What is the African Union Continental AI Strategy?
Global AI regulation
The African Union Continental AI Strategy is the AU's shared policy framework for how African states should develop, govern and coordinate AI. Backed by the Executive Council in July 2024, it is not a binding continental AI law. It sets a common direction for 2025 to 2030 on rights, risk management, data, infrastructure, skills, investment, public sector use and global engagement, with real legal effect expected to come through national strategies, laws, procurement rules and sector regulation.
What this means
In plain English, the strategy is the AU's effort to make AI policy fit African priorities rather than simply importing approaches designed elsewhere. It says AI should be local first, people-centred and tied to Agenda 2063, with attention to human rights, inclusion, peace, culture, public value and economic development.
It is not the same thing as an African AI Act. It does not directly regulate every developer or deployer across the continent. Instead, it gives AU member states, regional bodies and AU institutions a shared framework for building national AI strategies, updating existing laws, improving data and compute capacity, and speaking with a stronger African voice in global AI governance.
Why it matters
For organisations deploying or buying AI in Africa, the strategy is an early signal of policy direction. It points toward closer attention to lawful data use, privacy, security, explainability, inclusion, public sector procurement, local language capability, media integrity and impact assessment.
It also matters because the AU treats AI governance as more than a compliance issue. The strategy ties governance to electricity, broadband, data centres, datasets, research capacity, talent and finance. That means future market readiness in Africa may depend not only on technical performance, but also on whether an organisation can show trustworthiness, local fit and alignment with evolving national and continental expectations.
How it works
Legal status and adoption route
The strategy grew out of earlier AU digital policy work and a conceptual framework on continental AI governance that was developed before the final text. It was then backed by the AU Executive Council at its 45th Ordinary Session in Accra in July 2024 through Decision EX.CL/Dec.1268(XLV). That decision endorsed the African Digital Compact and the Continental Artificial Intelligence Strategy, asked member states to support implementation, and asked the AU Commission to take further implementation steps.
That legal status matters. The instrument is strategic and coordinative, not a treaty or directly applicable regulation. It does not itself create continent-wide fines, licensing duties or a supranational AI regulator. Its practical force comes from political commitment, AU coordination, funding priorities, model measures and domestication in member states. AU materials are not perfectly uniform in wording, because some refer to the strategy as "endorsed" and others as "adopted", but in practical terms it functions as a continental strategy rather than as directly binding legislation.
The strategy's core model
The AU frames the strategy as Africa-centric, development-oriented and inclusive. Its guiding principles are distinctive. They include "local first", a people-centred approach, human rights and human dignity, peace and prosperity, inclusion and diversity, ethics and transparency, cooperation and integration, and skills development with public awareness. In other words, the strategy is trying to combine rights protection with industrial development, state capability and continental coordination.
Substantively, the document aims for robust governance, public sector adoption, sector integration, startup growth, better datasets and compute, information integrity, skills, research, ethics, safety, investment and international partnerships. One internal wrinkle is that the summary language often speaks of five focus areas, while the detailed section effectively works with six by breaking governance and regulation into its own pillar. In practice, the architecture covers six themes: benefits, risks, capabilities, cooperation, investment and governance.
What member states are expected to build
The strategy does not begin from a blank page. It tells governments first to use, enforce and where necessary amend existing law, especially data protection, cybersecurity, consumer protection, access to information, competition, communications and inclusion law. It then asks governments to identify AI-specific gaps. The examples given include labour protections for platform work, standards for public procurement of AI systems, and approval routes for AI used as medical devices within health systems.
National AI strategies are treated as the main entry point for implementation. The AU says these national strategies should align with existing development priorities and should be designed through open public consultation involving government, business, academia and civil society. The strategy also points towards governance tools that many organisations will recognise: oversight bodies, review mechanisms, ex ante and ex post impact assessments, transparency registers, regulatory sandboxes, ethics guidance and access to redress where harms occur.
Capacity building is part of the governance design
A defining feature of the AU approach is that it treats infrastructure and capability as part of governance, not as separate industrial policy. The strategy repeatedly links trustworthy AI to high-quality and diverse datasets, broadband, compute, cloud access, data centres, electricity, digital skills and research funding. It also stresses that AI capacity cannot remain concentrated outside Africa if the continent wants meaningful control over AI use and policy.
This is why the document gives so much space to data access, personal data protection, cross-border data sharing, regional data pools, high performance computing, green data centres, AI curricula, training for judges, journalists, diplomats and civil servants, and support for women, girls and speakers of local and indigenous African languages. The same logic extends to the private sector. The strategy wants a more enabling environment for SMEs, innovation hubs, incubators, accelerators and African-led research.
It sits on top of the AU's wider digital legal architecture
The strategy is meant to work with, not replace, existing AU frameworks. The Digital Transformation Strategy for Africa 2020 to 2030 provides the wider economic and institutional objective of an integrated digital economy and a secure single digital market. The AU Data Policy Framework provides the continental blueprint for data governance, including free and secure data flows with human-rights safeguards. The Malabo Convention provides the binding treaty baseline on cybersecurity and personal data protection for ratifying states.
So when the AI strategy talks about datasets, localisation, cross-border transfers, procurement standards, or regulatory cooperation, it is building on this broader African digital stack. That is important for readers looking at domestic AI regulation in jurisdictions such as South Africa, Nigeria or Kenya. In practice, national AI rules in Africa are likely to sit at the intersection of domestic law and these continental frameworks, not outside them.
Implementation is shared across AU institutions, regions and states
Implementation is deliberately distributed. The AU Commission is expected to coordinate, build common positions, mobilise financing and technical assistance, and support member states. Regional Economic Communities, regional organisations, AU agencies and specialised institutions are expected to help with capacity building and regional coordination. Member states carry the decisive burden, because the strategy says they have the ultimate responsibility for domesticating it through national AI strategies and related policy and legal work.
The strategy proposes a five-year implementation frame from 2025 to 2030, after preparatory activity in 2024. Phase I, covering 2025 and 2026, is meant to establish governance frameworks, national strategies, toolkits and capacity. A review is planned for 2027. Phase II is scheduled to begin in 2028 and focus on core projects. For monitoring, the AU envisages a readiness index, regional AI observatories, a monitoring portal and dashboard, and a broader normative governance framework to guide implementation.
It is also a diplomatic instrument
The strategy is not only about domestic governance. It is also meant to strengthen Africa's place in global AI rule-making. The AU wants stronger African participation in the United Nations, UNESCO, the G20, the OECD, the ITU and other forums where AI standards and governance ideas are increasingly shaped. It also wants Africa-wide coordination before major global discussions so that member states do not negotiate in isolation on questions that affect the continent's data, markets and public interests.
This external role continued after the 2024 text. In May 2025, a High Level Policy Dialogue called on African countries to formulate AI strategies, policies, laws and regulations based on the AU strategy, and it also asked the AU Commission to develop an "AI Africa Policy" and pursue a continental AI governance mechanism. That is a strong sign that the AU's AI architecture is still developing, even though the Continental AI Strategy is already the central reference point.
Examples
A ministry preparing a national AI strategy would not start with a blank sheet. The AU strategy points governments first to existing law, such as data protection, cybersecurity, consumer protection, access to information and competition law, then to an assessment of AI-specific gaps. It also says national AI strategies should be built through open public consultation involving government, academia, civil society and business.
A public body considering AI for tax collection, traffic management, utilities or safety-net administration has a practical route in the strategy. The AU recommends building civil service capacity, using innovation-friendly procurement, making lawful public datasets more usable, starting with small-scale pilot projects, and pairing deployment with oversight, transparency and impact review.
A regional initiative that wants to train AI on shared climate, geospatial or other public-interest data would need to address cross-border data governance early. The strategy expressly calls for regional instruments on data sharing and cross-border transfers for AI in line with the AU Data Policy Framework and the Malabo Convention, so the workflow is not just technical. It is legal, institutional and diplomatic from the start.
Common misunderstandings
It is often mistaken for a continent-wide AI law. It is not. It is a continental strategy that needs to be reflected in national policy, legislation, procurement and sector rules before it has direct legal bite.
It is sometimes treated as a rights document only. That is incomplete. The strategy is equally about data, compute, electricity, research, skills, startups, investment, public services and Africa's position in global governance.
Some readers assume it replaces data protection or cybersecurity law. It does not. It is designed to sit alongside existing domestic law, the AU Data Policy Framework and the Malabo Convention.
There is a tendency to think it is aimed only at governments. In fact, it has clear implications for buyers, public contractors, founders, researchers, universities, civil society groups and organisations that move data or AI systems across borders.
Another common mistake is to assume the AU has already built a complete AI regulator around it. It has not. The strategy proposes advisory, ethics, monitoring and coordination structures, but much of that institutional architecture is still being assembled.
Risks and boundaries
The main boundary is legal force. The strategy is influential, but by itself it does not create direct statutory duties for private actors across all AU member states. Real obligations still depend on domestic law, sector supervision, procurement terms and treaty commitments that each state has actually implemented.
Capacity is another boundary. The strategy openly recognises wide disparities in electricity access, broadband, data infrastructure, compute, talent and AI readiness across the continent. That means implementation will be uneven, and some of the most ambitious elements, such as observatories, ethics boards, transparency registers or common tools, may appear at different speeds in different places.
There is also some documentary ambiguity. AU materials variously describe the strategy as "endorsed" and "adopted", and the text itself refers in one place to five focus areas while the detailed section lists six. What is confirmed is that the Executive Council backed the strategy in July 2024 and asked member states and the AU Commission to implement it. It is also clear that later AU discussions in 2025 called for an "AI Africa Policy" and a continental governance mechanism, so the architecture is still evolving.
Finally, the strategy is not a substitute for sector law. Health, finance, telecoms, consumer protection, public procurement, labour and constitutional rights still matter. In practice, the strategy is best understood as a continental governance layer that informs those regimes, rather than replacing them.
What to do next
Treat the strategy as a directional baseline for African operations, especially if you build, buy or govern AI across more than one African market. Even where it is not legally binding on you, it is a strong indicator of what policymakers, public buyers and regulators may ask for next.
Map your AI estate against the themes the strategy emphasises most: lawful data use, privacy, security, explainability, inclusion, local language and cultural fit, human oversight, incident handling, procurement controls and redress. If you cannot evidence those things, you may be operationally exposed even before new AI-specific law arrives.
If you are a public body or sell into the public sector, strengthen procurement now. Ask for documentation, testing records, human review points, incident reporting, supplier transparency and clear allocation of responsibility. The strategy makes public procurement one of the clearest early levers for AI governance in Africa.
If you operate cross-border, monitor national AI strategy work in your priority markets and watch how the AU framework is reflected in data transfer rules, sector guidance and regional cooperation. If you are building for African users, invest in African datasets, language coverage, local expertise and partnerships with African researchers rather than assuming imported systems will transfer cleanly.
FAQs
Is the AU Continental AI Strategy legally binding?
Not in the way a treaty or national act is. It is a continental strategy backed by AU political organs. It becomes operational through domestic strategies, legislation, regulatory guidance, procurement rules and sector supervision.
Who approved it?
The AU Executive Council backed it at its 45th Ordinary Session in Accra in July 2024, after earlier AU work on a conceptual framework for continental AI governance.
Does it create direct duties for companies?
Not by itself. But it signals the kinds of duties likely to appear in African markets, including stronger expectations around data governance, transparency, risk review, procurement controls and sector safeguards.
How does it relate to the Malabo Convention?
The Malabo Convention remains the binding AU treaty baseline on cybersecurity and personal data protection for ratifying states. The AI strategy builds on that baseline and extends the discussion to AI governance, capability building and continental coordination.
What areas of AI policy does it cover?
Much more than ethics alone. It spans governance, risk management, public services, agriculture, health, education, research, startups, data, compute, investment, media integrity, skills and global diplomacy.
Does it require every country to pass a stand-alone AI law?
No. It points first to national AI strategies and to updating existing laws where they already cover data, consumer protection, competition, labour, health, communications or public procurement. Some states may then add AI-specific legislation.
Are the AU institutions it proposes already fully in place?
Not all of them. The strategy proposes advisory, ethics, monitoring and coordination structures, and later AU dialogue called for a continental governance mechanism and an AI Africa Policy. That suggests the institutional design is still being built.
Why should a buyer or operator care if it is not binding?
Because it will shape national policy, public procurement expectations, sector pilots and cross-border digital cooperation. It is also a strong signal of what African regulators may ask for next.