ARTICLE
7 April 2026

AI, Personal Data Protection, And Corporate Liability In Ethiopia

5A Law Firm LLP

Contributor

5A Law Firm LLP logo
5A Law Firm LLP is Ethiopia's only law firm founded entirely by former judges, with 114+ years of combined judicial and legal experience. Based in Addis Ababa — Africa's diplomatic capital — we advise foreign investors, multinationals, and international organizations on investment law, corporate transactions, tax, arbitration, and regulatory compliance.
Explore Firm Details
Ethiopia has entered a pivotal phase in regulating the data- and algorithm-driven economy. Two developments define this moment: the adoption of Ethiopias first comprehensive Personal Data Protection Proclamation and the federal executives approval of a National Artificial Intelligence (AI) Policy.
Ethiopia Technology
5A Law Firm LLP
Your Author LinkedIn Connections
5A Law Firm LLP’s articles from 5A Law Firm LLP are most popular:
  • within Technology topic(s)
  • with readers working within the Insurance industries
5A Law Firm LLP are most popular:
  • within Technology, Employment and HR and Finance and Banking topic(s)

Ethiopia has entered a pivotal phase in regulating the data- and algorithm-driven economy. Two developments define this moment: the adoption of Ethiopias first comprehensive Personal Data Protection Proclamation and the federal executives approval of a National Artificial Intelligence (AI) Policy.

Introduction

AI systems are not just software. They are socio-technical decision tools trained and optimized on data, frequently including personal data. As Ethiopian firms deploy AI in finance, telecom, e-commerce, HR, transport, and public services, two legal questions become unavoidable:

  • What rules govern corporate collection and use of personal data to build or run AI systems?
  • Who pays when AI-driven processing causes harm?

Ethiopia promulgated Personal Data Protection Proclamation No. 1321/2024 (24 July 2024). In parallel, the federal executive approved Ethiopias first National AI Policy on 27 June 2024.

Ethiopias Governance Architecture

Constitutional Foundation: Article 26 of the FDRE Constitution protects privacy as a fundamental right.

The PDPP: Ethiopias first comprehensive framework regulating personal data processing, with the Ethiopian Communications Authority (ECA) as supervisory authority.

How AI Intensifies Data Risks

1. Training Data: Secondary use of data for AI training becomes legally sensitive under purpose limitation rules.

2. Profiling: AI can infer sensitive attributes from non-sensitive inputs.

3. Automated Decisions: The PDPP requires human review channels for significant decisions.

4. Breaches: Ethiopias 72-hour notification requirement makes cybersecurity a compliance duty.

The Liability Stack

Administrative: The ECA can impose sanctions. Compliance must be documented.

Civil: Organizations are liable for harms caused by workers under the Civil Code.

Contractual: AI procurement is liability engineering.

Criminal: Computer Crime Proclamation No. 958/2016 creates criminal exposure.

Compliance Model

Firms should implement: board oversight, data mapping, DPIAs, vendor controls, and incident response aligned with 72-hour deadlines.

Conclusion

AI strategy is not only a competitive strategy; it is a liability strategy.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of 5A Law Firm LLP
5A Law Firm LLP
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More