African cities are buying surveillance faster than they regulate it

Eleven African states have spent roughly two billion US dollars on smart-city surveillance over the last five to ten years — cameras, AI-enabled facial recognition, automatic number plate recognition, control centres. None of them has the legal framework that would let them use the kit lawfully. The figure, and the gap, are from a March 2026 report by the African Digital Rights Network, published through the Institute of Development Studies (IDS, Sussex) and summarised by Thabiso Mochiko in TimesLIVE.

What was bought, and where

The eleven countries — Algeria, Egypt, Kenya, Mauritius, Mozambique, Nigeria, Rwanda, Senegal, Uganda, Zambia and Zimbabwe — averaged about USD 240 million each on surveillance procurement. Nigeria alone accounts for over USD 470 million, the largest national spend, concentrated on AI-driven facial recognition and number-plate systems. The procurement window runs five to ten years and was, in most cases, justified to the public as a counter-terrorism or crime-prevention measure.

What is striking in the ADRN sample is not the total — public surveillance budgets have risen sharply worldwide since 2018 — but the legal vacuum around it. Across the sample, none of the eleven states has dedicated surveillance legislation defining who may collect what, under what warrant, with what oversight. Procurement preceded law everywhere.

What the report actually found

The central finding is not that the equipment doesn’t work. It is that the equipment, deployed without legal architecture, is used differently from how it was sold. Tony Roberts, the report’s co-author and an IDS researcher on digital rights, frames the empirical pattern: “Unregulated surveillance creates a chilling effect that inhibits peaceful protest rights.” Wairagala Wakabi, executive director of CIPESA — the Collaboration on International ICT Policy for East and Southern Africa — and the report’s other lead author, is more direct: “These so-called ‘smart city’ surveillance products are anything but smart for those at risk.”

Both statements are about who the systems are aimed at in practice — political opposition, journalists, organisers — versus who they were procured to surveil. The ADRN’s case studies trace the same arc in most of the eleven countries: a procurement cycle pitched on crime, followed by usage that converges on political opposition.

The procurement sequence is the argument

Smart-city kit is not the issue. African cities, like every other city, will deploy cameras, sensors and analytics — and there are legitimate uses for each. The issue is the sequence. In every one of the ADRN-sampled procurements, the kit was bought before the legal framework was written. That sequence is the part that determines whether the system is governed at all.

Once the cameras are on the poles, the data centre is humming and the contract is signed, retrofitting a rights-respecting legal regime is structurally hard. Vendors are paid against deployment milestones, not against compliance audits. Operators are trained on the platform, not on the constitution. The political constituency for the system grows during the same months in which the legal architecture is supposed to be debated.

The remedy is not primarily technological — better encryption, audit logs and privacy filters all matter, but they are downstream. The remedy is procurement-side: no purchase order before the legislation, no procurement before the oversight body, no operator before the warrant procedure.

What an oversight architecture looks like

The ADRN’s recommendations are conventional in form, specific in content. Three elements:

• A warrant requirement. Each act of digital surveillance — a facial-recognition scan against a watchlist, an ALPR trigger, a CCTV identification — should require a prior court warrant. The warrant assesses legality, necessity, and proportionality before the act, not after.
• Dedicated legislation. A statute that defines which actors, with what mandate, may collect digital surveillance images and data, and on what grounds. Without this, surveillance defaults to whoever has the access credentials.
• Independent oversight. An oversight body that is adequately resourced, structurally independent of the agencies it oversees, with the power to provide remedy and redress, and a duty to publish transparency reports. Without independence, the body is captured; without resources, it is decorative.

None of these is novel — the European Data Protection Board, the UK’s Investigatory Powers Commissioner’s Office and several Latin American oversight regimes provide working precedents. What the ADRN finding shows is that procurement under any of them would have looked different from procurement under none of them.

A procurement test for African smart-city programmes

For any African urban surveillance procurement after March 2026, the ADRN findings supply a usable test. Before the contract is signed:

• Is there a statute that defines the authorised actor and the warrant procedure?
• Is there an independent oversight body with budget and authority to act?
• Is there a transparency-reporting obligation, with a defined cadence, that survives the next political cycle?

If any of these is missing, the procurement is producing surveillance infrastructure that will be used outside any rights framework, regardless of what the vendor RFP says. That is the lesson of the eleven-country sample.

For the broader argument about governance-first AI deployment in African cities, see Responsible AI & Operational Safety.