What is AI regulation in Equatorial Guinea?
AI regulation: countries and regions
Equatorial Guinea has no dedicated AI law in force, no AI regulator and no published national AI strategy. The only AI-specific activity is an early-stage draft bill being prepared by the telecommunications ministry, reported in local press but not yet officially published, debated or enacted. The closest binding instrument is the Personal Data Protection Law No. 1/2016, but the authority it created is not operational, so data protection is largely unenforced in practice.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
There is no statute in Equatorial Guinea that governs artificial intelligence, no body charged with overseeing AI, and no published national AI strategy. For anyone deploying AI in the country, this is effectively a jurisdiction without an AI framework. The only AI-specific development is a draft bill in its earliest preparatory phase. The one binding instrument that touches AI in principle is the Personal Data Protection Law No. 1/2016. It is a comprehensive data protection statute and would, in theory, apply wherever an AI system processes personal data. In practice, the supervisory authority the law created has not become operational, so there is little to no functioning enforcement behind it. The wider picture is one of limited digital capacity. Equatorial Guinea has not signed or ratified the African Union's Malabo Convention on cyber security and personal data protection, despite that convention having been adopted in its own capital in 2014, and it has not published a national AI strategy under the African Union's continental framework. Its AI and data posture is among the least developed in Central Africa, which is the honest context for everything below.
Why it matters
For organisations deploying or governing AI touching Equatorial Guinea, the practical position is that there are no AI-specific obligations to meet, and the one relevant data protection law is largely dormant. That is permissive on paper, but it carries real uncertainty: there is no regulator to give guidance, no functioning enforcement to design around, and an AI bill in early preparation whose eventual content, scope and timing are unknown. It also matters because the direction of travel, while early, is towards regulation. A telecommunications ministry that has renamed itself to include artificial intelligence, and is preparing a draft bill with a proposed new authority, signals intent even if nothing is yet law. Organisations that build governance to a recognised external standard now, rather than waiting for a domestic AI statute, will be better placed if and when rules arrive. The realistic stakes are low local compliance burden today against meaningful uncertainty over the medium term.
How it works
No dedicated AI law in force
Equatorial Guinea has no AI-specific statute, no AI regulator and no published national AI strategy. There is no risk-classification regime, no algorithmic transparency duty and no AI liability rule in domestic law. This is consistent with the country's position near the bottom of international digital-capacity benchmarks, and it should be stated plainly: anyone expecting a domestic AI rulebook will not find one.
The draft AI bill and the proposed ANIAD
In August 2025 the renamed Ministry of Transport, Telecommunications and Artificial Intelligence Systems convened technical experts to develop terms of reference for a draft AI bill, with the consolidated document intended to be passed to a specialised consultancy for conversion into a full bill. The draft is reported to rest on six guiding principles, including respect for national identity, linguistic and cultural inclusion, protection of local data and knowledge, sustainable development, training and innovation, and respect for the international legal framework and global digital-ethics standards. It is also reported to propose a National Artificial Intelligence and Data Authority (ANIAD), which in the current draft would concentrate regulation, licensing supervision, information collection and operations management, functions that reviewers suggested should be separated so the authority operates as an autonomous state body under ministry oversight. Three caveats are essential and load-bearing. First, this is sourced to local press rather than official government channels. Second, the work was at the pre-draft terms-of-reference stage, not a tabled bill. Third, ANIAD does not exist; it is a proposal within an unfinished draft. The ministry's renaming to include artificial intelligence systems is, by contrast, confirmed in official decrees.
Data protection: Law No. 1/2016, on paper
Law No. 1/2016 of 22 July 2016 on the protection of personal data establishes data protection principles, including data quality, purpose limitation and consent, and rights of access, rectification, cancellation and objection. It also creates a supervisory authority with powers of inspection and sanction. Where an AI system processes personal data, this is the only binding domestic instrument that would, in principle, apply. The difficulty is enforcement: no official source confirms the supervisory authority is operational, and the available evidence indicates it is not, leaving the law largely unenforced. A separate Internet Communication Law No. 1/2017 governs commercial electronic communications and cross-refers to the data protection rules.
Telecoms institutions
Telecommunications governance is centralised and comparatively well established. The regulator ORTEL operates under the General Telecommunications Law No. 7/2005, managing spectrum, licensing, type approval and consumer protection, and advising the minister; it has no AI mandate. The state-participated operator GETESA is jointly held by the State and the French operator Orange, and GITGE is the public entity managing the national fibre backbone and submarine-cable capacity. A cross-government Digital Agenda sets digital-economy objectives with World Bank support, but it is not an AI instrument.
Regional and continental context
Equatorial Guinea is a member of CEMAC and ECCAS. ECCAS ministers adopted model laws on data protection, cybercrime and electronic transactions in 2016, and the region is developing a harmonised digital-trade framework. The African Union's Continental Artificial Intelligence Strategy was endorsed by the AU Executive Council in July 2024 and encourages member states to adopt national AI strategies during a governance-building phase running from 2025; Equatorial Guinea has not published one. Notably, it has neither signed nor ratified the Malabo Convention on cyber security and personal data protection, which is striking given the convention was adopted in Malabo in 2014.
Examples
A fintech offering an AI-driven credit or fraud tool to customers in Equatorial Guinea finds no AI law to comply with and no AI regulator to notify. In principle the Personal Data Protection Law No. 1/2016 governs its handling of personal data, but with the supervisory authority dormant, the practical constraints are contractual commitments, the expectations of international partners, and the firm's own internal standards rather than active local enforcement. A telecoms or connectivity provider layering AI features onto its services operates within ORTEL's remit for the underlying telecommunications activity under the 2005 law, but the AI element itself is not separately regulated. There is no AI licensing or conformity requirement to satisfy. An organisation planning a multi-year deployment should treat the reported draft AI bill as a watch item rather than a present obligation. Because the bill is pre-draft and press-sourced, and because a proposed authority such as ANIAD does not yet exist, governance today rests on voluntary alignment with recognised standards, with the bill monitored for official publication or enactment.
Common misunderstandings
"Equatorial Guinea has an AI law." It does not. There is no AI statute in force, no AI regulator and no published national AI strategy; only an early-stage draft bill reported in local press. "There is an AI authority called ANIAD." There is not. ANIAD is a proposed body within an unfinished draft bill, not an existing institution. "Equatorial Guinea has enforceable data protection." Only on paper. Law No. 1/2016 exists and creates a supervisory authority, but that authority is not operational, so enforcement is weak to absent. "Equatorial Guinea is bound by the Malabo Convention because it was adopted in Malabo." It is not. Despite hosting the 2014 adoption, Equatorial Guinea has neither signed nor ratified the convention. "Equatorial Guinea and the Republic of Guinea have the same AI plans." They do not. The Republic of Guinea (Conakry) has advanced its own national AI roadmap; reports of a "Guinea AI strategy" frequently concern Guinea-Conakry, not Equatorial Guinea.
Risks and boundaries
This article describes a jurisdiction with no dedicated AI framework and a dormant data protection regime, so it cannot tell you how to comply with either. The central boundary is that domestic law is effectively silent on AI, and the one relevant data protection statute lacks functioning enforcement. Several points are genuinely uncertain and should be treated as such. The reported AI bill and the proposed ANIAD are sourced to local press, not official government channels, and were at a pre-draft stage; their content can change substantially before enactment, if they are enacted at all. The operational status of the Law No. 1/2016 supervisory authority is unconfirmed by any official source, with available evidence indicating it is not functioning. Much of the primary material exists only in Spanish, and some secondary commentary about the country's AI initiatives originates from promotional rather than official sources and was not relied upon. This is general information, not legal advice; anyone with material exposure should take qualified local advice and recheck the position, because the situation could move.
What to do next
Treat Equatorial Guinea as a jurisdiction with no dedicated AI framework, and assume there are no AI-specific obligations as of mid-2026. Anchor planning on recognised external standards rather than domestic AI rules, which do not exist. Default to a data protection analysis where your AI processes personal data, working from Law No. 1/2016, but assume weak to absent enforcement given the dormant authority. Build governance to a mature data protection benchmark so your controls are credible and portable. Monitor three specific triggers that would change the picture: official publication, parliamentary deliberation or enactment of the AI bill, or the formal creation of ANIAD; activation of the Law No. 1/2016 supervisory authority; and any move by Equatorial Guinea to sign or ratify the Malabo Convention or to publish a national AI strategy. Watch regional ECCAS and CEMAC digital instruments too, since harmonised regional rules may shape obligations before any standalone AI statute appears.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Equatorial Guinea have a dedicated AI law?
No. There is no AI statute in force, no AI regulator and no published national AI strategy. The only AI-specific activity is an early-stage draft bill reported in local press.
What is the proposed ANIAD?
ANIAD is a National Artificial Intelligence and Data Authority proposed within the draft AI bill. It does not exist; it is a proposal in an unfinished draft, not an operating institution.
Is there a data protection law?
Yes, Law No. 1/2016 of 22 July 2016, which sets data protection principles and rights and creates a supervisory authority. In practice that authority is not operational, so the law is largely unenforced.
Which law applies when AI processes personal data?
Law No. 1/2016 would in principle apply, but enforcement is weak to absent because the supervisory authority is dormant. There is no AI-specific statute.
Who regulates telecommunications?
ORTEL, under the General Telecommunications Law No. 7/2005. It manages spectrum, licensing and consumer protection but has no AI mandate.
Has Equatorial Guinea adopted the Malabo Convention?
No. It has neither signed nor ratified the African Union's Malabo Convention, despite the convention having been adopted in Malabo in 2014.
Is Equatorial Guinea the same as the Republic of Guinea?
No. They are different countries. The Republic of Guinea (Conakry) has its own national AI roadmap; reports about a "Guinea AI strategy" often concern Guinea-Conakry, not Equatorial Guinea.
What should an organisation do while rules are absent?
Align voluntarily with a recognised data protection and AI governance standard, rely on contract, document an AI risk approach, and monitor the draft bill, the data protection authority's status and the Malabo Convention.