**African Countries Turn to Data Protection Laws to Regulate AI** As artificial intelligence continues to transform industries across the continent, many African nations are opting for an unconventional approach to regulation. Instead of developing comprehensive AI laws, governments are leveraging existing data protection legislation to impose rules on AI-driven decision-making. This strategy, described by analysts at the Future of Privacy Forum (FPF) as a "backdoor" method of AI regulation, is becoming the hallmark of Africa's second wave of digital policy reform. A March 2026 report by FPF examined seven African countries and found that this approach is gaining traction. Unlike earlier laws that largely mirrored Europe's General Data Protection Regulation, newer frameworks are being shaped by local realities, economic priorities, and the impact of AI on African markets. "Data protection and privacy are just one topic in the broader aspect of governance," said Mercy King' Ori, who leads FPF Africa from Nairobi. "There is a realisation that current data protection laws really don't cover all aspects of digital governance." Governments in countries such as Angola, Mauritius, Kenya, Nigeria, Seychelles, South Africa, and Botswana are revising their data protection laws to address AI-driven issues. The logic is straightforward: AI applications rely on large volumes of personal data, so regulating how that data is collected and used becomes a natural entry point for controlling AI itself. In Angola, for instance, the 2011 Personal Data Protection Law is being revised to include provisions targeting AI systems, including automated decision-making, credit scoring, and algorithmic transparency. Angola's revisions introduce the right for individuals not to be subjected to decisions based solely on automated processing, particularly where those decisions have legal or significant effects. Companies are required to explain the logic behind algorithmic decisions, and individuals are given the ability to challenge such outcomes. These provisions closely mirror elements of the EU's AI Act but are embedded within a data protection framework. Other countries are taking less explicit but equally consequential steps. Nigeria is exploring the regulation of social media platforms and developers within its data protection framework. Kenya, meanwhile, is tightening requirements for data controllers and processors—moves that directly constrain how AI systems operate, even without naming AI in the legislation. The urgency around AI regulation is evident, as governments seek to address the complex issues surrounding AI-driven decision-making and data use.