Digital sovereignty, as a principle, has been a central driving force in much of the emerging African data, digital and Artificial Intelligence (AI) policy positioning. The concept of “digital sovereignty” refers to the idea that individuals, communities, or countries should have meaningful control over their own digital experience - generally looking at questions of jurisdiction for rules, but also looking at the broader political implications of digital technology on the lived experience of state sovereignty. Policy is looking primarily at the question from the perspective of the nation state. Further, data sovereignty can be understood as a sub-sect of digital sovereignty (or a partner concept, if preferred) - and in policy practice looks more at the data infrastructure side of things, trying to answer questions like: Where is data stored, and who owns the infrastructure on which it is stored?
Sovereignty is so important as a concept in policy because it is about understanding who or what has controlling power, and how countries might better maintain and secure their own power within a policy space.
The question of digital sovereignty in Africa has been well constructed within the context of data and digital colonialism, because the reality is that the Global South, including the Sub-Saharan African region, is being “computationally appropriated and siphoned” to power technologies from outside of the continent, with little safeguarding or fair economic exchange, as a result of external tech monopolies. Digital services are dominated by a handful of American firms (Google, Amazon, Facebook, Apple, Microsoft - GAFAM) and Chinese firms (Baidu, retail Alibaba, platform Tencent and Xiaomi - BATX), and these monopolies are the source of this extractive pattern (the monopolies look only slightly different with AI services).
As part of our work on the Digital Democracy Innovation in Sub-Saharan Africa Fund (DDISA), which we are implementing in partnership with CIVICUS, the Civic Tech Innovation Network and Wits Enterprise, we have been considering the broader digital democracy ecosystem for Sub-Saharan Africa to understand the context in which beneficiaries will be implementing their Fund activities. As part of this work, I thought it would be an opportune moment to address some under-discussed preconditions we need in order to realise the digital sovereignty our governments are hoping to claim in their policies. And while there are many, I will touch on just three.
Data sovereignty is the foundation
When describing the technologies of the fourth industrial revolution, Klaus Schwab highlighted that being data-driven was in fact a key characteristic of the technologies that predominate our new economic order. The pursuit of data sovereignty by the state – which is essentially state-level efforts to exert control over data and its flow – is therefore a very foundational economic project. But the strategies to exert that control exists along a spectrum, with data localisation rules (these are government rules that mandate that data is stored in the country of origin) being one extreme version of strategy.
Whilst we don’t need to go into government strategies on data sovereignty generally, what needs to be noted is that controlling data is obviously not just about rules, but also about infrastructure. Governments will not be able to practically realise data sovereignty without the infrastructure capacities internally to benefit from that data – and most benefit in data is realised by its use, not simply its “holding”. It is unsurprising then, that when describing the foundations for asserting AI sovereignty in domestic markets through investment, researchers have prioritised a “triad” of compute, algorithms, and data.
Yet, even in Sub-Saharan African countries where there is data and digital infrastructure, much of that is in fact foreign-owned (or significantly foreign-controlled). Recent research has demonstrated that Africa is exemplified by a “technology hub hegemony” in the region, with resources disproportionately represented in South Africa, Kenya, and Nigeria. However, this investment has largely been through foreign private sector-led investment that has prioritised monopolisation of subsea cables and hyper-scale data centres – in other words, ensuring externally-controlled infrastructure dominance for extractive benefit. Ownership of infrastructure truly matters for pursuing a public benefit agenda for digitalisation, which is, in fact, the base of the growing pursuit of “digital public infrastructure” in development agendas. Yet the reality is that much of African infrastructure (even beyond data infrastructure) is not locally owned.
Digital sovereignty requires capacity to enact that sovereignty
To truly control something, you need the capacity to do so (as parents everywhere will lament). And the need for foundational digital capacities in considering the question of digital sovereignty is more nuanced than simply promoting computer skills. When policy emphasises control, a realistic assessment must be made on whether or not that control can be exercised – but also across which actors that is required. As Klaaren noted when reviewing South Africa’s former Draft National Data and Cloud Policy, “over-reliance on state capability in South Africa” has often been prescient of policy failure.
In the context of digital sovereignty in particular, as I have already highlighted, infrastructure is required. But so are the technical skills to manage and utilise those infrastructures efficiently. That is a skills question that implicates the domestic workforce of countries. But technical skills are also required to ensure that the technology choices that are actually made can forward a sovereign agenda. Many African states promoting digital sovereignty agendas nevertheless make technology purchasing decisions that consistently render them reliant on external big tech companies – the vendor lock-in that frequently results must be understood as a sovereignty problem, and not just a competition problem.
And regulatory enforcement is just as important. The Nigerian government’s recent “cancellation” of the $32.8 million fine to Meta, lawfully issued by its data protection authority in response to consistent data privacy breach against Nigerian users, exemplifies how states will need to comprehensively build the capacities of their regulators by reinforcing and legitimising their enforcement power.
Political sovereignty for digital sovereignty
What the Nigerian example above in fact additionally highlights, is a more significant point – that digital sovereignty can not be divorced from a country’s existing political economy. In May, as part of our DDISA activities, OpenUp was scheduled to host an interactive session at the massive digital rights conference, RightsCon. Mere days before the event was held, the Zambian government issued statements unilaterally “postponing” the event, which resulted in the whole event having to be canceled. In the statement issued by the RightsCon team – and subsequent news reporting – it became clear that this was a result of interference by the Chinese government.
This is significant for understanding the realities of digital sovereignty on multiple levels – the first is that the very governments claiming digital sovereignty as a priority, are undermining the civic and academic engagement that would grow the enabling environment to enact that sovereignty domestically.
The second requires acknowledging a far more complicated truth: That digital sovereignty requires political sovereignty. Sovereignty must be exercised not just in technology choices, but also in the political choices countries make. An excellent example of this challenge has been seen in the flurry of African countries entering into negotiations for bilateral agreements with the current US government for health aid. A central tenet of the US’ “negotiations” is providing them with priority access to African pathogen data in exchange for finance (which is also undermining the World Health Organisation’s plan to organise pathogen data access for benefit sharing). While Ghana has rejected such offers in order to exercise its data sovereignty, several other African countries have not. Very importantly, Kenya’s “deal” was only halted because of that country’s High Court granting an injunction against the agreement on data protection grounds, providing us with a powerful example of how institutional and regulatory strength can counter political attempts to undermine digital sovereignty in the region in practice.
In closing, what this moment requires of African governments that ostensibly prioritise their digital sovereignty, is understanding that sovereignty is a practice.
Claiming sovereignty in policy documents while ceding it in procurement decisions, bilateral negotiations, and regulatory retreats, is a contradiction that no framework can resolve. The work of sovereignty is daily, institutional, and contested. We should not allow the sentiment of the term to disguise the reality of the lived experience.
This blog was prepared by OpenUp as part of our activities under the Digital Democracy Innovation in Sub-Saharan Africa Fund.
