Authored By: Mebrahtu Fitsum
Adigrat University
I. Introduction
In the year 2023, a broad-based landscape study assessing thirty-two Ethiopian institutions uncovered a notable regulatory gap. According to the report, Ethiopia does not have a policy or strategy in place governing autonomous technologies. [Wegene Demisie Jima, Tesfaye Addisu Tarekegn & Taye Girma Debele, The Landscape of Artificial Intelligence Implementation in Ethiopia, 3 ASRIC J. Nat. Sci. 188, 190 (2023).]
As algorithmic systems are progressively serving as intermediaries in public service delivery, financial evaluations, and healthcare diagnostics across the continent, the national digital transformation agenda has mainstreamed this technology as a core development pillar. Federal Democratic Republic of Ethiopia, Digital Ethiopia Vision 2030: Locally Rooted, Digitally Powered 12 (2025).
Ethiopia is using digital technology and tools to boost the level and quality of development along with various projects. For instance, Digital Ethiopia Vision 2030, a digital sector strategy was adopted in Dec of 2022. The Digital Ethiopia Vision 2030 sets out ambitions for engaging the private sector in the digital economy.[1] Personal Data Protection Proclamation No. 1321/2024 establishes basic rules for processing and supervision. [Personal Data Protection Proclamation No. 1321/2024, Fed. Negarit Gaz., 30th Year No. 35, art. 6 (2024).]
Neither instrument, however, sets out conditions for risk classification, systemic accountability mechanisms, or civil liability regimes for autonomous systems. As a result of this software developers and businesses and public institutions presently exist in an extreme doctrinal vacuum.
The existing legal framework in Ethiopia is structurally incapable of overseeing the deployment of autonomous systems. Parliament should therefore hastily enact a risk-based statutory regime which will create a coherent, just and workable accountability model. If principles that govern torts in the middle of the twentieth century are applied to autonomous nonhuman agents, then that would produce arbitrary outcomes that stifle innovation as well as leave citizens unprotected from algorithmic harm.
Here’s how the article proceeds. Part II details the current legal structure regulating digital technologies in Ethiopia. Section III examines the current regulatory practices and the lack of case law. Section IV provides critical evaluation of the doctrinal shortcomings in the existing law regarding fault-based liability and risk allocation. Section V focuses on the lessons learned from the African Union and Nigeria to develop viable regional solutions. Section VI puts a framework for total reform of the legislation. Article Ends with Section VII.
II. The Law Available Now.
The laws applicable to advanced computing and automated systems in Ethiopia are currently very fragmented. It’s wholly reliant on broad policy ambitions, generic data privacy laws, and old-fashioned intellectual property laws which were not designed for autonomous systems.
A. Goals of Policy Aspirations and Strategies
The national strategy Digital Ethiopia Vision 2030 is the chief document that is driving this digital transformation of the country. It has identified advanced algorithms and machine learning as the two technological drivers which are essential to modernise agriculture, enhance manufacturing capacity and streamline public services.[Federal Democratic Republic of Ethiopia, supra note 2, at 18.].
The report correctly identifies the need for enhanced digital infrastructure at all levels, sound national data governance, and thorough technical skills development strategies. It imagines a future in which the economy relies on automated devices for efficient use of resources and an increase in national productivity.
Digital Ethiopia Vision 2030, despite being strategic, is merely an aspirational policy tool. The agreement does not bind the parties through legally enforceable obligations which creates legal ambiguity in defining an automated or algorithmic system. The plan fails to provide any system for classifying technological threat nor allocating legal liability for when systems collapse. Since it does not have statutory force, aggrieved parties cannot use the Vision 2030 document to have a separate cause of action. It cannot also enforce private software developers or public sector deployers to comply with standard; safety audit; transparency requirement.
B. Protection of data and processing algorithms.
The Personal Data Protection Proclamation No. 1321/2024 is the most important legislation regarding digital governance. This legislation is a much-needed update to Ethiopian information law, which is substantially influenced by global privacy standards. The Data Protection Proclamation defines personal data broadly, prohibits processing without lawfulness, imposes strict purpose limitation in data processing, and requires consent from data subjects.
Articles 6-9 of the Proclamation provide the legal definitions necessary for sustainable transparency, data minimisation and human intervention in automated processing. According to the law, people also have the right not to be subjected to a decision that is solely based on automated processing. Nonetheless, the Proclamation is structurally constrained in its reach. It only applies concerning the use of personally identifiable information. Thus, it effectively does not regulate algorithmic uses that rely upon anonymised data, industrial machine measurements, or general environment data.
Moreover, the Proclamation does not require algorithm impact assessments of high-risk software systems. The legislation successfully governs the raw material of the digital economy – personal data – but not the autonomous, behavioural outputs of the technology itself. This leaves a massive regulatory blind spot regarding algorithmic bias and system safety.
C. Copyright and Intellectual Property law.
Ethiopia’s legislation on intellectual property is governed by the Copyright and Neighboring Rights Protection Proclamation No.410/2004.[Copyright and Neighboring Rights Protection Proclamation No. 410/2004, Fed. Negarit Gaz., 10th Year No. 55, art. 2 (2004).].
Copyright cannot exist unless a human underlies a copyrightable work. This law requiring it must come from a human. More and more micro, small and medium-sized enterprises are using generative software tools to create content, marketing tools and product designs, which the law makes commercially uncertain.
Copyright laws don’t clarify whether the developer of the software or the business that employs it or the person who prompts it owns the output.
This silence of doctrine that is commercialisation-stifling is with non-human authorship. Companies are reluctant to spend large sums on machine-generated intellectual property since they cannot be assured exclusive legal rights to the outputs.
III. Regulatory and Administrative Law.
A. Lack of Precedents of the Courts
To date, Ethiopian courts have not published any judicial ruling that deals with algorithmic governance, systemic bias, or autonomous software liability. Where there is no binding case law, administrative decisions; regulatory circulars; and the institutional.
practices of government agencies serve as the functional equivalent of legal precedent. Examining these regulatory practices reveals early, fragmented attempts at managing technological risk.
B. Institutional Oversight and Sectoral Regulation
The Ethiopian Communications Authority currently functions as the primary supervisory body under the Personal Data Protection Proclamation. The Authority has begun exercising its investigative powers in corporate data-breach scenarios and has issued preliminary guidance requiring prior notification for large-scale data processing operations.[Paradigm Initiative, LONDA – Digital Rights and Inclusion in Africa Report: Ethiopia 2022, 14 (2023).] However, the Authority evaluates these incidents strictly through a traditional data privacy lens, bypassing the complex algorithmic mechanics of the systems involved.
Concurrently, the Ministry of Innovation and Technology frequently approves pilot projects utilising advanced algorithms in agricultural disease detection and public service delivery. A critical analysis of these administrative approvals reveals a systemic flaw. The authorisations contain no standardised risk-assessment criteria, nor do they stipulate how civil liability will be allocated in the event of a catastrophic system failure. Private telecommunications companies and data-centre operators deploy machine learning algorithms under general licensing rules without any sector-specific legal obligations regarding fairness, transparency, or auditability.
C. The Role of the Ethiopian Artificial Intelligence Institute
The federal government established the Ethiopian Artificial Intelligence Institute to spearhead domestic research and development. While the Institute actively pursues technological advancement in critical sectors like healthcare and national security, it operates fundamentally as a developer rather than an independent regulator. This institutional design creates an inherent conflict of interest within the national digital ecosystem. The state acts as the primary developer and deployer of high-risk algorithmic systems, yet no separate, independent supervisory authority exists to audit these specific state-owned systems for legal compliance. Institutions apply general administrative rules to highly complex software deployments, but no regulatory body possesses the specific statutory mandate to enforce proportionate, technology-specific obligations.
IV. Critical Evaluation of the Regulatory Vacuum
A. The Failure of Risk Classification
The most significant doctrinal gap in the current Ethiopian framework is the total absence of risk classification. The legal regime applies uniform rules to all software systems regardless of their potential to cause physical, financial, or societal harm. This one-size-fits-all approach is legally inadequate and practically unworkable.
A machine learning algorithm used by a local business to filter unsolicited email presents a negligible risk to the public. Conversely, an automated decision-making system used by a bank to evaluate creditworthiness, or by a public hospital to diagnose medical conditions, carries profound implications for fundamental human rights and economic security.[Jima et al., supra note 1, at 192.]
By failing to distinguish legally between low-risk and high-risk applications, Ethiopian law currently imposes unnecessary bureaucratic burdens on benign technological innovations while simultaneously failing to protect vulnerable citizens from severe algorithmic harms.
The law must recognise that opaque public-sector algorithms can perpetuate systemic discrimination if trained on historically biased data. Generative tools used by enterprises can cause widespread informational injury or reputational damage. The absence of a mandatory, statutory risk-tiering system renders the current legal framework structurally blind to the actual threats posed by autonomous systems.
B. The Accountability and Liability Deficit
The second critical failure concerns the allocation of civil liability. When an autonomous system causes harm—such as a misdiagnosis by medical software or an unexplainable, automated denial of credit—the injured party must seek a remedy under the Ethiopian Civil Code of 1960. The foundational tort principle in Ethiopia is extra-contractual liability based on fault, governed primarily by Article 2028 of the Civil Code.[Civil Code of the Empire of Ethiopia, Proclamation No. 165/1960, Fed. Negarit Gaz., 19th Year No. 2, art. 2028 (1960).] To establish liability under this provision, a claimant must prove that the defendant committed a distinct fault, that the claimant suffered damage, and that the fault directly caused the damage.
Autonomous systems, particularly those employing deep learning and neural networks, make decisions through opaque computational processes that are often unexplainable even to their original programmers. This phenomenon, commonly referred to as the black box problem, completely disrupts the traditional causal chain required by Article 2028. An injured claimant in Ethiopia currently faces an insurmountable evidentiary burden. They cannot prove human fault because the machine acted autonomously, and they cannot access the proprietary training data required to establish negligent design or failure to warn.
While Article 2069 of the Civil Code introduces strict liability for abnormally dangerous activities, Ethiopian jurisprudence has not yet extended this provision to independent software systems.[ Id. at art. 2069.]
A court would struggle to classify a line of code as an inherently dangerous activity akin to storing explosives or operating heavy machinery. Consequently, a severe liability deficit exists. Developers routinely disclaim responsibility through dense end-user license agreements. Deployers blame the autonomous, self-learning nature of the software. The injured citizen is left entirely without a clear legal remedy. The current extra-contractual liability framework, designed for a physical world of human actors, produces arbitrary and unjust outcomes when applied to advanced computing.
C. Enforcement Capacity and Public Trust
The third major deficiency lies in institutional and enforcement capacity. The Ethiopian Communications Authority possesses the legal authority to investigate data privacy violations, but it completely lacks specialised algorithmic expertise, computational auditing tools, and dedicated state funding for systemic oversight. The LONDA Report on digital rights explicitly highlights that weak institutional oversight in Ethiopia undermines public trust and deters responsible, widespread technological adoption.[Paradigm Initiative, supra note 7, at 18.]
A common counterargument asserts that imposing strict regulations on autonomous software will stifle innovation and deter foreign direct investment. This argument fundamentally misapprehends the relationship between law and economic development. Legal uncertainty is the actual enemy of innovation. As detailed in a recent handbook on digital resilience, micro, small, and medium-sized enterprises hesitate to integrate generative tools precisely because the legal liabilities regarding copyright infringement and data protection remain totally unresolved.[ Fetun Promotion & Ad PLC, Handbook: Enhancing Resilience of Micro-, Small and Medium-sized Enterprises for Accelerating SDGs in Ethiopia, with the Support of Generative Artificial Intelligence Tools 45 (2025).]
A clear, risk-based regulatory framework creates a predictable commercial environment. It fosters capital investment by defining exactly where liability begins and ends, while simultaneously protecting public safety.
V. Comparative Perspectives
If Ethiopia’s domestic law remains underdeveloped regarding autonomous technologies, comparative regional frameworks offer highly valuable models for immediate legislative reform. Examining how similar jurisdictions address these legal challenges provides a template for Ethiopian lawmakers.
A. The African Union Continental Strategy
The African Union Continental Artificial Intelligence Strategy, formally endorsed in 2024, explicitly mandates a development-oriented, risk-minimising approach for all Member States.[ African Union, Continental Artificial Intelligence Strategy: Harnessing AI for Africa’s Development and Prosperity 8 (2024).]
The Strategy requires participating nations to transition away from uniform, generic digital policies. Instead, it directs them to classify autonomous systems according to the specific probability and severity of potential harm they pose to African citizens.
The African Union framework demands that high-risk systems undergo mandatory conformity assessments before they are deployed in public or commercial settings. It also strongly emphasises the necessity of establishing independent supervisory authorities equipped with specialised technical capacity. Importantly, the Strategy integrates human rights impact assessments directly into the software development lifecycle, ensuring that technologies respect African cultural contexts and fundamental rights. Ethiopia’s current reliance on generic data protection rules stands in direct contradiction to these comprehensive continental standards, leaving the country lagging behind its regional commitments.
B. The Nigerian Regulatory Approach
Nigeria provides a highly relevant comparative domestic model for regulating algorithmic risk. The Nigerian Control of Usage of Artificial Intelligence Technology Bill (HB. 942, 2023) represents a proactive legislative attempt to govern technology within an African economic context.[Control of Usage of Artificial Intelligence Technology Bill, HB 942, § 8 (2023) (Nigeria).] Clause 8 of the proposed Bill is particularly instructive. It strictly requires continuous human oversight for any automated decisions that significantly affect the legal rights, physical safety, or financial status of citizens.
Furthermore, the Nigerian Bill establishes explicit, statutory risk-mitigation duties for software developers. It creates strict liability penalties for algorithmic outputs that cause physical injury or severe economic harm. Although the Bill remains under legislative consideration, its structural approach—combining specific risk tiering, mandatory human-in-the-loop requirements, and distinct liability allocation—offers a practical template. The comparative experience demonstrates that a targeted, risk-based legal framework is legally feasible, economically viable, and absolutely necessary to close the accountability gaps present in emerging African markets.
VI. Proposals for Reform in the Ethiopian Context
The comparative survey and critical evaluation demonstrate that Ethiopia’s current policy vacuum is legally and economically unsustainable. To support the national objectives of Digital Ethiopia Vision 2030 while adequately protecting citizens, it is submitted that the House of Peoples’ Representatives must enact comprehensive reforms utilising a hybrid model of risk classification and adjusted liability.
First, Parliament should enact a dedicated Autonomous Systems Liability and Governance Proclamation. This new statute must introduce a mandatory risk-classification framework, dividing all algorithmic applications into low-risk, medium-risk, and high-risk categories. High-risk systems—specifically those utilised in public service delivery, law enforcement, healthcare diagnostics, and automated credit-scoring—must be subjected to mandatory prior conformity assessments.
Furthermore, the new Proclamation must impose strict liability on the commercial deployers of high-risk systems. This adjustment is necessary to remove the insurmountable burden of proving human fault under the traditional Civil Code. Strict liability forces the party best positioned to mitigate the risk—the deployer—to bear the financial consequences of system failure. For low-risk and medium-risk applications, the law should introduce a rebuttable presumption of causality to assist claimants in civil litigation without stifling basic software development.
Second, the government must structurally empower the Ethiopian Communications Authority. Parliament must grant the Authority a broadened statutory mandate, specialised technical funding, and the power to establish an independent Algorithmic Auditing Directorate. The Authority must possess the explicit legal right to demand algorithmic transparency from developers, conduct unannounced systemic risk audits, and impose administrative fines of up to five percent of an enterprise’s annual turnover for severe compliance failures.
Third, Parliament must harmonise the existing fragmented statutes. The Personal Data Protection Proclamation No. 1321/2024 should be amended to explicitly link data privacy obligations with algorithmic accountability. The amendment should mandate formal algorithmic impact assessments for any data controller using automated systems to process sensitive information. Additionally, the Copyright and Neighboring Rights Protection Proclamation No. 410/2004 must be revised to clarify the authorship and ownership rules regarding machine-generated works. This legislative revision should be managed through a joint oversight mechanism between the Ethiopian Communications Authority and the Ethiopian Intellectual Property Office to ensure absolute commercial predictability for domestic businesses.
Fourth, the new legislative framework must explicitly integrate the ethical and risk-minimising principles found in the African Union Continental Strategy. The law should impose mandatory disclosure obligations on commercial developers, requiring them to maintain technical records sufficient for post-hoc analysis. This documentation requirement will effectively address the black box evidentiary problem and align Ethiopian law with emerging continental best practices.
VII. Conclusion
Algorithmic systems are rapidly transforming the economic and social landscape of Ethiopia. They are actively deployed today in contexts that directly dictate the financial security, physical safety, and fundamental rights of citizens across the nation. The legal framework that governs accountability for harm caused by these systems is, as this article has demonstrated, structurally inadequate. Digital Ethiopia Vision 2030 operates merely as an aspirational policy document, providing no enforceable legal obligations. Similarly, the Personal Data Protection Proclamation No. 1321/2024 protects informational privacy but completely fails to address algorithmic liability, risk classification, or the nuances of autonomous decision-making.
This article has argued that the appropriate response to this regulatory vacuum is immediate, targeted legislative reform. The application of traditional extra-contractual liability under the Ethiopian Civil Code to autonomous software systems produces arbitrary and unjust outcomes. The requirement to prove human fault for machine-generated harm creates an insurmountable barrier to justice, necessitating a paradigm shift in accountability.
Parliament should enact a dedicated Autonomous Systems Governance Proclamation within the next legislative session. This statute must classify systems by their potential for harm, impose strict liability for high-risk applications, and legally mandate human oversight for critical automated decisions. Furthermore, the state must restructure and empower the Ethiopian Communications Authority to enforce these new obligations, and amend existing intellectual property laws to protect commercial innovation. The comparative experiences of the African Union and Nigeria demonstrate that principled legal reform is highly achievable without stifling digital innovation. By implementing these recommendations, Ethiopia has the opportunity to close the current accountability gap, foster deep public trust, and establish a resilient, future-ready governance regime.
References
Legislation
Civil Code of the Empire of Ethiopia, Proclamation No. 165/1960, Fed. Negarit Gaz., 19th Year No. 2 (1960).
Control of Usage of Artificial Intelligence Technology Bill, HB 942 (2023) (Nigeria).
Copyright and Neighboring Rights Protection Proclamation No. 410/2004, Fed. Negarit Gaz., 10th Year No. 55 (2004).
Federal Democratic Republic of Ethiopia, Personal Data Protection Proclamation No. 1321/2024, Fed. Negarit Gaz., 30th Year No. 35 (2024).
Secondary Sources
African Union, Continental Artificial Intelligence Strategy: Harnessing AI for Africa’s Development and Prosperity (2024).
Federal Democratic Republic of Ethiopia, Digital Ethiopia Vision 2030: Locally Rooted, Digitally Powered (2025).
Fetun Promotion & Ad PLC, Handbook: Enhancing Resilience of Micro-, Small and Medium-sized Enterprises for Accelerating SDGs in Ethiopia, with the Support of Generative Artificial Intelligence Tools (2025).
Paradigm Initiative, LONDA – Digital Rights and Inclusion in Africa Report: Ethiopia 2022 (2023).
Wegene Demisie Jima, Tesfaye Addisu Tarekegn & Taye Girma Debele, The Landscape of Artificial Intelligence Implementation in Ethiopia, 3 ASRIC J. Nat. Sci. 188 (2023).
