and Global Modernity.” History and Theory 41 (3): 301–325. doi:10.1111/1468-2303.00208.
  • European Union Commission. 2020. “EU paves the way for a stronger, more ambitious partnership with Africa.” European Union Commission.
  • Finnemore, M., and K. Sikkink. 1998. “International Norm Dynamics and Political Change.” International Organization 52 (4): 887–917. doi:10.1162/002081898550789.
  • Handler, S. 2021. “The 5 × 5—Cyber Capacity and Conflict in Africa” The Cyber Statecraft Initiative The 5 × 5—Cyber capacity and conflict in Africa - Atlantic Council.
  • Hardt, M., and A. Negri. 2000. Empire. Cambridge: Harvard University Press.
  • Ifeanyi-Ajufo, N. 2021. “Net-Politics in Africa” EU Cyber Direct. https://directionsblog.eu/net-politics-in-africa/
  • Ifeanyi-Ajufo, N. 2022. “International Cooperation and Cybersecurity in Africa” EU Cyber Direct.
  • International Telecommunications Union 2021. “Global Cyber Security Index 2020.” Global Cybersecurity Index.
  • International Telecommunications Union 2021a. Are African countries doing enough to ensure cybersecurity and Internet safety? https://www.itu.int/hub/2021/09/are-african-countries-doing-enough-to-ensure-cybersecurity-and-internet-safety/
  • International Telecommunications Union 2021b. Global Cyber Security Index 2020.
  • Kerttunen, M., and E. Tikk. 2019. “The Politics of Stability: Cement and Change in Cyber Affairs.” Published by the Norwegian Institute of International Affairs. NUPI_Report_4_2019_KerttunenTikk.pdf (unit.no).
  • Klinwachter, W. 2022. “Internet Governance Outlook 2021: Digital Cacaphony in a Splintering Cyberspace.” www.circleid.com
  • Lewis, J. 2017. “Fighting the Wrong Enemy: aka the Stalemate in Cybersecurity” The Cipher Brief. https://www.thecipherbrief.com/column/expert-view/fighting-the-wrong-enemy-aka-the-stalemate-in-cybersecurity
  • Meyer, P. 2020. “Norms of Responsible State Behaviour in Cyberspace.” In The ethics of Cybersecurity. The International Library of Ethics, Law and Technology, edited by Christen M., Gordijn B, Loi M, 347–360. Springer.
  • Microsoft. 2021. “International Cybersecurity Norms: Reducing conflict in an Internet-dependent world.” www.microsoft.com
  • Mueller, M.L. 2020. “Against Sovereignty in Cyberspace.” International Studies Review 22 (4): 779–801.
  • Mbuvi, D. 2011. “African States Urged to Ratify Budapest Cybercrime Convention”. African States Urged to Ratify Budapest Cybercrime Convention | CSO Online.
  • Nicholas, P. 2018. “The role that regions can and should play in critical infrastructure protection.” www.microsoft.com
  • Pawlak, P., and M. Tikk, and E. Kerttunen. 2020. “Cyber Conflict Uncoded. The EU and Conflict Prevention in Cyberspace.” European Union Institute for Security Studies Conflict Series Brief.
  • Potter, E. H. ed. 2002. Cyber-Diplomacy: Managing Foreign Policy in the Twenty-First Century. Montreal, QC: McGill-Queen’s University Press.
  • Roberts, M. M. 2021. “The UN Security Council Tackles Emerging Technologies.” The UN Security Council Tackles Emerging Technologies | Council on Foreign Relations.
  • Said, E. 1978. Orientalism. London: Routledge.
  • Said, E. 1993. Culture and Imperialism. New York: Vintage Books.
  • Schlehahn, E. 2020. “Cybersecurity and the State.” In The Ethics of Cybersecurity. The International Library of Ethics, Law and Technology, edited by M. Christen, B. Gordijn, M. Loi. Switzerland: Springer.
  • Schmitt M. N. ed. 2017. The Tallinn Manual on the International Law Applicable to Cyber Operations. New York: Cambridge University Press.
  • Schmitt, M., and L. Vihul. 2017. “International Cyber Law Politicized: The UN GGE’s Failure to Advance Cyber Norms.” https://www.justsecurity.org/42768/international-cyber-law-politicized-gges-failure-advance-cyber-norms/
  • Smith, B. 2017. “The Need for a Digital Geneva Convention.” https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/
  • Solomon, S. 2021. “Experts: Report of China Hacking African Union HQ Fits Larger Pattern.” Experts: Report of China Hacking African Union HQ Fits Larger Pattern. www.voanews.com
  • Teevan, C. 2001. “Building Strategic European Digital Cooperation with Africa.” Briefing Note: No. 134, The European Centre for Development Policy Management (ECDPM).
  • The United Nations 2021. “The Age of Digital Interdependence.” Report of the UN Secretary-General’s High-level Panel on Digital Cooperation 2020.
  • Xinmin, M. 2016. “Key Issues and Future Development of International Cyberspace Law.” China Quarterly of International Strategic Studies 02 (01): 119–133. doi:10.1142/S2377740016500068.
  • Zahid, J. 2016. “Comparative Analysis of the Malabo Convention of the African Union and the Budapest Convention on Cybercrime.” Cybercrime Programme Office of the Council of Europe.
Download PDF

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.