What is AI regulation in Cameroon?
AI regulation: countries and regions
Cameroon has no dedicated, binding artificial intelligence law or AI regulator in force. AI is governed indirectly through Law No. 2024/017 of 23 December 2024 on personal data protection, the 2010 cybersecurity and electronic communications laws, and oversight bodies ANTIC and ART. A National Artificial Intelligence Strategy (SNIA), launched in July 2025, proposes a future AI authority and framework law, but these remain plans, not enacted rules.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Cameroon does not yet regulate artificial intelligence directly. There is no statute, bill in force, or government agency whose specific job is to govern AI systems. Instead, anyone building or deploying AI in Cameroon is governed by general laws that touch data, cybersecurity and electronic communications, plus a set of policy ambitions that have not yet become law.
The most important recent change is in data protection. For years Cameroon had no comprehensive data protection statute, relying instead on scattered provisions in its 2010 cybersecurity law and sector rules. That changed on 23 December 2024, when Cameroon adopted Law No. 2024/017 on personal data protection, becoming one of the later African states to enact a standalone data law. Because most AI depends on personal data, this law is the closest thing Cameroon has to AI governance.
Separately, on 7 July 2025 in Yaounde, the Minister of Posts and Telecommunications, Minette Libom Li Likeng, unveiled a National Artificial Intelligence Strategy, known by its French initials SNIA, at the second National Consultations on AI (CONIA). It is a policy roadmap, not a law. It proposes creating a national AI authority, a Presidential Council on AI and a framework law, but as of mid-2026 none of these had been established.
Why it matters
For organisations deploying or governing AI in Cameroon, the practical message is that compliance currently runs through data protection and cybersecurity law, not through AI-specific rules. The 2024 data protection law carries a hard deadline: it becomes enforceable against controllers and processors after an 18-month grace period that expires on 23 June 2026, with penalties for non-compliance. Any AI system that processes personal data of people in Cameroon, including people merely transiting the country, falls within its scope.
The strategic direction also matters. Because Cameroon has signalled it intends to build a dedicated AI authority and a framework law, organisations that prepare now for transparency, consent, impact assessments and controlled cross-border data transfers will be better positioned when binding AI rules eventually arrive. Treating the SNIA as a signal of future obligations, rather than waiting for an AI statute, is the prudent posture.
How it works
No dedicated AI law exists
Cameroon has not enacted any AI-specific statute, and no bill creating an AI regulator is in force. This should be stated plainly: AI is currently governed by general-purpose laws and by policy intent, not by a bespoke legal regime. The country's own strategy documents and independent analysts acknowledge that existing laws predate the AI era and do not directly address automated decision-making or algorithmic profiling.
Data protection: Law No. 2024/017 of 23 December 2024
This is the central instrument now. It creates rights for data subjects (information, access, rectification, portability and erasure), requires a lawful basis for processing with consent on an opt-in basis, and imposes accountability duties including records of processing and data protection impact assessments. It restricts transfers of personal data outside Cameroon unless the destination provides an adequate level of protection. It establishes a supervisory body, the Personal Data Protection Authority (l'Autorite de protection des donnees a caractere personnel), to regulate compliance, approve certifications and authorise cross-border transfers. The law becomes enforceable after an 18-month grace period ending 23 June 2026. Importantly, as of mid-2026 the Authority had not yet been created by the required presidential decree or made operational.
Cybersecurity and electronic communications: the 2010 laws
Before 2024, privacy provisions lived mainly in Law No. 2010/012 of 21 December 2010 on cybersecurity and cybercriminality and Law No. 2010/013 of 21 December 2010 on electronic communications. These remain in force and complement the new data law. The cybersecurity law criminalises unauthorised interception and breaches of privacy, mandates security audits and electronic certification, and requires operators to protect personal data and retain connection data.
ANTIC and ART: the institutional backbone
The National Agency for Information and Communication Technologies (ANTIC), created in 2002 and operating under MINPOSTEL supervision, regulates electronic security activities, runs the national public key infrastructure as Root Certification Authority, conducts security audits, and manages the .cm domain. The Telecommunications Regulatory Board (Agence de Regulation des Telecommunications, ART) supervises telecoms operators. Neither is an AI regulator, but both would be relevant to any AI system touching networks, certification or telecoms.
National AI Strategy (SNIA), July 2025
Launched by Minister Minette Libom Li Likeng at the second National Consultations on AI (CONIA 2025) in Yaounde, the SNIA is a 2040-horizon policy roadmap. Its seven pillars, as catalogued by the OECD.AI Policy Observatory, are governance, data infrastructure, multilingual AI, edge computing, human capital, innovation, and regional cooperation, targeting 60,000 people trained, 12,000 jobs created, and an AI contribution to GDP of 0.8 to 1.2 per cent by 2040. Its governance pillar proposes a Cameroonian AI authority, a Presidential Council on AI and a draft framework law on AI ethics and coordination. OECD.AI lists the strategy's status as proposed or under development, so these are plans, not enacted measures.
African Union and regional context
Cameroon operates within the African Union's Continental Artificial Intelligence Strategy, adopted by the AU Executive Council at its 45th Ordinary Session in Accra, Ghana, on 18 to 19 July 2024, which urges member states to develop national AI governance but is non-binding. On data, the AU's Malabo Convention entered into force on 8 June 2023, thirty days after Mauritania deposited the fifteenth instrument of ratification on 9 May 2023; per the AU's status list, Cameroon is among the states that have signed the Convention without yet ratifying it. Regionally, Cameroon sits within CEMAC and ECCAS frameworks for electronic transactions and data, and participates in the Smart Africa Alliance.
Examples
A fintech or e-commerce company operating in Cameroon and using AI-driven credit scoring or fraud detection must, before 23 June 2026, align its processing with Law No. 2024/017: obtaining opt-in consent, keeping records of processing, conducting impact assessments and ensuring any cross-border data transfer meets adequacy or safeguard conditions. There is no separate AI licence to obtain, but the data law governs the personal data the model relies on.
A telecommunications operator deploying AI for network monitoring already sits under ANTIC's electronic-security regime and ART's telecoms supervision. Under the 2010 cybersecurity law, it must undergo mandatory security audits and protect user data and traffic information, obligations that apply regardless of whether AI is involved.
A public-sector body piloting an AI service, such as in health or justice as envisaged by the SNIA, is operating in a space where the strategy sets direction but no binding AI rules yet exist. It would still need to comply with the data protection law and could be shaped later by the framework law the SNIA proposes.
Common misunderstandings
"Cameroon has an AI law." It does not. There is no dedicated AI statute or AI regulator in force; AI is governed indirectly through data protection, cybersecurity and telecoms law.
"Cameroon has no data protection law." This was true until late 2024 but is now outdated. Law No. 2024/017 of 23 December 2024 is a comprehensive standalone data protection statute.
"The National AI Strategy is binding regulation." It is a policy roadmap. The AI authority, Presidential Council and framework law it proposes are plans, not enacted law.
"The data protection authority is already enforcing the law." As of mid-2026 the Personal Data Protection Authority had not been created by presidential decree or made operational, even as the compliance deadline approached.
"Cameroon has ratified the Malabo Convention." It has signed but not ratified the African Union Convention on Cyber Security and Personal Data Protection.
Risks and boundaries
The single biggest limitation is that none of this is AI-specific binding law. Organisations should not assume there is a Cameroonian AI rulebook to follow; there is not. The governance instruments that do exist were written for data and cybersecurity, and analysts note they do not squarely address automated decision-making, profiling or model transparency.
Legal status is genuinely uncertain in two respects. First, the 2024 data protection law is in force but its enforcement machinery is incomplete: the supervisory authority had not been established or made operational as of mid-2026, even with the 23 June 2026 deadline approaching, and implementing regulations were still expected. Second, the SNIA's proposed AI authority and framework law have no enacted legal text, no adoption date and no regulator behind them yet; they could change in scope or timing. Readers should treat the SNIA's institutions as proposed, not real, until a law or decree confirms them.
What to do next
Prioritise data protection compliance now. Map where your AI systems process personal data of people in Cameroon, secure opt-in consent, build records of processing, run data protection impact assessments and tighten cross-border transfer arrangements before the 23 June 2026 enforceability deadline.
Watch for two triggers that would change the picture: a presidential decree establishing the Personal Data Protection Authority, and any draft or adoption of the AI framework law proposed by the SNIA. Either would shift Cameroon from indirect to direct AI governance.
Use international reference points to future-proof. Because the AU Continental AI Strategy and the SNIA both lean on risk-based, ethics-focused approaches, aligning internal AI governance with recognised impact-assessment and risk-tiering practices now will reduce rework when binding Cameroonian rules arrive. Engage with ANTIC and ART where your systems touch certification, security or telecoms.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Cameroon have a dedicated AI law?
No. There is no AI-specific statute or AI regulator in force. AI is governed indirectly through data protection, cybersecurity and electronic communications law, plus a non-binding national strategy.
What is the main data protection law in Cameroon?
Law No. 2024/017 of 23 December 2024 on personal data protection, Cameroon's first comprehensive standalone data law, which becomes enforceable after an 18-month grace period ending 23 June 2026.
Is there a data protection regulator?
The 2024 law creates a Personal Data Protection Authority, but as of mid-2026 it had not been established by presidential decree or made operational.
What is the SNIA?
The National Artificial Intelligence Strategy, launched on 7 July 2025 by the Minister of Posts and Telecommunications. It is a 2040-horizon policy roadmap, not a law, and proposes a future AI authority, a Presidential Council on AI and a framework law.
Which agencies handle technology oversight?
ANTIC, the national ICT agency, handles electronic security, certification and cybersecurity; ART, the Telecommunications Regulatory Board, supervises telecoms operators. Neither is an AI regulator.
Has Cameroon ratified the Malabo Convention?
No. Cameroon has signed but not ratified the African Union Convention on Cyber Security and Personal Data Protection, which entered into force in June 2023.
How does the African Union Continental AI Strategy affect Cameroon?
It is a non-binding framework, adopted in July 2024, that urges member states to build national AI governance. It guides but does not compel Cameroon's approach.
What should businesses do now?
Focus on complying with the 2024 data protection law before its June 2026 deadline and monitor for the creation of the data authority and any AI framework law.