What is AI regulation in Ethiopia?
AI regulation: countries and regions
Ethiopia has no dedicated AI law. It governs AI through policy and adjacent statutes: a National AI Policy approved by the Council of Ministers in June 2024, the Ethiopian Artificial Intelligence Institute (EAII) created by Regulation No. 510/2022, and the Personal Data Protection Proclamation No. 1321/2024, which is enforced by the Ethiopian Communications Authority and grants rights against automated decisions. This sits within the Digital Ethiopia 2025 strategy and the African Union Continental AI Strategy.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
There is no single statute in Ethiopia that regulates artificial intelligence, no AI Act, no AI bill before parliament, and no standalone AI regulator with binding powers over AI systems. Anyone expecting an enforceable, AI-specific rulebook of the kind being built in the European Union will not find one here. What exists instead is a layered arrangement of policy and law that touches AI without being limited to it. The centre of gravity is the National AI Policy, which the Council of Ministers approved in June 2024 after a multi-year consultative process. A policy is a direction-setting document, not a law: it states priorities, assigns coordinating roles and instructs agencies to act, but it does not by itself create enforceable duties or penalties for private deployers. The binding obligations that AI users in Ethiopia must actually observe come from general law, principally the Personal Data Protection Proclamation No. 1321/2024, alongside institutional arrangements such as the Ethiopian Artificial Intelligence Institute. Read together, these form Ethiopia's working framework for AI governance, even though none of them is an AI statute in the strict sense.
Why it matters
For organisations building or buying AI in Ethiopia, the practical point is that compliance duties flow from data protection law and sector rules, not from an AI-specific code. If you process personal data to train or run a model, the Personal Data Protection Proclamation applies, including its rules on lawful processing, sensitive data, cross-border transfers and the right of individuals to object to automated decisions. Financial firms using automated credit scoring, for example, must build in human review and a route for people to contest a decision. The institutional landscape also matters. The Ethiopian Artificial Intelligence Institute reports directly to the Prime Minister and carries functions that range from research and policy advice to certifying imported AI technology and supporting national security work. That means the state is both a promoter of AI and a gatekeeper, and procurement, partnership and product decisions may run through it. Understanding who holds which lever, EAII, the Ministry of Innovation and Technology, the Ethiopian Communications Authority and sector regulators, is more useful than waiting for a single AI law that does not yet exist.
How it works
The National AI Policy (2024)
Ethiopia's Council of Ministers approved the country's first National AI Policy on 27 June 2024, during its 37th regular session, following a consultative process led by the Ethiopian Artificial Intelligence Institute and coordinated with the Ministry of Innovation and Technology. The policy sets a cross-sectoral direction for AI development and deployment, with emphasis on data governance, ethics and accountability, capacity building and sectoral integration across areas such as health, finance, agriculture and security. As a policy rather than a proclamation, it provides a framework and instructs EAII and the Ministry to prepare implementation plans; it does not itself impose penalties on private actors.
The Ethiopian Artificial Intelligence Institute (EAII)
The EAII is the principal AI institution. It was established as an autonomous federal entity by Council of Ministers Regulation No. 510/2022, which entered into force on 23 April 2022 and superseded the earlier Artificial Intelligence Research and Development Center. The Institute answers directly to the Prime Minister. Its functions, as set out in the establishing regulation and in government communications, include designing national AI research plans, advising on AI policy, supporting public and private collaboration, and certifying imported AI technology for domestic use. It also carries national security related functions, including data analysis work alongside law enforcement.
Personal Data Protection Proclamation No. 1321/2024
This is the most directly enforceable instrument for AI that processes personal data. It was adopted by the House of Peoples' Representatives on 4 April 2024 and published in the Federal Negarit Gazette on 24 July 2024, at which point it took effect. It is Ethiopia's first comprehensive data protection law, replacing a patchwork of constitutional and sector-specific provisions. It sets principles of lawful, fair and transparent processing, defines personal and sensitive data, requires registration of controllers and processors, mandates breach notification within 72 hours, and restricts cross-border transfers to jurisdictions with adequate protection or where another lawful condition applies. Critically for AI, it grants data subjects the right to object to automated decisions and to obtain human review, which bears directly on automated profiling and scoring systems.
The supervisory authority
The Personal Data Protection Proclamation designates the Ethiopian Communications Authority (ECA) as the supervisory authority responsible for enforcement. The ECA's powers include maintaining a register of controllers and processors, investigating complaints, conducting inspections, issuing enforcement notices and guidance, approving cross-border transfers and imposing administrative fines. The ECA was originally established under the Communications Service Proclamation No. 1148/2019 and operates within the oversight of the Ministry of Innovation and Technology.
Digital Ethiopia 2025 and the regional context
The overarching national roadmap is Digital Ethiopia 2025, the Ministry of Innovation and Technology strategy for building a digital economy, which identifies AI and related technologies as priorities. At the continental level, Ethiopia's approach aligns with the African Union Continental AI Strategy, adopted by the AU Executive Council at its 45th Ordinary Session in Accra on 18 to 19 July 2024, which sets a development-focused, ethics-led direction and a phased implementation plan running from 2025 to 2030. The Computer Crime Proclamation No. 958/2016 also remains relevant where AI systems are attacked or data is unlawfully harvested.
Examples
A financial services provider deploying automated credit scoring in Ethiopia must work within the Personal Data Protection Proclamation. Because the law gives individuals the right to object to automated decisions, the provider needs meaningful human oversight in the loan approval process and a documented route for applicants to contest an adverse decision and seek human review. An overseas software vendor selling an AI product into the Ethiopian market should account for the Ethiopian Artificial Intelligence Institute's role in certifying imported AI technology for domestic use, as set out in EAII's mandate. This is a procurement and market-access consideration distinct from data protection compliance. A health or agriculture programme running AI pilots, the sectors EAII has prioritised, will process personal or operational data and so falls under the registration, lawful-processing and breach-notification duties supervised by the Ethiopian Communications Authority, even though there is no AI-specific statute governing the pilot itself.
Common misunderstandings
"Ethiopia has an AI law." It does not. It has a National AI Policy (2024), which sets direction but does not create enforceable duties for private deployers in the way a statute would. "The National AI Policy regulates companies directly." The policy is a government framework that assigns coordinating roles and instructs agencies; binding obligations on businesses come from general law such as the Personal Data Protection Proclamation. "There is a dedicated AI regulator." There is not. The Ethiopian Artificial Intelligence Institute is a research, advisory and certification body reporting to the Prime Minister, and data protection enforcement sits with the Ethiopian Communications Authority. Neither is an AI-specific regulator with binding powers over AI systems generally. "Data protection is still governed by scattered old rules." Since 24 July 2024, Ethiopia has a single comprehensive data protection law, Proclamation No. 1321/2024, that replaces the previous patchwork. "AI systems are unregulated because there is no AI Act." Where AI processes personal data, makes automated decisions, or involves attacks on computer systems, existing law already applies through the data protection proclamation and the Computer Crime Proclamation.
Risks and boundaries
The clearest boundary is that Ethiopia has no dedicated, AI-specific statute and none publicly known to be before parliament. Governance rests on a policy document plus adjacent laws, which means duties are inferred from data protection and sector rules rather than drawn from a single AI code. The National AI Policy itself has had limited public circulation, so the precise text of some commitments is harder to verify than the laws around it. Implementation is still maturing. The Personal Data Protection Proclamation is in force, but secondary directives, the controller and processor register, and the practical enforcement record of the Ethiopian Communications Authority are still developing, so how rigorously specific AI uses will be policed is not yet settled. There is also a concentration of authority in the EAII, which combines development, advisory, certification and national security functions, and that breadth can blur the line between promoting AI and overseeing it. Finally, this is a developing area: new instruments, such as recent moves to establish a dedicated AI university, indicate the framework is still being built, and the status described here could change.
What to do next
Treat the Personal Data Protection Proclamation No. 1321/2024 as your primary compliance anchor for any AI that touches personal data: map lawful bases, register where required, build breach notification within 72 hours, and put human review and a contest route around any automated decision-making. Identify which body owns each question before you act. Data protection sits with the Ethiopian Communications Authority; research, advice and certification of imported AI technology sit with the Ethiopian Artificial Intelligence Institute; sector regulators retain domain enforcement. Route procurement and market-access questions accordingly. Watch for movement rather than assuming stability. Track the National AI Policy's implementation plans, any ECA directives under the data protection law, and new institutional developments, and align longer-term planning with Digital Ethiopia 2025 and the African Union Continental AI Strategy. Where a fact about the framework cannot be confirmed from an official source, verify before relying on it.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Ethiopia have a dedicated AI law?
No. Ethiopia has no AI-specific statute. It governs AI through a National AI Policy (2024) and adjacent laws, principally the Personal Data Protection Proclamation No. 1321/2024.
When was Ethiopia's National AI Policy approved?
The Council of Ministers approved the country's first National AI Policy on 27 June 2024, during its 37th regular session.
What is the Ethiopian Artificial Intelligence Institute (EAII)?
It is Ethiopia's principal AI body, established as an autonomous federal entity by Council of Ministers Regulation No. 510/2022 (in force 23 April 2022) and reporting directly to the Prime Minister. Its functions include AI research, policy advice and certifying imported AI technology.
Which law governs personal data used in AI systems?
The Personal Data Protection Proclamation No. 1321/2024, adopted on 4 April 2024 and published in the Federal Negarit Gazette on 24 July 2024.
Who enforces data protection in Ethiopia?
The Ethiopian Communications Authority (ECA) is the supervisory authority. Its powers include maintaining a register of controllers and processors, investigating complaints, issuing enforcement notices and imposing administrative fines.
Are there rules on automated decision-making?
Yes. The Personal Data Protection Proclamation gives individuals the right to object to automated decisions and to obtain human review, which is relevant to automated credit scoring and similar systems.
How does Ethiopia's approach fit the African context?
It aligns with the African Union Continental AI Strategy, adopted by the AU Executive Council in Accra on 18 to 19 July 2024, which sets a development-focused approach and a phased plan from 2025 to 2030.
What is Digital Ethiopia 2025?
It is the Ministry of Innovation and Technology's national strategy for building a digital economy, which identifies AI and related technologies as priorities and serves as the overarching roadmap within which AI policy sits.