As African nations accelerate their digital transformation agendas, questions of who controls data — and on whose terms — are becoming central to both economic strategy and political sovereignty. The concept of data sovereignty, long discussed in academic circles, is now forcing its way onto the agendas of finance ministers, central bankers, and heads of state.
For a continent where much of the data infrastructure is owned or operated by foreign companies, where cloud services are predominantly hosted in Europe and North America, and where platform economies extract value with limited local reinvestment, the stakes could not be higher.
Defining the problem
Data sovereignty is not a single concept — it encompasses at least three distinct concerns that are often conflated:
- Data localisation: requirements that certain data be stored within national borders
- Data ownership: legal frameworks determining who has rights over data and under what conditions
- Data value capture: ensuring that economic value generated from African data accrues, at least in part, to African citizens and governments
"The question is not whether Africa will be part of the data economy — it already is. The question is whether it will be a subject of that economy or an agent in it."
— Dr. T.M. Waema, TIM CEO
What African governments are doing
The African Union's Data Policy Framework, adopted in 2022, provides a continental reference point that emphasises free flow of data within Africa while protecting against exploitative transfers to third countries. Several AU member states — including Kenya, Uganda, Nigeria, and South Africa — have enacted or are developing national data protection laws that echo GDPR principles while attempting to accommodate African development contexts.
Kenya's forthcoming National Data Governance Policy, which TIM is currently developing, represents one of the most comprehensive attempts yet to operationalise data sovereignty principles within a national framework. It grapples directly with hard questions: should health data be localised? How should government negotiate data access agreements with platform companies? Who benefits when anonymised Kenyan data trains a global AI model?
The path forward
Effective data sovereignty for Africa will require more than good laws. It demands investment in local cloud infrastructure, development of African AI capabilities, cultivation of data-literate public servants, and regional cooperation to prevent a race to the bottom on data standards. It also requires honest engagement with the tradeoffs: strict localisation requirements can raise costs and deter investment; weak frameworks expose citizens to exploitation.
The countries that will emerge strongest from this period are those that approach data governance not as a compliance exercise, but as a strategic capability — developing the institutions, expertise, and frameworks needed to participate as genuine agents in the global data economy.