JANNIE ZAAIMAN: European technology laws a good example for Africa

Cybercrime is a scourge many countries are having to deal with, not least those on the African continent. The types of attacks are intensifying as criminals start making use of artificial intelligence (AI) to penetrate organisations, gain access to data and disrupt operations.

However, the EU is tackling these threats head on, moving to stay ahead of the thieves as much as possible through enacting laws that set down rules for developing software and hardware.

At the same time there are opportunities for the continent to grow through looking to Europe for an example of how best to implement standards that will make its offerings world class.

Africa is increasingly becoming a target for cyber criminals, with Check Point’s global threat index for June 2024 finding that Kenya is the most attacked African country, while Zimbabwe and Angola are among the other seven African countries ranked in the 20 most attacked.

The Paradigm Initiative, which follows trends in digital rights, environment and inclusion in Africa, found in its 2023 Londa report that internet shutdowns and disruptions, data protection, disinformation, as well as cybersecurity issues, are all affecting Africa’s digital growth. This will in turn harm economic growth.

Collaboration across countries, on the continent as well as with developed markets, such as in the European bloc with its multitude of cyber laws, is critical to forming ways of fighting cybercrime as well as ensuring that Africa benefits from the latest legislation to fight attacks.

In Europe the Artificial Intelligence Act, which came into effect on August 1, places a burden on companies to let people know when the business is using AI. Given that most hacks occur when people unknowingly open the door to criminals, such as through clicking on links in phishing emails, this should go some way towards helping cut down such breaches. Moreover, given that unacceptable risk such as manipulative AI is forbidden, attacks should be easier to trace.

There are several ways in which cybercriminals attack organisations, and in the current environment it is not a case of whether a company will have to deal with a breach but rather when. Phishing, which has been around for years, has taken on a new form through what are called deepfake attacks, which is when — as an example — criminals use AI to impersonate a company’s CEO in a video, which is then sent to staff with an encouragement to watch his insights.

AI is also being used to clone websites and create more convincing emails that are harder to tell from the real thing, thus encouraging staff to click and opening the door to hackers.

There are many more ways in which the thieves are trying to get into companies’ networks and disrupt operations. Distributed denial of service attacks are becoming easier to perpetrate, cybercriminals use AI in ransomware demands through making use of several machines, and can also make use of machine-learning algorithms to analyse large amounts of data to identify patterns and trends that are not immediately obvious to humans.

Through the Artificial Intelligence Act Europe aims to not only be seen as a trustworthy geographical location for AI development, but also influence the rest of the world to make certain AI systems respect fundamental rights, safety and ethical principles. Given that Africa is developing tech hubs across the continent, a unified approach to AI development can also assist Africa in becoming a source of world-class AI development.

In fact, the top eight tech hubs in Africa are in Lagos (Nigeria), Nairobi (Kenya), Cairo (Egypt), Cape Town and Johannesburg, Kigali (Rwanda), Casablanca (Morocco) and Tunis (Tunisia). And Africa has the support of the EU when it comes to digital transformation, as the bloc has incorporated this as one of its priorities in its relationship with Sub-Saharan Africa.

When it comes to cyber, the European Cyber Resilience Act, to be phased in over 2025 and come into full force the year after, details cybersecurity requirements for hardware and software products with digital elements that are sold in Europe.

Before the law’s development there were various laws and initiatives throughout the bloc, which led to patchy legislation and confusion for manufacturers. What was in force did not completely address the risks and problems when it comes to cybersecurity, while also meaning manufacturers and those using the products had to comply with a range of laws and regulations.

Thanks to this law it is now easier for manufacturers to understand exactly what requirements must be implemented to ship products to the European bloc. As McKinsey has noted, Africa’s expected population surge by 2050 will require vigorous job creation.

Making technological hardware that complies with Europe’s requirements is one way in which the continent can grow jobs, especially considering that Europe is Africa’s largest trade partner in terms of inflows. There is no reason the flow cannot go both ways.

Not only can Africa benefit from laws that will help fend off attacks, but also those that seek to give credence to new technological developments, such as AI. Through developing cross-cutting standards and legislation we can take advantage of technology as a means of propelling growth.

• Zaaiman is secretary-general of the Technology Information Confederation Africa.