AU’s Proposed Child Online Safety Protocol Tests Africa’s Digital Governance Capacity
A Ghana-based child rights organisation has formally petitioned the African Union to establish 16 as the minimum age for social media access across the continent, triggering a broader question about whether the AU possesses the institutional machinery to enforce binding digital governance standards on 55 member states with divergent regulatory frameworks.
The Petition and Its Institutional Target
Child Online Africa, a Accra-based research and advocacy organisation, launched its #AfricaEsafetyNow campaign demanding the AU adopt a binding protocol or model law by 2027 establishing a continental minimum age of 16 for social media access. The petition targets the AU Commission directly, with the organisation’s executive director, Awo Aidam Amenyah, confirming formal communications were delivered to relevant heads of state and AU Commission officials at the campaign’s launch.
“Africa is home to the world’s youngest population, making the protection and empowerment of children and young people online a matter of strategic importance,” Amenyah told IOL. “Ensuring their safety in digital spaces is not only a child rights issue but also an investment in the continent’s future.”
The petition arrives as the AU Commission finalises a model law on child and youth online safety, expected by end of 2025, addressing cyberbullying, grooming and trafficking. Child Online Africa’s push for a binding protocol, rather than a non-binding model law, represents a substantive governance choice: the difference between a framework states may adopt voluntarily and one carrying legal obligation.
Fragmented National Responses Expose the Coordination Gap
At least six African countries have proposed or enacted restrictions on minors’ social media access within the past twelve months, revealing both political momentum and regulatory fragmentation. Rwanda has proposed legislation prohibiting children under 16 from accessing Facebook, TikTok and YouTube. Gabon imposed a comprehensive ban earlier this year, requiring platforms to enforce a digital age of majority at 16. Zimbabwe is advancing similar restrictions, citing cyberbullying, exploitation and addiction risks.
This patchwork of national measures, each with distinct scope, enforcement mechanisms and platform obligations, creates the precise regulatory inconsistency that a continental framework is designed to resolve. Without harmonisation, multinational platforms face conflicting compliance demands across jurisdictions, while children in countries with weaker regulatory capacity remain exposed.
The pattern mirrors earlier fragmentation in data protection regulation, where individual African countries enacted national data laws at different standards before the AU’s Convention on Cyber Security and Personal Data Protection (Malabo Convention) attempted continental alignment. That convention, adopted in 2014, has been ratified by only 15 of 55 AU member states as of early 2026, a cautionary precedent for enforcement ambitions.
Global Regulatory Precedents and Africa’s Comparative Position
The AU petition lands against a backdrop of accelerating global regulation. Australia’s ban on social media access for under-16s took effect in December 2025, resulting in the deactivation of more than 4.7 million accounts. France approved a ban for children under 15 in January 2026. Spain, Malaysia and Indonesia have enacted comparable measures, reflecting a convergence among middle-income and high-income economies toward age-gating social media platforms.
The European Union has simultaneously intensified enforcement of the Digital Services Act (DSA), which requires platforms to implement risk assessments for minors and prohibits algorithmic targeting of users under 18. The DSA’s extraterritorial reach means platforms operating in Africa that also serve EU users are already subject to some of these obligations, creating a de facto compliance baseline that African regulators can leverage.
For West African states specifically, the ECOWAS framework offers a more proximate vehicle for regional harmonisation than the continental AU level. ECOWAS has previously developed supplementary acts on cybersecurity and personal data, providing legal architecture that could be extended to child online safety without requiring full AU-level ratification processes.
Enforcement Architecture: Where Continental Ambition Meets Institutional Reality
The critical governance question is not whether a minimum age standard is desirable, but whether the institutional infrastructure exists to enforce it. Age verification on social media platforms requires either platform-side technical compliance, government-issued digital identity systems, or both.
Across sub-Saharan Africa, digital identity coverage remains uneven. Ghana’s National Identification Authority has made significant progress with the Ghana Card and its integration into digital services, positioning Ghana as a potential model for identity-linked age verification. Nigeria’s National Identity Management Commission has similarly expanded digital ID coverage, though integration with platform-level access controls remains nascent.
Platform compliance presents a separate challenge. Global platforms including Meta, TikTok and Alphabet have contested or delayed implementation of age-gating requirements even in jurisdictions with strong enforcement capacity, such as the EU and United States. In markets where regulatory penalties are lower and enforcement agencies less resourced, compliance timelines extend further. Any AU protocol would need explicit provisions for platform liability, financial penalties and market access consequences to carry credible deterrent weight.
Amenyah acknowledged this dimension, noting that public awareness would be critical to the success of any future regulations, and that “new policy initiatives often face challenges in adoption, particularly when stakeholders are unfamiliar with their purpose or benefits.” That framing, however, understates the structural enforcement gap: awareness campaigns do not compel platform compliance.
Regional Integration Implications and Policy Pathways
For West African policymakers, the Child Online Africa petition presents a governance design question with direct regional integration implications. A binding AU protocol adopted without ECOWAS-level implementing legislation would create a compliance layer that individual member states must translate into national law, a process that has historically taken years in the region.
A more operationally realistic pathway would involve ECOWAS developing a supplementary act on child online safety, building on its existing cybersecurity framework, with specific provisions on age verification standards, platform liability and cross-border enforcement cooperation. This would allow West African states to move faster than continental ratification timelines permit, while remaining compatible with any eventual AU protocol.
For investors and technology companies operating in the region, regulatory clarity on child online safety standards would reduce compliance uncertainty and create a more predictable operating environment. Ghana’s Data Protection Commission and Nigeria’s Federal Competition and Consumer Protection Commission have both signalled interest in stronger platform accountability frameworks, suggesting regulatory appetite exists at the national level to anchor regional coordination.
The AU Commission’s model law, expected by end of 2025, will be the first institutional test of whether the continental body can translate political momentum into a governance instrument with teeth. Child Online Africa’s demand for a binding protocol rather than a voluntary model elevates that test considerably. Whether the AU Commission responds with a framework that includes enforcement mechanisms, or defaults to aspirational language, will signal the continent’s actual digital governance trajectory more clearly than any petition alone.
