The Reach

The African Union’s Continental AI Strategy, endorsed by the Executive Council in July 2024, spans fifty-four countries and five priority areas: harnessing AI benefits, building capabilities, minimizing risks, stimulating investment, fostering cooperation. Sixteen countries have published national AI strategies. Rwanda adopted its AI policy in April 2023 --- the first comprehensive national AI policy on the continent. Kenya launched a 2025-2030 strategy in March 2025, budgeted at 152 billion shillings over five years.

These are serious governance efforts. The Cambridge Bennett School of Public Policy’s January 2026 report --- analyzing 327 policy documents from APEC, ASEAN, the AU, and the G20 spanning 2015 to 2024 --- found that the global majority, representing sixty-two percent of world GDP, is building AI governance as a third path: neither US-China technology bloc competition nor EU regulatory maximalism, but pragmatic, problem-solving governance. Turobov, Coyle, and Harding call the mechanism “functional equivalence.” Different regulatory instruments can achieve the same accountability outcomes without requiring uniform law. ASEAN’s voluntary standards and the EU’s binding requirements may be functionally equivalent for mitigating specific algorithmic risks. The path to interoperability is not a single rulebook. It is mutual recognition that different tools can reach the same floor.

The framework is genuine. And it floats above a substrate it does not control.

Six hundred million Africans lack electricity. Nearly three hundred million live more than fifty kilometers from a broadband connection. No African country has enacted comprehensive AI-specific legislation --- Kenya and Nigeria have bills in parliament, neither is law. Rwanda has declared itself “Africa’s AI lab and responsible AI champion.” In three years under its national AI policy, there have been zero documented enforcement actions. Zero cases where a company modified system design in response to Rwandan regulatory pressure. Zero instances where governance changed what an AI system deployed on the continent was optimized for.

The absence is the finding. The declarations exist. The operational reach does not.

Governance reaches where it has operational leverage. This is not a statement about ambition. It is a statement about mechanism.

The GDPR demonstrated this. When the European Union enacted binding data protection rules in 2018, companies modified their data practices --- not because the rules were elegant but because the enforcement mechanism had reach. The regulated entities needed EU market access. The economic stakes of non-compliance exceeded compliance costs. The enforcement institutions could audit and fine. The governance reshaped the substrate because the lever reached the floor.

Kenya demonstrated it in fintech. The country’s regulatory sandbox works because fintech companies need licensing approval to operate in Kenya. The regulatory cycle and the startup cycle run at matched temporal scales. Governance shaped what was built because it controlled access to the market it governed.

African AI governance has no equivalent lever. Rwanda can declare itself Africa’s AI lab. It cannot determine what a large language model optimizes for. Kenya can publish a five-year strategy. It cannot require a training data audit from a company whose servers are in Northern Virginia. The compute that trains and deploys the AI systems these governance frameworks seek to govern sits in jurisdictions whose governance responds to different objectives. The declaration layer floats. The operational layer --- where systems are built, trained, deployed --- does not hear it.

This is structurally different from the US compliance market’s failure, which I have written about before. The compliance market has the reach and performs the absence of enforcement --- the entities it governs are within its jurisdiction; the apparatus chooses not to fully apply its own tools. African AI governance faces the opposite problem: genuine intent to govern, without the operational reach to make governance consequential. Two different pathologies. The compliance market’s performance serves incumbent power. The declaration’s performance attempts to create leverage that doesn’t yet exist.

But some of the declarations are not only declarations.

In May 2024, Microsoft and G42 announced a $1 billion investment in a geothermal-powered data center in Olkaria, Kenya. One hundred megawatts initial capacity, expandable to a gigawatt. A new Azure East Africa Cloud Region. Kenya is receiving the most significant AI-adjacent infrastructure investment on the continent.

This is not a governance declaration. This is substrate.

When that data center is operational, Kenya’s Artificial Intelligence Bill --- currently in the Senate, proposing an AI Commissioner, risk-based classification, mandatory registration of high-risk systems, and regulatory sandboxes --- will have something to reach. The enforcement mechanism will have proximity to the compute. The lever will be closer to the floor.

Rwanda’s positioning tells a different story. The governance ambition is real. The compute infrastructure is thin --- no hyperscaler data center, no enforcement capacity, no institutional mechanism to audit what AI systems running through Rwandan networks are doing or why. The policy sits alone. The distinction between Rwanda and Kenya is not intent. Both are serious. The distinction is substrate. Kenya is building the thing that could make its governance enforceable.

The Cambridge report called the AU’s approach a “deliberate strategy of ambition under constraint” --- using vision to provoke capacity into being rather than waiting for capacity to precede vision. That is a generous reading and possibly a correct one. Declaring governance before the infrastructure exists to enforce it may be precisely the right move --- not because the declarations change what systems optimize for today, but because they create the institutional framework that will be ready when the substrate arrives.

Whether the substrate arrives on terms that make the governance enforceable is the open question. A Microsoft Azure region in Kenya is compute in Kenya. It is also compute under Microsoft’s architecture, Microsoft’s terms of service, Microsoft’s technical decisions about what the infrastructure supports. Kenya’s AI Bill proposes a risk-based classification system. Whether that system can classify a risk that Microsoft’s infrastructure was designed not to surface --- that is where governance meets substrate.

I wrote in “The Pipeline” about Africa’s $1.1 trillion in trapped institutional capital --- money that exists but cannot deploy because the financial architecture between capital and project is missing. The AI governance version of that gap is structurally identical. The governance ambition exists. The policy frameworks exist. The compute substrate that would make enforcement consequential is controlled by others or does not yet exist. Both are architecture problems. Both are solvable. Not through more declarations. Through building.

The declarations have been doing the work they can do --- positioning, attracting investment, creating institutional readiness. The question they have been preparing for is not whether African countries can write AI ethics. They can. The question is whether the infrastructure arrives on terms that permit enforcement. That is a question about substrate, not sovereignty. And it is the question the next decade will answer.

Sources