What has happened?

The African Continental Free Trade Area (“AfCFTA”) has emerged as a pivotal opportunity that will set the framework for future trade across Africa. Amid the prospects, one of the challenges has been the fragmented and diverse regulatory environment, coupled with regulators adopting policies that are not conducive for multinationals to make investments and operate efficiently across Africa.

Following protracted negotiations, and industry consultations, the 37th African Union (“AU”) Heads of States Summit held on 17 – 18 February 2024, adopted the much anticipated AfCFTA Protocol on Digital Trade (“AfCFTA Digital Protocol”).

The AfCFTA Digital Protocol establishes an important legal instrument that will, through harmonized rules and common principles and standards, support and enable an acceleration of technology driven innovation and commerce in Africa. It focuses on promoting intra-African digital trade, enhancing cooperation on digital matters among State Parties, and creating a transparent, secure, and trusted digital trade ecosystem.

Why is this development important for technology companies operating in Africa?

The AfCFTA Digital Protocol covers important areas such as data governance, data protection, cross-border data flows, online consumer protection, cybersecurity and emerging technologies (including artificial intelligence). For multinational technology companies, that operate in several jurisdictions across Africa, this is particularly important given the historic and current challenges relating to limited regulatory and commercial inter-operability between jurisdictions, the high cost of compliance and transaction costs, and limited access to regional markets.

How can we help?

It is essential for multinational companies, to continue to engage regulators as the AfCFTA Digital Protocol enters into force. While the framework has been set out, it is expected that several annexures will be developed over the next few years, to give effect to the overall framework.

The Covington team has worked closely with the AfCFTA Secretariat, various African governments and leading multinational and African technology companies, contributing substantively to the development of the AfCFTA Digital Protocol as adopted by the AU Heads of States. Our team remains available to businesses as they navigate the AfCFTA Digital Protocol, particularly as it affects products and services offered at an individual company level.

Our team would be happy to address any questions you may have.

On 26 January 2024, the European Medicines Agency (EMA) announced that it has received a €10 million grant from the European Commission to support regulatory systems in Africa, and in particular for the setting up of the African Medicines Agency (AMA). Although still in its early stages as an agency, AMA shows significant promise to harmonize the regulatory landscape across the continent in order to improve access to quality, safe and efficacious medical products in Africa. Other key organizations who are working to establish and implement the vision set out for AMA include the African Union (AU), comprising of 55 member states in Africa, the African Union Development Agency (AUDA-NEPAD) and the World Health Organization (WHO). Of importance, AMA is expected to play an important role in facilitating intra-regional trade for pharmaceuticals in the context of the Africa Continental Free Trade Area (AfCFTA).

Background to AMA and medicines regulation in Africa

Africa currently has limited harmonization of medicines regulation between jurisdictions. The functionality and regulatory capacity of national medicines regulatory authorities varies significantly. For example, many national regulators lack the technical expertise to independently assess innovative marketing authorization applications and instead adopt “reliance” procedures, whereby authorization by a foreign stringent regulatory authority or registration as a WHO pre-qualified product may be a condition for approval. Pharmaceutical manufacturers seeking to conduct multinational clinical trials or launch their products across Africa can often face challenges when navigating the divergent requirements for each country (and can face additional delays during each approval process).

Multiple initiatives in the last decade have aimed to increase the harmonization of medicines regulation across Africa with varying degrees of success, such as:

In February 2019, the AU adopted the treaty for the establishment of AMA (AMA Treaty). AMA will function as a Specialized Agency of the AU. In its press release, the AU confirmed that AMA “will serve as the continental regulatory body that will provide regulatory leadership, to ensure that there are harmonized and strengthened regulatory systems, which govern the regulation of medicines and medical products on the African continent.” AMA will have six main functions:

  1. evaluating selected medicines for treatment of priority diseases, as decided by the AU;
  2. coordinating the inspection of manufacturing sites and providing regular information regarding products for marketing;
  3. coordinating the information released regarding the medicinal products;
  4. collecting and storing information regarding the quality and safety of the selected products, sharing this information globally and collaborating with global and regional centers for safety monitoring;
  5. coordinating joint reviews of applications for clinical trials; and
  6. coordinating quality control laboratory services on behalf of national and regional regulatory authorities.

Current Status of AMA

The AMA Treaty entered into force on 5 November 2021 (after the Republic of Cameroon became the 15th country to ratify the treaty) and Rwanda was selected to host the AMA headquarters in 2022. To date, 27 countries have ratified the AMA Treaty, with more countries expected to do the same in 2024. AMA is also in the process of appointing its leadership team, which will include a director general to lead its efforts both in terms of operationalizing AMA and setting out its strategic plans for the future.

However, at this time, AMA is still in its nascent stage. AMA is yet to issue any regulatory guidelines or procedures.

Future Collaboration between the EMA and AMA

As part of the €10 million funding, the EMA aims to collaborate with African, European and international parties to progress AMA into a functioning agency. This support will include scientific and regulatory training to enable AMA to effectively evaluate and supervise medicines across the region. The EMA’s support forms part of the European Commission’s wider “Team Europe” initiative on manufacturing and access to vaccines, medicines and health technologies in Africa, which to date has deployed €1.3 billion in support.

We can only assume that the EMA will be able to share valuable learnings on the complex topic of implementing a multinational medicines regulatory authority. While much of the detail regarding how AMA will function in practice is yet to be clarified, its potential to transform the provision of medicines for a population of over 1.4 billion people is groundbreaking on a global scale.

If you have any queries concerning life sciences regulatory matters in Africa or any of the material discussed above, please contact the members of Covington’s Life Sciences in Africa practice group.

When he was running to win the White House, President Joe Biden’s campaign committed to implement a “bold strategy” toward Africa, and one that would be based on a “mutually respectful engagement” and a reinvigorated diplomacy, if elected. Indeed, the campaign was the first-ever to outline how it would promote the interests of the African diaspora in the United States. On his sixteenth day in office, President Biden sent a video message to African leaders attending the 34th African Union Summit that promised American partnership and solidarity on a range of critical issues. The message was a welcome departure from former President Donald Trump’s disparaging characterization of the continent.

Given this promising start, few would have predicted that almost one year later the Biden Administration would have imposed an Omicron-inspired travel ban on eight countries in southern Africa. The ban, which was criticised by regional leaders as “unfair, discriminatory and unnecessary,” coincided with the withdrawal of benefits of the African Growth and Opportunity Act (AGOA) from three other African countries. As surprisingly, some in the African diaspora—especially those from Ethiopia—were vocal in their criticism of the administration’s handling of the Ethiopian conflict, or what they claimed to be the “pain of neglect.” In fact, ending the conflict and the devastating humanitarian crisis in the Tigray region consumed much of the administration’s attention to Africa last year.

Despite these discouraging developments, it would be premature to write-off Biden’s Africa policy.

The November visit by Secretary of State Tony Blinken to Kenya, Nigeria and Senegal advanced an important set of priorities for Biden’s Africa policy: COVID-19 recovery, combatting climate change, support for democracy and greater trade and investment.

Blinken’s announcement of an African leaders’ summit in late 2022 will help to galvanize progress on implementing the Biden Africa agenda.


Investing in Africa’s Public Health Institutions

Central to Blinken’s trip to Dakar was his visit to the well-respected Pasteur Institute, where the U.S. Development Finance Corporation has invested $3.5 million to bolster the production of vaccines on a continent that imports 99 percent of its vaccines. More investments like this are needed.

It is encouraging that the Biden administration is looking to support Africa’s health security in other ways: In October 2021, the National Institutes of Health invested $75 million in seven research hubs in South Africa, Nigeria, Uganda and Cameroon to advance data science and catalyze research and innovation across Africa. This collaboration between the NIH and African research institutions needs to be accelerated as quickly as possible. The African genome is the oldest human genome, and there is more genetic diversity in Africa than on any other continent. Despite this, fewer than three per cent of analyzed genomes come from Africans, making it an inherently rich source of new genetic information for health and diagnostic research and development. Africa has the potential not only to help detect and defend against future pandemics but to provide African solutions for global problems. It is for this reason that South Africa should have been applauded—not punished—for discovering the omicron variant of the coronavirus and promptly alerting the world.


The Trade and Investment Scorecard

Also in Senegal, the Secretary of State signed construction deals worth $1 billion that will include an 111-mile highway linking Dakar to Saint-Louis. Drawing a sharp contrast with China, Blinken noted that the U.S. would not saddle African countries with unmanageable debt. The secretary also said that the infrastructure projects would “build on the values we share as democracies,” namely, transparency, accountability and the rule of law. These themes would be central to the Summit for Democracy that the Biden administration hosted several weeks later in which 17 African nations participated.

A challenge for the Biden administration will be the roll out of other infrastructure investments in Africa in the coming year. The trend line is not positive. U.S. direct investment into the region has declined from a peak of $69 billion in 2014 to $46 billion in 2020. In the decade prior to 2020, bilateral trade between the U.S. and Africa fell from $113 billion to $44 billion.

The implementation of administration’s Build Back Better World initiative, launched by President Biden at the G7 Summit in June, could help to reverse this trend. So can the U.S.-Africa leaders’ summit. The African leaders’ summit in 2014 generated $37 billion in new investment commitments from U.S. companies. The $8.5 billion financing package to help South Africa transition from coal to renewable energy that the U.S. and its European partners agreed to at COP26 could also be a model for more American investment in the region while mitigating climate change. The promise of a Digital Africa initiative in support of connectivity, up-skilling and expanded e-commerce could further enhance the U.S. commercial position on the continent.

Nevertheless, robust commercial diplomacy will be essential to reversing the erosion of the U.S. commercial position in Africa. The last commerce secretary to visit the continent was Wilbur Ross, who spent just one day in Africa, in Ghana, during the course of his four years in office. Hopefully, Secretary Gina Raimondo and a revitalized Presidential Advisory Committee for Doing Business in Africa (PAC-DBIA) will spark renewed investor interest in the region.

Vice President Kamala Harris, who met with Ghana’s president, Nana Akufo-Addo, and Zambia’s president, Hakainde Hichilema, at the White House in September, can also be helpful. Her ongoing involvement in African issues would give a welcome boost to the continent on the Biden foreign policy agenda.

Important trade and investment issues remain to be addressed. Negotiations on the U.S.-Kenya free trade agreement, started under the Trump administration, should be resumed given the significance of Kenya to the United States as a commercial and strategic partner. This issue went unaddressed when presidents Biden and Kenyatta met in the Oval Office in October, and during Blinken’s November visit to Kenya.

The recent hearings in the Senate and the House (where I was a witness) on the future of the African Growth and Opportunity Act (AGOA) suggests that Congress is giving attention to the U.S. position in the African market well before the legislation is set to expire in 2025. This attention is welcome given that AGOA remains the cornerstone of the U.S.-Africa commercial relationship. Nevertheless, key elements of AGOA need to be modernized. In December, Senator Chris Van Hollen and Congresswoman Karen Bass urged President Biden to reconsider the Administration’s decision to terminate Ethiopia’s AGOA’s benefits, noting the decision “will hurt the nation’s most vulnerable and reverse hard-won economic gains without reducing hostilities in the ongoing civil war.”


Preparing for 2022

Late last year, the experienced former intelligence official, Judd Devermont, joined the Biden administration to help craft a new Africa strategy. Several key issues, such as U.S. support for the implementation of the African Continental Free Trade Agreement and follow-up to COP26 in Glasgow, presumably will be central to the new strategy.

At the same time, President Biden would send a positive signal if he were to start 2022 as he did 2021: with a targeted video-taped message for African leaders. This time, however, the administration would need to follow up quickly with convincing actions that Africa is indeed a priority for the United States. Announcing visits by Vice President Harris and Commerce Secretary Raimondo early in the New Year would be a good place to start.



For any questions, please contact Witney Schneidman or Mosa Mkhize.



This article originally appeared on Brookings.

There has been a substantial increase in the use of the Internet across the African continent, aided by ongoing investment into local digital infrastructure, reduction in the associated costs, and improved user access. This has allowed both individuals, and private and public entities, the ability to access, collect, process and/or disseminate personal data more easily, which has spurred a number of African countries to enact comprehensive data protection laws and establish data protection authorities. There is also a growing perception among African countries that there is a need to protect their citizen’s personal data, to regulate how public and private entities use personal data, and to establish data protection authorities tasked with enforcing these laws.

While countries like Kenya, Rwanda and South Africa now have comprehensive data protection laws, which share some elements found in the European Union’s General Data Protection Regulation (“GDPR”), many of the proposed data protection laws have specific rules that are different from those in other countries in Africa. Consequently, technology companies conducting business in Africa will be required to keep abreast of the evolving regulatory landscape as it relates to data protection on the continent. Continue Reading Tech Regulation in Africa: Recently Enacted Data Protection Laws

The African Growth and Opportunity Act (AGOA) has served as the cornerstone of the U.S.-Africa commercial relationship for more than two decades but it is set to expire on September 30, 2025. While the legislation’s unilateral trade preferences have provided economic benefits for countries across sub-Saharan Africa, AGOA as a whole remains underutilized. To ensure continuity in U.S-African trade ties, the United States must grapple with the legislation’s potential reauthorization now, with a particular focus on how the utilization of AGOA might be improved.

Just a renewal of AGOA won’t be enough to achieve this ambitious vision, though. Instead, the Biden administration should double-down on its partnership with AGOA beneficiaries and ensure that each country makes greater use of the program, including through National AGOA Strategies, in a manner that promotes regional and continental value chains.

Continue Reading How the Biden Administration can Make AGOA More Effective

If there is a silver lining to most crises, the accelerated move toward digitized commerce globally and in Africa may be one positive outcome of the COVID-enforced lockdown. It is welcome news there that the South African Minister of Communications and Digital Technologies (“Minister”) published the Draft National Data and Cloud Policy (in Government Gazette no. 44389) (“Draft Policy”) for public comment. The Draft Policy seeks to create an enabling environment for the provision of data and cloud services in an effort to move “towards a data intensive and data driven South Africa” that ensures social and economic development and inclusivity. The Draft Policy affects a few key areas, which we briefly highlight below.

The objectives of the Draft Policy are to:

  • Encourage universal access to broadband connectivity, along with access to data and cloud services;
  • Eliminate regulatory barriers and enable competition in the data and cloud sector;
  • Implement effective measures to ensure the security of cloud infrastructure;
  • Create institutional mechanisms to govern data and cloud services;
  • Support the development of small, medium, and micro enterprises (“SMMEs”);
  • Promote research, innovation, and technological developments in relation to cloud;
  • Increase the government’s capacity to deliver relevant data and cloud-based services to the public;
  • Promote data sovereignty and security with respect to South African data; and
  • Encourage alignment with the Fourth Industrial Revolution (“4IR”), the OECD Framework and standards adopted by the European Union.

Draft Policy proposal relating to digital infrastructure

The Draft Policy recognizes that digital transformation in South Africa relies upon further developing electronic communication networks, mobile communication networks, and cloud and data infrastructure services in the country.

In relation to universal access and service delivery obligations, the Draft Policy recommends a government-backed digital platform and for all South African citizens to be provided with an online identity in order to receive services more easily.

The Draft Policy discusses the need for a Wireless Open Access Network (“WOAN”) “to extend the digital infrastructure footprint and services” across the country. The Draft Policy also refers to various measures to ensure the deployment of electronic communication infrastructure, which will help to bridge the digital divide by ensuring universal access to cloud and data infrastructure services for all South Africans.

The Draft Policy also proposes that existing networks of state-owned enterprises, such as Sentech and Broadband Infraco, be consolidated to form a State Digital Infrastructure Company (“SDIC”), which will provide network connectivity for the State. Continue Reading Overview of South Africa’s Draft National Data and Cloud Policy

Our Africa Anti-Corruption Practice has previously outlined key considerations for handling internal investigations and remediation of compliance issues in Africa.  Here, we take a closer look at a particular aspect of remediation, the root cause analysis.  After the dust settles on an investigation identifying misconduct, a root cause analysis can serve as the most effective tool to determine why the misconduct occurred and what can be done to prevent it in the future.  Drawing on a longer article we recently published in Global Investigations Review’s 2021 Europe, Middle East, and Africa Investigations Review, we describe below strategies and methodologies for conducting root cause analyses, focusing on specific considerations for companies operating in Africa.

Key Takeaways:

  • Companies should promptly conduct root cause analyses following investigations that identify misconduct, in order to meet enforcement authority expectations and pinpoint all the underlying causes of misconduct.
  • There is no “one size fits all” approach to conducting a root cause analysis, and companies should consider adapting root cause analysis methodologies developed in other contexts.
  • Building on their risk assessments, companies investigating misconduct in Africa should consider whether specific challenges of operating on the continent may serve as the root causes underlying compliance issues.


Done properly, a root cause analysis is distinct from an investigation, which is focused on identifying misconduct and its immediate causes, or the resultant remedial actions (e.g., employee discipline), which seek to address and correct the control failures and employee actions identified through an investigation.  Rather, a root cause analysis is designed to explore deeper systemic and cultural issues that have allowed or encouraged the misconduct to occur in the first place.  By identifying those root causes, a company can develop strategies to prevent the reoccurrence of misconduct and address any underlying compliance issues and control failures that may present broader risks.

In the last five years, United States enforcement agencies, particularly the U.S. Department of Justice (“DOJ”), have made clear their expectation that companies conduct root cause analyses in the face of misconduct.  In fact, DOJ has noted that the ability to “conduct a thoughtful root cause analysis of misconduct” is a hallmark of an effective compliance program.[1]  Further evidencing this expectation, in the context of U.S. Foreign Corrupt Practices Act enforcement actions, DOJ may require a company to demonstrate that it has conducted a root cause analysis in order to earn credit for appropriate remediation, and is increasingly including a root cause analysis requirement in deferred prosecution agreements.[2]  This trend extends beyond the United States — for example, in 2018 the Agence Francaise Anticorruption referred to root cause analyses in the context of guidance on auditing anti-corruption compliance programs.[3]

While enforcement agencies increasingly expect companies to perform root cause analyses, they have offered limited guidance on how to conduct such exercises.  Thus, when considering methodologies for conducting an effective root cause analysis, companies may be well-served by drawing on existing processes and methodologies that have been developed in other contexts, including in response to safety failures, security incidents, or product defects.  Some of the most commonly used root cause analysis methodologies include:

  • Five Whys Method: After a problem is identified, ask “why” five or more times in order to get at the core of an issue.
  • Ishikawa or Fishbone Method: Create a visual cause-and-effect model with the problem as the head of a fish, the primary causes as the bones of the fish, and the underlying root causes as sub-branches supporting each bone.
  • Logic Tree Method: Visually set out the events in a hierarchical structure leading to the problem. For each event, include a node noting the cause and/or effect of that event.
  • Fault Tree Analysis: Start with the problem and list the possible causes in a hierarchical format. For each cause, continue to identify the underlying events or issues until a “tree” is developed with various root causes.

Regardless of the methodology used, it is critical that a root case analysis consider broader underlying causes of the misconduct, including business pressures, misalignment of incentives, cultural issues, personnel issues, and/or the capacity of the compliance function to address misconduct and root cases.  An effective root cause analysis should also develop a structured, replicable process and produce written work product.

At the outset of a root cause analysis, a company should consider the appropriate team for the exercise.  As discussed further in our article, a multifunctional team, including individuals from compliance and other control functions along with members of relevant business lines, can be particularly effective.  Companies should also consider whether to involve counsel in the exercise and whether they intend to claim the protection of the attorney-client privilege or work product doctrine over the exercise.

Companies operating in Africa may have an important set of cultural, regulatory, and capacity factors that they should consider when conducting root cause analyses.  While these factors are by no means unique to Africa, and may be present to some degree in many emerging markets, they may present more acutely in Africa and in combinations that tend to compound compliance risks.  For example:

  • Geographic and operational isolation: In our experience, geographic and cultural distance between subsidiary operations in Africa and headquarters in the U.S. or Europe can pose a range of challenges. These can include the pure logistical challenges of headquarters personnel visiting the subsidiary, as well as challenges achieving local management buy-in to compliance policies that are perceived as unworkable on the ground and not tailored to the challenges of operating in Africa.
  • New market entry and integration issues: In cases where expansion was accomplished via acquisition of a business already operating in Africa, inadequate integration and failure to implement and train employees on a compliance program can result in significant compliance and controls challenges.
  • Security issues: Physical security risks may result in necessary engagement with police or government security forces, which can raise corruption and compliance risks.
  • Regulatory issues, local ownership, and local content: Underdeveloped local regulations coupled with individual discretion can result in systemic corruption. Further, local shareholder and content regulations can create compliance risks, as they allow for channeling money, business, or other things of value to government officials or their affiliates.

This article was prepared by Covington attorneys qualified to practice law in the United States.  It does not constitute legal advice.  If you have further questions about your compliance programs, how to conduct due diligence on a local partner, or Covington’s anti-corruption work in Africa, please contact Ben Haley at bhaley@cov.com, Jennifer Saperstein at jsaperstein@cov.com, Noam Kutler at NKutler@cov.com, or Ishita Kala at ikala@cov.com


[1] U.S. Dep’t of Justice, “Evaluation of a Corporate Compliance Program,” June 2020, 17, https://www.justice.gov/criminal-fraud/page/file/937501/download; U.S. Dep’t of Justice and U.S. Sec. and Exchange Comm., “A Resource Guide to the U.S. Foreign Corrupt Practices Act: Second Edition,” July 2020, 67, https://www.justice.gov/criminal-fraud/file/1292051/download.

[2] U.S. Dep’t of Justice, “FCPA Corporate Enforcement Policy,” March 2019, 3, https://www.justice.gov/criminal-fraud/file/838416/download; see, e.g., United States v. Herbalife Nutrition Ltd., Deferred Prosecution Agreement, C-9 (August 28, 2020), https://www.justice.gov/usao-sdny/press-release/file/1312196/download; United States v. Beam Suntory Inc., Deferred Prosecution Agreement, C-9 (October 23, 2020), https://www.justice.gov/opa/press-release/file/1331666/download.

[3] Agence Francaise Anticorruption, Guidelines to help private and public sector entities prevent and detect corruption, influence peddling, extortion by public officials, unlawful taking of interest, misappropriation of public funds and favouritism (2018), https://www.agence-francaise-anticorruption.gouv.fr/files/2018-10/French_Anticorruption_Agency_Guidelines.pdf.

What if a wall could restore degrading land or save biodiversity? Imagine that it stretched from Senegal to Djibouti, was about three times the size of the Great Barrier Reef, and made entirely of trees and vegetation. With an influx of funding from a coalition of international development banks and governments, that wall is one step closer to becoming reality.

In 2007, the African Union launched the Great Green Wall initiative, as part of Declaration 137 VIII. The goal was to restore Africa’s degraded landscape by planting vegetation about 10 miles wide and over 4,000 miles long in the Sahel region, at the southern edge of the Sahara desert.  The goal has since evolved to address not only degradation, but land use, peacebuilding, and climate change. Continue Reading Africa’s Great Green Wall

In Episode 12 of our Inside Privacy Audiocast, together with special guest Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa, we discussed the Information Regulator’s mandate, and the implementation of data protection legislation in South Africa.  Now, with less than a month to go before South Africa’s Protection of Personal Information Act, 2013 (“POPIA”) is set to go into full effect on July 1, 2021, it is critical for organizations operating in South Africa to ensure that they are ready if and when the Information Regulator comes knocking.

It is only when organizations start their POPIA journey that they realize just how wide the POPIA net is cast, and that very few businesses fall outside of its reach.  The road to POPIA compliance should be viewed as a marathon, and not a sprint.  While implementing and maintaining an effective POPIA compliance program will take continued effort and resources well beyond the July 1, 2021 go-live date, here we outline five steps to which companies subject to POPIA should give their attention in the short term. Continue Reading Final Countdown to POPIA Compliance – Five Critical Steps to Take Before July 1st, 2021

Can African governments head off a sustained spike in the spread of COVID-19 and recover economically in 2021? How will the Biden administration engage the continent? Will companies implement more effective due diligence efforts in their supply chains to prevent human rights abuses? What impact will efforts to battle corruption and mitigate climate change have in the coming year? Covington’s Africa Practice offers insights on these questions and other key issues that will define 2021 on the continent.

COVID-19 Recovery: Since Africa confirmed its first COVID-19 case in February 2020, every country has been affected, leading to over 100 million cases and two million deaths. The World Health Organization applauded African governments for their swift responses which curtailed wide-spread infections but contributed to the region’s first economic recession in twenty-five years. Over the last month, Africa has been hit hard by a second wave of COVID-19. Daily case rates have increased to almost twice the rates in July and August 2020, prompting South Africa, among other nations, to re-impose severe measures aimed at preventing deaths. Continue Reading Top Issues to Watch in Africa: 2021