AI-GENERATED CRIMES IN ETHIOPIA: FROM DEEP FAKES TO AUTONOMOUS OFFENSES

Abstract

This paper explores the emerging threat of AI-generated crimes in Ethiopia, and for the sake of clarity limited to deepfake fraud, autonomous bot attacks, and generative AI misinformation. While Ethiopia’s existing legal instruments such as the Criminal Code and Computer Crime Proclamation generally battle cybercrime to some extent, they fall short in responding to the unique nature and complexity of AI-related offenses. Through a comparative analysis with international frameworks and an observational critical examination of the current legal and institutional gaps, the study highlights the urgent need for updated legislation and enhanced investigative capacity.

Introduction

The unprecedented emergence of Artificial intelligence has affected how multiple sectors of societies operate and the way institutions adapt to the sudden shifts in the way things are done. As more students begin using AI for their papers universities have to lay down new plagiarism guidelines, as more AI generated images flood the internet social media users have to be more vigilant, and as criminals become more savvy with AI using deep fakes and autonomous attacks the law must adapt to effectively protect people from them.

 In Ethiopia digitalization is everywhere leaving more gaps for cybercriminals to exploit and the legal system should be keeping pace. The existing laws like the Computer Crime Proclamation No. 958/2016, while they answered the questions of their time, do not address AI-specific threats. In this paper we aim to answer the question whether the Ethiopian legal framework sufficiently covers AI related cybercrimes? where it is lacking? And what can be done to improve it?

Background

AI generated crimes are criminal actions backed up and assisted with artificial intelligence.  It can include crimes committed through deepfakes, autonomous bot attacks, generative AI misinformation, and many other methods.  Deepfake technology can effortlessly stitch anyone in the world into a video or photo they never actually participated in. The addition of an AI makes the process of Deepfake even faster than it ever would have been before. ^[1]Automated attacks on the internet refer to malicious digital activities launched by automated systems or Bots with the aim of disrupting, damaging, or gaining unauthorized access to a network, system, or application. These attacks employ malicious computer code, bots, and scripts, to target a wide range of organizations to steal sensitive data, disrupt operations, or gain access to otherwise restricted systems.^[2]  Generative AI misinformation on the other hand is false information on the internet or elsewhere that is assisted with AI. What makes it different is that generative AI can help create misinformation that is more persuasive than that created by other means.^[3] 

There are many crimes committed in Ethiopia with the assistance of artificial intelligence. We can see the use of AI especially on a national level disinformation that fuel ethnic tension. Warring factions exploit advanced technology, including readily available AI-powered editing tools, and widespread media illiteracy to disseminate manipulated content, further destabilizing the fragile peace.^[4] While earlier methods of disinformation involved simpler manipulations like altering text or photo captions, the advent of readily accessible AI technology has ushered in a new era of sophisticated manipulation. ^[5]

AI can be exploited for criminal purposes in multiple ways; it could be used as a tool, it could be the target itself, and it could be as a context where it creates an environment for crime to happen. As a target it’s the AI systems that are targeted by criminals. This could be attempts to bypass protective AI systems or to make systems fail or behave erratically. ^[6] With all this being said current legal structure is insufficient to hold AI technologies accountable for their actions. Criminal punishment given aims to provide a deterrent effect for the perpetrator and provide justice for the victim, therefore as with any other crime there should be a structural legal framework that works to recognize and deter criminals that use artificial intelligence to commit crimes. 

Legal Framework of AI-Generated Crimes

Section 1: Crime Typology and Classifications

As most legal systems in the world, Ethiopia does not have specific laws governing Artificial Intelligence related crimes. Before we dive into Ethiopia’s current legal framework to combat AI Generated crimes, it is necessary to see general classification of technology related crimes as it wholly encompasses computer crimes within its scope. This can be seen in terms of common law and Civil law legal systems. 

In common law legal systems, crimes emerge from statutes as well as precedents. It uses broad legal principles interpreted by courts to fit new circumstances, and new crime types. It is flexible and case-dependent, but it also has some laws like the USA’s Computer Fraud and Abuse Act (CFAA)^[7] to combat crimes like deepfakes and those that spread mis-information utilizing AI. In civil law, the system is heavily dependent on codified laws. It is less flexible so it can only use the closest matching offense in the penal code to prosecute AI generated crimes, like abuse of technology or digital forgery. It takes longer for new categories of crimes to be recognized. For instance, Germany has updated its NetzDG ^[8] law to combat AI- generated crimes.   

Section 2: Legal Framework of AI-Generated Crimes in Ethiopia

Ethiopia uses primarily codified laws to prosecute criminals and punish crimes. This aligns more with the civil law legal system. There are several laws enacted that could cover AI-generated crimes as the description of the crimes is general enough to apply to deepfake fraud and generative AI misinformation. As discussed, criminal laws have some level of generality that certain crimes can be prosecuted with other laws due to their proximities to the explicitly written laws (for instance prosecuting deepfake fraud through computer related fraud^[9]). Legal documents such as

The Criminal Code of Ethiopia (Proclamation No. 414/2004)^[10], Computer Crime (Proclamation No. 958/2016), Personal Data Protection (Proclamation No. 1321/2024^[11])… These legal materials address AI generated crimes in a general sense, but there is yet to be a specific criminal legislation. 

Crime Typology of AI-Generated Offenses in Ethiopian Law

Here, we will specifically address the typology and classification of AI- generated crimes as per the Computer Crimes Proclamation. This proclamation aims to implement legal measures for the prevention, control, investigation, and prosecution of computer crimes. Although it does not specifically mention AI technologies such as deep fakes, this statement makes forgery and computer fraud illegal. For instance, Article 9^[12] of the proclamation makes to forge computer data a crime, while Article10^[13] penalizes fraudulent actions that causes financial losses through the forgery or deletion of computer data. Autonomous bots are bots that can execute cyberattacks, scrape data at scale, and overwhelm services. Under Articles 3–7 ^[14] , the computer crime Proclamation criminalizes unauthorized access, system interference, and the transmission or possession of malware. Article 7(3)^[15] criminalizes the possession of devices utilized to carry out cybercrimes, the article fails to differentiate between general-purpose AI tools and tools held with malicious intent. Also, the law does not account for “self-improving” AI raising significant challenges in attributing liability when an AI agent go beyond its initial programming. Now it is common for using generative AI to create fake news, impersonate others, or instigate violence online. This kind of activities are criminalized under the Ethiopian Computer Crime Proclamation in Articles 13 and 14^[16] that penalizes the dissemination of threatening, defamatory, or inciting content online.  These provisions are too vague and sweeping, as they do not establish thresholds for harm and also, they do not differentiate between malicious disinformation and satire, parody, or criticism. The laws also threaten to criminalize free expression, particularly when applied to politically charged content or dissent.

Typology  

AI- generated crimes, seen as a category under computer crimes require intentionality. They negatively affect legally protected interests such as right to property, reputation, public trust etc. Crimes like deepfake fraud or AI misinformation fall under the traditional notions of deception and harm (mala in se).  Another category AI related crimes can fall under is regulatory (mala prohibitia) as well as technology driven crimes as they utilize technological advances to commit the crime. Autonomous bit attacks go against the infrastructure of the data systems. This creates regulatory concerns. 

Crime Classification

AI generated crimes are broad enough to infringe upon multiple aspects of protected rights and public interests such as the right to privacy, security, reputation and honor and public safety. According to the criminal Code, these rights are protected under difference classifications of special crimes. For example, forgery and fraud as well as misrepresentation of facts can be a crime against the property of a person. It can also go beyond that where the misrepresentation is done to intentionally cause damage to a person’s reputation and honor which fall under crimes against an individual (article 607 of the Criminal Code).^[17] 

The classification of the crimes based on the seriousness of AI related offenses can be seen in particular in the Computer Crimes Proclamation. The crime becomes particularly serious when the offense is done with the intention to harm in serious cases (article 9 of the proclamation)^[18], or is done against public security (article 14)^[19] , or done against minors (article 12)^[20] …etc. For AI generated crimes, it should be seen the same way in that the seriousness depends on the harm it causes to public security and vulnerable people. 

Penalties  

Again, looking at the computer crimes proclamation, two types of penalties are seen. One is imprisonment (both rigorous and simple) and paying of fine. The law prescribes rigorous imprisonment for computer crimes that attack the public security, particularly, serving the purpose of deterrence and showing moral blameworthiness for intentional deception. Most of the crimes have monetary penalties attached to them as well, serving retributory purposes as well. As Ethiopia attempts to embrace a digital future under Digital Ethiopia 2025^[21] , introduce capital markets, establish smart courts and change the primary means of transferring money to digital transfers. The existing laws are stretched thinly in order to account for new and futuristic crimes that could occur in these new fields. The Computer Crime Proclamation No. 958/2016 criminalizes illegal access, data interference, cyber fraud, and unauthorized interception. The definitions are broad enough to account for various types of AI generated crimes such as using deep fakes for business email compromise and extortion.  

The fact that there is no mention of specific crimes or important aspects of Ethiopia’s new digital economy like deep fakes or others like block chain, cryptocurrency, smart contracts, or biometric identity theft leaves prosecutors and victims of crimes without clear legal recourse.

Ethiopia is behind on defining futuristic crimes in comparison to international and regional frameworks such as the Budapest Convention on Cybercrime^[22], which despite its drafting 2001 includes adaptive clauses and the Malabo Convention^[23] by the African Union in 2014 addresses more aspects such as data protection, e-commerce trust, and even electronic signature misuse.  Through directives like MiFID II^[24] and the General Data Protection Regulation^[25] The European Union addresses digital manipulation in financial markets which is relevant to and these legal instruments are updated regularly. Ethiopia’s lack of sufficient definition and reliance on broad interpretation of the articles in Computer Crime Proclamation No. 958/2016 has significant risks. With no updated provisions it will be a struggle to charge cybercriminals and because Ethiopia has not ratified international agreements it complicates cooperation with national and international authorities.

Discussion and Critical Analysis

The emergence of AI-generated crime in Ethiopia, including deepfake fraud, autonomous bot attacks, and generative AI misinformation, is early-day challenges for the legal system. This critique examines investigation and prosecution challenges and sufficiency of existing legal provisions in addressing emerging challenges.

Investigation and Prosecution Challenges

Tracking tokenized assets, particularly in deepfake fraud, is perhaps one of the most difficult prosecution challenges when crimes are perpetrated through AI. Perpetrators leverage cryptocurrencies and blockchain technology in a bid to keep their dealings private and making tracing extremely difficult by law enforcement authorities. Prosecutors face an obstacle to pursuing the offenses while, for police departments, investigations get in the way. It becomes hard to ensure there’s an observable trail or custody, evidence requires of prosecutions.^[26]

Furthermore, the rapidly developing AI technologies make deepfake and autonomous bot creation software to advance further. The rapid development has the potential to advance further than current research boundaries, thereby making it challenging for law enforcement officers to separate real from simulated activities. With progressively advanced generative AI software, the content produced is progressively hard to verify as fictional, thereby facilitating possible misidentification and unjust convictions.^[27]

Gaps and Ambiguities Identification

Inadequacy of precise legal definitions of emerging technologies hinders efficient law enforcement. Without precise terms and definitions, it will be hard for prosecutors to prosecute criminals. Moreover, current legal provisions lack ethical standards for the application of AI, which is critical in the wake of an increase in AI technologies into different industries.^[28]

In general, to resist AI-commissioned crimes, Ethiopia has to reorient its legal framework in a way that addresses such issues. This implies that there should be precise definitions of crimes related to AI, improved capacity in terms of investigations, and legislation adaptable enough to keep up with upcoming technological innovations. By doing this, Ethiopia will be adequately placed to safeguard its citizens and enjoy a secure online space.

Conclusion  

The artificial intelligence era is something that is actively reshaping different dimensions of the law with the introduction of new advanced tools that can serve as much bad as it serves good. And along with these sophisticated tools, comes sophisticated crimes like deepfake scams, AI generated misinformation, sentient bot attacks etc…. current existing legal framework are attempting to combat the calamities of the AI era born cybercrimes like particularly the computer crime proclamation and other legislations, we still require an advanced dynamic legislation that takes into consideration, all the potential evolving cybercrimes to be committed. The lack of specialized infrastructure and executive bodies, investigative procedures and specialized prosecution systems is another constraint that must not be overlooked when assessing the reality of the battle of Ethiopian justice system and AI attacks. 

The current definitions and knowledge that the Ethiopian system is equipped with is also outdated and the absence of treaties that enable Ethiopia to share resources with other relatively advanced nations. To ensure the effective prevention and mitigation of AI related crimes and deepfake technology, a proactive reform and participation in global movements against AI assisted crime and specialized categorization of these crimes is necessary. All in all Ethiopia must adapt to the current reality of the Evolution of digital world and AI era to ensure long term safety net of its justice system and uphold the protection of its citizens from cybercrimes. 

Reference(S):

1. Sally Adee, ‘What Are Deepfakes and How Are They Created?’ (8 March 2024) IEEE Spectrum https://spectrum.ieee.org/what-is-deepfake accessed 8 May 2025.
2. Arkose Labs, ‘What Are Automated Bot Attacks?’ (19 January 2024) https://www.arkoselabs.com/anti-bot/automated-bot-attacks accessed 8 May 2025.
3. Fabien Medvecky Simon, Sacha Altay and Hugo Mercier, ‘Misinformation Reloaded? Fears About the Impact of Generative AI on Misinformation Are Overblown’ (2023) Arkose Labs https://doi.org/10.37016/mr-2020-127 accessed 9 May 2025.
4. DISA, ‘Escalating Ethnic Tensions in Ethiopia Exacerbated by Disinformation’ (24 January 2025) https://disa.org/escalating-ethnic-tensions-in-ethiopia-exacerbated-by-disinformation accessed 9 May 2025.
5. DISA, ‘Disinformation’s Exacerbating Role in Ethiopia’s Ethnic Tensions’ (23 January 2025) https://disa.org/disinformations-exacerbating-role-in-ethiopias-ethnic-tensions accessed 9 May 2025.
6. David Mirallas, ‘AI-Enabled Future Crime: Study Reveals 20 Disturbing Possibilities’ (11 October 2023) Lexology https://www.lexology.com/library/detail.aspx accessed 9 May 2025.
7. 18 USC § 1030 – Fraud and Related Activity in Connection with Computers https://www.law.cornell.edu/uscode/text/18/1030 accessed 9 May 2025.
8. Federal Ministry of Justice (Germany), Act to Improve Enforcement of the Law in Social Networks (NetzDG) (2017) https://www.bmj.de/SharedDocs/Downloads/DE/Gesetzgebung/RefE/NetzDG_engl.pdf?__blob=publicationFile accessed 9 May 2025.
9. Computer Crime Proclamation No 958/2016 (Ethiopia), art 10.
10. The Criminal Code Proclamation No 414/2004 (Ethiopia), Negarit Gazeta, 9th Year, No 1.
11. Personal Data Protection Proclamation No 1321/2024 (Ethiopia), Negarit Gazeta, 30th Year.
12. Computer Crime Proclamation No 958/2016, art 9.
13. Ministry of Innovation and Technology, Digital Ethiopia 2025: A Strategy for Ethiopia’s Inclusive Prosperity (FDRE 2020) https://www.lawethiopia.com/images/Policy_documents/Digital-Ethiopia-2025-Strategy-english.pdf accessed 7 May 2025.
14. Council of Europe, Convention on Cybercrime (Budapest Convention) ETS No 185, 23 November 2001 https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185 accessed 7 May 2025.
15. African Union, African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) (27 June 2014) https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection accessed 7 May 2025.
16. European Parliament and Council, Directive 2014/65/EU on Markets in Financial Instruments (MiFID II) [2014] OJ L173/349 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32014L0065 accessed 7 May 2025.
17. European Parliament and Council, Regulation (EU) 2016/679 on the Protection of Natural Persons (General Data Protection Regulation) [2016] OJ L119/1 https://eur-lex.europa.eu/eli/reg/2016/679/oj accessed 9 May 2025.
18. María-Paz Sandoval, Mariana de Almeida Vau, Julie Solaas and Luisa Rodrigues, ‘Threat of Deepfakes to the Criminal Justice System: A Systematic Review’ (2024) 13 Crime Science 41 https://doi.org/10.1186/s40163-024-00239-1 accessed 9 May 2025.
19. Hany Farid, Deepfakes and the Rise of AI-Enabled Crime (TRM Talks Ep77) (2025) https://www.trmlabs.com/resources/trm-talks/deepfakes-and-the-rise-of-ai-enabled-crime-with-hany-farid accessed 7 May 2025.
20. Anna Collard, ‘AI and AI-Agents: A Game Changer for Both Cybersecurity and Cybercrime’ (2025) ITWeb Africa https://itweb.africa/content/KjlyrvwB4JZqk6am accessed 13 May 2025.
21. Council of Europe, The Budapest Convention on Cybercrime https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185.

^[1] Sally Adee, ‘What Are Deepfakes and How Are They Created?’ (8 March 2024) IEEE Spectrum https://spectrum.ieee.org/what-is-deepfake accessed 8 May 2025.

^[2] Arkose Labs, ‘What Are Automated Bot Attacks?’ (19 January 2024) https://www.arkoselabs.com/anti-bot/automated-bot-attacks accessed 8 May 2025

^[3] Fabien Medvecky Simon, Sacha Altay and Hugo Mercier, ‘Misinformation Reloaded? Fears About the Impact of Generative AI on Misinformation Are Overblown’ (2023) Arkose Labs https://doi.org/10.37016/mr-2020-127 accessed 9 May 2025..

^[4] DISA, ‘Escalating Ethnic Tensions in Ethiopia Exacerbated by Disinformation’ (24 January 2025) https://disa.org/escalating-ethnic-tensions-in-ethiopia-exacerbated-by-disinformation accessed 9 May 2025.

^[5] DISA, ‘Disinformation’s Exacerbating Role in Ethiopia’s Ethnic Tensions’ (23 January 2025) https://disa.org/disinformations-exacerbating-role-in-ethiopias-ethnic-tensions accessed 9 May 2025.

^[6] David Mirallas, ‘AI-Enabled Future Crime: Study Reveals 20 Disturbing Possibilities’ (11 October 2023) Lexology https://www.lexology.com/library/detail.aspx accessed 9 May 2025.

^[7] 18 USC § 1030 – Fraud and Related Activity in Connection with Computers https://www.law.cornell.edu/uscode/text/18/1030 accessed 9 May 2025.

^[8] Federal Ministry of Justice (Germany), Act to Improve Enforcement of the Law in Social Networks (NetzDG) (2017) https://www.bmj.de/SharedDocs/Downloads/DE/Gesetzgebung/RefE/NetzDG_engl.pdf?__blob=publicationFile accessed 9 May 2025. 

^[9] Computer Crime Proclamation No 958/2016 (Ethiopia), art 10.

^[10] The Criminal Code Proclamation No 414/2004 (Ethiopia), Negarit Gazeta, 9th Year, No 1.

^[11] Personal Data Protection Proclamation No 1321/2024 (Ethiopia), Negarit Gazeta, 30th Year.

^[12]  Computer Crime Proclamation No 958/2016. Art 9.

^[13] Ibid. 

^[14] Ibid. Art 3-7. 

^[15] Ibid. 

^[16] Ibid. Art 13 -14.

^[17] Ibid, n. 9. Art 607. 

^[18] Ibid, no. 12. Art 9.

^[19] Ibid. Art 14.

^[20] Ibid. Art 12.

^[21] Ministry of Innovation and Technology, Digital Ethiopia 2025: A Strategy for Ethiopia’s Inclusive Prosperity (FDRE 2020) https://www.lawethiopia.com/images/Policy_documents/Digital-Ethiopia-2025-Strategy-english.pdf accessed 7 May 2025.

^[22] Council of Europe, Convention on Cybercrime (Budapest Convention) ETS No 185, 23 November 2001 https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185 accessed 7 May 2025.

^[23] African Union, African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) (27 June 2014) https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection accessed 7 May 2025.

^[24] European Parliament and Council, Directive 2014/65/EU on Markets in Financial Instruments (MiFID II) [2014] OJ L173/349 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32014L0065 accessed 7 May 2025.

^[25] European Parliament and Council, Regulation (EU) 2016/679 on the Protection of Natural Persons (General Data Protection Regulation) [2016] OJ L119/1 https://eur-lex.europa.eu/eli/reg/2016/679/oj accessed 9 May 2025

^[26] María-Paz Sandoval, Mariana de Almeida Vau, Julie Solaas and Luisa Rodrigues, ‘Threat of Deepfakes to the Criminal Justice System: A Systematic Review’ (2024) 13 Crime Science 41 https://doi.org/10.1186/s40163-024-00239-1 accessed 9 May 2025.

^[27] Hany Farid, Deepfakes and the Rise of AI-Enabled Crime (TRM Talks Ep77) (2025) https://www.trmlabs.com/resources/trm-talks/deepfakes-and-the-rise-of-ai-enabled-crime-with-hany-farid accessed 7 May 2025.

^[28] Anna Collard, ‘AI and AI-Agents: A Game Changer for Both Cybersecurity and Cybercrime’ (2025) ITWeb Africa https://itweb.africa/content/KjlyrvwB4JZqk6am accessed 13 May 2025.