On 24 July 2025, Law no. 25-11 amending Data Protection Law no. 18-07, including data protection regulation entered into force. The Law establishes a framework for the processing of personal data belonging to natural persons. It defines personal data as any information relating to an identified or identifiable natural person, including biometric data and physical, physiological, or behavioural characteristics that permit unique identification of that person. The Law prohibits unlawful processing of such data, including unauthorised disclosure, modification, destruction, or access, and requires that personal data be processed only through lawful means. Data controllers must ensure that personal data cannot be linked to a specific individual without the use of additional information, and that processing activities comply with the requirements of transparency and accountability established under the Law.
On 24 July 2025, Law no. 25-11 on data protection, including data protection authority governance entered into force. The Law establishes a designated data protection commissioner's office responsible for supervising compliance with data protection requirements and ensuring that state institutions and individuals handling personal data meet their legal obligations. The commissioner must possess professional qualifications and specialized legal knowledge in data protection matters. The authority holds responsibility for monitoring data processing activities, investigating violations, verifying compliance with obligations, and maintaining detailed records of all processing operations. The commissioner serves as the primary point of contact with the national data protection authority and maintains independence in exercising supervisory functions, with judicial authorities exempted from the obligation to comply with this requirement when performing their judicial duties.
On 24 July 2025, Law no. 25-11 on data protection, including cross-border data transfer regulation entered into force. The Law establishes conditions under which personal data may be transferred to foreign countries or international organisations, requiring that such transfers only occur when the receiving country or organisation provides adequate safeguards for data protection, including compliance with human rights and fundamental freedoms. Transfers are permitted when necessary for crime prevention, criminal investigations, prosecution, or enforcement of penalties, when authorised by a competent authority for specified legal purposes, or when considering the severity of the offense, the level of data protection, and the capacity of the receiving country to enforce protective rules. In cases where adequate safeguards are lacking, the competent authority may permit transfer only when necessary to protect vital interests, legitimate interests, or security needs of individuals or the state, provided that the receiving authority is notified and the transfer duration is limited to what is necessary for the stated purpose.
On 4 April 2025, delegates at the Global AI Summit on Africa signed the Africa Declaration on Artificial Intelligence. The Declaration outlines commitments to support the adoption of responsible national AI policies and governance frameworks that align with the African Union’s AI Continental Strategy. It also proposes the creation of a continent-wide knowledge-sharing platform to enable the coordination of policy tools, regulatory sandboxes, and best practices in AI governance. Further cooperation is envisaged through intergovernmental and regional mechanisms aimed at harmonising national frameworks, including provisions for cross-border data flows and regulatory coherence.
On 11 February 2025, representatives from the African Union, European Union, G20, G7, and United Nations, along with other global stakeholders, adopted the Inclusive and Sustainable Artificial Intelligence Declaration during the AI Action Summit in Paris. This declaration emphasises the promotion of AI accessibility to bridge digital divides, ensuring AI systems are ethical and trustworthy, and advancing international cooperation on AI governance. Additionally, it introduces a public-interest AI Platform and Incubator to foster AI development and support digital public goods.
Last updated: 24/07/2025