Cyber governance in Africa is weak. Taking the Malabo Convention seriously would be a good start
_Several African countries are pursuing digital transformation ambitions – applying new technologies to enhance the development of society. But concerns exist over the absence of appropriate policies across the continent to create a resilient and secure cyber environment.
What is cyber governance and why is it so important?
Cyber governance is an important aspect of the international cybersecurity strategy for preventing and mitigating cyber threats. It features oversight processes, decision-making hierarchies and international cooperation. It also includes systems for accountability and responsible state behaviour in cyberspace. In recent years, cyber governance has been prominent in diplomatic and political agendas when regions or countries need to work together.
To promote digital transformation, cyberspace must be made secure and stable, using appropriate governance standards.
Digital transformation offers Africa tremendous opportunities. These include the economic empowerment of citizens, transparent governance and less corruption. But digital transformation can only happen on the continent if its digital spaces are trusted, secure and resilient.
How are African governments doing on this front?
Not very well. In 2014, the African Union Commission adopted the African Union Convention on Cybersecurity and Personal Data Protection. It is also known as the Malabo Convention. It is supposed to provide principles and guidelines to ensure cybersecurity and stability in the region.
Only 15 out of the 55 AU member states have ratified the convention. These include Ghana, Mauritius, Togo and Rwanda.
Cyber governance has political dimensions. African countries are rooted in historical and cultural contexts that have an impact on politics and governance. Governance mechanisms in the region are further affected by political instability and conflicts.
The borderless nature of cyberspace presents particular challenges. This is especially so for African states that are accustomed to controlling activities in their territory.
The result of this has been a misunderstanding of cyber governance. This has manifested in internet shutdowns and restrictions of online activities for citizens. We have seen recent examples of this in Senegal, Burkina Faso, Ethiopia and Nigeria.
African leaders’ views on regulating the digital space vary. This is clear from their reluctance to ratify the Malabo Convention.
Often, international standards collide with the realities of developing states. This is true for states in Africa that are on the wrong side of the digital divide. This means they lack the capacity, skills and infrastructure to govern cyberspace to international standards. Overall, this limited institutional and technical capacity implies that effective cyber governance may not exist in practice for Africa.
There are some good stories, though. Ghana has ratified the Malabo Convention and the Convention on Cybercrime of 2001. It also passed a Cybercrime Act into law in 2020 and has developed a robust cybersecurity strategy.
What needs to happen to bring all countries in line?
Preserving cyber stability is a collaborative effort. African countries need to find ways to work together to foster appropriate policies or strategies. Adopting the Malabo Convention would show that countries see the importance of cooperation in governing the digital environment.
Greater coordination is also necessary at a regional level. For example, the Southern African Development Community has adopted a model law on cybercrime. The Economic Community of West African States has developed a directive on fighting cybercrime. Regional organisations have a key role to play in formulating policies and delivering outcomes.
Beyond ratifying the Malabo Convention, African states must also rethink best practices and the value of strategic regional partnerships. These partnerships are important because they create shared responsibility in a borderless space.
Africa must approach diplomacy strategically in this space and seek increased representation at global dialogues. The African Union remains largely absent from the evolving UN processes on cyber governance development. This implies that African interests, realities and domestic capabilities won’t get enough attention in the processes. There is also a need to bridge the institutional and technical gaps that have prevented African states from participating fully.
Committing to the Malabo Convention would provide a framework for united cyber governance norms and standards across the continent. As the international community continues to define these standards, Africa should be included.