Burundi sets Data as a strategic digital public good
From Digital ID systems, Data protection and cybersecurity laws, AI strategies, and universal connectivity, Burundi has embarked on a bold digital journey to redefine governance, business, and daily life. However, insufficient and outdated digital public infrastructure, goods, and related challenges still impede progress, despite initiatives to overcome them.
This series takes you inside the country’s push toward ambitious digital transformation. Current initiatives, challenges, and expected outcomes.
This series has been produced under the Digital Public Infrastructure (DPI) Journalism Fellowship for Eastern Africa and Media Partnership with CIPESA.
Part 5 stresses the importance of regulations in digitalization despite gaps and non-compliance with the Malabo Convention.
Legal frameworks for full digitalisation
As Burundi continues to sail its boat toward full digitalisation, reaching its destination requires legal frameworks, regulations, standardisation, oversight, and safeguarding of users’ rights to successfully navigate the ocean waves and storms.
In this framework, it has validated the National Data Governance Strategy, which aims to make data a strategic public good at the service of transparency, innovation, and sustainable development, and a powerful tool that drives economic, social, and political development.
Madame Francine Inarukundo, Vice-Minister of Finance, Budget and Digital Economy, called “data a strategic public good at the service of transparency, innovation, and sustainable development.”
The strategy aims to achieve five key objectives: strengthen data governance by establishing an institutional and legislative framework; improve digital infrastructure to securely store and process data; ensure digital inclusion, particularly for vulnerable populations; and promote innovation by leveraging data to develop digital solutions. Enhance cybersecurity to protect sensitive data and ensure national security.
It also relies on seven key pillars which are, Institutional governance and leadership to coordinate actions, Modern legal framework to protect personal data and strengthen cybersecurity, Data quality and interoperability to enable smooth circulation between institutions, Robust digital infrastructures for storage and sharing, Security and protection of personal data, Capacity building and data culture, Data economy and innovation to boost startups and the digital economy.
The validation aligns with the African Union Data Policy Framework, reinforcing the commitment to building a secure, inclusive, and innovative digital ecosystem with African Union member states.
The National Data Governance Strategy was validated on November 7, 2025, in collaboration with the United Nations Economic Commission for Africa (ECA) as part of the “Data Governance in Africa” initiative.
As part of the second pillar of its National Data Governance Strategy, the country must adopt comprehensive legislation that addresses every dimension of data governance. This includes not only protecting citizens’ personal information but also effectively managing public data.
Burundi: Promulgates its first Personal Data Protection law
Following the validation of the National Data Governance Strategy, on January 15, 2026, the National Assembly of Burundi adopted the law on the protection of personal data. Almost two months later, on March 10, 2026, the head of state promulgated it, marking a major step in safeguarding citizens’ rights in the digital age.
During the National Assembly session, the Interior Minister, Léonidas Ndaruzaniye, emphasized that with the rapid growth of digital goods and services, personal data has become a highly coveted resource. He stressed that its processing must respect fundamental human rights, freedoms, and human dignity, making this legislation a crucial tool for protecting privacy.
Until now, Burundi lacked a specific legal framework to regulate the collection and use of personal data, despite the expansion of government intranet systems, the digitization of the electoral register, and the modernization of the national identity card and the issuance of travel documents. The new law fills this gap.
The legislation establishes an independent administrative authority to oversee data protection. It also introduces specific penal provisions that complement existing laws, such as the Penal Code and the law against cybercrime.
Lawmakers’ Concerns and Minister’s Assurances
Despite the adoption, Members of Parliament voiced concerns about data security. However, the Minister reassured them that the information collected would be strictly protected and used only for purposes defined by law.
The absence of the biometric national identity card for decades was called into question. The home affairs minister explained that the delay was due to the lack of a legal framework, but that with the law now in place, implementation will accelerate.
He further noted that pilot operations have already begun in twelve communes, supported by new software aligned with the country’s administrative reorganization.
After thorough debate and amendments, the bill was passed unanimously, signaling broad political consensus on the importance of protecting personal data in Burundi.
Experts identify gaps and non-compliance with the Malabo Convention
However, experts have found gaps and non-compliance with the Malabo Convention in both the laws on Personal Data protection and in Law No. 1/004 of March 16, 2022, on the prevention and repression of cybercrime in Burundi, thereby significantly exposing people to online harms, including cybercrimes.
During a a Digital Policy Engagement Workshop organized by Paradigm Initiative, an African organization shaping policy, defending rights, and building capacity in the digital environment for an inclusive and rights-respecting digital world, organized, together with Dukingire Isi Yacu, from February 18 to 19, 2026, in Bujumbura at City Hill Hotel, government officials, regulatory institutions, civil society organizations, journalists and media professionals, private-sector actors, and legal and technical experts, critically analyze Burundi’s cybercrime law against regional and international standards, identify gaps and risks in its implementation, foster multi-stakeholder dialogue on necessary reforms, and discuss concrete strategies for the effective enforcement of the data protection law.
Cléophas Nizigiyimana, Chief of Staff to the Governor of Bujumbura Province and government delegate, underscored the importance of Burundi’s cybercrime legislation during the workshop’s opening ceremony.
“The law on the prevention and repression of cybercrime marked an important milestone in combating online offenses and strengthening digital security and personal data protection within Burundi’s digital governance framework,” he said.
Nizigiyimana pointed to the adoption of Law No. 1/10 of March 16, 2022, as a turning point.
“Its adoption highlighted a significant step forward,” he noted. “However, certain provisions have raised concerns about their potential impact on freedom of expression, privacy, and access to information. This underscores the need for balanced enforcement that respects fundamental rights.”
He also referenced the country’s more recent legislation on personal data protection, describing it as a major evolution in Burundi’s digital governance framework.
“This law establishes principles for data processing, defines obligations for data controllers, and recognizes citizens’ rights,” Nizigiyimana explained. “It represents a significant advance in privacy protection and alignment with regional and international standards.”
Echoing this vision, Moussa Waly SENE, Program Director at Paradigm Initiative, delivered a presentation that critically analyzed Burundi’s cybercrime law against regional and international standards. He reminded participants that digital rights are, first and foremost, human rights.
“Digital rights are not new rights,” he explained. “They are the same fundamental rights we hold as human beings, but expressed in the digital age. They are the rights enshrined in the Universal Declaration of Human Rights, applied through the lens of digital technologies and reinforced by national constitutions and regional frameworks.”
After two days of intensive presentations and rich exchanges, participants shared their impressions and issued recommendations. They called on the Government of Burundi to ratify the Malabo Convention, an African Union instrument on cybersecurity and the protection of personal data, adopted on June 27, 2014, by African heads of state and government.
Experts urge Burundi to ratify the Malabo Convention
Such ratification, they argued, would establish a harmonized legal framework to secure electronic transactions, safeguard privacy, and strengthen the fight against cybercrime across the continent.
Onesphor Ndayisaba, Legal Representative of the Burundian Association for the Prevention and Protection of the Environment (ABPPE), reflected on his own engagement with the country’s cybercrime legislation.
“This was not the first time I had consulted the law,” he said. “While some provisions had previously been insufficiently analyzed, this time I was able to review all of the articles in detail. My message to others is clear: read the law carefully, because it is both the instrument that protects and the one that punishes. In matters of cybersecurity, protection and sanction are inseparable.”
Ndayisaba added that comparing Burundi’s data protection law with the Malabo Convention revealed significant gaps.
“The country still lags behind,” he noted. “Adapting national legislation to regional and international standards is therefore essential for integration.”
Journalist Julien Barinzigo also raised concerns about the disconnect between existing laws and realities on the ground.
“For example, personal data protection should also take into account Burundian cultural contexts,” Barinzigo explained. “Decisions imposed from abroad often fail to align with local legal and social frameworks.”
He went on to stress the importance of public awareness.
“The first recommendation is that the law signed by the President in 2022—still unknown to much of the population—be widely disseminated and applied in practice,” he said. “The second is that Burundi’s current president assumes a leadership role within the African Union; he should urge other governments to sign and ratify the Malabo Convention, and encourage all African states to follow suit.”
According to Barinzigo, effective enforcement of the cybercrime law and regulations addressing offenses committed on social networks will require close collaboration with the media.
“Government institutions and stakeholders must ensure these laws are applied,” he emphasized. “Collaboration with the media is essential to guarantee broad public awareness.”
Experts noted that Burundi’s legal framework, though evolving, still contains gaps, vague concepts, and areas not yet legislated. They therefore recommended reforms to align national law with regional and international instruments. Multiplying such forums, they concluded, is crucial to ensure that stakeholders fully grasp these tools, thereby equipping the country to prevent cybercrime and build a society resilient to digital violence.
Part 6, will focus on the Digital ID systems and their implications in the digitalization journey