African Union Malabo Convention

Africa (AU)

v2014 (in force 2023)

22 domains

28 controls

The African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention, 2014) is the first continental framework addressing cybersecurity and data protection in Africa. It establishes obligations for AU member states in electronic commerce, personal data protection, cybersecurity, and cybercrime. Entered into force June 2023 after achieving 15 ratifications.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (22)

AU Malabo Convention Provisions

28 controls

Controls in the AU Malabo Convention Provisions domain of African Union Malabo Convention — 28 controls
Code	Title	Description
MALABO-Art11	Preconditions for Personal Data Processing	Preliminary formalities and conditions to be met prior to processing personal data.
MALABO-Art12	National Personal Data Protection Authority	Establishment of an independent national authority responsible for ensuring personal data processing complies with the C...
MALABO-Art13-P1	Principle of Consent and Legitimacy	Processing is legitimate where the data subject consents, unless waived for legal obligation, public interest, contract,...
MALABO-Art13-P2	Principle of Lawfulness and Fairness	Collection, recording, processing, storage and transmission of personal data shall be lawful, fair and non-fraudulent.
MALABO-Art13-P3	Principle of Purpose, Relevance and Storage Limitation	Data collected for specified, explicit, legitimate purposes; adequate, relevant, not excessive; kept no longer than nece...
MALABO-Art13-P4	Principle of Accuracy	Data shall be accurate and kept up to date; inaccurate or incomplete data erased or rectified.
MALABO-Art13-P5	Principle of Transparency	Mandatory disclosure of information by the data controller to the data subject regarding the processing.
MALABO-Art13-P6	Principle of Confidentiality and Security	The controller shall ensure the confidentiality and security of personal data against unauthorised access, alteration or...
MALABO-Art14	Sensitive Data and Specific Processing	Prohibition and conditions for processing sensitive personal data (e.g. racial, health, religious, biometric).
MALABO-Art16	Data Subject Right to Information	The data subject's right to be informed about the collection and processing of their personal data.
MALABO-Art17	Data Subject Right of Access	The data subject's right to obtain from the controller confirmation and communication of their processed data.
MALABO-Art18	Data Subject Right to Object	The data subject's right to object to the processing of their personal data on legitimate grounds.
MALABO-Art19	Data Subject Right of Rectification and Erasure	The data subject's right to rectification, completion, updating, blocking or erasure of their data.
MALABO-Art2	Scope of Electronic Commerce	Defines electronic commerce activities and the obligations of persons engaging in commercial activity by electronic mean...
MALABO-Art20	Confidentiality and Security Obligations of the Controller	The controller's obligations of confidentiality, security, preservation and sustainability of personal data.
MALABO-Art23	Transborder Flows of Personal Data	Conditions and restrictions on transferring personal data to a non-member State.
MALABO-Art24	National Cyber Security Framework	Commitment to establish a national legal, regulatory and institutional framework for cyber security.
MALABO-Art25	National Cyber Security Policy and Strategy	Adoption of a national cyber security policy and strategy reflecting a holistic approach.
MALABO-Art26	Cyber Security Governance and Leadership	Establishment of leadership, institutions and responsibilities to coordinate cyber security.
MALABO-Art27	Protection of Critical Information Infrastructure	Measures to identify and protect critical information infrastructure sectors.
MALABO-Art28	International Cooperation and Culture of Cyber Security	Promotion of a culture of cyber security and international/regional cooperation.
MALABO-Art29	Offences Against Computer Systems and Data	Criminalisation of unauthorised access, interference and interception of computer systems and computerised data.
MALABO-Art3	Electronic Advertising Obligations	Conditions for advertising by electronic means, including identification of the advertiser and consent for direct market...
MALABO-Art30	Computer Content and Property Offences	Criminalisation of computer-related fraud/forgery and content-related offences (e.g. child pornography, racism).
MALABO-Art31	Criminal Sanctions and Corporate Liability	Adaptation of criminal sanctions and liability of legal persons for cyber offences.
MALABO-Art5	Contractual Obligations in Electronic Form	Validity and formation of contracts concluded in electronic form, including offer, acceptance and writing requirements.
MALABO-Art7	Security of Electronic Transactions and Electronic Signatures	Requirements for securing electronic transactions, including qualified electronic signatures.
MALABO-Art9	Scope of Personal Data Protection	Scope and exemptions of the personal data protection regime under the Convention.

Consumer

0 controls

Cooperation

0 controls

Cybercrime

0 controls

Cybercrime Offences

0 controls

Cybersecurity

0 controls

Cybersecurity Promotion

0 controls

E-Commerce

0 controls

E-Signatures

0 controls

Electronic Transactions

0 controls

Legal framework for electronic commerce

Incident Response

0 controls

Personal Data Protection - General Principles

0 controls

Personal Data Protection - Rights and Obligations

0 controls

Personnel

0 controls

Principles

0 controls

Registration

0 controls

Rights

0 controls

Security

0 controls

Sensitive Data

0 controls

Supervision

0 controls

Transfers

0 controls

Transparency

0 controls

Maps to 2 other frameworks

28 total controls

GDPR

8 source controls mapped|8 target controls covered

29%

NIST SP 800-53 Rev 5

6 source controls mapped|6 target controls covered

21%

Compare African Union Malabo Convention with GDPR

Frequently Asked Questions

What is African Union Malabo Convention?

African Union Malabo Convention is a compliance framework from Africa (AU) with 22 domains and 28 controls. The African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention, 2014) is the first continental framework addressing cybersecurity and data protection in Africa. It establishes obligations for AU member states in electronic commerce, personal data protection, cybersecurity, and cybercrime. Entered into force June 2023 after achieving 15 ratifications. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does African Union Malabo Convention have?

African Union Malabo Convention has 28 controls organised across 22 domains. The largest domains are AU Malabo Convention Provisions (28 controls), Consumer (0 controls), Cooperation (0 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does African Union Malabo Convention map to?

African Union Malabo Convention maps to 2 other compliance frameworks. The top mapping partners are GDPR (29% coverage), NIST SP 800-53 Rev 5 (21% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with African Union Malabo Convention compliance?

Start your African Union Malabo Convention compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about African Union Malabo Convention requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 28 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required