What is AI regulation in Benin?
AI regulation: countries and regions
Benin has no dedicated artificial intelligence law, bill or statute, and no AI-specific regulator. AI is governed indirectly through the personal data protection rules in Book V of the Digital Code (Loi No. 2017-20, promulgated 20 April 2018, amended by Loi No. 2020-35), enforced by the Autorite de Protection des Donnees a Caractere Personnel (APDP). Policy ambition sits in the National Artificial Intelligence and Big Data Strategy 2023 to 2027, which is a strategy, not binding law.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Benin regulates AI the way most African and many European jurisdictions did before bespoke AI statutes appeared: through data protection law plus a national strategy. The binding instrument is the Digital Code (Code du numerique), a single large statute that consolidates electronic communications, e-commerce, trust services, cybercrime and, in Book V, personal data protection. Book V is closely modelled on the EU General Data Protection Regulation, so its concepts of profiling, automated decision-making and impact assessment will be familiar to anyone who has worked with GDPR.
The supervisory body is the APDP, an independent administrative authority that licenses data processing, handles complaints, runs investigations and imposes penalties. It is the institution most likely to scrutinise an AI system in Benin today, because most AI systems process personal data.
Separately, Benin has set out an ambition for AI through its National Artificial Intelligence and Big Data Strategy 2023 to 2027 (Strategie Nationale d'Intelligence Artificielle et des Megadonnees, SNIAM), led by the Ministere du Numerique et de la Digitalisation. This is a development and investment plan, not a rulebook. Benin's approach to AI governance is to update and apply existing data protection and digital institutions rather than to write a new AI Act.
Why it matters
For anyone deploying AI in Benin, the compliance surface is data protection law, not an AI statute. If your system processes personal data of people in Benin, Book V of the Digital Code applies, including its territorial reach over controllers and processors outside Benin who offer goods or services to, or monitor the behaviour of, people in the country. That means lawful basis, transparency, data subject rights, restrictions on automated decisions, mandatory impact assessments for high-risk processing, and APDP oversight all bite on AI projects even though the words artificial intelligence appear nowhere in the binding text. Getting this wrong exposes organisations to APDP enforcement and to reputational and contractual risk.
How it works
The binding instrument: the Digital Code
The Digital Code is Loi No. 2017-20, adopted by the National Assembly on 13 June 2017 and promulgated on 20 April 2018, then amended by Loi No. 2020-35 of 6 January 2021. The 2020 amendment was narrow: it reduced the membership of the regulators and adjusted ministerial labels, leaving the data protection substance intact. Book V (Livre cinquieme) is the data protection core. It replaced the earlier standalone data protection law, Loi No. 2009-09 of 22 May 2009, which had created the original regulator under the name Commission Nationale de l'Informatique et des Libertes (CNIL). Note that there is no separate AI law and no AI bill in Benin; the Digital Code is the operative text.
The regulator: the APDP
The Autorite de Protection des Donnees a Caractere Personnel is an independent administrative authority with legal personality and management autonomy that takes no instruction from any administrative or political authority. Its powers include receiving and ruling on processing declarations and authorisation requests, investigating on its own initiative or on complaint, requisitioning sworn experts, asking courts to second a magistrate for inspections, and pronouncing administrative and financial penalties on controllers. Members are appointed by decree in the Council of Ministers for five-year terms renewable once and swear an oath before the Supreme Court. The 2020 amendment cut the membership from eleven to eight.
Automated decisions and profiling
The Digital Code addresses automated processing directly. It defines profiling in terms essentially identical to GDPR Article 4(4), as any form of automated processing used to evaluate personal aspects of a person such as performance at work, economic situation, health, preferences, reliability, behaviour or location. Article 401 governs automated individual decision-making, the Benin analogue of GDPR Article 22. The right of access provision, Article 437, requires controllers to tell people about the existence of automated decision-making, including profiling, referred to in Article 401, and to provide meaningful information about the logic involved and the significance and envisaged consequences of the processing.
Data protection impact assessments
Article 428 of the Digital Code requires a data protection impact assessment before processing that is likely to result in a high risk to the rights and freedoms of natural persons, particularly where new technologies are used. The text mirrors GDPR Article 35(3): an assessment is required in particular for a systematic and extensive evaluation of personal aspects based on automated processing, including profiling, on which decisions producing legal or similarly significant effects are based; for large-scale processing of special categories of data or of criminal conviction data; or for large-scale systematic monitoring of a publicly accessible area. Article 429 requires prior consultation of the APDP where a high residual risk remains, and the Authority gives a written opinion within eight weeks, extendable by six weeks for complex processing. This is the most concrete AI-relevant duty in Benin law: many machine learning systems that score, rank or monitor individuals will trigger the assessment requirement.
National AI strategy and digital institutions
The National Artificial Intelligence and Big Data Strategy 2023 to 2027 was adopted by the Council of Ministers on 18 January 2023 and led by the Ministere du Numerique et de la Digitalisation, then under minister Aurelie Adam Soule Zoumarou. It is structured into four programmes rolled out over three phases within five years, with a portfolio of 123 actions and a projected budget of 4,680,000,000 CFA francs over five years, grounded in the National Development Plan 2018 to 2025 and the Government Action Programme 2021 to 2026. Its stated ambition is to make Benin a leading platform for digital services in West Africa. Operational delivery runs through the Agence des Systemes d'Information et du Numerique (ASIN), the agency formed by merging four predecessor bodies, under the dual supervision of the finance and digital ministries. ASIN built GPT BJ, a government chatbot that answers questions on Beninese legal codes, presented on 11 May 2023 at the second SENIA event in Cotonou by ASIN director Aristide Adjinakou with Mahuna Akplogan of the Isheero association; the system answers on the general tax code, the Digital Code, the labour code and the penal code.
Regional and continental context
Benin is bound by the ECOWAS Supplementary Act A/SA.1/01/10 on Personal Data Protection of 2010, a regional instrument that obliges member states to have national data protection law and an authority, and which is itself under revision. Benin ratified the African Union Convention on Cyber Security and Personal Data Protection (the Malabo Convention) by Decret No. 2024-772 of 1 February 2024, after parliamentary authorisation on 23 January 2024, with its instruments deposited on 26 November 2024 in Addis Ababa by Herve Djokpe, Benin's ambassador to Ethiopia. The African Union Continental Artificial Intelligence Strategy was endorsed by the AU Executive Council at its 45th Ordinary Session in Accra on 18 to 19 July 2024; it is a non-binding guiding framework with a phased implementation plan running from 2025 to 2030, and as of July 2024 only six countries (Algeria, Benin, Egypt, Mauritius, Rwanda and Senegal) had developed stand-alone AI strategies. The Strategy expressly anticipates that countries such as Benin will pursue AI governance mainly by updating existing data protection and institutional frameworks rather than enacting bespoke AI laws.
Examples
Scenario one: a fintech lender deploys an automated credit-scoring model for customers in Benin. Because the model makes decisions about people based solely on automated processing of personal data, Article 401 on automated decision-making applies, the Article 437 transparency duty requires disclosure of the logic and consequences, and the systematic evaluation is likely to require a data protection impact assessment under Article 428, with possible prior consultation of the APDP under Article 429.
Scenario two: a government body or vendor builds a public-service chatbot trained on legal and administrative texts, as ASIN did with GPT BJ. Where such systems ingest or return personal data, the controller must register or seek authorisation as required, apply Book V duties, and manage bias and accuracy risks; the SNIAM strategy frames this kind of public-sector AI as a national priority but imposes no separate AI compliance regime.
Scenario three: a retailer uses large-scale behavioural profiling for marketing. Profiling is defined and regulated under Book V, individuals have a right to object to processing for direct marketing, and large-scale monitoring of behaviour can trigger the Article 428 assessment duty and APDP scrutiny.
Common misunderstandings
Misconception: Benin has an AI Act. It does not. There is no dedicated AI law, bill or statute, and no AI-specific regulator; AI is governed through data protection law and policy.
Misconception: the National AI and Big Data Strategy is legally binding. It is a government strategy and investment plan, not legislation, and creates no enforceable AI duties on its own.
Misconception: data protection in Benin still runs under the 2009 law. The 2009 law has been superseded by Book V of the Digital Code (Loi No. 2017-20, amended by Loi No. 2020-35), which is the current instrument.
Misconception: because there is no AI law, AI is unregulated in Benin. Automated decision-making, profiling and high-risk processing are squarely covered by enforceable Digital Code provisions and APDP oversight.
Misconception: the Malabo Convention created Benin's data protection rules. Benin's binding rules come from its own Digital Code; the Malabo Convention is a continental treaty Benin ratified in 2024 that frames harmonisation but does not itself supply the operative national duties.
Risks and boundaries
This article describes a governance picture that is data protection law plus policy, not a dedicated AI statute. The clearest limit is that nothing in Benin law regulates AI as such: there are no risk tiers for AI systems, no conformity assessment for high-risk AI, no foundation-model rules and no AI-specific transparency mandates beyond the automated-decision and profiling provisions in Book V. The National AI and Big Data Strategy is durable as a statement of direction but is not enforceable law and its 2023 to 2027 horizon will date. The Ministere de la Transformation Digitale et de l'Innovation, created in the government President Romuald Wadagni unveiled on 24 May 2026, is led by Mahuna Akplogan (who holds a PhD in artificial intelligence) and is explicitly charged with the national AI strategy; Akplogan took office on 26 May 2026. This signals that AI policy and possibly future regulation may evolve, but no AI bill has been confirmed. There is also a sourcing conflict worth flagging: some secondary sources list Benin among the fifteen states whose ratifications brought the Malabo Convention into force in June 2023, but the official Benin ratification decree is dated 1 February 2024 and the deposit of instruments was on 26 November 2024, so Benin ratified after the Convention had already entered into force. Treat the 2024 decree and deposit as authoritative.
What to do next
Treat Benin as a data-protection-led AI jurisdiction. Map whether your AI system processes personal data of people in Benin and confirm Book V applies, including its extraterritorial reach. Identify whether your processing triggers an Article 428 impact assessment, and budget for prior APDP consultation under Article 429 where high risk remains. Build the Article 437 transparency disclosures into any automated decision-making, and review whether Article 401 limits decisions taken solely by automated means. Register or seek APDP authorisation as your processing requires, and consider appointing a data protection officer. Track the Ministere de la Transformation Digitale et de l'Innovation and the APDP for guidance, and watch the ECOWAS Supplementary Act revision and the AU Continental AI Strategy implementation for regional direction. Do not assume a dedicated AI law exists or wait for one before applying data protection duties.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Benin have an AI law?
No. Benin has no dedicated AI law, bill or statute and no AI-specific regulator. AI is governed indirectly through the data protection rules in Book V of the Digital Code and through national strategy.
What law actually applies to AI systems in Benin?
The Digital Code (Loi No. 2017-20, amended by Loi No. 2020-35), especially Book V on personal data protection, applies whenever an AI system processes personal data of people in Benin.
Who regulates AI and data in Benin?
The Autorite de Protection des Donnees a Caractere Personnel (APDP), an independent administrative authority, supervises personal data processing, handles complaints and imposes penalties. There is no separate AI regulator.
Does Benin restrict automated decision-making and profiling?
Yes. The Digital Code defines profiling and addresses automated individual decision-making in Article 401, and the right of access in Article 437 requires disclosure of the logic and consequences of automated decisions.
When is a data protection impact assessment required?
Article 428 requires one before high-risk processing, including systematic automated evaluation of individuals with significant effects, large-scale processing of special-category or criminal data, and large-scale systematic monitoring of public spaces.
What is the National AI and Big Data Strategy?
It is Benin's policy plan for AI and big data covering 2023 to 2027, adopted by the Council of Ministers in January 2023. It is a strategy and investment plan, not binding law.
Has Benin signed up to regional and continental AI and data frameworks?
Benin is bound by the ECOWAS Supplementary Act on Personal Data Protection of 2010, ratified the AU Malabo Convention in 2024, and is within the scope of the non-binding African Union Continental AI Strategy endorsed in July 2024.
Is there a penalty regime?
Yes. The APDP can impose administrative and financial penalties on controllers, and the Digital Code provides criminal sanctions for certain data protection offences, with recourse against APDP decisions before the administrative courts.