What is AI regulation in Mozambique?
AI regulation: countries and regions
As of June 2026, Mozambique does not appear to have a single comprehensive AI law in force. AI is currently governed through constitutional privacy protections, the Electronic Transactions Law, digital government and infrastructure rules, cybersecurity policy, and sector-specific law. Mozambique is now building a more explicit AI framework through Decree No. 14/2026 creating the National AI Commission, a draft National AI Strategy, and pending legislation on personal data protection, cybersecurity and cybercrime.
Reviewed by Jackie, Head of Learning & Development, Levellers · Last reviewed 8 June 2026
What this means
AI regulation in Mozambique is not yet centred on one dedicated "AI Act". Instead, it is a patchwork of existing digital, constitutional and sectoral rules, plus new AI-specific policy work that is still being finalised.
That means AI governance in Mozambique is broader than privacy. It covers how AI is developed, bought, hosted, connected to cloud infrastructure, used in public services or private markets, and supervised when it affects people, data or critical systems.
The best way to understand Mozambique is as a jurisdiction in transition. Existing hard law already matters today. New soft-law and institution-building measures are trying to turn that baseline into a clearer national AI framework.
Why it matters
For organisations deploying AI in Mozambique, the main risk is assuming that "no AI law" means "no AI regulation". That is wrong. Even before a dedicated AI statute arrives, AI projects can still trigger rules on privacy, digital records, electronic transactions, cybersecurity, cloud hosting, public-sector interoperability and sector-specific compliance.
This matters most for public services, telecoms, finance, health, education, agriculture and any system that uses personal or operational data at scale. It also matters for foreign providers, because parts of Mozambique's newer digital infrastructure rulebook are written to reach providers active in Mozambique even when they are not locally established. In practice, leaders need to manage both the law that exists now and the law that is likely to arrive next.
How it works
There is no single AI Act in force
Mozambique does not, on the sources reviewed, yet have a comprehensive AI statute comparable to the EU AI Act. The AI-specific layer is still emerging. The most important current AI-specific developments are institutional and strategic rather than fully legislative: the creation of the Comissao Nacional de Inteligencia Artificial, or CNIA, by Decree No. 14/2026, and the publication of the first draft of the National AI Strategy for public consultation from 4 May to 4 June 2026.
That matters because the country's AI direction is becoming more visible, but it is not yet fully locked into binding AI-only law. For now, Mozambique's model is best described as horizontal digital law plus sectoral rules, with AI-specific soft law being added on top.
Existing constitutional and digital law already governs parts of AI
The Constitution is the deepest legal layer. It protects private life and specifically addresses computerised personal data. In practical terms, that gives Mozambique a constitutional base for challenging unlawful or excessive digital processing even before a modern general data protection statute is enacted.
The main statutory baseline is the Electronic Transactions Law, Law No. 3/2017. It is not an AI law, but it is a foundational digital-law instrument. It governs electronic transactions, e-commerce and electronic government, recognises electronic records and signatures, and underpins later rules on digital certification, interoperability and other parts of the digital state. In an AI context, that means the legality of digital operations, system integrity, authentication and record handling already matter.
This is why AI in Mozambique should not be analysed as a stand-alone topic. In many cases the first legal question is not "what does AI law say?" but "which existing digital, constitutional and sectoral rules does this AI system already sit inside?"
Responsibility is spread across several institutions
Mozambique does not yet appear to have one mature, stand-alone AI regulator with a full statute book and settled enforcement practice. Instead, responsibility is distributed.
INTIC is the state body most visibly leading the build-out of the current framework in practice. It is publishing draft laws and strategies, running consultations, and acting as the central public face of AI, data and digital-governance reform. CNIA adds a new AI-specific institutional layer. Based on the official descriptions available, it is a consultative and strategic body intended to help orient national AI development, ethics, regulation and responsible use.
A future National Data Protection Authority is also envisaged in the pending personal data bill. If that bill is enacted, AI oversight in Mozambique will become more institutionally differentiated, with AI policy, ICT regulation and personal data protection no longer sitting so heavily in the same preparatory space.
For organisations, the practical message is straightforward: there is no single door for every AI issue. Governance questions may involve INTIC, CNIA, courts, sector regulators and, in time, a dedicated data protection authority.
The largest hard-law gap is personal data protection
Mozambique's Constitution has long anticipated legal protection for personal data held in computerised records, but the country still appears to be completing the move from constitutional principle to a full modern data protection statute.
The Proposta de Lei de Proteccao de Dados Pessoais was positively reviewed by the Council of Ministers and sent to the Assembly in March 2026. Official material presents it as a general law applying to public and private entities and to processing on physical and digital supports. It is also designed to establish the future Autoridade Nacional de Proteccao de Dados.
For AI governance, this gap matters a great deal. Many high-impact AI uses depend on large datasets, profiling, inference, automated sorting or sensitive records. Until a general data protection law is enacted and enforced, organisations must work from a thinner mix of constitutional rules, electronic-transactions safeguards, sector controls, contracts, internal governance and general administrative and judicial principles. That is a workable baseline, but not a detailed modern AI-and-data rulebook.
Cybersecurity and digital infrastructure law already shape AI deployment
Mozambique's cyber policy layer is more developed than its AI-specific law. The country has a National Cybersecurity Policy and Implementation Strategy, and it has also been developing cybercrime and cybersecurity legislation. Official reporting indicates those bills moved forward politically, but the exact final promulgation and entry-into-force status is not fully settled across the sources reviewed, so their present legal status should be checked carefully before being treated as operative hard law.
What is already clearer is the infrastructure layer. At the end of 2025, Mozambique approved regulations for data centres and for cloud computing. These are important for AI because many AI systems are not regulated where their model is built, but where data is hosted, processed, transferred and operated. The cloud regulation is especially notable because it applies to providers active in Mozambique whether or not they are established in Mozambique. That gives Mozambique a real point of legal contact with cross-border AI services.
So, even without an AI-only statute, AI infrastructure is no longer legally invisible. Hosting, licensing, supervision, technical instructions and information-security requirements are already part of the regulatory picture.
The draft AI strategy points to an ethics-led and sector-priority model
Mozambique's 2024 Science, Technology and Innovation Policy is one of the clearest official signals of direction. It says the country lacks adequate regulatory frameworks for emerging technologies such as AI and it explicitly calls for development of a national strategy for AI aligned with ethics. That makes the current AI strategy process more than a symbolic exercise. It is part of a wider state programme to modernise the country's digital and innovation architecture.
The draft National AI Strategy is broad. It frames AI as part of national digital transformation and places strong emphasis on ethics, transparency, security, inclusion and sovereignty over data. It adopts a practical, developmental structure rather than a narrow compliance-only one. The draft lays out priority pillars across innovation and infrastructure, education and skills, health and science, climate and agriculture, governance and public services, culture and tourism, entrepreneurship and the economy, and energy and environmental impact. It also refers to projects tested in laboratories and sandboxes, monitoring indicators, inter-institutional coordination and international cooperation.
At the same time, the strategy is still a draft, and some internal details may still change. The text itself appears to contain a few signs of fluidity, including references to eight pillars in one place and seven in another, and a governance chapter that refers to a "National AI Council" rather than CNIA by name. That is normal draft-stage movement, but it is also a reminder not to mistake consultation text for final law.
Regional alignment matters, but Mozambique is not simply copying foreign models
Mozambique's direction is shaped by African Union instruments more than by straightforward legal transplantation from Europe. The country has already ratified the African Union Convention on Cyber Security and Personal Data Protection, often called the Malabo Convention. Its current digital and cyber reform path is framed against that continental backdrop.
The African Union Continental AI Strategy also matters. It gives member states an Africa-centred frame for AI development, one that ties ethics and rights to development, inclusion, capacity-building, research, infrastructure and digital sovereignty. Mozambique's own AI and data-governance materials fit that general direction.
That does not mean foreign models are irrelevant. The draft AI strategy discusses international references, including UNESCO, the OECD and the EU AI Act. But Mozambique has not yet codified a formal risk-tier AI model in hard law. Its present approach is closer to an emerging hybrid: constitutional rights, horizontal digital law, infrastructure regulation, sectoral controls, and a soft-law AI strategy designed around national development priorities.
Examples
Example 1: Participating in rule-making is part of real AI governance in Mozambique. INTIC published the first draft of the National AI Strategy for public consultation from 4 May to 4 June 2026 and ran consultation activity around the country. If your business or institution uses AI in Mozambique, commenting on draft policy is not peripheral. It is one of the few direct ways to shape the near-term rulebook.
Example 2: A cloud-hosted AI service aimed at Mozambican users may already fall inside Mozambique's infrastructure rules even if the provider is based abroad. The current cloud framework is built around registration, supervision and licensing, and it reaches providers active in Mozambique whether or not they are locally established. For buyers of AI services, vendor location is therefore not the only legal question. Service activity in Mozambique is also relevant.
Example 3: A ministry, donor project or contractor deploying AI for public-service triage, case handling, forecasting or citizen interaction should not wait for a future AI Act before building controls. Today's baseline already points toward lawful data handling, secure system design, interoperability discipline, human oversight and auditable public administration. The draft National AI Strategy goes further by naming governance, justice and public services as one of the country's core implementation pillars.
Common misunderstandings
" Mozambique already has a comprehensive AI law." No. The country is building an AI framework, but the sources reviewed do not show a single comprehensive AI Act currently in force.
" If there is no AI Act, AI is unregulated." No. Constitutional rules, digital-transactions law, infrastructure regulation, cybersecurity instruments and sector law already apply.
" The draft National AI Strategy is binding law." No. It is an important policy instrument in consultation, but it is not the same thing as enacted legislation.
" Parliament moving a bill forward means the law is already in force." Not necessarily. In Mozambique's current cyber and data reform process, some instruments are still pending final legislative or promulgation steps, and legal status should be checked carefully.
" AI regulation is just a privacy topic." No. Privacy is central, especially while the general data protection bill is pending, but AI governance also involves hosting, cloud use, cybersecurity, procurement, interoperability, public-sector administration and sector-specific compliance.
Risks and boundaries
Mozambique's AI governance framework is still being assembled, so legal certainty is uneven. The country has important building blocks, but not yet a settled AI statute with mature definitions, classifications, regulator practice and AI-specific sanctions.
There are also live status questions. The personal data bill is still pending. Cybersecurity and cybercrime legislation has clearly advanced, but the final in-force status is not consistent across all official materials reviewed. The National AI Strategy was still in public consultation through 4 June 2026, so its institutional design, priorities and implementation machinery may still change. Even the draft text shows signs of movement in its governance chapter.
This also means Mozambique should not be described as a fully risk-based AI jurisdiction yet. Risk-sensitive thinking is visible, especially through ethics, safeguards and sector prioritisation, but it is not yet fixed in hard law as a formal AI risk taxonomy.
Finally, this page does not replace sector-specific legal review. AI used in health, finance, telecoms, education, employment, public administration, critical infrastructure or cross-border cloud arrangements may trigger extra duties that sit outside any future AI-specific rulebook.
What to do next
First, map every AI use case you already have in Mozambique, including pilots, vendor tools, analytics systems, automated decision support and customer-facing features. Separate low-impact experimentation from systems that touch personal data, public services, safety, eligibility, identity or financial decisions.
Second, treat current compliance as a layered exercise. Review constitutional privacy exposure, electronic-transactions requirements, cybersecurity controls, hosting arrangements, interoperability needs and sector-specific rules. Do not wait for a future AI Act to begin documenting purpose, data sources, human review points, testing and incident handling.
Third, review where your AI service is actually hosted and who provides the infrastructure. If the service depends on cloud or data-centre operators active in Mozambique, include the local digital-infrastructure rulebook in procurement and vendor diligence.
Fourth, prepare now for the next wave of law and guidance. The three highest-priority watch items are the finalisation of the National AI Strategy, the progress of the personal data protection bill, and the status of the cybersecurity and cybercrime bills. Also monitor how CNIA begins to define its practical role.
Fifth, if you buy or build AI for the public sector, design for transparency, auditability and contestability from the start. Mozambique's legal direction is clearly toward stronger governance, not weaker governance, even if the final form is still emerging.
Have a question or a suggestion, or want to understand how we research and review these guides? Read about our editorial standards and how to reach us.
FAQs
Does Mozambique already have a dedicated AI law?
Not on the sources reviewed as of 8 June 2026. Mozambique is developing an AI-specific framework, but current governance still relies mainly on existing constitutional, digital and sectoral rules.
What is the most important AI-specific development in Mozambique right now?
The two biggest developments are the creation of CNIA by Decree No. 14/2026 and the draft National AI Strategy that was opened for public consultation from 4 May to 4 June 2026.
Who is responsible for AI governance in practice?
INTIC is currently the main public institution leading AI, data and digital-governance reform work in practice. CNIA adds an AI-specific consultative layer. Sector regulators and, if enacted, a future data protection authority will also matter.
Does Mozambique have a general data protection law in force?
The sources reviewed point to a pending general personal data protection bill, not a fully enacted and settled general statute already in force. Constitutional privacy protections still matter in the meantime.
What laws apply to AI today if there is no AI Act?
The main live layers are constitutional privacy and computerised-data protections, the Electronic Transactions Law, digital-government rules, cloud and data-centre regulation, cybersecurity policy, and sector-specific law where the AI system is used.
Can foreign AI or cloud providers still fall under Mozambican rules?
Yes. Mozambique's cloud framework is drafted to apply to providers active in Mozambique even if they are not established in the country, which is important for imported AI services.
Is Mozambique copying the EU AI Act?
Not directly. European instruments are influential reference points, but Mozambique's path is more clearly tied to African Union strategy, digital-sovereignty concerns and national development priorities.
Are the cybersecurity and cybercrime laws definitely in force already?
Their status needs careful checking. Official reporting shows major legislative progress, but the materials reviewed do not provide a fully consistent picture of final promulgation and entry into force.