The African Union Convention on Cybersecurity: A Regional Response Towards Cyber Stability?

Abstract

Following the liberalization of telecommunication markets in African States, and the increasing availability of wireless technologies and broadband capacity, the levels of Internet penetration and ICT access in Africa has continued to grow in a phenomenal manner since the beginning of the new millennium. Internet use statistics indicate that Africa’s Internet user population grew from about four and a half million people in 2000 to about 400 million people in December, 2017. However, widespread ICT access and Internet penetration in Africa has also raised concerns over the need to promote cybersecurity governance and cyber stability across the continent. This prompted the African Union to establish a regional cybersecurity treaty, known as the African Union Convention on Cyber Security and Personal Data Protection, in June, 2014. The Convention imposes obligations on Member States to establish legal, policy and regulatory measures to promote cybersecurity governance and control cybercrime. This article analyzes the nature and scope of the cybersecurity governance obligations under the Convention and examines how the adoption of the Convention can promote cyber stability in the African region. In so doing, the paper also examines the challenges impeding the application of the Convention as a framework for promoting regional cyber stability in Africa. The paper identifies the slow pace of Member State ratification and the absence of effective regional coordination as some of the major reasons why the Convention has not been effectively applied as a framework for promoting regional cyber stability. Therefore, the paper makes a case for the establishment of a regional monitoring mechanism within the AU framework to improve the regional harmonization of cybersecurity governance frameworks, and harness the application of the Convention as a framework for promoting regional cyber stability.