African regulators are shifting from warnings to action in 2025. Record fines for data breaches, stricter fintech licensing, and AML reforms aligned to global standards are creating new compliance obligations for companies.
Shutterstock.com/Serhii Yevdokymov
African regulators are moving decisively from policy to enforcement. From record-breaking data protection fines to stricter licensing requirements and enhanced worker protections, 2025 has marked a turning point in regulatory oversight across the continent.
Scrutiny on the rise for data privacy breaches
Regulators across Africa are stepping up enforcement of data protection laws, with landmark penalties marking a new era of accountability. In July 2025, Nigeria’s data authority fined MultiChoice's local subsidiary with a ₦766 million (US$501,340) for illegally transferring personal data abroad, in breach of the Nigeria Data Protection Act. Nigeria’s Competition and Consumer Protection Tribunal also upheld a $220 million fine imposed on Meta by the country’s competition commission for breaching abuse of dominance rules by forcing “unscrupulous, exploitative, and non-compliant” privacy policies upon users of WhatsApp across the country.
Strong enforcement of data protection laws is also ramping up elsewhere in the continent. In July 2025, Uganda secured its first criminal conviction under its 2019 data protection law, fining a microfinance executive for illegal data collection. The country's Personal Data Protection Office also ruled against Google in July 2025, finding the tech giant violated Uganda's data protection laws by unlawfully transferring citizens' data outside the country. Meanwhile Kenya's Data Commissioner has fined major institutions including NCBA Bank and Whitepath for data mishandling and unauthorised processing.
New rules are also on the horizon with recent amendments to South Africa data protection laws, and Nigeria's upcoming General Application and Implementation Directive which will replace the current regime in September 2025.
Emerging whistleblower protections take centre stage
Regulators in Africa are strengthening whistleblower frameworks, with a growing focus on criminalising retaliation against whistleblowers. Kenya's Whistleblower Bill 2025 establishes a new protection agency and imposes harsh penalties including 10 years' imprisonment for retaliation. Similarly, South Africa also plans to finalise its Whistleblower Protections Bill by February 2026, which would criminalise whistleblower retaliation among other reforms. Elsewhere in Zambia, the Court of Appeal delivered a landmark ruling in April 2025, upholding whistleblower rights for the first time under its 2010 legislation.
To stay ahead of evolving regulation, businesses should implement secure and anonymous reporting systems, respond to disclosures within required timelines, and foster internal cultures where whistleblowers are protected not punished.
New labour laws to protect workers’ rights
Recent labour reforms across Africa are tackling key workplace issues and strengthening workers' rights. Wage equity is a key focus in these markets: Egypt has explicitly banned wage discrimination based on gender, extended maternity leave from 90 to 120 days, and prohibited dismissal on grounds of maternity. The law is silent on paternity rights, unlike Ghana’s proposed labour reforms which seeks to introduce paternity rights.
In South Africa, parliament introduced the Fair Pay Bill which aims to dismantle wage disparity by requiring employers to disclose a renumeration in job ads amongst other reforms. The country’s Employment Equity Regulations, which came into force in April 2025 requires companies with over 50 employees to meet government-set diversity targets—particularly by hiring and promoting more Black Africans, especially women. The law highlights the region’s commitment to tackle gender and racial bias.
As regulators continue to expand wage equity provisions and introduce more explicitly family-leave entitlements, businesses should review recruitment, pay and promotion practices to ensure compliance and prepare for additional reporting obligations.
ESG frameworks tighten across the continent
African governments are introducing stricter climate-related regulations and disclosure frameworks. South Africa is proposing tough new emissions rules that could include jail time and significant fines of up to R10 million (US$5.5 million) for non-compliance. In January 2025, Morocco issued climate-related disclosure guidelines for banks, modelled on the International Sustainability Standards Board's (ISSB) framework.
This focus extends to the mining sector, where countries are modernising regulations to balance investment attraction with responsible resource extraction. Algeria's draft mining bill from March 2025 increases foreign ownership limits to 80% while establishing local content requirements. Egypt’s recently approved mining legislation replaces its mineral resources authority with an integrated body designed to enhance mineral exploitation value and attract foreign investment.
Businesses operating in these industries should assess their disclosure capabilities and prepare for increased enforcement.
Africa battles FATF grey-list dominance
Several African countries remain on the Financial Action Task Force (FATF) grey list. As these countries work to shed this designation, significant anti-money laundering (AML) and counter financing of terrorism overhauls are on the horizon.
Recent updates reflect growing alignment with global standards. In March 2025, Ghana released AML guidelines which require companies that operate currency exchange services to assess terrorism financing risks, while Nigeria encouraged adoption of emerging technologies such as AI to strengthen AML compliance in its May 2025 AML guidelines. Kenya also passed sweeping AML amendments in June 2025, bringing law firms, casinos, and digital financial service providers under scope.
Businesses operating in these markets must review customer due diligence processes, strengthen suspicious transaction reporting, and monitor regulatory developments to ensure compliance with evolving obligations. .
Fintechs face licensing crackdown across West Africa
Fintech companies are under growing regulatory scrutiny as authorities tighten licensing requirements across the region. In April 2025, Nigeria's central bank fined Paystack ₦250 million (US$190,000) for operating a new consumer product without the appropriate licence.
Elsewhere, the Central Bank of West African States (BCEAO) imposed a May 2025 deadline for payments service providers in the West African Economic and Monetary Union to obtain the appropriate licenses. While the BCEAO has extended the deadline for these companies to comply with its rules until August 31, 2025, unlicensed firms remain at risk of enforcement.
Fintech companies should immediately audit their licence portfolio and confirm alignment with central bank requirements in every market of operation. Firms should also build compliance checkpoints into product launch cycle to avoid penalties and operational disruptions.