In Q4 2024, we’ve been engaging with regulators, policymakers and mobile network operators on data privacy and AI policies across the digital ecosystem. Our part one blog provided macro-regional updates from the Asia-Pacific (APAC), Europe and Latin America (LATAM). This part two blog covers high-level updates on regulatory developments in Sub-Saharan Africa (SSA), Middle East and North (MENA), Central Asia and China. Finally, we reflect on some of the emerging themes from our engagements.
SSA: regionalising in progress
AI is gradually spurring Africa’s socio-economic development in the healthcare, agriculture, and education sectors. The African Union has endorsed the Continental AI Strategy to harness AI for sustainable growth while addressing ethical concerns and promoting local solutions. National governments in South Africa, Nigeria, Zambia, Kenya and Benin have initiated national AI plans, strategies and labs to foster collaborative public-private partnerships (PPPs) by emphasising social impact, digital public infrastructure, innovation, research and development and aligning with data privacy frameworks.
In October 2024, GSMAi launched the Digital Africa Index, comprising two composite indices: the Digital Nations and Society Index (DNSI) and the Digital Policy and Regulatory Index (DPRI). In the DPRI pillars and indicators, we measured data privacy, cybersecurity and cross-border data flow frameworks of 54 African jurisdictions. While these are evolving, we’re seeing promising progress towards regional cooperation and capacity building in data protection, cybersecurity, AI taxonomy, and literacy.
MENA: mobilising initiatives
The Gulf Cooperation Council (GCC), Bahrain, KSA, Oman, Qatar, the Qatar Financial Centre, the UAE, the Abu Dhabi Global Market (ADGM) and the Dubai International Financial Centre (DIFC) have data protection laws and frameworks. Kuwait has data privacy protection regulations applicable to certain telecommunications providers. In the wider MENA region, Algeria, Egypt, Jordan, Morocco, Tunisia, and Turkiye have data protection laws and frameworks in place. Some of these countries have been adopting and promoting a ‘soft law’ approach by way of guidelines and principles—for example, the UAE AI Strategy of 2031, Digital Dubai, and Saudi Vision 2030. The UAE Minister of State for AI, Digital Economy and Remote Work Applications (Ministry of AI) issued guidance on deep fakes and 100 practical applications and use cases of generative AI. Such present and future initiatives will accelerate AI governance, data privacy, cybersecurity, and data governance as part of end-to-end business processes and adoption. Ongoing initiative includes the Arab AI Working Group under the umbrella of the League of Arab States. At M360 MENA, we learned that the Saudi Data and Artificial Intelligence Authority (SDAIA) and ITU’s AI Readiness Framework are built on six pillars: code, data, research, standards, test environments, and optimisation.
Central Asia: observing and learning
Digital economy and transformation initiatives at national levels have been the cornerstone of integrating AI with existing policy and regulation. Kazakhstan, Kyrgyz Republic, Tajikistan, Turkmenistan, Uzbekistan and Mongolia have data privacy laws and frameworks. There’s an ongoing initiative by Tajikistan to develop a long-term strategy by 2040 towards the holistic development of AI, including legal, institutional and infrastructural frameworks. Ambitiously, Kyrgyz Republic published its concept on digital transformation for 2024-2028, and in Kazakhstan, the Office of the Commissioner for Data Protection at the Astana International Financial Centre (AIFC), in collaboration with Digital Rights Centre Qazaqstan (DCRQ) published a publicly accessible guide on data protection and AI. Central Asian nations have been observing and learning from other countries’ national data privacy, AI, cybersecurity and wider policies and integration approaches through coordination, coexistence and cooperation.
China: advancing and regulating
China’s data privacy laws and frameworks are governed by the Personal Information Protection Law (PIPL), Cybersecurity Law, Data Security Law (all of these have been enforced), and Network Data Security Management Regulations (effective 1 January 2025), administered by China’s National Data and Cybersecurity Regulator, Cyberspace Administration of China (CAC). The complex implementation of these laws has impacted stakeholders in the digital and mobile ecosystem to continuously monitor its regulatory compliance under the pillars of content moderation, data protection, and algorithmic governance. Within the provincial governments, Shenzhen and Shanghai issued regulations to promote AI development through the Shanghai Regulations on Promoting AI Industry 2022 and the Shenzhen Special Economic Zone Regulations on AI Industry Promotion 2022. Other initiatives include the Shenzhen AI Industry Association’s New-Generation AI Industry Self-Regulation Convention and the AI Industry Alliance’s Industry Self-Regulation Convention. We observed the tenacious efforts by CAC to align data privacy, security, and governance with the proposed AI laws in the years to come.
Emerging and recurring themes
Understanding data privacy, cybersecurity and AI taxonomy
It’s crucial to align taxonomy in the context of legal interpretation and application and to cascade it through practical applications and use cases that suit a particular country’s culture, people, customs and traditions.
Enhancing collaboration through cross-sector knowledge sharing and capacity building
As reiterated in the AI and Cybersecurity blog, relevant stakeholders, particularly governments, regulators and policymakers, should continue engaging with all sectors to develop outcome-based and evidence-based policies and implementation triggered by collaboration across the digital and mobile ecosystem.
Read part one of the blog focusing on APAC, Europe and LATAM.
With thanks to the GSMA contributors to this article:
Caroline Mbugua, Senior Director, Public Policy & Communications, SSA
Elizabeth Wiltshire, AI Policy Senior Manager
Joe Guan, Head of Policy, Greater China
Amr Hashem, Policy Director, MENA
Tair Ismailov, Strategic Engagement Director, Europe