- The 254 Report
- Posts
- Navigating the Duality in Data Governance, Innovation and Accountability in East Africa
Navigating the Duality in Data Governance, Innovation and Accountability in East Africa
Gerald Kombo
March 12, 2026
The 2nd East Africa Data Governance Conference, convened by the Open Institute, Amnesty International Kenya, the Office of the Data Protection Commissioner, the African Population and Health Research Center (APHRC), and CIPIT at Strathmore University, with support from the Open Society Foundations through OSIEA, brought regulators, researchers, technologists, journalists, civil society leaders, and private sector actors to Nairobi on 10 and 11 March 2026 to confront a single question: is East Africa ready for AI sovereignty, or are we just talking about it?
What AI Sovereignty Really Means
Sovereignty is not a buzzword. It is the ability to stand on your own infrastructure, your own data systems, and your own skills.
Dr. Melissa Omino, Director of CIPIT at Strathmore University and a technology lead for Kenya's National AI Strategy 2025–2030, put it plainly: "What is sovereignty? Having that independence to be able to stand on your own. But then do we have the fundamentals? Do we have the right skills to be able to do that?"
If Kenya, Tanzania, or Uganda decided today to build and run their own AI stack without foreign support, they would run straight into three gaps: infrastructure, skills, and budget. Progress has been made, but not at the level that "sovereignty" implies.
Kenya's National AI Strategy 2025–2030 was launched on 27 March 2025. It came with a detailed implementation roadmap: a green data centre in Naivasha, Nakuru County, reforms to the education system, and dedicated funding for AI skills. One year later, those items are still basically invisible in the budget.
"Has the government put any of these things on budget to say, because there are things that we say need to be there?" Dr. Omino asked.
The Microsoft–G42 Deal Kenya Cannot Power
President William Ruto admitted in November 2025 that the government may have "blindly signed" the $1 billion data centre deal with Microsoft and G42, only to be told afterwards that a single hyperscale data centre would need around 1,000 megawatts of power.
We signed an agreement between G42, Microsoft and Kenya to establish data centres. Later we were told that one data centre requires 1,000 megawatts and our installed capacity is 2,300 megawatts. So for us to operationalise one data centre, we have to shut down half the country.
Dr. Omino referenced this directly: "Just a few months ago, the president came out and admitted that he might have blindly signed this agreement with Microsoft, not knowing that it needed half the power that we generate in Kenya to be able to run it. So we really need to start thinking about the fundamentals."
The Old Open Data Lesson: Kenya on AWS
More than a decade ago, during Kenya's first Open Data wave, the government's datasets were hosted on Amazon Web Services. That decision generated political heat.
Dr. Omino recalled being asked: "Why is Kenya's data on the Amazon cloud?" The irony was that at the same time, government data centres were going down because the money to maintain them had dried up.
That moment captures the dilemma the conference kept circling back to: if you do not invest in serious national infrastructure, you end up outsourcing sovereignty by default.
How the Open Institute Set the Table
The Open Institute, co-founded by Al Kags, an Ashoka Fellow and former World Bank open data consultant who led Kenya's groundbreaking Open Data Initiative in 2011, making Kenya the first African country to release its government data publicly, has been pushing this conversation for over a decade.
Programme Lead Christine Ajulu, who represented the Open Institute at the India AI Impact Summit 2026, coordinated the two-day programme alongside Victor Ndede, Head of Programmes at Amnesty International Kenya and one of Kenya's Top 40 Under 40 Men in 2025. Victor described the Open Institute and Amnesty as "the first adapters in a space that nobody even knew what it was."
Philip Kisaka, Chief Privacy Officer at DPO 360 Africa, moderated the plenaries and made sure the questions stayed uncomfortable.
A Pan-African Counter-Proposal: Specialise
Instead of every country trying to build a full AI stack alone, Dr. Omino offered a different logic:
"How about we take an African outlook and we say, what is Kenya really good at? Let's invest in Kenya doing that. What is Tanzania good at? What is Ethiopia good at? What is South Africa good at? And then we have a Pan-African approach to AI sovereignty."
If Kenya tries to do everything, Tanzania will also try, Ethiopia will try, South Africa will try. Everyone spends, nobody reaches scale, and you still depend on foreign platforms.
At the same time, cross-border data storage creates political risk. If your data is in another country and their laws change, your "sovereignty" can vanish overnight.
Moses Wango of Shepherd's Youth Network reminded everyone that the Malabo Convention on cybersecurity and data protection took from 2014 to 2023 to come into force. Nine years to get 15 signatures.
Winnie Kamau, President of the Association of Freelance Journalists and data journalist, brought it home: "If I go to Tanzania, I need to get a SIM card. If I come to Kenya, I need to get a SIM card. But if I go to Uganda, I need to get a SIM card. How are we able to harmonize all this so that we will move as a team?"
"We Don't Need Any More Papers"
I personally think we have enough laws. There are lots of policies, strategies, bills, acts. I'm of the opinion that we should strengthen the Data Protection Act and the Access to Information Act. Because today we will try to regulate artificial intelligence. Quantum computing is coming. Then we will start to try and regulate that.
Instead of new frameworks every year, her argument is simple: enforce and strengthen what already exists, and redirect the energy into building real products and infrastructure.
The private sector currently carries most of the cost of AI development in the region. Yet governments are quick to say the private sector is not ethical. As she put it, the ones making the investments are the ones calling the tune. If states want to have more say, they have to invest, not just regulate.
She referenced the British political satire "Yes Minister": when a government does not really want to act, it writes another big paper. Her message to the room: stop hiding behind documents.
APHRC's DASA: A Working Trusted Research Environment
The African Population and Health Research Center (APHRC) showed what sovereignty looks like in practice through its Data Science Program (DSP).
Their platform, DASA (Data Architecture Systems and Standards for Africa), is a Trusted Research Environment where researchers can work with sensitive datasets without the raw data ever leaving a secure environment.
Reinpeter Ondeyo Momanyi demonstrated live how:
Data owners choose to share public, private, or community datasets
Researchers log in, request access, and analyse data inside a secure workbench
The platform supports Python in Jupyter and R in RStudio, with expansion towards SPSS, Stata, and SAS
Only aggregated outputs can be exported, never raw data
Free smart-learning modules run on soma.aphrc.org
Solomon Samo asked a practical question: what if a researcher only knows SPSS and cannot code? The APHRC team confirmed that non-proprietary apps came first, but proprietary tools are being integrated. And the learning platform is free.
DASA is African-controlled infrastructure, with African rules, serving African institutions. That is what sovereignty looks like when it is not a speech.
Witness Protection in the Digital Era
Jedidah Wakonyo Waruhiu, CEO of the Witness Protection Agency (WPA), pushed the room into territory nobody expected.
"Let us think, all the infrastructures, the AIs and everything that we are developing, let us think if there was a protected witness in this process. What is the back route for that witness in terms of staying within that network and exiting out of that network?"
She proposed thinking in terms of Witness Protection Accommodation. For every digital system we build, we should ask:
Is this accommodation necessary?
Is it appropriate?
Is it reasonable?
The Witness Protection Act and the Data Protection Act barely speak to each other. Yet witnesses generate digital traces like everyone else. Without deliberate design, the systems we build can quietly expose the very people they should protect.
The WPA has already pioneered the African Witness Protection Association to begin addressing data security and governance from the witness perspective. Their message: we are available to collaborate, but the tech community has to start thinking about us.
The Human Story Behind Data Governance
Last year, Dr. Omino asked the room to think about power and participation, not just compliance. This year, she went further:
"Before we build the systems, before we design the policies, before we even create the data sets, what is the human story behind data governance?"
Kenya's Data Commissioner Immaculate Kassait, SC, MBS opened the conference with a reminder that data governance is central to how Kenya's digital state will work, not a side issue for specialists.
The presence of Amnesty International Kenya, the Open Institute, CIPESA, APHRC, CIPIT, OSIEA, UNESCO, the Defenders Protection Initiative, the Institute of Social Accountability, Tour Development Network, and private sector leaders underscored that this is no longer a niche conversation. It is about elections, welfare, policing, education, and economic power.
Skills Equal Freedom
When you have the skills you need, you become free. Understanding data, how to collect it, how to manipulate it, how to disseminate it, is a skill.
Data governance is not something lawyers can do alone. It needs developers, statisticians, political scientists, journalists, organisers, witness protection officers, and affected communities at the table. That was the lesson of this conference. That was the reason for it.
By The 254 Report from the proceedings of the 2nd East Africa Data Governance Conference 2026 at the Hyatt Regency Nairobi Westlands. Convened by the Open Institute, Amnesty International Kenya, the Office of the Data Protection Commissioner, and the African Population and Health Research Center (APHRC). Supported by the Open Society Foundations through the Open Society Initiative for Eastern Africa (OSIEA).
The coverage was always the point.
The 254 Report · Reporting from Nairobi
Reply