What is AI regulation in Eritrea?
AI regulation: countries and regions
Eritrea has no dedicated artificial intelligence law, no national AI strategy, no data protection statute and no data protection authority. As of June 2026, AI is not governed by any specific national framework. The nearest legal anchors are the 1997 Constitution's right to privacy (Article 18, never brought into force) and the Communications Proclamation No. 102/1998, which regulates telecommunications through the Ministry of Transport and Communications. As an African Union member, Eritrea sits within the non-binding African Union Continental Artificial Intelligence Strategy.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Eritrea is one of the least connected countries in the world, and it has no rules written specifically for artificial intelligence. There is no AI Act, no AI regulator, no published national AI strategy and no national digital transformation strategy. There is also no general data protection law and no privacy supervisory authority, so the duties that would normally shape how AI systems handle personal data (lawful basis, transparency, individual rights, breach reporting) simply do not exist in Eritrean statute.
What does exist is a narrow set of telecommunications rules. The Communications Proclamation No. 102/1998 regulates telecommunications, broadcasting and post, and places authority in the Ministry of Transport and Communications rather than in an independent regulator. The state-owned operator, the Eritrean Telecommunication Services Corporation (EriTel), is the sole provider of fixed line, mobile and internet services.
The practical backdrop matters as much as the legal one. Eritrea lacks a submarine cable landing station and relies on satellite links and limited terrestrial connections through neighbouring countries. Internet use is very low. This means the question for most organisations is less "how is AI regulated here?" and more "what governance should we apply ourselves, given that the state provides almost no framework?"
Why it matters
For founders, operators, advisers and governance leads, the absence of a framework is itself the headline risk. There is no local statute to comply with, but there is also no local rulebook to rely on, no regulator to seek guidance from, and no data protection authority to register with or appeal to. If you deploy AI that touches Eritrean residents or data, you cannot point to a domestic compliance baseline; you must import your own.
This has three consequences. First, governance is voluntary and reputational rather than legally compelled, which raises the bar for internal discipline. Second, the constitutional right to privacy in Article 18 of the 1997 Constitution is not in force, so it offers little practical protection or predictable redress. Third, cross-border data transfer is unrestricted by Eritrean law, which sounds permissive but actually shifts the entire compliance burden onto the law of the other jurisdiction involved (for example UK GDPR or EU GDPR if you are processing data of people in those territories, or contractual commitments to customers and funders). Severe connectivity limits also constrain what AI can realistically be deployed and how it can be monitored.
How it works
No dedicated AI law, strategy or authority
There is no AI-specific legislation, no national AI policy and no AI oversight body in Eritrea. Independent trackers that catalogue national digital instruments list only telecommunications-era rules for Eritrea and record no national AI strategy and no public national cybersecurity strategy. A separate point worth stating plainly: claims circulating online of an "Eritrean Artificial Intelligence Institute" or an "Eritrean Law Society" acting as an AI governance body are not supported by any official Eritrean source and appear to confuse Eritrea with Ethiopia, which does have an Artificial Intelligence Institute and a 2024 national AI policy. Treat such claims as unverified.
The telecommunications anchor: Proclamation No. 102/1998
The Communications Proclamation No. 102/1998, done at Asmara on 2 March 1998, regulates communications, defined as telecommunications, broadcasting and post. Article 4 vests regulatory authority in the Ministry of Transport and Communications, exercised through its Communications Department. There is no independent telecom regulator; rule-making power sits with the Minister, and appeals run to the High Court. This is the only durable, operative legal architecture touching digital services, and it predates AI entirely.
The constitutional privacy right that never took effect
The 1997 Constitution provides in Article 18 that every person has the right to privacy, including protection of communications and correspondence. However, the Constitution was ratified by the Constituent Assembly on 23 May 1997 but has never entered into force. As a result, the privacy right is aspirational rather than enforceable, and it does not function as a data protection regime.
No data protection law and no authority
Eritrea has no data protection legislation and has not appointed a data protection authority. Personal data is not defined under Eritrean law, there are no collection and processing requirements, no breach notification duties, no data subject access or deletion rights, and no restriction on cross-border transfer. There is also no statutory right not to be subject to automated decision-making, which is the provision that, in other jurisdictions, most directly touches AI.
The regional and continental layer
Eritrea is an African Union member. The African Union Continental Artificial Intelligence Strategy was adopted by the AU Executive Council during its 45th Ordinary Session held 18 to 19 July 2024 in Accra, Ghana. Per the Future of Privacy Forum, it was approved by the Executive Council composed of representatives of the 55 African member states, with a phased implementation timeline extending from 2025 to 2030 and a preparatory phase in 2024. Crucially, the Strategy is a guiding framework and does not impose binding obligations on member states. Separately, the AU Convention on Cyber Security and Personal Data Protection (the Malabo Convention) entered into force on 8 June 2023 after Mauritania became the fifteenth state to ratify, but Eritrea has neither signed nor ratified it, so it does not bind Eritrea.
Connectivity as a hard constraint
Governance cannot be separated from infrastructure here. There were 714 thousand individuals using the internet in Eritrea at the start of 2025, when online penetration stood at 20.0 percent, per DataReportal's Digital 2025: Eritrea report, meaning 80.0 percent of the population remained offline. The state-owned EriTel runs a monopoly that BuddeComm describes as the least developed telecommunications market in Africa, with mobile penetration at only about 20 percent and about 2 percent of households having internet access. Eritrea lacks a submarine cable landing station and relies on satellite links and limited terrestrial connections through neighbouring countries. Eritrea is among the 188 countries assessed in the Oxford Insights Government AI Readiness Index 2024, in which Sub-Saharan Africa recorded the lowest average score of any world region.
Examples
Example 1: A UK or EU company offering an AI-enabled service to users in Eritrea. Because Eritrea imposes no AI or data protection obligations, the binding rules come from the company's home regime and its contracts, not from Eritrean law. A controller processing personal data of people in the UK would still apply UK GDPR duties (lawful basis, transparency, data subject rights) regardless of where the user sits, and would document this through an AI impact assessment. Eritrean law adds nothing and removes nothing.
Example 2: An NGO or development partner running a data project inside Eritrea. United Nations Development Programme work in Eritrea has used digital data collection, for instance the Fourth Round Eritrea Population and Health Survey (EPHS 2025) using Computer-Assisted Personal Interviewing across all six regions. With no domestic data protection statute, safeguards (consent, retention limits, security) must be set by the implementing organisation's own policies and donor requirements, not by Eritrean compliance rules.
Example 3: Local-language AI research. A 2021 student-built Tigrinya speech-to-text project created new text-and-speech datasets, and research on Tigrinya natural language processing has since expanded. Such work proceeds without any AI-specific legal framework governing dataset collection, model release or downstream use; governance is whatever the researchers and their institutions choose to adopt.
Common misunderstandings
"Eritrea must have some AI or data rules by now." No. As of June 2026 there is no dedicated AI law, no national AI strategy, no data protection statute and no privacy authority.
"The constitutional privacy right protects personal data." The 1997 Constitution's Article 18 privacy right has never entered into force, so it does not operate as an enforceable data protection regime.
"There is an Eritrean Artificial Intelligence Institute leading policy." This is not supported by any official Eritrean source and appears to be a confusion with Ethiopia's Artificial Intelligence Institute. Treat it as unverified.
"The African Union Continental AI Strategy is binding on Eritrea." It is a guiding framework, not a binding instrument; it creates no enforceable obligations on member states.
"No data transfer restrictions means data flows are safe and unregulated." The absence of Eritrean restriction does not remove obligations under other applicable laws (such as UK GDPR or EU GDPR) or under your contracts; it simply means Eritrea contributes no protection.
Risks and boundaries
This article describes the absence of a framework, not a framework. The central boundary is that Eritrea offers no statutory AI baseline, no regulator and no data protection law, so organisations carry the full governance burden themselves.
Legal status that is confirmed: no dedicated AI law; no data protection law or authority; the 1997 Constitution is not in force; the Communications Proclamation No. 102/1998 governs telecommunications through the Ministry of Transport and Communications with no independent regulator; Eritrea has not ratified the Malabo Convention.
What could change: Eritrea could publish a digital strategy, a data protection bill or an AI policy at any time, and the AU Continental AI Strategy's 2025 to 2030 implementation phase may encourage member states to develop national frameworks. None of this has materialised in Eritrea as of June 2026, and there is no announced timetable.
What is uncertain: the institutional picture rests partly on a 1998 instrument and limited official publication, so terminology and departmental arrangements may have evolved without public documentation. Connectivity statistics also vary by source and year and should be read as indicative. This is general information, not legal advice; verify current status against primary sources before acting.
What to do next
Do not wait for an Eritrean rulebook; there is none. Apply your own governance baseline drawn from your home jurisdiction and recognised standards.
If you process data of people in the UK or EU, anchor compliance in UK GDPR or EU GDPR duties and run an AI impact assessment, because Eritrean law will not fill the gap.
Use a risk-based approach: classify each AI use case by potential harm, and apply proportionate controls (human oversight, documentation, security, retention limits) as a matter of internal policy, since no statute mandates them locally.
Build connectivity reality into design: with roughly one in five people online and satellite-dependent links, assume intermittent access, plan for offline or low-bandwidth operation, and avoid assuming reliable real-time monitoring.
Document cross-border data flows explicitly in contracts and notices, because Eritrea imposes no transfer restrictions and provides no protection of its own.
Re-check status periodically against the Ministry of Transport and Communications, ITU country materials and AU publications; a published data protection bill or national AI strategy would be the trigger to revisit your posture.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Eritrea have an AI law?
No. As of June 2026 Eritrea has no dedicated artificial intelligence legislation, no national AI strategy and no AI regulator.
Is there a data protection law in Eritrea?
No. Eritrea has no data protection statute, personal data is not defined in law, and no data protection authority has been appointed.
What about the right to privacy in the Constitution?
The 1997 Constitution provides a privacy right in Article 18, but the Constitution has never entered into force, so it does not function as an enforceable data protection regime.
Which body regulates telecommunications and digital services?
The Ministry of Transport and Communications, through its Communications Department, under the Communications Proclamation No. 102/1998. There is no independent telecom regulator, and EriTel is the sole operator.
Does the African Union Continental AI Strategy apply to Eritrea?
Eritrea is an AU member, so the Strategy provides context, but it was adopted in July 2024 as a guiding framework and imposes no binding obligations on member states.
Has Eritrea signed the Malabo Convention on cyber security and data protection?
No. The Malabo Convention entered into force on 8 June 2023, but Eritrea has neither signed nor ratified it.
How connected is Eritrea?
Internet penetration was 20.0 percent at the start of 2025 (about 714,000 users). Eritrea has no submarine cable landing station and depends on satellite links and limited terrestrial connections.
If there are no local rules, what should my organisation follow?
Apply your home-jurisdiction obligations (such as UK GDPR or EU GDPR), recognised AI standards and your own risk-based governance, because Eritrea provides no domestic baseline.