Ethiopia is facing a critical juncture in how it governs artificial intelligence (AI) as the technology becomes ingrained in its digital infrastructure and national security frameworks. While AI holds the potential to enhance public services for millions, it simultaneously poses risks such as misinformation, deepfakes, and fraud.
Last week, policymakers and cybersecurity experts gathered at the Inter Luxury Hotel in Addis Ababa to assess Ethiopia’s readiness for AI-driven cyber threats. The panel discussion, titled “Artificial Intelligence and Cybersecurity in Ethiopia: Exploring the Interface between Law, Policy, and Practice,” was co-organized by the Konrad-Adenauer-Stiftung, the Ethiopian Cybersecurity Association, and the University of Leeds School of Law.
Dr. Kinfe Yilma, a Senior Lecturer in Law & Technology at the University of Leeds, noted that AI has the potential to make cybersecurity threats more “intelligent,” scalable, and subtle. He pointed out that AI-driven attacks are not only more sophisticated but also capable of targeting a wider range of systems and infrastructures. For example, AI algorithms can automate the identification of vulnerabilities in software and networks, facilitating large-scale cybercriminal activities.
“Ethiopia’s exposure to cyber risk is rising faster than its regulatory capacity,” he stated, highlighting the urgency for a robust governance framework.
Panelists from the Information Network Security Administration (INSA), the Ethiopian Artificial Intelligence Institute, Ethio telecom, and the Ministry of Justice addressed the nation’s legal and policy frameworks regarding AI and cybersecurity. Dr. Seble Hailu, Director of the Computing and Analytics Center at INSA, outlined Ethiopia’s legal landscape, referencing global benchmarks like the EU’s AI Act and the Council of Europe frameworks, along with continental initiatives such as the African Union’s AI Strategy.
Ethiopia currently relies on three key policy instruments relevant to AI and cybersecurity: the National Artificial Intelligence Policy, the National Cybersecurity Policy, and the Data Protection Policy. Both the National Cybersecurity Policy and the National AI Policy, adopted in 2024, reflect an increasing awareness of emerging risks. The former emphasizes monitoring, detection, and resilience, while the latter acknowledges that AI systems introduce new cybersecurity challenges, linking public trust to the integrity of data.
The Draft AI Development and Governance Proclamation signals Ethiopia’s intent to shift toward a risk-based regulatory framework. However, Dr. Hailu pointed out that while crimes committed using AI can fall under the existing Computer Crime Proclamation (No. 958/2016), there is no dedicated legislation specifically addressing the unique challenges posed by AI systems.
“This absence creates uncertainty over how responsibility is assigned when automated systems cause damage or facilitate crime,” she explained.
Hana Teshome, a researcher at the Ethiopian AI Institute, mentioned that the National AI Policy attempts to conceptually bridge these gaps. “The policy frames cybersecurity primarily through data privacy and security, explicitly linking AI risks to data breaches and the erosion of public trust,” she said. The policy anticipates that no cybersecurity system is entirely risk-free, expecting breaches that could expose personal information.
Cybersecurity is treated as a conditional requirement for AI system approval, where systems lacking adequate safeguards risk undermining trust, particularly in relation to personal or national data. The policy also acknowledges the use of AI for surveillance and threat detection, assigning INSA the responsibility for safeguarding data confidentiality, integrity, and availability through AI-enabled tools.
Despite its potential, personal data protection remains a weak point in Ethiopia’s regulatory landscape. One year after the implementation of the Personal Data Protection Proclamation, the rollout remains sluggish, with enforcement actions lacking and compliance efforts still ongoing. The Ethiopian Communications Authority is only now finalizing core directives and building a registration portal for data controllers.
Challenges also arise from the operational pressures faced by major telecommunication players like Ethio telecom, which operates much of the country’s digital infrastructure. Yemane Baheri, Ethio telecom’s lead cybersecurity engineer, captured the duality of AI, describing it as “the engine of our service promise and, at the same time, a potential weapon aimed at it.”
This tension is not unique to Ethiopia. Telecommunications companies across the continent, like Safaricom and MTN, are integrating machine-learning models to enhance services but also risk potential exploitation through compromised data. Yemane noted that Ethio telecom is deploying AI to automate workflows and strengthen network monitoring, yet many AI tools reach the market without adequate security measures, leaving them vulnerable to attacks.
To address these risks, Ethio telecom is testing AI systems in controlled environments to develop secure and resilient designs while collaborating with stakeholders involved in critical digital infrastructure.
These operational challenges feed back into Ethiopia’s legal system, where regulatory capacity remains limited. Mezmur Yared, State Minister for Reform and Institutional Building Division at the Ministry of Justice, acknowledged that Ethiopia is in the early stages of regulating AI and cybercrime. While policy directions exist, he cautioned against hasty regulation without sufficient technical grounding, as overregulation could stifle innovation, while delays expose citizens and infrastructure to vulnerabilities.
As Ethiopia navigates the complexities of AI governance, the challenge lies in crafting legislation that is flexible, informed by technology, and backed by institutions capable of enforcement.
See also
Hadrian Launches AI Agents to Counter Cyber Attacks Amid Surge in UK Threats
SENTINEL Framework Achieves 89% Accuracy in Proactive Cyberattack Detection via Telegram
Infoblox CEO Scott Harrell Urges Shift to Proactive Defense Against Unique AI Cyberattacks
AI Security Firms Unveil Real-Time Threat Detection Solutions for Post-Quantum Inference
90% of Organizations Unprepared for AI-Driven Cyber Threats, Study Reveals
