What is AI regulation in Guinea?
AI regulation: countries and regions
Guinea (the Republic of Guinea, capital Conakry) has no dedicated artificial intelligence law. In December 2025 it validated a national AI roadmap for 2026 to 2035, developed with UNDP support, but this is policy rather than binding regulation. AI deployments are governed by existing instruments: the 2016 cybersecurity and data protection law, the telecoms regulator ARPT, the cybersecurity agency ANSSI, and Guinea's commitments under the African Union Continental AI Strategy.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
Guinea, a West African state and ECOWAS member, does not regulate artificial intelligence through a specific statute. There is no AI Act, no AI bill before the National Transitional Council, and no AI-specific regulator. Anyone deploying AI in Guinea is therefore governed by laws of general application rather than by AI-specific rules. The most concrete development is policy, not law. On 19 December 2025 the ministry responsible for information and communication technologies, working with the United Nations Development Programme, validated a ten-year national AI roadmap covering 2026 to 2035. It draws on an Artificial Intelligence Landscape Assessment (AILA) diagnostic and sets out a phased plan: first building institutional, regulatory and technical foundations, then introducing AI into public services, then positioning Guinea as a regional reference. A roadmap states intentions; it does not create enforceable duties. In the meantime, the binding rules that touch AI sit in adjacent law: the 2016 cybersecurity and personal data protection law, the mandate of the telecoms regulator ARPT, and the cybersecurity agency ANSSI. Guinea should be distinguished from Equatorial Guinea (a separate Central African state, capital Malabo) and from Guinea-Bissau (capital Bissau); the three are frequently confused.
Why it matters
For organisations deploying or governing AI in Guinea, the practical point is that there is no AI-specific compliance regime to map against, and no AI regulator to engage. Obligations come instead from the general data protection and cybersecurity framework, from sector rules, and from contract. That makes scoping deceptively simple but also uncertain: the 2016 data protection regime exists on paper, yet its supervisory machinery has been weak in practice, so organisations cannot assume the kind of active enforcement or detailed guidance they would find in a mature regime. The national roadmap signals direction of travel, which matters for anyone making medium-term investment or procurement decisions, because the 2026 to 2035 plan anticipates new governance structures and rules that do not yet exist. Building to durable principles now, such as lawful processing, data minimisation, security and human oversight, is the safer course than waiting for a dedicated AI law that has not been announced.
How it works
No dedicated AI law
Guinea has not enacted any AI-specific legislation, and no AI bill has been published. The December 2025 national AI roadmap is a strategic policy document, not a statute. It carries no penalties, creates no regulator and imposes no direct legal duties on deployers. Its significance is forward-looking: it commits the government to build governance, skills and infrastructure foundations across the 2026 to 2035 period.
The 2016 cybersecurity and data protection law
The principal binding instrument touching automated data processing is Law L/2016/037/AN on cybersecurity and the protection of personal data, adopted by the National Assembly and promulgated in 2016. It applies to the processing of personal data by individuals, businesses and public institutions, and it criminalises offences such as unauthorised access to information systems and fraudulent interception of data. Any AI system that processes personal data about people in Guinea falls within its scope. The law contemplates a personal data protection authority, but supervisory capacity has historically been limited, so deployers should not assume mature, active oversight.
The telecoms regulator: ARPT
The Autorite de Regulation des Postes et Telecommunications (ARPT) regulates posts and telecommunications. It was created in 2005 and, following a 2023 reform, operates as an independent administrative authority. Its remit covers fair competition, consumer protection, equipment type-approval and, since 2021, the regulation of electronic transactions including mobile money. ARPT is not an AI regulator, but AI services delivered over telecoms networks or involving electronic transactions intersect with its mandate.
The cybersecurity agency: ANSSI
The Agence Nationale de la Securite des Systemes d'Information (ANSSI), created by decree in 2016 and placed under the ministry responsible for posts, telecommunications and the digital economy, is the technical body responsible for securing information systems, incident response, digital investigation and crisis management. AI systems classed as part of an organisation's information infrastructure engage ANSSI's security expectations.
Regional and continental context
Guinea sits within the African Union framework. The AU Continental AI Strategy, endorsed by the AU Executive Council in July 2024 in Accra, sets a development-focused, phased approach for 2025 to 2030 and asks member states to develop national AI strategies. Guinea's roadmap responds to that call. Guinea has also ratified the AU Convention on Cybersecurity and Personal Data Protection (the Malabo Convention). As an ECOWAS member, Guinea is subject to the regional bloc's broader digital and data protection direction.
Examples
A fintech offering AI-driven credit scoring to consumers in Conakry processes personal data, so it falls under Law L/2016/037/AN, and because it operates through mobile money and electronic transactions it also intersects with ARPT's electronic transactions remit. It must address lawful processing and security obligations even though no AI-specific rule applies. A government ministry piloting an AI tool to improve public service delivery is acting in line with the second phase of the national AI roadmap. The pilot is a policy initiative; it is not authorised or constrained by any AI statute, so the ministry must rely on existing data protection and procurement rules rather than an AI legal framework. An international SaaS vendor selling an AI product into Guinea cannot point to a local AI conformity regime because none exists. Its compliance scoping rests on the 2016 data protection law, ANSSI security expectations and contractual terms, supplemented by the durable principles in the AU Continental AI Strategy.
Common misunderstandings
Guinea has an AI law. It does not. There is no AI statute and no published AI bill; the December 2025 roadmap is policy, not legislation. The national AI roadmap is legally binding. It is not. It sets strategic intentions for 2026 to 2035 and creates no enforceable duties or penalties. This is about Equatorial Guinea or Guinea-Bissau. It is not. The Republic of Guinea (Conakry) is a distinct country; the three are routinely confused. There is no data protection regime, so AI is unregulated. Personal data processing, including by AI, is covered by Law L/2016/037/AN of 2016, even though supervisory enforcement has been limited. ARPT or ANSSI regulates AI. Neither is an AI regulator. ARPT regulates telecoms, posts and electronic transactions; ANSSI handles information system security. AI engages them only where it touches those functions.
Risks and boundaries
The central boundary is that Guinea has no dedicated AI framework. There is no AI-specific regulator, no statutory risk classification, no mandatory AI impact assessment and no AI conformity process. Organisations relying on this article should treat the 2016 data protection law and the institutional mandates of ARPT and ANSSI as the operative rules, not any AI-specific regime. Status is partly uncertain. The 2026 to 2035 roadmap is validated policy, but the institutions, rules and governance structures it anticipates have not been created and their form, timing and legal force are not yet known. The personal data protection authority contemplated by the 2016 law has had limited practical effect, so the level of active supervision is uncertain. None of this is legal advice; anyone with a specific deployment should take qualified Guinean legal counsel and verify current status against primary sources, because policy in this area is developing.
What to do next
Treat Guinea as a jurisdiction without dedicated AI law, and build compliance from the general framework: lawful and fair processing, data minimisation, security and human oversight under Law L/2016/037/AN. Map any AI system that processes personal data against that law and against ANSSI security expectations. Where a service involves telecoms or electronic transactions, check ARPT requirements. Use the durable principles in the AU Continental AI Strategy as a design baseline, since the national roadmap is aligned to it and future rules are likely to follow that direction. Monitor the official ministry, ARPT and ANSSI channels for new instruments as the 2026 to 2035 roadmap is implemented, and take local legal advice before any significant deployment.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Guinea have an AI law?
No. Guinea has no dedicated AI statute and no published AI bill. AI is governed by laws of general application, chiefly the 2016 cybersecurity and data protection law.
What is the national AI roadmap?
A ten-year strategic policy for 2026 to 2035, validated in December 2025 with UNDP support and based on an AILA diagnostic. It sets intentions in phases but creates no binding legal duties.
Which law covers personal data processed by AI in Guinea?
Law L/2016/037/AN of 2016 on cybersecurity and the protection of personal data, which applies to processing by individuals, businesses and public institutions.
Is there an AI regulator in Guinea?
No. There is no AI-specific regulator. The telecoms regulator ARPT and the cybersecurity agency ANSSI have related but distinct mandates.
Is this the same as Equatorial Guinea or Guinea-Bissau?
No. The Republic of Guinea (capital Conakry) is a separate country. Equatorial Guinea (Malabo) and Guinea-Bissau (Bissau) are distinct states.
How does the African Union affect AI in Guinea?
The AU Continental AI Strategy, endorsed in July 2024, asks member states to develop national AI strategies. Guinea's roadmap responds to that. Guinea has also ratified the Malabo Convention.
Does Guinea require an AI impact assessment?
No. There is no statutory AI impact assessment requirement, because there is no dedicated AI law. Any assessment would be a matter of good practice or contract.
When will Guinea have an AI law?
No date has been announced. The roadmap anticipates building regulatory foundations during its first phase, but no AI statute or bill has been published.