African countries including Botswana, Namibia, and Ethiopia have built digital identity legislation more sophisticated than that of several Group of Seven (G7) economies, according to a Sign technology executive.
Claire Ma, an executive at digital identity infrastructure firm Sign, said the United States still has no federal data protection law and the United Kingdom’s framework rests on legislation from 1998, while Ethiopia, Botswana, Namibia, and Malawi have all enacted dedicated digital identity laws with data protection frameworks attached.
The comments accompany the African Digital Rights Network (ADRN) and Paradigm Initiative report “Biometric Digital-ID in Africa: Progress and Challenges to Date,” which surveys ten countries: Botswana, Côte d’Ivoire, Democratic Republic of the Congo, Egypt, Ethiopia, Liberia, Malawi, Namibia, Senegal, and Tunisia.
Ma argued that the bigger problem across the continent is the gap between written law and the architecture deployed in practice. Egypt’s data protection law, she said, does not cover the primary identity issuing bodies. Even where it does, system designs often allow issuers to log every credential presentation, share data without consent, and store biometrics in a single central database.
She pointed to implementation choices that ignore ground conditions. Many systems assume reliable connectivity, smartphones, and literacy in populations where most citizens use 2G networks, basic phones, and where roughly a quarter cannot read the registration forms. The result, she said, is structural exclusion that gets blamed on the citizen rather than the design.
Identity has also begun to function as a proxy for citizenship in several countries. In Ethiopia, enrolment in the Fayda system has become a condition for banking, telecoms, and government services. In Senegal, biometric identification is now required for a phone number, bank account, electricity, and water connection.
“Inclusion has to be a foundational design principle from day one,” Ma said in a written interview.
She cited Bhutan’s National Digital Identity as a leading model, where a decentralised architecture, dedicated legislation, and a small unified government allow rapid adoption while protecting citizen sovereignty. Sierra Leone’s design, which mixed data from civil registration, immigration, and the social security authority, was also highlighted as an example of how to avoid single agency gaps determining who counts as a citizen.
On risk, Ma identified three categories that governments should weigh before scaling: technical risk including breaches and vendor lock in, privacy risk including data exposure and function creep, and political risk linked to what a future government might do with a permanent biometric database.
She placed greater weight on cryptographic safeguards such as selective disclosure, citizen held credentials, and on device biometric matching than on institutional oversight, arguing the architectural protections survive when institutional ones fail. The technology, she said, has existed for years, with the missing element often being the institutional choice to use it.
The underlying report concludes that biometric digital identity systems across the continent have collectively cost more than one billion dollars to deploy. Civil society oversight by groups such as the ADRN, Paradigm Initiative, and Research ICT Africa now functions as a precondition for accountability, Ma noted, a capacity many higher income countries themselves lack.
