Ethiopia boasts one of Africa’s largest populations and a growing digital economy. By 2028, Ethiopia's digital economy could contribute approximately ETB 1.3 trillion (approx. USD 10 billion) to GDP, according to GSMA. To boost the digital economy, the government launched the Digital Ethiopia 2025 and the National Digital Payments Strategy. On the international stage, Ethiopia received funding of USD 200 million from the World Bank for the Digital Foundations Project and actively participates in the African Continental Free Trade Area.

But what do Ethiopia’s domestic digital policies stand for? Our DPA Digital Digest provides a succinct overview of the latest policy and enforcement developments in major policy areas and Ethiopia-specific points of emphasis.

• Data governance: Ethiopia implemented the Personal Data Protection Proclamation and mandates data localisation for personal data and critical infrastructure data.

• Content moderation: Ethiopia issued proclamations to combat illegal content online, including a dedicated framework against hate speech and disinformation.

• Competition policy: Ethiopia applied its general competition framework to digital markets and adopted competition regulations for the telecommunications sector. 

• Artificial Intelligence: Ethiopia approved a National AI Policy and established the Ethiopian AI Institute to guide AI development.

• Ethiopia’s points of emphasis include the taxation of the digital economy and digital payments.

Jump directly to the section that interests you most:

Discover the details of Ethiopia's regulatory approach on our dedicated country page.

Remain up-to-date on new and upcoming developments with our free notification service. 

Written by Maria Buza, Saskia von Mutius and Sherif Taha. Edited by Tommaso Giardini.

In July 2024, Ethiopia implemented the Personal Data Protection Proclamation. The Proclamation grants individuals the rights to access, rectify, erase, and restrict the processing of their personal data, and to object to automated decisions. Controllers and processors must ensure lawful, fair, and transparent data processing, register with authorities,  and report data breaches within 72 hours. The processing of sensitive data, such as health, political, religious, or criminal information, is generally prohibited with certain exceptions, including consent or legal obligations. Before engaging in high-risk processing, controllers and processors must conduct a data protection impact assessment, particularly when dealing with sensitive data or automated profiling. They are required to consult the Ethiopian Communications Authority (ECA) if the assessment identifies high risks. Additionally, the Proclamation requires controllers and processors to register and establish age verification mechanisms when processing children's data.  

Ethiopia's cybersecurity framework comprises several sectoral frameworks. 

• In July 2016, the Computer Crime Proclamation established protections for "critical infrastructure," defined as systems whose compromise would significantly affect public safety or national interests. The law imposes penalties for offences against such infrastructure and grants authorities, including the Information Network Security Administration (INSA), emergency powers to conduct surveillance when attacks appear imminent and implement preventive measures. 

• In June 2020, the Electronic Transactions Proclamation established cybersecurity requirements for e-commerce platforms, mandating secure data transmission and storage, among others. 

• Regarding the financial sector, the National Bank issued the financial consumer protection directive in February 2021 and rules for information technology management of microfinance institutions in April 2022.

Ethiopia maintains several data localisation requirements. 

• The Personal Data Protection Proclamation requires data controllers and processors to store personal data collected or obtained locally on a server or data centre within Ethiopia. The ECA must define criteria for categorising specific types of personal data as "critical," based on strategic national interests, which will require such data to be processed solely on servers or data centres located within Ethiopia. To date, these criteria have not been published.

• In August 2021, the ECA adopted the consumer rights directive, which mandates telecommunication providers to process consumer personal data exclusively on servers or data centres located in Ethiopia.

The Personal Data Protection Proclamation outlines four mechanisms for lawful data transfers:

• The data controller or processor proves to the ECA that the jurisdiction ensures adequate protection;

• The data subject gives explicit consent after being informed of the risks;

• The transfer is necessary, for contract performance, public interest reasons, legal claims, or protection of vital interests; or 

• The transfer is made from a register that, by law, is intended to provide information to the public. 

The ECA oversees compliance with data protection rules. There are currently no public, official sources on enforcement action or guidelines by the ECA.

Cybersecurity compliance falls under the purview of the INSA, which publishes annual reports but has not disclose details of individual enforcement cases.

• In October 2024, the INSA reported that it addressed approximately 8,854 data breach cases while working to raise awareness among critical institutions and develop enhanced cybersecurity regulations.

• In October 2023, INSA identified 657 risk-level gaps across 123 infrastructure providers, attributed to financial constraints and insufficient expertise.

Ethiopia's content moderation framework is built on two core regulatory frameworks.

In March 2020, the Hate Speech and Disinformation Prevention and Suppression Proclamation was implemented. The law defines hate speech as communication that promotes hatred, discrimination, or attacks based on characteristics such as ethnicity, religion, race, gender, or disability. It also criminalises disinformation, defined as false information shared with the intent to incite public disturbance or violence. Social media platforms are required to take preventive measures, remove flagged content within 24 hours, and establish internal policies to meet these obligations.

The 2016 Computer Crime Proclamation criminalises the dissemination of illegal content, including obscene material involving minors, content that threatens, intimidates, or causes distress to individuals or groups, and material inciting violence or public disorder. Service providers, defined as entities offering technical data processing, communication services, or alternative infrastructure, are subject to criminal liability if they are directly involved in disseminating or editing illegal content, fail to remove or block access after becoming aware of its illegality, or do not act upon notification from authorities. They must report such content to the Information Network Security Agency and the police, and take appropriate action.

At the international level, Ethiopia participates in several initiatives on online content:

• In February 2024, the Association of African Election Authorities adopted the Digital and Social Media Guidelines, which establish standards for the responsible use of digital platforms during electoral processes.

• In May 2024, the African Union adopted the Child Online Safety and Empowerment Policy, which provides a framework for protecting children online while promoting digital literacy.

The Ethiopian Broadcast Authority oversees compliance and conducts public awareness campaigns, while the Human Rights Commission focuses on combating hate speech through education. Currently, there are no public, official sources on enforcement action or guidelines related to Ethiopia's content moderation framework.

The Digital Ethiopia 2025 Strategy, launched in 2020, explicitly recognised the need to address competition issues in digital markets as part of the digital transformation. To date, Ethiopia has not adopted specific rules for digital competition and instead applies the 2013 Trade Competition and Consumer Protection Proclamation. The Proclamation addresses anti-competitive practices across all sectors, prohibiting the abuse of market dominance as well as anti-competitive agreements and unfair trade practices. Furthermore, the Proclamation regulates mergers and acquisitions. 

Additionally, the Ethiopian Communications Authority (ECA) is responsible for promoting competition in the telecommunications sector. In July 2021, the ECA issued the competition directive, including measures related to licensing, interconnection, and service quality. It aims to address anti-competitive practices and maintain fair competition among service providers.

The Trade Competition and Consumer Protection Authority (TCCPA) is the primary enforcement body responsible for investigating violations, issuing decisions, and imposing penalties on entities engaged in anti-competitive practices. Currently, there are no publicly available official sources on enforcement action or guidelines specifically addressing digital competition.

Ethiopia has not yet adopted laws or regulations specifically governing the development and use of Artificial Intelligence (AI).

In June 2024, Ethiopia's Council of Ministers approved the National AI Policy, which outlines the government's objectives for the AI sector and provides a framework for its integration across various areas. The policy includes guidelines on data management, governance structures, and human resource development to support the responsible and effective use of AI technologies. It aims to ensure that AI systems are lawful, ethical, and trustworthy

The Ethiopian AI Institute (EAII), established in 2019 and restructured in April 2022, serves as the primary body responsible for AI research and development. The EAII is tasked with formulating AI policies, laws, and regulations, authorising the use of AI infrastructure and research for national development, and certifying imported AI technologies for domestic use. Currently, the EAII focuses on AI robotics, machine learning, natural language processing, and computer vision. 

At the international level, Ethiopia endorsed several international initiatives on AI governance.

• In February 2025, Ethiopia joined members of the African Union, the European Union, the G20, the G7, and the United Nations in adopting the Statement on Inclusive and Sustainable Artificial Intelligence for People and the Planet.

• The African Union, of which Ethiopia is a member, adopted the Continental Artificial Intelligence Strategy for digital transformation and the AI Governance Framework, as well as a cooperation agreement on AI research and development with China. 

• In February 2024, the Digital Trade Protocol to the African Continental Free Trade Area was adopted. It requires parties to facilitate the adoption and regulation of emerging and advanced technologies, aligning with public policy and security interests, and to develop governance frameworks ensuring ethical, trusted, safe, and responsible use.

There are currently no public, official sources on enforcement action or guidelines related to Ethiopia's artificial intelligence framework.

In July 2024, Ethiopia introduced a 15% value-added tax (VAT) on cross-border digital services. The tax applies to "remote services" provided by non-resident suppliers to consumers within Ethiopia. Non-resident providers may also face VAT obligations for services physically performed in Ethiopia, including those related to immovable property, inbound tourism bookings, and telecommunications used solely within the country. VAT applies to business-to-consumer transactions where the recipient is considered based in Ethiopia, determined by factors such as billing address, bank account, geolocation, and delivery method. Digital platforms facilitating these services are also liable for VAT if they authorise charges, manage delivery, or set supply terms. Non-resident providers must register for VAT if their taxable sales exceed 2 million ETB (approx. USD 17,500) in any 12-month period.

In February 2023, Ethiopia amended the National Payment System Proclamation, reaffirming the exclusive authority of the National Bank of Ethiopia (NBE) to license payment system operators and issuers of payment instruments. The amendment also opened the sector to foreign investors, subject to specific criteria aimed at protecting the integrity of the payment system. To implement these changes, the NBE issued a directive in October 2023 outlining the licensing and authorisation process. The directive covers the issuance of payment instruments, including electronic money, and establishes know your customer and anti-money laundering due diligence measures. Furthermore, it imposes capital requirements and an investment protection fee on foreign nationals. The measures build upon the NBE's April 2020 directive, which allowed non-financial institutions, such as mobile operators and fintech companies, to offer mobile money services.