African governments have discovered that criminal law is a more efficient content moderation tool than any platform policy ever written. Nigerian police have filed an eight-count criminal charge against Adeniyi Adeyemi, convener of a purported 'presidential promotion council,' targeting not a hacker, not a fraudster, but an online political organiser Source: TheCable. That prosecution is not an anomaly. It is the latest data point in a continental trend that is rewriting the compliance calculus for every African startup, platform, and civic tech operator.
The pattern is now legible across jurisdictions. In Senegal, the government amended Article 319 of its penal code, extending criminal liability to expressions of LGBTQ+ identity online. Access Now documents this as part of an accelerating anti-rights movement weaponising criminal statutes against digital actors Source: Access Now. In Nigeria, the instrument is a police charge against a political organiser. The legal tools differ; the architecture is the same: deploy criminal liability to suppress categories of online speech that governments find inconvenient.
The catch-22 no startup can solve
This creates a structural trap for Africa's tech ecosystem that market competition cannot resolve. When a government demands user data, content removal, or account suspension as a condition of operational compliance, platforms face a binary: cooperate and lose user trust, or refuse and risk prosecution or licence revocation. Neither outcome is survivable at scale. Nigerian civic tech operators, Senegalese social platforms, and any startup running community features across West Africa now face legal exposure that no terms-of-service update can neutralise.
Critically, no African jurisdiction has yet published a clear legal framework telling platforms exactly what state compliance demands. There is no published directive from Nigeria's NPF or Ministry of Communications specifying what data-sharing or content-removal obligations attach to investigations like the Adeyemi case. That ambiguity is not an oversight — it functions as leverage. Platforms cannot build compliant systems against undefined requirements; they can only choose how exposed they want to be.
Who in Africa's ecosystem absorbs the cost
The immediate casualties are civic tech startups and rights-focused platforms — organisations building tools for political participation, community organising, or marginalised identity groups. Investors in these sectors now face a regulatory risk premium that did not exist three years ago. Whether this is already redirecting capital away from civic tech toward less politically sensitive verticals — payments infrastructure, logistics, agritech — is an open question, but the incentive structure now points in that direction.
The second-order effect hits broader. Any African platform that stores user data connected to political activity, religious affiliation, or identity characteristics now operates in legal territory where that data could become evidence in a criminal prosecution. That is not a distant risk for Nairobi-based social platforms, Accra-based community apps, or Lagos-based professional networks. It is an active compliance question that most of them are not yet equipped to answer.
Digital security organisations including Access Now and EFF are already deploying resources specifically to help at-risk digital actors — LGBTQ+ individuals, political organisers, activists — protect their data footprints Source: EFF. That these resources exist and are in demand tells the ecosystem something important: the threat model has shifted from external hackers to state actors using legal process as the attack vector.
What African actors must do now
Nigerian and Senegalese regulators are not the only governments watching how these prosecutions land. The absence of a coordinated AU-level or ECOWAS response to the criminalization of online political speech is itself a policy position — one that implicitly endorses what individual states are doing. African tech associations, bar councils with digital rights practices, and ECOWAS institutions need to force clarity: what are the legal limits on state demands for platform data, and what protections exist for developers and operators who push back?
For founders, the immediate requirement is legal architecture: data minimisation policies that reduce what governments can compel, end-to-end encryption for sensitive user communications, and explicit legal counsel on jurisdiction-specific exposure before launching community features. Building a civic tech product in Nigeria or Senegal today without that architecture is not boldness — it is operational negligence in a market where the prosecution of an online organiser just confirmed the stakes.