DIGITAL SOVEREIGNTY: AI AND DATA PROTECTION IN CAMEROON

 by

 OBIA SARON 

CyJurII Theorist

on 12 September 2025

Cameroon aspires to be an emerging economy in 2035.  However, troubling statistics from the National Agency for Information and Communication Technologies (ANTIC) audit of 2021 reveal that 27,052 vulnerabilities were detected in public and private administrative IT systems. The 60-day identification of SIM cards ‘game’ in Cameroon was a directive from the Minister of Territorial Administration (MINAT) in April 2024, instructing telecom companies to register and identify all existing SIM card users in order to combat organized crimes.

Artificial intelligence is the structural programming of computers or automated systems to mimic tasks typically associated with human intelligence, such as learning, reasoning, problem-solving, and decision-making. Regulatory compliance and due diligence are strategic aspects of cybersecurity. Before diving into the benefits and drawbacks of AI, it is essential to know the different cyber laws in Cameroon:

Decree No. 2015/3759 of 3 September 2015, Lay Down the Identification Requirements for Subscribers and Terminal Equipment of Electronic Communication Networks.

Decree No 2017/2580/PM of 06 April 2017 Setting the Terms and Conditions for the Establishment or Operation of Electronic Communication Networks and Supplies of Electronic Communication Services Subject to the Authorization Regime.

Law No 2010/012 of 21 December 2010 relating to Cybersecurity and Cybercriminality in Cameroon. The law was promulgated after the first case of cybercrime in 2009, that of ‘The People of Cameroon vs. Tita Kevin Ndango’ in 2009 (CFIB/40c/09).

Law No 2010/021 of 21 December 2010 on Electronic Commerce in Cameroon.

Law No 2024/017 of 3 December 2024 relating to Personal Data Protection in Cameroon.

Advantages of artificial intelligence

AI has reconfigured the cybersecurity landscape, particularly in the domains of data protection and privacy of individuals and organizations. Below are some of the advantages of AI:

Enhanced efficiency and automation: With the creation of new technologies, telecommunication companies and state agents easily program daily activities. Service rendered by automated machines to individuals and corporate entities minimize cost and mitigate errors.

Verification of evidence: Enhanced complainant experience with images, videos, and recorded conversations, when a complaint is tendered relating to cybercrime. During the trial of ‘The People of Cameroon vs. Tita Kevin Ndango’ in 2009 (CFIB/40c/09), it was revealed that Photoshop was used to modify the photos sent to the victim.

Drawbacks of artificial intelligence

Artificial intelligence can never take over the jobs of humans. Although there are several advantages of artificial intelligence, the drawback poses a strategic menace.

Ethical and privacy violations

Technological enabling of crimes is usually caused by ethical and privacy violations. The cloning of phone numbers to deepfakes and financial crimes, is possible because of the availability of devices like Simbox in the dark market. When a Sim card is cloned, the subscriber’s number is unavailable within a certain period. The importation and sale of the Simbox to individuals should be restricted or subjected to proper identification, and the Flipper Zero ban in Cameroon as in Canada.

Generative artificial intelligence facilitates cybercrime, as criminals prompt texts that are used against their targets. Some criminals usually pose as a telecommunication agent requesting the target to validate a code, for a selection done by the company, or pin to reconfigure a mobile account due to an unprecedented incident with the servers of the organization. Decree No. 2015/3759 of 3 September 2015 Lay Down the Identification Requirements for Subscribers and Terminal Equipment of Electronic Communication Networks as per Art 4 (1) A subscriber is eligible to not more than three (03) Sim cards and Art. 6 (which focuses on some key issues for registration) particularly the International Mobile Equipment Identity (IMEI) of device.

Legal and ethical implications

The criminal justice system is gradually integrating new technologies and upgrading skills in artificial intelligence. The case of ‘The People of Cameroon vs. Che Valery Neba’ in 2012 (HCF/085c/12) at the High Court of Fako in Buea (2012), which involved a gang or group of individuals who operated as a cybercriminal ring, required an expert in digital forensics. The facts of the case included the fraudulent acquisition and use of documents and the sale of black pepper to an online user. During hearings in Buea, the accomplices who appeared in court as co-defendants were IkomYannick Njuh and Kenah Elias Wallang. The lack of evidence led to the acquittal of the case, revealing the inadequate cybersecurity expertise at the time. Data security requires:  regular audits; security policy; access management; and a reliable incident response plan.

Conclusion

Law No 2024/017 of 3 December 2024 relating to Personal Data Protection in Cameroon has three core aspects: informed consent, rectification, and retention. As per Section 21 of the law, the controller must provide the data subject with essential information as to the reason for data collection; Section 22 (1) is specific in case of a data breach, information should be provided to the subject. Section 32 restricts the transfer of personal data outside Cameroon, unless the destination country ensures an adequate level of protection. The question is: how secure is the personal data of Cameroonians? Question that the minister of territorial administration tagged the telecommunication companies in Cameroon in regards to the menace in the North West, South West, and Far North Regions. The availability of data facilitates the tracking of criminals and ensuring public safety by national security.

Cameroon should advocate for the Defective Products Directive, which takes into consideration AI (AI Liability Directive) at the African Union. The Directive will reinforce the current ‘African Union Convention on Cyber Security and Personal Data Protection’, to provide fault liability of manufacturers and compensation for personal injury, damage to property, or loss of data caused by defective products. The advocacy should focus on product liability rules on technological enabling tools, allowing for damage to be repaired when products such as automated systems are made unsafe by software updates, digital services necessary for the operation of the product, as well as when manufacturers fail to remediate vulnerabilities to effectively protect AI users.

References

1.       Bermay, F. P., & Godlove, N. (2012). Understanding 21st-century cybercrime from the ‘common’. Criminal Justice Matters, 89(1), 4-5.

2.      Broadhurt et al (2014) Organizations and Cyber Crime: An Analysis of the Nature of Groups engaged in Cyber Crime. International Journal of Cyber Criminology vol 8, Issue 1, January- June 2014

3.      Le Monde (2023) : https://www.lemonde.fr/afrique/article/2023/04/25/vent-de-panique-a-

4.      Lillian Ablon et al (2014) Markets for Cybercrime Tools and Stolen Data Hackers’ Bazaar, National Security Research Division, 2014

5.      Michael Kan 2024.Canada Walks Back Ban on Flipper Zero, Targets ‘Illegitimate’ Use Cases. https://www.pcmag.com/news/canada-walks-back-ban-of-flipper-zero-targets-illegitimate-use-cases

6. MINAT boss goes tough on terrorism financing.

https://theguardianpostcameroon.com/post/2611/fr/minat-boss-goes-tough-on-terrorism-financing.

7.      Momha M. (2025). Data Privacy and Responsible AI Adoption in Cameroon. https://www.globalcenter.ai/research/data-privacy-and-responsible-ai-adoption-in-cameroon

8.     Peterkins Manyong (2009) Analysis: Of Scammers and other Website Predators, December 18, 2009.

9.     The Artificial Intelligence Liability Directive. https://ai-liability-directive.com/