NTPA Intelligence
Regulatory intelligence and compliance tools covering technology policy across Sub-Saharan Africa's digital economy — 49 markets, 9 regulatory pillars, and regional and continental harmonisation bodies.
49
Markets tracked
9
Regulatory pillars
8
Regional bodies
Weekly
Update cadence
AI Governance
Free
March 2026
AI Governance in Sub-Saharan Africa: A Regulatory and Policy Map
Eight markets at four distinct stages of regulatory development. Nigeria's dedicated AI bill is expected H1 2026. South Africa's draft policy enters public consultation this month. Kenya has a published strategy but no dedicated legislation. Rwanda is the only market with a published national AI policy. Tanzania and Uganda remain at early stage. Across all eight markets, existing data protection frameworks are the operative compliance instruments today.
Fintech
Free
February 2026
CBN Open Banking: Five Workstreams Complete, Go-Live Imminent
Nigeria's five CBN-appointed industry workstreams have completed their deliverables. A phased go-live is expected in early 2026. The consent infrastructure requirement is the component most organisations have been slowest to address and carries the longest build timeline.
Data Governance
January 2026
ODPC Enforcement Scaling: What Kenyan Businesses Need to Address Now
The ODPC formally entered an aggressive enforcement phase following a year in which privacy violation payouts exceeded KES 30 million. Two specific areas drawing active enforcement attention: unsolicited direct marketing and the right to be forgotten.
Member access — Policy Analysis
Subscribe to read →
Data Governance
March 2026
Kenya ODPC Enforcement: Implications for Digital Lenders and Fintechs
The ODPC's enforcement posture shifted materially in 2026. Following a year in which Kenyan firms paid out over KES 30 million in privacy violation awards, the Commissioner has confirmed the office is moving from awareness to active investigation. Two areas are drawing the most attention: unsolicited direct marketing and the right to erasure as applied to loan data held by digital lenders.
For digital lenders specifically, the right to erasure question is particularly consequential. The ODPC has received multiple complaints from borrowers requesting deletion of loan records — including records held by CRBs — on the basis that the data is no longer necessary for the purpose for which it was collected...
Member access — Policy Analysis
Continue reading →
Emerging Tech
March 2026
Nigeria's AI Bill: What It Means for Fintechs and Digital Platforms
Nigeria's National Digital Economy and E-Governance Bill introduces the first dedicated AI compliance framework in Sub-Saharan Africa. For fintechs and digital platforms, the most significant provisions are the risk classification system — which places credit scoring, fraud detection, and automated lending decisions in the high-risk category — and the mandatory annual impact assessment requirement that applies to all high-risk AI deployments.
The foreign AI system registration provision is the least-discussed but potentially most operationally significant element of the bill. Any AI system developed outside Nigeria but deployed within it must be registered with NITDA and approved before deployment. For fintechs using international credit scoring models, fraud detection systems, or AML/CFT AI tools built abroad...
Member access — Policy Analysis
Continue reading →
Fintech
February 2026
ECOWAS Payment Harmonisation: What the BCEAO Framework Means for West African Fintechs
The BCEAO regional payment harmonisation framework represents the most significant structural change to West African fintech regulation in a decade. For licensed payment operators across UEMOA markets, it introduces a single authorisation pathway — meaning a licence obtained in one member state is valid across all eight — but simultaneously raises the compliance baseline that operators must meet to access that benefit.
The practical implication for fintechs currently licensed in Senegal or Côte d'Ivoire — the two most active UEMOA fintech markets — is that the single authorisation is not automatic. Operators must apply to BCEAO for regional recognition, demonstrate compliance with the harmonised technical standards, and maintain ongoing reporting obligations to the BCEAO in addition to their domestic regulator...
Member access — Policy Analysis
Continue reading →
Access all policy analysis and briefs
In-depth analysis on regulatory developments across all 49 markets
Continental Bodies AU · Smart Africa · AfCFTA
▲
| Body | Pillar | Instrument | Status | Note |
|---|---|---|---|---|
| African Union | Emerging Tech | Continental AI Strategy | Phase 1 active | Governance structures due end 2026 |
| African Union | Data Governance | AU Data Policy Framework | Implementation | Member states aligning national policies |
| Smart Africa | Emerging Tech | Africa AI Scaling Hub | Active | Rwanda designated first hub. April 2025 Kigali declaration. |
| AfCFTA | E-commerce | Digital Trade Protocol | Negotiations | E-commerce annex under negotiation |
Regional Bodies
▲
| Body | Pillar | Instrument | Status | Note |
|---|---|---|---|---|
| EAC | Fintech | EAC Payment System Framework | Active | Regional payment interoperability. Cross-border mobile money harmonisation progressing across 8 partner states. |
| EAC | Data Governance | EAC Data Protection Framework | Development | Regional data protection harmonisation in development. Aligning with AU Data Policy Framework. |
| EAC | Consumer Protection | EAC Cybersecurity Framework | Implementation | Harmonised cybersecurity standards across partner states. CERT coordination active. |
| ECOWAS | Data Governance | Supplementary Act on Personal Data | In force | Binding on all 15 ECOWAS member states. Harmonised data protection baseline for West Africa. |
| ECOWAS | Consumer Protection | Supplementary Act on Cybersecurity | In force | Regional cybersecurity and electronic transactions framework binding on all member states. |
| UEMOA / BCEAO | Fintech | BCEAO Mobile Money Regulation | Active | Applies across all 8 UEMOA member states. Single authorisation pathway under harmonisation review. |
| SADC | Data Governance | SADC Model Law on Data Protection | Published | Reference model for 16 member states. Not binding but widely referenced in national law development. |
| SADC | Fintech | SADC Fintech Regulatory Framework | Development | Regional fintech harmonisation. Sandbox framework and cross-border payment coordination in scope. |
| COMESA | Data Governance | COMESA Data Protection Regulations | In force | Binding on 21 member states. Cross-border data flows and data subject rights harmonisation. |
| COMESA | Fintech | COMESA Digital Payment Systems | Implementation | Regional payment harmonisation. Cross-border settlement and interoperability standards across member states. |
| IGAD | Fintech | IGAD Payment System Harmonisation | Watch | Cross-border payment interoperability for Horn of Africa. Early stage coordination across 8 member states. |
| ECCAS / CEMAC | Fintech | BEAC Mobile Money Framework | Active | Applies across all 6 CEMAC member states. Mobile money regulation and payment system oversight. |
| CEN-SAD | Digital Infra | CEN-SAD Digital Economy Framework | Watch | Cross-Sahel digital connectivity and infrastructure cooperation. Early stage framework development. |
East Africa 14 markets
▲
| Market | Active Pillars | Key Development | Status | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 🇰🇪 Kenya | DataFintechAI | ODPC active enforcement. CBK DCP licensing. National AI Strategy 2025–2030 launched. | Active enforcement | ||||||||||||||||||||||||||||
| 🇺🇬 Uganda | DataFintech | NITA-U data protection enforcement. BoU Mobile Money Guidelines under revision. | In progress | ||||||||||||||||||||||||||||
| 🇹🇿 Tanzania | DataFintechAI | PDPA 2022 enforcement ramping. AI policy in draft. BoT mobile money framework review. | Enforcement ramping | ||||||||||||||||||||||||||||
| 🇷🇼 Rwanda | DataAIFintech | National AI Policy published. KIFC fintech hub expanding. RISA as primary digital regulator. | Policy published | ||||||||||||||||||||||||||||
| 🇪🇹 Ethiopia | FintechAI | FATF grey list removal. National AI Strategy 2024 published. NBE mobile money interoperability finalising. | Watch | ||||||||||||||||||||||||||||
| 🇧🇮 Burundi | FintechData | BRB payment framework developing. Data protection law in early draft. | Early stage | ||||||||||||||||||||||||||||
| 🇩🇯 Djibouti | Infra | Submarine cable hub. Central Bank digital payment framework developing. | Watch | ||||||||||||||||||||||||||||
7 more markets — member access
Subscribe to access →
|
|||||||||||||||||||||||||||||||
West Africa 16 markets
▲
| Market | Active Pillars | Key Development | Status | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 🇳🇬 Nigeria | DataFintechAI | National AI bill expected H1 2026. CBN open banking go-live imminent. NDPC enforcement scaling. | Legislation imminent | ||||||||||||||||||||||||||||||||||||
| 🇬🇭 Ghana | FintechDataAI | SEC DASP enforcement active post-Aug 2025 deadline. National AI Strategy published 2023. | Active enforcement | ||||||||||||||||||||||||||||||||||||
| 🇸🇳 Senegal | DataFintech | CDP data protection authority active. BCEAO payment harmonisation. Digital code enacted 2022. | Active framework | ||||||||||||||||||||||||||||||||||||
| 🇨🇮 Côte d'Ivoire | FintechData | ARTCI active regulator. BCEAO payment hub. Digital economy framework advancing. | In progress | ||||||||||||||||||||||||||||||||||||
12 more markets — member access
Subscribe to access →
|
|||||||||||||||||||||||||||||||||||||||
Southern Africa 10 markets
▲
| Market | Active Pillars | Key Development | Status | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 🇿🇦 South Africa | DataFintechAI | Draft National AI Policy entering consultation March 2026. FSCA CASP enforcement active. POPIA enforcement scaling. | Active enforcement | |||||||||||||||||||||
| 🇿🇲 Zambia | DataFintech | Data Protection Act 2021 and Cyber Security Act 2021 in force. BoZ fintech sandbox active. | Framework active | |||||||||||||||||||||
| 🇲🇿 Mozambique | FintechData | Digital economy framework developing with World Bank support. BM payment regulation advancing. | In progress | |||||||||||||||||||||
7 more markets — member access
Subscribe to access →
|
||||||||||||||||||||||||
Central Africa 9 markets
▲
| Market | Active Pillars | Key Development | Status | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 🇨🇩 DRC | FintechInfra | BCC mobile money framework developing. SADC/COMESA harmonisation test case. | Watch | |||||||||||||||||||||
7 more markets — member access
Subscribe to access →
|
||||||||||||||||||||||||
North Africa 6 markets
▲
| Market | Active Pillars | Key Development | Status | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 🇪🇬 Egypt | DataFintech | Personal Data Protection Law 2020 in force. CBE fintech regulatory sandbox active. Smart Africa North Africa engagement. | Framework active | ||||||||||||
| 🇲🇦 Morocco | DataFintechAI | CNDP established 2009 — most developed data protection framework in North Africa. GDPR-adequate. AI strategy advancing. | Framework active | ||||||||||||
4 more markets — member access
Subscribe to access →
|
|||||||||||||||
Access the full SSA tracker — all 49 markets, all 9 pillars
Member access includes every market, weekly status updates, and regional harmonisation tracking
Compliance assessment packs — available individually
🇰🇪
Kenya DPA Compliance Pack
ODPC registration, data subject rights, breach notification, and DPA obligations across all regulated service types.
Gap assessment checklist
Action plan template
Board summary
Penalty reference guide
🇿🇦
POPIA Compliance Pack
All eight conditions, Information Officer registration, operator contracts, and breach response for South African organisations.
Gap assessment checklist
Action plan template
Board summary
Penalty reference guide
🇳🇬
Nigeria NDPR + Open Banking Pack
NDPA compliance and CBN Open Banking framework obligations for Nigerian fintechs and PSPs.
Gap assessment checklist
Action plan template
Board summary
Penalty reference guide
🌍
FATF Travel Rule Pack
Travel Rule compliance for African mobile money operators and cross-border payment providers across SSA corridors.
Data collection requirements
Corridor compliance matrix
Implementation checklist
Sunrise problem guidance
🇬🇭
Ghana SEC Crypto Pack
DASP registration requirements, AML/CFT obligations, and ongoing reporting for digital asset operators in Ghana.
Registration checklist
AML/CFT framework template
Ongoing obligations schedule
Penalty reference guide
Best value
🌍
SSA Fintech Bundle
Regulatory requirements, registration steps, and compliance obligations across all eight priority markets in one document.
8-market country profiles
Cross-market compliance matrix
Multi-market action plan
Regulatory watch list
Get all packs plus policy analysis and the full SSA tracker
Full Intelligence subscription — access everything in one plan