Cyber governance in Africa: at the crossroads of politics, sovereignty and cooperation

Abstract Africa has recently focused on an ambition to achieve digital transformation through the pursuit of various flagship initiatives which are aimed at achieving its ‘Agenda 2063’ objectives. Digital transformation will be better achieved through appropriate cyber governance policies and mechanisms, and the success of Africa’s Digital Transformation Strategy 2020-2030 hinges on diverse factors. According to the Strategy, African governments have a fundamental responsibility to create an enabling environment, with policies and regulations that promote digital transformation across foundation pillars, which include cybersecurity. The Strategy also stipulates the need to reinforce the region’s human and institutional capacity to secure the cyberspace by building trust and confidence in the use of cyber technologies. The aim of the paper is to examine Africa’s cyber governance agenda in relation to peace and security. While there are political dimensions to determining the thresholds of such discourses in Africa, the uncertainties of governance mechanisms, political underpinnings and limitations in digital capacity may mean that international standards of cyber governance have merely been theoretical in the African context. The paper examines Africa’s extant policies and political strategies for cyber governance, and the region’s interaction with international cyber governance processes. The paper further discusses the prospects and challenges to cyber governance in the region, and the approaches to leveraging international cooperation in promoting cyber stability in the region.

engagement and cooperation with Africa, set its focus on boosting the Continent's digital transformation, and strengthening the international rules-based order and the multilateral system (European Union Commission 2020).
In recent years, cyber governance has come to the forefront of diplomatic and political agendas of important bilateral and multilateral meetings (Potter 2002).The discourse continues to thrive both in formal and informal consultations with regional and international diplomatic initiatives. The promotion of security and stability in the cyber environment can be enhanced by adopting appropriate policies, 4 and building cooperative measures which can contribute to appropriate cyber governance. 5 For effective cyber governance, cooperation is imperative because in the context of a borderless cyberspace, collaborative approaches engender shared responsibility amongst states (Mueller 2020) The seventh key action in the United Nations Roadmap for Digital Cooperation is promoting trust and security in the digital environment. 6 To promote trust and security in the digital environment, there is a need for cooperation (Meyer 2020). The recently released 2021 Group of Governmental Experts (GGE) Report 7 reaffirms that " … an open, secure, stable, accessible and peaceful ICT environment is essential for all and requires effective cooperation among States to reduce risks to international peace and security." 8 The UN Open Ended Working Group's (OEWG) final report 9 which further confirmed the results of the reports of the GGE, 10 urges states to cooperate with other states on the implementation of responsible state behavior in cyberspace.
The discussion about governance and cooperation in Africa for security and stability in cyberspace has been largely unexplored (Microsoft 2021). Africa's preparedness for cyber governance bares so many questions in relation to the effectiveness of African governance mechanisms to ensure cyber resilience in the region (Schlehahn 2020) There are also concerns about the preparedness of African states for regulation of the cyberspace through appropriate policies to meet international standards. The disparities in digital capacities and political structures are also a seeming challenge for the implementation of principles of responsible state behavior in cyberspace by African states. There are also concerns regarding African leaders stance and approach toward digital sovereignty and the reality that digital cooperation could imply digital dependence in the face of differing digital capacities. 11 Digital transformation offers Africa tremendous opportunities, however, effective, and efficient digital transformation in Africa can only happen in a trusted, secure and resilient cyber space, hence, it is important to examine cyber governance and the agenda on digital transformation in Africa in relation to peace and security.

Centering cybersecurity in digital transformation
The African Digital Transformation Strategy 12 has highlighted the need for a greater capacity to detect and mitigate cyber-attacks in the region. According to the Strategy, the creation of an enabling environment with policies and regulations that promote digital transformation across foundation pillars which includes cyber security is a responsibility for African governments. 13 The Strategy also states unequivocally that "collaborative ICT regulatory measures and tools are the new frontier for regulators and policy makers as they work towards maximizing the opportunities afforded by digital transformation across industries". 14 In 2014, the African Union Commission adopted the African Union Convention on Cyber Security and Personal Data Protection (hereinafter the Malabo Convention) 15 to provide fundamental principles and guidelines to ensure cyber security, effective protection of personal data and creation of a safe digital environment . The Malabo Convention is an important regional legislation which provides a framework for ensuring cybersecurity in Africa through regulating electronic transactions, protecting personal data and policing cybercrime. The AUC considers the Malabo Convention as a strategy to create a uniform system of cyber governance, ensure unified regulatory approaches between the African Union Member States and promote cyber resilience in the region. The Convention encourages AU member states to recognize the need to protect ICT infrastructure, tackle cybercrime and encourage free flow of information through a unified regulatory framework on cybersecurity.
Since the adoption of the Malabo Convention, the AUC has focused on building capacity through organizing cyber governance capacity building initiatives in collaboration with key partners, Regional Economic Communities (RECs) and member states, to promote a cybersecurity culture, build trust and confidence in the use of ICTs and provide guidance on cybersecurity policy-making. The AUC in cooperation with the Internet Society developed the guidelines on security of internet infrastructure in Africa 16 and guidelines for personal data protection for Africa '. 17 In 2018, the Executive Council of the African Union endorsed 'The AU Declaration on Internet Governance and Development of the Digital Economy' 18 and adopted cybersecurity as a flagship project of the African Union Agenda 2063. 19 In close collaboration with the European Union, the AUC launched the 'Policy and Regulation Initiative for Digital Africa (PRIDA)' with a critical mandate of building capacity of African Internet stakeholder groups in all 55 African Union (AU) Member States on internet governance and cybersecurity matters. 20

A Crossroads of Politics, sovereignty and cooperation
As societies are increasingly digitalized, cyber governance, especially in relation to security, continues to emerge as a policy priority of many governments around the world however, African countries continue to exhibit weak cyber maturity levels (International Telecommunications Union 2021a). The AU member states have diverging interests, and the ineffectiveness of governance mechanisms and lack of capacity in policies, strategies and infrastructure has been a challenge for Africa in addressing cyber governance. In understanding thresholds of stability in cyber governance, politics is certainly a defining factor in Africa (Kerttunen & Tikk 2019) Regional organizations like the African Union are rooted in their respective historical, cultural and political contexts, which further impact their ideologies and capacities in matters such as cyber governance (Pawlak, Tikk, Kerttunen 2020). The creation of legal frameworks and diplomatic relations have political underpinnings, including in conversations about digital sovereignty which resonates with the historical context of Africa in terms of colonization. In these contexts, there are various challenges to how strategies for cyber governance in Africa are addressed toward promoting and ensuring peace, security and stability in cyberspace.

Challenges with laws and policies
Compared to regions such as Europe, Africa lacks a united and cooperative cyber governance agenda. African member States views on cyber governance are not homogenous, with no shared norms and principles (Clifford 2022) Some African governments are keen to prioritize cyber governance and secure critical infrastructure, 21 however, many other governments still regard cyber governance as a non-priority (Nicholas 2018). The reluctance of African States to ratify regional and international conventions is unarguably proof of this. Since 2014, the Malabo convention is yet to enter into force per Article 36 of the Convention by reason of inadequate ratification from the required fifteen (15) African States. 22 The importance of the Malabo Convention to direct cyber governance in the region depends on its adoption by African states. The entry into force of the Malabo Convention will be a major step toward achieving an African regional legal framework and developing shared cyber governance norms and principles.
There is limited participation from African states in global cyber governance processes. The significance and influence of any international or regional agreement or treaty in any country is only to the extent which that instrument has been domesticated and implemented into national law and strategies (Finnemore and Sikkink 1998). The Council of Europe Convention on Cybercrime (the Budapest Convention) 23 was drafted to focus on harmonizing laws and increasing international cooperation promote cybersecurity across borders entered into force since 2001. Only an insignificant number of African countries have ratified the Convention, notwithstanding the efforts of the Council of Europe in promoting cooperation with African states through the AUC.
Africa is made up of sub-regions with well-structured sub-regional organizations which have executive, legislative and judicial independence. These include the Economic Community of West African States (ECOWAS), The East African Community (EAC), the Southern African Development Community (SADC), The Central African Community (ECCAS/CEEAC). While this may be a positive development which reflects wider sub-regional integration and cooperation taking place in Africa, for cyber governance, these sub-regional organizations are engaging in independent strategies and owe no explicit or enforceable obligation to the AUC for their decisions in adopting or prioritizing any cyber governance strategy. Every subregional organization is independent. At sub-regional level, SADC adopted the SADC Model Law on Cybercrime in 2012 to guide and facilitate the harmonization of domestic laws on cybercrime and the ECOWAS adopted the Economic Community of West African States (ECOWAS) Directive on Fighting Cybercrime Within ECOWAS, 2011, including other independent cyber governance strategies being undertaken by the ECOWAS.
The problem of lack of capacity, expertise and skills ripples into the cyberlegislation process. Many African states still have no cybersecurity legislation or cybersecurity strategy. Research shows that only seventeen (17) out of the fifty-four (54) African countries have a national cybersecurity strategy and only three (3) of those countries possess the minimum essential criteria for an adequate cybersecurity strategy (Ajijiola and Allen 2022). According to the International Telecommunications Union (ITU) only twenty-nine (29) out of fifty-four (54) African countries have promulgated a cybersecurity legislation (International Telecommunications Union 2021b).
Cyber-legislation literacy is a challenge for African law makers. Where African countries have laws, there is a need for capacity to implement them. While some states are drafting cyber-legislations, the capacity for effective cyber-legislating and the capacity for implementing such laws is still in question for the region. Such gaps for parliamentarians and policymakers would mean unrealistic cyber governance strategies. An example is Nigeria Cybercrime Law which the Economic Community of West African States (ECOWAS) Court subsequently ruled should be abolished or revised due to provisions that could potentially infringe citizens human rights and restrict cyberspace users' rights to free expression and privacy. 24 There is also minimal understanding of cyber governance realities, therefore such contradictions in legal texts is common. The obvious transplanting of Western cyber governance legislation which often ignore cultural realities and domestic capabilities is common in African jurisdictions.

Ideologies on digital sovereignty
Digital sovereignty is increasingly a recurring debate in international cyber governance discourses (Schmitt 2017). It is particularly interpreted as a huge concern for African governments (Delport 2021). The borderless nature of the internet presents challenges for many African states who are accustomed to controlling all activities in their territory and as such, there is a constant resurgence of the digital sovereignty narrative in the region. It is a regular occurrence for African governments to restrict internet access for citizens, 25 obviously with a misunderstanding of the cyber governance agenda (Lewis 2017). The UN Norms of Responsible State Behavior in Cyberspace calls for states to respect the Human Rights Council and United Nations General Assembly resolutions to promote and protect the enjoyment of human rights on the internet. 26 United Nations experts and high-level officials, including the United Nations Secretary-General, have also formally affirmed that "blanket Internet shutdowns and generic blocking and filtering of services are considered by United Nations human rights mechanisms to be in violation of international human rights law." 27 However, African States understanding of human rights and security coupled with the rampant political instability in the region often collide with the reality and expectations of international human rights frameworks (Calandro 2021). The poise toward controlling the internet is always regarded as a cybersecurity-national security measure and a reinstatement of digital sovereignty by such African states (Ifeanyi-Ajufo 2021).
Overall, such challenges mean that norms related to responsible behavior of states in cyberspace 28 are largely theoretical in an African context. While African States are not alone in the attempts at controlling or restricting the internet, however, beyond politicization, African states' under-resourced institutions which often lack the skills, capacities and financial resources to implement effective cyber governance measures may mean that following such approaches will rather be counterproductive. Considering the region's weakness in cyber governance, it is more beneficial for African States to invest in cooperation, and pursue an international cooperative agenda aimed at enhancing cyber governance.

Digital cooperation strategies
The need to bridge institutional gaps in digital cooperation structures presents political challenges (The United Nations 2021). African states have continued to explore how an agenda of digital cooperation may place Africa strategically to govern cyberspace effectively (Calandro 2021), however, colonialism remains a sensitive issue for Africa and is often at the center stage of interpretations to Western intervention (Said 1993;Said 1978;Hardt and Negri 2000;Dunch 2002). Therefore, digital cooperation and its relationship to cyber governance must also be considered in terms of spheres of influence. There are concerns in Africa that diverse external initiatives are aimed toward digital imperialism rather than digital cooperation. A continuous attempt to emphasize digital sovereignty by African governments can be viewed as a subtle resistance to any disguise of digital dominance in the region and African states have begun challenging existing cooperation strategies and are increasingly insisting that digital cooperation should rather take place on Africa's terms (Teevan 2001). There are no clear international strategies on how to ensure digital equality. For cooperation to thrive, digital equality rather than only capacity building should be at the fore of the discourse. A measure of equal standards in terms of digital capacity and infrastructure should be a core agenda for digital cooperation, rather than merely focusing on capacity building based on charity. There is also a need to consider that digital technologies are not primarily built in Africa which may imply that the idea of the design mechanism for emerging technologies are laced with foreign interests.
China and Russia have been key cooperation players in Africa (Bowmans 2020). China and Russia are also regarded as key partners for enhancing cybersecurity in many African states (Handler 2021). China has been a key player in the provision of ICT Infrastructure for African states, including having a presence in the premises of the African Union Headquarters. China's interest in Africa's cybersecurity landscape cannot be detached from the reality that China designs and produces digital products and services that are mostly used in Africa (Solomon 2021). It has also been opined that in recent years, Russia's influence on governance in Africa 29 has exceeded that of any other external actor through pursuing cooperation on different trajectories such as extending military and security influence, including cyber influence. 30 Russia seems poised toward creating its own sovereign internet, 31 and as cooperation approaches tend to mirror domestic governance approaches, it is logical to argue that Russian and Chinese approaches to cyber governance is having a profound effect in the shaping of the African cyber governance agenda (Klinwachter, 2022).

Challenges with cyber diplomacy
It will be futile to separate the cyber diplomacy agenda from the general diplomacy agenda in Africa. There are political underpinnings to how African nations tend to vote in diplomatic processes, and how they support other states in international diplomatic processes. There are usually compromises and levels of reciprocity in the diplomatic approaches of African governments, for example while only about five (5) African countries have ratified the Council of Europe's Budapest Convention, thirtytwo (32) African countries voted in favor of the December 2018 Russia-backed resolution that required the UN Secretary-General to collect countries' views about cybercrime. Over thirty (30) African countries also voted in favor of the December 2019, Russia motivated UN General Assembly Resolution 32 aimed to create a new cybercrime treaty.
Africa is more disadvantaged in terms of cyber diplomacy and its involvement at the various cyber governance diplomatic processes. African countries have been largely absent from the evolving UN processes on cyber norms development. For example, while it was said that members of the UN Group of Governmental Experts (GGE) processes are selected based on an equitable geographical distribution, in reality, Africa is not always given consideration at such processes in the same way as other regions. Since 2004, only nine African nations held membership in the UN GGE (Calandro 2021). The GGE and the OEWG have advanced immensely in terms of the discussions on cyber governance but the discussions have not adequately considered and reflected the interests of Africa. African realities and domestic capabilities have not been considered at the forefront of the processes in the same manner as those of other regions (Schmitt and Vihul 2017). The UN Security Council's analysis at the first debate on emerging technologies further reinstates the fact that digital inequalities means that in reality, there are few countries which are setting the digital agenda for the rest of the world (Roberts 2021). Again, as Africa lacks trained cyber diplomats, it becomes equally difficult to promote African interests in cyber diplomatic processes (African Union 2018).

Africa's digital capacity
International cyber governance standards often collide with the realities of developing states, particularly the African region which are at the end of the digital divide, and lack the capacity, skills and infrastructure to effectively ensure cyber governance at international standards (Calandro 2021). According to Castells, Africa's ICT infrastructure is meager compared to current world standards and in comparison, there are more telephone lines in Manhattan or in Tokyo than the whole of sub-Saharan Africa (Castells 2001). In his words, the differentiation between the ICT-haves and have-nots "adds a fundamental cleavage to existing sources of inequality and social exclusion in a complex interaction that appears to increase the gap between the promise of the information age and its bleak reality for many people around the world" (Castells 2001). Hence, it is literally impossible for regions like Africa to participate effectively in international cyber governance discourses. There are other infrastructure challenges in the region. Besides being the least digitalized region of the world, many Africa countries also lack minimum infrastructure such as electricity required to advance the benefits of digital technologies thus making non-sense of international cyber governance efforts in the context of Africa. Coupled with the lack of access to basic infrastructure and incessant political conflicts, the African digital transformation agenda has been unclear, further making the digital capacity debate difficult to conceptualize.

Enhancing cyber governance in Africa through cooperation
In examining the existing legal and political strategies for cyber governance in Africa, it is important to consider how cooperation can be leveraged to strengthen cyber governance in Africa. Cooperation as a strategy encourages states toward building strategic partnerships and engaging multilaterally. This must be considered in the implementation of African Union's Digital Transformation Strategy (Ayodele 2021). Cooperation will increasingly be a prerequisite to realization of cyber stability. To promote trust and security in the digital environment, there is a need to focus on stability in cyberspace through compliance to the Norms of Responsible State Behavior, 33 including cooperative measures which can contribute to preventing cyber instability. 34 The norms emphasize on international cooperation. 35 There have been diverse efforts at ensuring cyber governance through cooperation. For the African region, there have been more transparent cooperation efforts by the European Union and the Council of Europe. 36 These efforts toward inter-regional cooperation have included enhancing cyber policy development and building cyber capacity. 37 Europe already began the implementation of a comprehensive strategy with Africa which will support the continent in designing and implementing its own solutions to local challenges in the Political Guidelines for the European Commission 2019-2024. 38 With the nature of cyberspace, multilateralism is an imperative for cyber governance. It is impossible for any African State to ensure cyber stability and curb cyber threats without cooperation. Cyber-activities go beyond national borders and Africa can ensure cooperation through encouraging appropriate cyber governance policies. According to Calandro, "preserving cyber stability is a collaborative effort, and state actors in African countries need to devise cooperative mechanisms to observe and implement norms and include them in their national cyber policy or strategies" (Calandro, 2021).
While the Malabo Convention will assist African states in developing guidelines, and serve as a model legislation that member states may adopt for cyber security legislation, it also has its challenges (Zahid 2016). The anatomy of the Malabo conventionmerging cybersecurity and data protection will be a setback particularly because the data protection provisions of the Convention are not directly worded in terms of cyber security. In the European Union General Data Protection Regulations (GDPR) for example, these matters are kept separate. Overall, most of the Malabo Convention's definitions are less comprehensive than those found in similar instruments such as the Budapest Convention. The idea that the Malabo and Budapest Conventions are competing, and therefore proffer differing interests may also be a challenge. It is important that model laws and conventions such as the Budapest Conventions are understood by African States as complementary to the Malabo Convention and not a replacement for the Malabo Convention. The scope of the Malabo Convention is much broader than that of the Budapest Convention, which is a positive attribute of the Convention, considering that it regulates cyber security, data security, and security of electronic transactions.
To ensure effective cyber governance, policies must direct a multi-stakeholder engagement of all relevant actors working toward the achievement of effective cyber governance. The Malabo Convention underscores this in Article 26. 39 Importantly, the Malabo Convention is poised at the protection of human rights. The Convention contains data protection provisions covering control of personal data. The Convention also requires governments to uphold the African Charter on Human and Peoples' Rights, 40 along with other basic rights such as freedom of expression, the right to privacy, and the right to a fair hearing, among others. The Convention enjoins state parties to enact cybersecurity laws that consider their constitutions and international conventions in relation to human rights. This largely complements the provisions of the Budapest Convention.
There is a need for a reinforced obligation to accord priority to cyber governance in Africa. In developing and designing an agenda for digital cooperation with the AUC and AU Member States, other regional organizations, states and stakeholders would need to reconsider existing digital cooperation strategies (Ifeanyi-Ajufo 2022). Going forward, Africa's reality must be strategically considered on the diverse agenda for digital cooperation. Capacity gaps may not necessarily be similar across regions, so attempts to build cyber capacity in Africa must be approached purposefully, and transfers of capacity and expertise must be strategized to ensure that digital cooperation does not translate into digital dependence (Teevan 2001).

Conclusion
As conversations about digital transformation continue to grow in relevance in the region, Africa must create its own cyber governance agenda. Africa needs a clear framework on cyber governance and a unified approach may serve a right purpose. The ratification of the Malabo Convention by African member states could be a panacea for a united continent with shared norms, standards and principles, providing a prior basis for a common approach to cyber governance across the region. The AUC and the AU Member States should facilitate necessary resources to ensure the ratification of the Malabo Convention and urge AU Member states to take stock of the provisions of the Malabo Convention to promote cyber governance in the region.
The importance of cooperation in the sphere of cyber governance will also be essentially reflected in acceding to the Budapest Convention. This will be particularly important for international cooperation. By ratifying the Budapest Convention, African countries would be furthering better opportunities to receive international support, and legal and technical assistance for promoting cyber resilience in the region and advancing an African agenda on cyber governance (Mbuvi 2011).
Beyond ratification of those instruments, African states must value strategic international and regional partnerships and the adoption of global best practices. Regional organizations have a key role to play in formulating policies and delivering outcomes for cyber governance (Nicholas 2018). As Africa pursues digital transformation, the AUC must continue to create dialogues to reflect on the opportunities and challenges for ensuring cybersecurity in Africa. As states continue to pursue the introduction of global cyber governance principles and standards (Xinmin 2016) they must also pursue a multilateral agenda that realistically affirms cyber norms as global rules (Smith 2017) and which would hold all regions, including Africa, committed and accountable to standards that demand appropriate cyber governance for peace and stability in cyberspace. In the words of the African Union Digital Transformation Strategy, "as Member States of the African Union increase access to broadband connectivity, they are becoming more interconnected and vulnerable … . It becomes critical to reinforce our human and institutional capacity to secure our cyberspace by building trust and confidence in the use of cyber technologies." 41 Governmental Experts (GGEs) on existing and emerging threats, norms, rules and principles of responsible State behaviour, international law, confidence-building and international cooperation and capacity-building, which together represents a cumulative and evolving framework for the responsible behaviour of States in their use of ICTs. 11. For example, there are also many instances where the African Union Malabo Convention appears to put national sovereignty and discretion over international law, for example, under Chapter 3 on Promoting cyber security and fighting cybercrime. 12. The African Union Digital Transformation Strategy for Africa (2020)(2021)(2022)(2023)(2024)(2025)(2026)(2027)(2028)(2029)(2030)

Disclosure statement
No potential conflict of interest was reported by the author(s).