Realities such as the COVID-19 pandemic have expedited the move to online operations, highlighting the undeniable fact that the world is continuing to go digital. This emphasises the need for policymakers to regulate in a manner that allows them to harness digital trade benefits while also avoiding associated risk. However, given that digital trade remains uncoordinated globally, with countries adopting different approaches to policy issues, national regulatory divergence on the matter continues, placing limits on the benefits that countries can obtain from digital trade. Given these disparities, ahead of the African Continental Free Trade Area (AfCFTA) Phase II Negotiations, African countries have been considering the best way to harmonise regulations on issues related to digital trade. To do this effectively, AfCFTA members need to identify where divergencies exist in their domestic regulatory systems. This will allow AfCFTA members to determine where harmonisation is possible, as well as what is needed to achieve such harmonisation.

This report analyses the domestic regulations and policies of four focus countries – South Africa, Nigeria, Kenya and Senegal – comparing their regulatory approaches to five policy issues: i) regulation of online transactions; ii) cross-border data flows, data localisation, and personal data protection; iii) access to source code and technology transfer; iv) intermediary liability; and v) customs duties on electronic transmissions. The study highlights where divergencies exist in adopted approaches, indicating the need for the four countries – and AfCFTA members in general – to carefully consider the implications of the divergences, and determine where it is possible and beneficial to harmonise approaches. This was intended to encourage AfCFTA member states to take ownership of these issues and reflect on the reforms needed.

As seen in Table 1 below, the study shows that the four countries diverge on most of the five policy issues. There are differences in how all four countries regulate online transactions – that is, e-signatures and online consumer protection. Nigeria was the only country out of the four to recognise all types of e-signatures as legally equivalent. Kenya and Senegal only recognise specific e-signatures, which are either issued or validated by a recognised institution, while South Africa adopts a mixed approach, where it recognises all e-signatures as legally valid, but provides higher evidentiary weight to certain types of e-signatures. Only South Africa and Senegal have specific regulations relating to online consumer protection, while Nigeria and Kenya do not have any clear rules.

With regards to cross-border data flows, data localisation, and personal data protection, the study shows that all four focus countries have regulations that consist of elements borrowed from the European Union (EU) General Data Protection Regulation (GDPR). In particular, this was regarding the need for the data subject's consent, and also the adequacy requirement.¹ Interestingly, the study also shows that South Africa, Kenya and Nigeria also adopt data localisation measures, although at different levels of strictness. South Africa’s data localisation laws are mostly imposed on data that is considered critical – which is then required to be processed within South African borders – while Nigeria requires all data to be processed and stored locally, using local servers. Kenya imposes data localisation measures that are mostly linked to its priority for data privacy. Out of the four focus countries, Senegal is the only country that does not impose any data localisation laws.

Although all four of the focus countries seem to favour the mandatory disclosure of source code, the study also shows that the countries remain at different stages in their regulation. Currently, only Nigeria expressly requires multinational enterprises to disclose the source code and algorithms of their software before it is dispatched in Nigeria. This is done for security purposes. In comparison, South Africa only requires the mandatory disclosure of source code where the software will be used by government, while Kenya only promotes the use of open-source software for public services.

Senegal is the only country that does not have any specific regulations on source code disclosure, although it expressed an interest in mandatory disclosure of source code for public services. As shown in Table 1, discrepancies also exist in how the four focus countries regulate intermediary liability. While South Africa and Senegal both indemnify intermediaries where they are unaware of the nature of the content transmitted or stored on their platforms, Nigeria only penalises intermediaries where they are made aware of the illegal content on their platforms but still fail to take it down. In contrast, Kenya has a stricter approach, criminalising any publication of false data or news, wrongful distribution, and so on.

Although the study shows that all four countries share a position on customs duties on electronic transmissions, it is also interesting to note that none of the four countries currently have domestic regulations or policies on the subject.

The report concludes by highlighting that, as the AfCFTA Phase II Negotiations aim to arrive at harmonisation and to improve intra-African trade and international trade, AfCFTA members should reflect on their national policies and domestic regulations to determine where harmonisation is needed, and whether AfCFTA is the right platform for achieving this efficiently.