Authored By: Mebrahtu Fitsum
Adigrat University
Introduction
In the year 2023, a broad-based landscape study assessing thirty-two Ethiopian institutionsuncovered a notable regulatory gap. According to the report, Ethiopia does not haveapolicy or strategy in place governing autonomous technologies. [Wegene DemisieJima, Tesfaye Addisu Tarekegn & Taye Girma Debele, The Landscape of Artificial IntelligenceImplementation in Ethiopia, 3 ASRIC J. Nat. Sci. 188, 190 (2023).]
As algorithmic systems are progressively serving as intermediaries in public service delivery, financial evaluations, and healthcare diagnostics across the continent, the national digital transformation agenda has mainstreamed this technology as a core development pillar. Federal Democratic Republic of Ethiopia, Digital Ethiopia Vision 2030: Locally Rooted, Digitally Powered 12 (2025).
Ethiopia is using digital technology and tools to boost the level and quality of developmentalong with various projects. For instance, Digital Ethiopia Vision 2030, a digital sectorstrategy was adopted in Dec of 2022. The Digital Ethiopia Vision 2030 sets out ambitionsforengaging the private sector in the digital economy.[1] Personal Data ProtectionProclamation No. 1321/2024 establishes basic rules for processingandsupervisi on.[Personal Data Protection Proclamation No. 1321/2024, Fed. Negarit Gaz., 30thYear No. 35, art. 6 (2024).]
Neither instrument, however, sets out conditions for risk classification, systemicaccountability mechanisms, or civil liability regimes for autonomous systems. As a result of this software developers and businesses and public institutions presently exist in anextremedoctrinal vacuum.
The existing legal framework in Ethiopia is structurally incapable of overseeingthedeployment of autonomous systems. Parliament should therefore hastily enact a risk-basedstatutory regime which will create a coherent, just and workable accountability model. If principles that govern torts in the middle of the twentieth century are appliedtoautonomous nonhuman agents, then that would produce arbitrary outcomes that stifleinnovation as well as leave citizens unprotected from algorithmic harm.
Here’s how the article proceeds. Part II details the current legal structure regulatingdigital technologies in Ethiopia. Section III examines the current regulatory practices andthelackof case law. Section IV provides critical evaluation of the doctrinal shortcomings intheexisting law regarding fault-based liability and risk allocation. Section V focuses onthelessons learned from the African Union and Nigeria to develop viable regional solutions. Section VI puts a framework for total reform of the legislation. Article Ends with SectionVII.
The Law Available Now.
The laws applicable to advanced computing and automated systems in Ethiopiaarecurrently very fragmented. It’s wholly reliant on broad policy ambitions, generic data privacylaws, and old-fashioned intellectual property laws which were not designedforautonomous systems.
Goals of Policy Aspirations and Strategies
The national strategy Digital Ethiopia Vision 2030 is the chief document that is drivingthisdigital transformation of the country. It has identified advanced algorithms andmachinelearning as the two technological drivers which are essential to modernise agriculture, enhance manufacturing capacity and streamline public services.[Federal DemocraticRepublic of Ethiopia, supra note 2, at 18.].
The report correctly identifies the need for enhanced digital infrastructure at all levels, sound national data governance, and thorough technical skills development strategies. Itimagines a future in which the economy relies on automated devices for efficient useof resources and an increase in national productivity.
Digital Ethiopia Vision 2030, despite being strategic, is merely an aspirational policytool. The agreement does not bind the parties through legally enforceable obligations whichcreates legal ambiguity in defining an automated or algorithmic system. The planfailstoprovide any system for classifying technological threat nor allocating legal liability for whensystems collapse. Since it does not have statutory force, aggrieved parties cannot usetheVision 2030 document to have a separate cause of action. It cannot also enforceprivatesoftware developers or public sector deployers to comply with standard; safety audit; transparency requirement.
Protection of data and processing algorithms.
The Personal Data Protection Proclamation No. 1321/2024 is the most important legislationregarding digital governance. This legislation is a much-needed update to Ethiopianinformation law, which is substantially influenced by global privacy standards. TheDataProtection Proclamation defines personal data broadly, prohibits processing withoutlawfulness, imposes strict purpose limitation in data processing, and requires consent fromdata subjects.
Articles 6-9 of the Proclamation provide the legal definitions necessary for sustainabletransparency, data minimisation and human intervention in automated processing. According to the law, people also have the right not to be subjected to a decisionthat issolely based on automated processing. Nonetheless, the Proclamation is structurallyconstrained in its reach. It only applies concerning the use of personally identifiable information. Thus, it effectively does not regulate algorithmic uses that rely uponanonymised data, industrial machine measurements, or general environment data.
Moreover, the Proclamation does not require algorithm impact assessments of high-risksoftware systems. The legislation successfully governs the raw material of thedigital economy – personal data – but not the autonomous, behavioural outputs of the technologyitself. This leaves a massive regulatory blind spot regarding algorithmic bias andsystemsafety.
Copy right and Intellectual Property law.
Ethiopia’s legislation on intellectual property is governed by the Copyright and NeighboringRights Protection Proclamation No.410/2004.[Copyright and Neighboring Rights ProtectionProclamation No. 410/2004, Fed. Negarit Gaz., 10th Year No. 55, art. 2 (2004).].
Copyright cannot exist unless a human underlies a copyrightable work. This lawrequiringitmust come from a human. More and more micro, small and medium-sized enterprises areusing generative software tools to create content, marketing tools and product designs, which the law makes commercially uncertain.
Copyright laws don’t clarify whether the developer of the software or the business thatemploys it or the person who prompts it owns the output.
This silence of doctrine that is commercialisation-stifling is with non-human authorship. Companies are reluctant to spend large sums on machine-generated intellectual propertysince they cannot be assured exclusive legal rights to the outputs.
III. Regulatory and Administrative Law.
Lack of Precedents of the Courts
To date, Ethiopian courts have not published any judicial ruling that deals with algorithmicgovernance, systemic bias, or autonomous software liability. Where there is no bindingcaselaw, administrative decisions; regulatory circulars; and the institutional.
practices of government agencies serve as the functional equivalent of legal precedent. Examining these regulatory practices reveals early, fragmented attempts at managingtechnological risk.
Institutional Oversight and Sectoral Regulation
The Ethiopian Communications Authority currently functions as the primary supervisorybody under the Personal Data Protection Proclamation. The Authority has begun exercisingits investigative powers in corporate data-breach scenarios and has issued preliminary guidance requiring prior notification for large-scale data processing operations.[ParadigmInitiative, LONDA – Digital Rights and Inclusion in Africa Report: Ethiopia 2022, 14 (2023).]
However, the Authority evaluates these incidents strictly through a traditional data privacylens, bypassing the complex algorithmic mechanics of the systems involved.
Concurrently, the Ministry of Innovation and Technology frequently approves pilot projectsutilising advanced algorithms in agricultural disease detection and public service delivery. Acritical analysis of these administrative approvals reveals a systemic flaw. The authorisationscontain no standardised risk-assessment criteria, nor do they stipulate howcivil liabilitywill be allocated in the event of a catastrophic system failure. Private telecommunicationscompanies and data-centre operators deploy machine learning algorithms under general
licensing rules without any sector-specific legal obligations regarding fairness, transparency, or auditability.
The Role of the Ethiopian Artificial Intelligence Institute
The federal government established the Ethiopian Artificial Intelligence Institutetospearhead domestic research and development. While the Institute actively pursuestechnological advancement in critical sectors like healthcare and national security, itoperates fundamentally as a developer rather than an independent regulator. Thisinstitutional design creates an inherent conflict of interest within the national digital ecosystem. The state acts as the primary developer and deployer of high-risk algorithmicsystems, yet no separate, independent supervisory authority exists to audit thesespecificstate-owned systems for legal compliance. Institutions apply general administrativerulestohighly complex software deployments, but no regulatory body possesses the specificstatutory mandate to enforce proportionate, technology-specific obligations.
Critical Evaluation of the Regulatory Vacuum A. The Failure of Risk Classification
The most significant doctrinal gap in the current Ethiopian framework is the total absenceof risk classification. The legal regime applies uniform rules to all software systems regardlessof their potential to cause physical, financial, or societal harm. This one-size-fits-all approachis legally inadequate and practically unworkable.
A machine learning algorithm used by a local business to filter unsolicited email presents anegligible risk to the public. Conversely, an automated decision-making systemusedbyabank to evaluate creditworthiness, or by a public hospital to diagnose medical conditions, carries profound implications for fundamental human rights and economic security.[Jimaet al., supra note 1, at 192.]
By failing to distinguish legally between low-risk and high-risk applications, Ethiopianlawcurrently imposes unnecessary bureaucratic burdens on benign technological innovationswhile simultaneously failing to protect vulnerable citizens from severe algorithmic harms.
The law must recognise that opaque public-sector algorithms can perpetuate systemicdiscrimination if trained on historically biased data. Generative tools used by enterprises cancause widespread informational injury or reputational damage. The absenceof amandatory, statutory risk-tiering system renders the current legal framework structurallyblind to the actual threats posed by autonomous systems.
The Accountability and Liability Deficit
The second critical failure concerns the allocation of civil liability. When an autonomous system causes harm—such as a misdiagnosis by medical software or an unexplainable, automated denial of credit—the injured party must seek a remedy under the EthiopianCivil Code of 1960. The foundational tort principle in Ethiopia is extra-contractual liability basedon fault, governed primarily by Article 2028 of the Civil Code.[Civil Code of the Empire of Ethiopia, Proclamation No. 165/1960, Fed. Negarit Gaz., 19th Year No. 2, art. 2028 (1960).] Toestablish liability under this provision, a claimant must prove that the defendant committeda distinct fault, that the claimant suffered damage, and that the fault directly causedthedamage.
Autonomous systems, particularly those employing deep learning and neural networks, make decisions through opaque computational processes that are often unexplainableevento their original programmers. This phenomenon, commonly referred to as the blackboxproblem, completely disrupts the traditional causal chain required by Article 2028. An injured claimant in Ethiopia currently faces an insurmountable evidentiary burden. Theycannot prove human fault because the machine acted autonomously, and they cannotaccess the proprietary training data required to establish negligent design or failure towarn.
While Article 2069 of the Civil Code introduces strict liability for abnormally dangerous activities, Ethiopian jurisprudence has not yet extended this provision to independent software systems.[ Id. at art. 2069.]
A court would struggle to classify a line of code as an inherently dangerous activity akintostoring explosives or operating heavy machinery. Consequently, a severe liability deficit exists. Developers routinely disclaim responsibility through dense end-user license agreements. Deployers blame the autonomous, self-learning nature of the software. Theinjured citizen is left entirely without a clear legal remedy. The current extra-contractual liability framework, designed for a physical world of human actors, produces arbitrary andunjust outcomes when applied to advanced computing.
Enforcement Capacity and Public Trust
The third major deficiency lies in institutional and enforcement capacity. The EthiopianCommunications Authority possesses the legal authority to investigate data privacy violations, but it completely lacks specialised algorithmic expertise, computational auditingtools, and dedicated state funding for systemic oversight. The LONDA Report on digital rights explicitly highlights that weak institutional oversight in Ethiopia undermines publictrust and deters responsible, widespread technological adoption.[ParadigmInitiative, supranote 7, at 18.]
A common counterargument asserts that imposing strict regulations on autonomous software will stifle innovation and deter foreign direct investment. This argument fundamentally misapprehends the relationship between law and economic development. Legal uncertainty is the actual enemy of innovation. As detailed in a recent handbook ondigital resilience, micro, small, and medium-sized enterprises hesitate to integrate generative tools precisely because the legal liabilities regarding copyright infringement anddata protection remain totally unresolved.[ Fetun Promotion & Ad PLC, Handbook: Enhancing Resilience of Micro-, Small and Medium-sized Enterprises for Accelerating SDGs in Ethiopia, withtheSupport of Generative Artificial Intelligence Tools 45 (2025).]
A clear, risk-based regulatory framework creates a predictable commercial environment. It fosters capital investment by defining exactly where liability begins and ends, while simultaneously protecting public safety.
Comparative Perspectives
If Ethiopia’s domestic law remains underdeveloped regarding autonomous technologies, comparative regional frameworks offer highly valuable models for immediate legislativereform. Examining how similar jurisdictions address these legal challenges providesatemplate for Ethiopian lawmakers.
A. The African Union Continental Strategy
The African Union Continental Artificial Intelligence Strategy, formally endorsed in 2024, explicitly mandates a development-oriented, risk-minimising approach for all Member States.[ African Union, Continental Artificial Intelligence Strategy: Harnessing AI for Africa’s Development and Prosperity 8 (2024).]
The Strategy requires participating nations to transition away from uniform, generic digital policies. Instead, it directs them to classify autonomous systems according to the specificprobability and severity of potential harm they pose to African citizens.
The African Union framework demands that high-risk systems undergo mandatoryconformity assessments before they are deployed in public or commercial settings. It alsostrongly emphasises the necessity of establishing independent supervisory authoritiesequipped with specialised technical capacity. Importantly, the Strategy integrates humanrights impact assessments directly into the software development lifecycle, ensuringthattechnologies respect African cultural contexts and fundamental rights. Ethiopia’s current reliance on generic data protection rules stands in direct contradiction tothesecomprehensive continental standards, leaving the country lagging behind its regional commitments.
B. The Nigerian Regulatory Approach
Nigeria provides a highly relevant comparative domestic model for regulating algorithmicrisk. The Nigerian Control of Usage of Artificial Intelligence Technology Bill (HB. 942, 2023) represents a proactive legislative attempt to govern technology within an African economiccontext.[Control of Usage of Artificial Intelligence Technology Bill, HB 942, § 8 (2023) (Nigeria).]
Clause 8 of the proposed Bill is particularly instructive. It strictly requires continuous humanoversight for any automated decisions that significantly affect the legal rights, physical safety, or financial status of citizens.
Furthermore, the Nigerian Bill establishes explicit, statutory risk-mitigation duties forsoftware developers. It creates strict liability penalties for algorithmic outputs that causephysical injury or severe economic harm. Although the Bill remains under legislativeconsideration, its structural approach—combining specific risk tiering, mandatoryhuman-in-the-loop requirements, and distinct liability allocation—offers a practical template. The comparative experience demonstrates that a targeted, risk-basedlegal framework is legally feasible, economically viable, and absolutely necessary to closetheaccountability gaps present in emerging African markets.
Proposals for Reform in the Ethiopian Context
The comparative survey and critical evaluation demonstrate that Ethiopia’s current policyvacuum is legally and economically unsustainable. To support the national objectivesof Digital Ethiopia Vision 2030 while adequately protecting citizens, it is submittedthat the House of Peoples’ Representatives must enact comprehensive reforms utilising ahybridmodel of risk classification and adjusted liability.
First, Parliament should enact a dedicated Autonomous Systems Liability and GovernanceProclamation. This new statute must introduce a mandatory risk-classification framework, dividing all algorithmic applications into low-risk, medium-risk, and high-risk categories. High-risk systems—specifically those utilised in public service delivery, lawenforcement, healthcare diagnostics, and automated credit-scoring—must be subjected to mandatory prior conformity assessments.
Furthermore, the new Proclamation must impose strict liability on the commercial deployers of high-risk systems. This adjustment is necessary to remove the insurmountableburden of proving human fault under the traditional Civil Code. Strict liability forces theparty best positioned to mitigate the risk—the deployer—to bear the financial consequences of system failure. For low-risk and medium-risk applications, the lawshouldintroduce a rebuttable presumption of causality to assist claimants in civil litigationwithoutstifling basic software development.
Second, the government must structurally empower the Ethiopian CommunicationsAuthority. Parliament must grant the Authority a broadened statutory mandate, specialisedtechnical funding, and the power to establish an independent Algorithmic AuditingDirectorate. The Authority must possess the explicit legal right to demand algorithmictransparency from developers, conduct unannounced systemic risk audits, andimposeadministrative fines of up to five percent of an enterprise’s annual turnover for severecompliance failures.
Third, Parliament must harmonise the existing fragmented statutes. The Personal DataProtection Proclamation No. 1321/2024 should be amended to explicitly link data privacy
obligations with algorithmic accountability. The amendment should mandateformal algorithmic impact assessments for any data controller using automated systems toprocesssensitive information. Additionally, the Copyright and Neighboring Rights ProtectionProclamation No. 410/2004 must be revised to clarify the authorship and ownershiprulesregarding machine-generated works. This legislative revision should be managed throughajoint oversight mechanism between the Ethiopian Communications Authority andtheEthiopian Intellectual Property Office to ensure absolute commercial predictabilityfordomestic businesses.
Fourth, the new legislative framework must explicitly integrate the ethical andrisk-minimising principles found in the African Union Continental Strategy. The lawshouldimpose mandatory disclosure obligations on commercial developers, requiring themtomaintain technical records sufficient for post-hoc analysis. This documentation requirementwill effectively address the black box evidentiary problem and align Ethiopian lawwithemerging continental best practices.
VII. Conclusion
Algorithmic systems are rapidly transforming the economic and social landscape of Ethiopia. They are actively deployed today in contexts that directly dictate the financial security, physical safety, and fundamental rights of citizens across the nation. The legal frameworkthat governs accountability for harm caused by these systems is, as this articlehasdemonstrated, structurally inadequate. Digital Ethiopia Vision 2030 operates merelyasanaspirational policy document, providing no enforceable legal obligations. Similarly, thePersonal Data Protection Proclamation No. 1321/2024 protects informational privacybutcompletely fails to address algorithmic liability, risk classification, or the nuancesof autonomous decision-making.
This article has argued that the appropriate response to this regulatory vacuumisimmediate, targeted legislative reform. The application of traditional extra-contractual liability under the Ethiopian Civil Code to autonomous software systems produces arbitraryand unjust outcomes. The requirement to prove human fault for machine-generatedharmcreates an insurmountable barrier to justice, necessitating a paradigmshift inaccountability.
Parliament should enact a dedicated Autonomous Systems Governance Proclamationwithinthe next legislative session. This statute must classify systems by their potential for harm, impose strict liability for high-risk applications, and legally mandate human oversight forcritical automated decisions. Furthermore, the state must restructure and empower theEthiopian Communications Authority to enforce these new obligations, and amendexistingintellectual property laws to protect commercial innovation. The comparative experiencesof the African Union and Nigeria demonstrate that principled legal reformis highlyachievable without stifling digital innovation. By implementing these recommendations, Ethiopia has the opportunity to close the current accountability gap, foster deeppublictrust, and establish a resilient, future-ready governance regime.
Reference(S):
Legislation
Civil Code of the Empire of Ethiopia, Proclamation No. 165/1960, Fed. Negarit Gaz., 19th Year No. 2(1960).
Control of Usage of Artificial Intelligence Technology Bill, HB 942 (2023) (Nigeria).
Copyright and Neighboring Rights Protection Proclamation No. 410/2004, Fed. Negarit Gaz., 10thYear No. 55 (2004).
Federal Democratic Republic of Ethiopia, Personal Data Protection Proclamation No. 1321/2024, Fed. Negarit Gaz., 30th Year No. 35 (2024).
Secondary Sources
African Union, Continental Artificial Intelligence Strategy: Harnessing AI for Africa’s Development and Prosperity (2024).
Federal Democratic Republic of Ethiopia, Digital Ethiopia Vision 2030: Locally Rooted, Digitally Powered (2025).
Fetun Promotion & Ad PLC, Handbook: Enhancing Resilience of Micro-, Small and Medium-sizedEnterprises for Accelerating SDGs in Ethiopia, with the Support of Generative Artificial IntelligenceTools (2025).
Paradigm Initiative, LONDA – Digital Rights and Inclusion in Africa Report: Ethiopia 2022 (2023).
Wegene Demisie Jima, Tesfaye Addisu Tarekegn & Taye Girma Debele, The Landscape of Artificial Intelligence Implementation in Ethiopia, 3 ASRIC J. Nat. Sci. 188 (2023).
