The African Union's Continental AI Strategy in Motion | TLY

AI Regulation Tracker  /  Continental strategy

African Union Continental AI Strategy enters Phase I, a directional plan that previews national AI rules

The AU adopted its Continental Artificial Intelligence Strategy in July 2024, and its first implementation phase, running 2025 to 2026, is now steering member states toward national AI strategies and data-protection-anchored rules. The strategy binds no company, but it foreshadows the laws that will.

African Union Continental AI Strategy enters Phase I, a directional plan that previews national AI rules regulation briefing
The Leveraged Years AI Regulation Tracker

The African Union has moved from adopting an AI strategy to implementing one. The Continental Artificial Intelligence Strategy, titled "Harnessing AI for Africa's Development and Prosperity," was adopted by the AU Executive Council at its 45th Ordinary Session on July 18 to 19, 2024, in Accra, Ghana. The document sets a five-year plan running from 2025 to 2030, divided into two phases. Phase I, covering 2025 and 2026, is the phase now underway, and it is the one that matters for firms trying to anticipate where African AI rules are heading.

What Phase I actually does

The strategy is explicit that Phase I is a foundation-building period, not an enforcement period. According to the document, Phase I "will focus on beginning of all the activities, especially, creating the necessary governance frameworks, national AI strategies and resource mobilisation activities and building the capacities at the AU, RECs, specialised agencies and Member States." It also calls for strategic documents, toolkits, forums, an AI advisory board, and centres of excellence, all between 2025 and 2026. A midterm review is scheduled for 2027, and Phase II, focused on implementing core projects, begins in 2028. The sequencing matters for planning. The first two years produce the templates, advisory structures, and national strategy drafts. The review year tests them. Only from 2028 does the AU expect core projects and actions to move into delivery. A firm reading this timeline should assume that concrete, enforceable national rules follow the same rhythm, with drafting concentrated in the current window and adoption arriving unevenly across markets over the next several years.

It creates no direct duty on companies

This is the point most easily misread. The Continental AI Strategy is directional soft law. It is a common continental vision built around five focus areas and fifteen action areas, and it does not by itself impose any enforceable obligation on a private firm. The strategy states plainly that "AU Member States will have the ultimate and critical responsibility in domesticating this Continental AI Strategy by developing and implementing their national AI strategies." In other words, the binding rules, when they arrive, will be national laws, not the continental strategy. A company cannot be penalized under the strategy. It can, however, be caught unprepared by the national frameworks the strategy is designed to produce.

The data-protection anchor

For firms mapping their exposure, the most useful signal in the strategy is where it plants AI governance. The document ties AI rules to existing personal-data and privacy law, referencing the AU Convention on Cybersecurity and Personal Data Protection, known as the Malabo Convention, and noting that the number of African countries with a data-protection law has more than doubled in the last decade. It flags that member states "will need to review whether existing laws can be amended" to address AI. That tells compliance teams where the first enforceable AI duties are most likely to attach, namely onto data-protection regimes that many of these countries already operate.

The convergence angle for cross-border operators

The value here is in convergence. The AU is coordinating technical support so that interested member states build national AI strategies and legal frameworks along a shared template. Reports describe a large share of interested states already receiving that support, though the AU strategy document itself does not fix a precise count, so the figure should be treated as reported rather than confirmed. The direction of travel is clear enough regardless. A multinational operating in several African markets should expect national AI rules that rhyme with one another and that sit on top of data-protection law. Building to the stricter, data-protection-anchored end of that emerging standard is the defensible planning posture. Firms that already hold themselves to a single high internal AI governance baseline across regions will find this coordination works in their favor, because one well-documented standard can answer many national regimes at once. Firms that run market-by-market patchwork controls face the opposite problem, since each new national AI law becomes a separate remediation project. The strategy also leans on regional economic communities, so operators should watch bloc-level bodies, not only individual capitals, for where harmonized language first appears.

What it does not do

The strategy does not set penalties, license AI systems, or create a continental regulator with authority over firms. It does not preempt or override national law, and it does not bind US or other foreign companies operating in Africa the way a statute would. For a US reader, the closest analogy is a federal strategy that steers states toward model legislation. The teeth come later, at the national level, and they come market by market.

Frequently Asked Questions

What changed with the African Union AI strategy?

The AU adopted its Continental Artificial Intelligence Strategy in July 2024, and the first phase of its implementation plan, running 2025 to 2026, is now active. Phase I builds governance frameworks and helps member states draft national AI strategies, ahead of a 2027 review and a Phase II from 2028.

Who does this affect?

Directly, no private firm, because the strategy is non-binding. Practically, it affects multinationals operating across African markets, along with policy and compliance teams, who should track the national AI laws the strategy is designed to generate.

Does the strategy impose any enforceable obligation on my company now?

No. It is a directional continental framework, not a regulation. Enforceable duties will come from national AI strategies and laws that member states adopt, not from the AU strategy itself.

Where should we expect the first binding African AI rules to appear?

Most likely attached to existing data-protection regimes. The strategy anchors AI governance to personal-data and privacy law, including the Malabo Convention, and asks member states to consider amending existing laws to cover AI.

What is the single most useful action to take now?

Map your African markets against their current data-protection statutes and note where national AI strategies are in development, so you can plan for converging, data-protection-anchored duties before they take effect.

Browse the full AI Regulation News tracker

Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel.